From 1f2bd62f54753c85e2314063075e2e135340cf85 Mon Sep 17 00:00:00 2001 From: bwent Date: Wed, 5 Aug 2015 17:43:03 -0700 Subject: [PATCH] clean-up formatting --- domain-server/src/DomainServer.cpp | 32 ++++++++----------- domain-server/src/DomainServer.h | 2 +- .../networking/src/DataServerAccountInfo.cpp | 13 ++++++-- libraries/networking/src/NodeList.cpp | 3 +- 4 files changed, 25 insertions(+), 25 deletions(-) diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp index 293332dc83..751e884480 100644 --- a/domain-server/src/DomainServer.cpp +++ b/domain-server/src/DomainServer.cpp @@ -577,7 +577,6 @@ const NodeSet STATICALLY_ASSIGNED_NODES = NodeSet() << NodeType::AudioMixer << NodeType::AvatarMixer << NodeType::EntityServer; void DomainServer::processConnectRequestPacket(QSharedPointer packet) { - NodeType_t nodeType; HifiSockAddr publicSockAddr, localSockAddr; @@ -638,16 +637,15 @@ void DomainServer::processConnectRequestPacket(QSharedPointer packet) if (packet->bytesLeftToRead() > 0) { // try to verify username packetStream >> username; - } bool isRestrictingAccess = - _settingsManager.valueOrDefaultValueForKeyPath(RESTRICTED_ACCESS_SETTINGS_KEYPATH).toBool(); + _settingsManager.valueOrDefaultValueForKeyPath(RESTRICTED_ACCESS_SETTINGS_KEYPATH).toBool(); // we always let in a user who is sending a packet from our local socket or from the localhost address - bool isLocalUser = (senderSockAddr.getAddress() == DependencyManager::get()->getLocalSockAddr().getAddress() || senderSockAddr.getAddress() == QHostAddress::LocalHost); + bool isLocalUser = (senderSockAddr.getAddress() == DependencyManager::get()->getLocalSockAddr().getAddress() || senderSockAddr.getAddress() == QHostAddress::LocalHost); - if (isRestrictingAccess) { + if (isRestrictingAccess && !isLocalUser) { if (!username.isEmpty()) { // if there's a username, try to unpack username signature packetStream >> usernameSignature; @@ -672,7 +670,6 @@ void DomainServer::processConnectRequestPacket(QSharedPointer packet) QString reason; if (!isAssignment && !shouldAllowConnectionFromNode(username, usernameSignature, senderSockAddr, reason)) { // this is an agent and we've decided we won't let them connect - send them a packet to deny connection - QByteArray utfString = reason.toUtf8(); quint16 payloadSize = utfString.size(); @@ -680,12 +677,9 @@ void DomainServer::processConnectRequestPacket(QSharedPointer packet) if (payloadSize > 0) { connectionDeniedPacket->writePrimitive(payloadSize); connectionDeniedPacket->write(utfString); - } - // tell client it has been refused. limitedNodeList->sendPacket(std::move(connectionDeniedPacket), senderSockAddr); - return; } @@ -791,7 +785,6 @@ void DomainServer::processListRequestPacket(QSharedPointer packet, Sha sendDomainListToNode(sendingNode, packet->getSenderSockAddr(), nodeInterestList.toSet()); } - unsigned int DomainServer::countConnectedUsers() { unsigned int result = 0; auto nodeList = DependencyManager::get(); @@ -805,13 +798,13 @@ unsigned int DomainServer::countConnectedUsers() { bool DomainServer::verifyUserSignature(const QString& username, - const QByteArray& usernameSignature, - QString& reasonReturn) { + const QByteArray& usernameSignature, + QString& reasonReturn) { // it's possible this user can be allowed to connect, but we need to check their username signature QByteArray publicKeyArray = _userPublicKeys.value(username); - QUuid connectionToken = _connectionTokenHash.value(username.toLower()); + const QUuid& connectionToken = _connectionTokenHash.value(username.toLower()); if (!publicKeyArray.isEmpty() && !connectionToken.isNull()) { // if we do have a public key for the user, check for a signature match @@ -822,7 +815,8 @@ bool DomainServer::verifyUserSignature(const QString& username, RSA* rsaPublicKey = d2i_RSA_PUBKEY(NULL, &publicKeyData, publicKeyArray.size()); QByteArray lowercaseUsername = username.toLower().toUtf8(); - QByteArray usernameWithToken = QCryptographicHash::hash(lowercaseUsername.append(connectionToken.toRfc4122()), QCryptographicHash::Sha256); + QByteArray usernameWithToken = QCryptographicHash::hash(lowercaseUsername.append(connectionToken.toRfc4122()), + QCryptographicHash::Sha256); if (rsaPublicKey) { QByteArray decryptedArray(RSA_size(rsaPublicKey), 0); @@ -866,14 +860,14 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username, const HifiSockAddr& senderSockAddr, QString& reasonReturn) { bool isRestrictingAccess = - _settingsManager.valueOrDefaultValueForKeyPath(RESTRICTED_ACCESS_SETTINGS_KEYPATH).toBool(); + _settingsManager.valueOrDefaultValueForKeyPath(RESTRICTED_ACCESS_SETTINGS_KEYPATH).toBool(); - if(isRestrictingAccess) { + if (isRestrictingAccess) { QStringList allowedUsers = - _settingsManager.valueOrDefaultValueForKeyPath(ALLOWED_USERS_SETTINGS_KEYPATH).toStringList(); + _settingsManager.valueOrDefaultValueForKeyPath(ALLOWED_USERS_SETTINGS_KEYPATH).toStringList(); if (allowedUsers.contains(username, Qt::CaseInsensitive)) { - if(username.isEmpty()) { + if (username.isEmpty()) { qDebug() << "Connect request denied - no username provided."; reasonReturn = "No username provided"; return false; @@ -892,7 +886,7 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username, // either we aren't restricting users, or this user is in the allowed list // if this user is in the editors list, exempt them from the max-capacity check const QVariant* allowedEditorsVariant = - valueForKeyPath(_settingsManager.getSettingsMap(), ALLOWED_EDITORS_SETTINGS_KEYPATH); + valueForKeyPath(_settingsManager.getSettingsMap(), ALLOWED_EDITORS_SETTINGS_KEYPATH); QStringList allowedEditors = allowedEditorsVariant ? allowedEditorsVariant->toStringList() : QStringList(); if (allowedEditors.contains(username)) { if (verifyUserSignature(username, usernameSignature, reasonReturn)) { diff --git a/domain-server/src/DomainServer.h b/domain-server/src/DomainServer.h index fe79ec4889..7495e080de 100644 --- a/domain-server/src/DomainServer.h +++ b/domain-server/src/DomainServer.h @@ -57,7 +57,7 @@ public slots: void processRequestAssignmentPacket(QSharedPointer packet); void processConnectRequestPacket(QSharedPointer packet); - void processListRequestPacket(QSharedPointer packet, SharedNodePointer sendingNode);; + void processListRequestPacket(QSharedPointer packet, SharedNodePointer sendingNode); void processNodeJSONStatsPacket(QSharedPointer packet, SharedNodePointer sendingNode); void processPathQueryPacket(QSharedPointer packet); void processICEPingPacket(QSharedPointer packet); diff --git a/libraries/networking/src/DataServerAccountInfo.cpp b/libraries/networking/src/DataServerAccountInfo.cpp index 9824c1a811..0628e21574 100644 --- a/libraries/networking/src/DataServerAccountInfo.cpp +++ b/libraries/networking/src/DataServerAccountInfo.cpp @@ -16,6 +16,7 @@ #include #include +#include "UUID.h" #include "NetworkLogging.h" #include "DataServerAccountInfo.h" @@ -134,12 +135,18 @@ QByteArray DataServerAccountInfo::getUsernameSignature(const QUuid& connectionTo _privateKey.size()); if (rsaPrivateKey) { QByteArray lowercaseUsername = _username.toLower().toUtf8(); - QByteArray usernameWithToken = QCryptographicHash::hash(lowercaseUsername.append(connectionToken.toRfc4122()), QCryptographicHash::Sha256); + QByteArray usernameWithToken = QCryptographicHash::hash(lowercaseUsername.append(connectionToken.toRfc4122()), + QCryptographicHash::Sha256); QByteArray usernameSignature(RSA_size(rsaPrivateKey), 0); unsigned int usernameSignatureSize = 0; - int encryptReturn = RSA_sign(NID_sha256, reinterpret_cast(usernameWithToken.constData()), usernameWithToken.size(), reinterpret_cast(usernameSignature.data()), &usernameSignatureSize, rsaPrivateKey); + int encryptReturn = RSA_sign(NID_sha256, + reinterpret_cast(usernameWithToken.constData()), + usernameWithToken.size(), + reinterpret_cast(usernameSignature.data()), + &usernameSignatureSize, + rsaPrivateKey); // free the private key RSA struct now that we are done with it RSA_free(rsaPrivateKey); @@ -148,7 +155,7 @@ QByteArray DataServerAccountInfo::getUsernameSignature(const QUuid& connectionTo qCDebug(networking) << "Error encrypting username signature."; qCDebug(networking) << "Will re-attempt on next domain-server check in."; } else { - qDebug(networking) << "Signing username with connectionUUID."; + qDebug(networking) << "Returning username" << _username << "signed with connection UUID" << uuidStringWithoutCurlyBraces(connectionToken); return usernameSignature; } diff --git a/libraries/networking/src/NodeList.cpp b/libraries/networking/src/NodeList.cpp index a1c99e9747..f2fb8522b0 100644 --- a/libraries/networking/src/NodeList.cpp +++ b/libraries/networking/src/NodeList.cpp @@ -286,7 +286,7 @@ void NodeList::sendDomainServerCheckIn() { if (!connectionToken.isNull()) { - QByteArray usernameSignature = AccountManager::getInstance().getAccountInfo().getUsernameSignature(connectionToken); + const QByteArray& usernameSignature = AccountManager::getInstance().getAccountInfo().getUsernameSignature(connectionToken); if (!usernameSignature.isEmpty()) { packetStream << usernameSignature; @@ -466,7 +466,6 @@ void NodeList::processDomainServerConnectionTokenPacket(QSharedPointer // read in the connection token from the packet, then send domain-server checkin _domainHandler.setConnectionToken(QUuid::fromRfc4122(packet->read(NUM_BYTES_RFC4122_UUID))); sendDomainServerCheckIn(); - } void NodeList::processDomainServerList(QSharedPointer packet) {