Merge pull request #3612 from birarda/master

fix for pub key format returned to data-server
2025-08-08 00:50:35 +02:00 · 2014-10-17 10:45:09 -06:00 · 2014-10-17 10:45:09 -06:00 · 005f56c19b
commit 005f56c19b
parent a46610a7c1 d00e11541e
1 changed files with 48 additions and 47 deletions
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@ -11,6 +11,7 @@

 #include <openssl/err.h>
 #include <openssl/rsa.h>
+#include <openssl/x509.h>

 #include <QtCore/QDir>
 #include <QtCore/QJsonDocument>
@ -619,12 +620,13 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
                                                                 ALLOWED_USERS_SETTINGS_KEYPATH);
    static QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
    
-    if (allowedUsers.count() > 0) {
-        // this is an agent, we need to ask them to provide us with their signed username to see if they are allowed in
    // we always let in a user who is sending a packet from our local socket or from the localhost address
-        
    if (senderSockAddr.getAddress() != LimitedNodeList::getInstance()->getLocalSockAddr().getAddress()
        && senderSockAddr.getAddress() != QHostAddress::LocalHost) {
+        return true;
+    }
+    
+    if (allowedUsers.count() > 0) {
        if (allowedUsers.contains(username)) {
            // it's possible this user can be allowed to connect, but we need to check their username signature
            
@ -635,7 +637,7 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
                const unsigned char* publicKeyData = reinterpret_cast<const unsigned char*>(publicKeyArray.constData());
                
                // first load up the public key into an RSA struct
-                    RSA* rsaPublicKey = d2i_RSAPublicKey(NULL, &publicKeyData, publicKeyArray.size());
+                RSA* rsaPublicKey = d2i_RSA_PUBKEY(NULL, &publicKeyData, publicKeyArray.size());
                
                if (rsaPublicKey) {
                    QByteArray decryptedArray(RSA_size(rsaPublicKey), 0);
@ -669,7 +671,6 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
        
            requestUserPublicKey(username);
        }
-        }
    } else {
        // since we have no allowed user list, let them all in
        return true;