[sword-svn] r3485 - in trunk: include src/mgr utilities

Sat Jul 8 08:41:01 MST 2017

Author: scribe
Date: 2017-07-08 08:41:01 -0700 (Sat, 08 Jul 2017)
New Revision: 3485

Modified:
   trunk/include/installmgr.h
   trunk/include/remotetrans.h
   trunk/src/mgr/curlhttpt.cpp
   trunk/src/mgr/installmgr.cpp
   trunk/src/mgr/remotetrans.cpp
   trunk/utilities/installmgr.cpp
Log:
Added configurable parameter in InstallMgr.conf, UnverifiedPeerAllowed=true|false

Modified: trunk/include/installmgr.h
===================================================================

--- trunk/include/installmgr.h	2017-06-25 15:37:15 UTC (rev 3484)
+++ trunk/include/installmgr.h	2017-07-08 15:41:01 UTC (rev 3485)
@@ -76,6 +76,7 @@
 	StatusReporter *statusReporter;
 	bool passive;
 	SWBuf u, p;
+	bool unverifiedPeerAllowed;
 
 	/** override this method and provide your own custom RemoteTransport subclass
          */
@@ -236,15 +237,19 @@
 	return false;
 }
 	*/
-		virtual bool getCipherCode(const char *modName, SWConfig *config) { (void) modName; (void) config; return false; }
 
+	virtual bool getCipherCode(const char *modName, SWConfig *config) { (void) modName; (void) config; return false; }
 
 
+
 	/** whether or not to use passive mode when doing ftp transfers
          */
 	void setFTPPassive(bool passive) { this->passive = passive; }
 	bool isFTPPassive() { return passive; }
 
+	void setUnverifiedPeerAllowed(bool allowed) { this->unverifiedPeerAllowed = allowed; }
+	bool isUnverifiedPeerAllowed() { return unverifiedPeerAllowed; }
+
         /** call from another thread to terminate the installation process
          */
 	void terminate();

Modified: trunk/include/remotetrans.h
===================================================================
--- trunk/include/remotetrans.h	2017-06-25 15:37:15 UTC (rev 3484)
+++ trunk/include/remotetrans.h	2017-07-08 15:41:01 UTC (rev 3485)
@@ -53,6 +53,7 @@
 	StatusReporter *statusReporter;
 	bool passive;
 	bool term;
+	bool unverifiedPeerAllowed;
 	SWBuf host;
 	SWBuf u;
 	SWBuf p;
@@ -73,8 +74,11 @@
 
 	virtual std::vector<struct DirEntry> getDirList(const char *dirURL);
 	void setPassive(bool passive) { this->passive = passive; }
+	bool isPassive() { return passive; }
 	void setUser(const char *user) { u = user; }
 	void setPasswd(const char *passwd) { p = passwd; }
+	void setUnverifiedPeerAllowed(bool val) { this->unverifiedPeerAllowed = val; }
+	bool isUnverifiedPeerAllowed() { return unverifiedPeerAllowed; }
 	void terminate() { term = true; }
 };
 

Modified: trunk/src/mgr/curlhttpt.cpp
===================================================================
--- trunk/src/mgr/curlhttpt.cpp	2017-06-25 15:37:15 UTC (rev 3484)
+++ trunk/src/mgr/curlhttpt.cpp	2017-07-08 15:41:01 UTC (rev 3485)
@@ -141,7 +141,9 @@
 		curl_easy_setopt(session, CURLOPT_CONNECTTIMEOUT, 45);
 		
 		/* Disable checking host certificate */
-		curl_easy_setopt(session, CURLOPT_SSL_VERIFYPEER, false);
+		if (isUnverifiedPeerAllowed()) {
+			curl_easy_setopt(session, CURLOPT_SSL_VERIFYPEER, false);
+		}
 
 		/* FTP connection settings */
 

Modified: trunk/src/mgr/installmgr.cpp
===================================================================
--- trunk/src/mgr/installmgr.cpp	2017-06-25 15:37:15 UTC (rev 3484)
+++ trunk/src/mgr/installmgr.cpp	2017-07-08 15:41:01 UTC (rev 3485)
@@ -101,6 +101,8 @@
 
 InstallMgr::InstallMgr(const char *privatePath, StatusReporter *sr, SWBuf u, SWBuf p) {
 	userDisclaimerConfirmed = false;
+	passive=true;
+	unverifiedPeerAllowed=true;
 	statusReporter = sr;
 	this->u = u;
 	this->p = p;
@@ -145,6 +147,7 @@
 	clearSources();
 	
 	setFTPPassive(stricmp((*installConf)["General"]["PassiveFTP"].c_str(), "false") != 0);
+	setUnverifiedPeerAllowed(stricmp((*installConf)["General"]["UnverifiedPeerAllowed"].c_str(), "false") != 0);
 
 	SectionMap::iterator confSection = installConf->Sections.find("Sources");
 	ConfigEntMap::iterator sourceBegin;
@@ -227,6 +230,7 @@
 		}
 	}
 	(*installConf)["General"]["PassiveFTP"] = (isFTPPassive()) ? "true" : "false";
+	(*installConf)["General"]["UnverifiedPeerAllowed"] = (isUnverifiedPeerAllowed()) ? "true" : "false";
 
 	installConf->Save();
 }
@@ -332,6 +336,8 @@
 		trans->setPasswd(p);
 	}
 
+	trans->setUnverifiedPeerAllowed(unverifiedPeerAllowed);
+
 	SWBuf urlPrefix;
 	if (is->type == "HTTP") {
 		urlPrefix = (SWBuf) "http://";

Modified: trunk/src/mgr/remotetrans.cpp
===================================================================
--- trunk/src/mgr/remotetrans.cpp	2017-06-25 15:37:15 UTC (rev 3484)
+++ trunk/src/mgr/remotetrans.cpp	2017-07-08 15:41:01 UTC (rev 3485)
@@ -65,6 +65,8 @@
 	u = "ftp";
 	p = "installmgr at user.com";
 	term = false;
+	passive = true;
+	unverifiedPeerAllowed = true;
 }
 
 

Modified: trunk/utilities/installmgr.cpp
===================================================================
--- trunk/utilities/installmgr.cpp	2017-06-25 15:37:15 UTC (rev 3484)
+++ trunk/utilities/installmgr.cpp	2017-07-08 15:41:01 UTC (rev 3485)
@@ -48,6 +48,7 @@
 SWBuf confPath;
 
 bool isConfirmed;
+bool isUnvPeerAllowed;
 
 void usage(const char *progName = 0, const char *error = 0);
 
@@ -90,6 +91,30 @@
 
 };
 
+bool isUnverifiedPeerAllowed() {
+	static bool allowed = false;
+	
+	if (isUnvPeerAllowed) { 
+		allowed = true;
+	}
+        if (!allowed) {
+		cout << "\n\n";
+		cout << "While connecting to an encrypted install source, SWORD can allow\n";
+		cout << "unverified peers, i.e., self signed certificates. While this is\n";
+		cout << "generally considered safe because SWORD only retrieves Bible content\n";
+		cout << "and does not send any data to the server, it could still possibly\n";
+		cout << "allow a malicious actor to sit between you and the server, as with\n";
+		cout << "unencrypted sources.  Type no to turn this off.\n\n";
+		cout << "Would you like to allow unverified peers? [yes] ";
+
+		char prompt[10];
+		fgets(prompt, 9, stdin);
+		allowed = (strcmp(prompt, "no\n"));
+		cout << "\n";
+	}
+	return allowed;
+}
+
 class MyStatusReporter : public StatusReporter {
 	int last;
         virtual void update(unsigned long totalBytes, unsigned long completedBytes) {
@@ -153,7 +178,7 @@
 }
 
 
-void createBasicConfig(bool enableRemote, bool addCrossWire) {
+void createBasicConfig(bool enableRemote, bool addCrossWire, bool unverifiedPeerAllowed) {
 
 	FileMgr::createParent(confPath.c_str());
 	remove(confPath.c_str());
@@ -165,6 +190,7 @@
 
 	SWConfig config(confPath.c_str());
 	config["General"]["PassiveFTP"] = "true";
+	config["General"]["UnverifiedPeerAllowed"] = (unverifiedPeerAllowed) ? "true" : "false";
 	if (enableRemote) {
 		config["Sources"]["FTPSource"] = is.getConfEnt();
 	}
@@ -176,11 +202,13 @@
 	init();
 
 	bool enable = installMgr->isUserDisclaimerConfirmed();
+	bool allowed = isUnverifiedPeerAllowed();
 
-	createBasicConfig(enable, true);
+	createBasicConfig(enable, true, allowed);
 
 	cout << "\n\nInitialized basic config file at [" << confPath << "]\n";
 	cout << "with remote source features " << ((enable) ? "ENABLED" : "DISABLED") << "\n";
+	cout << "with unverified peers " << ((allowed) ? "ALLOWED" : "DISALLOWED") << "\n";
 }
 
 
@@ -194,7 +222,7 @@
 
 	// be sure we have at least some config file already out there
 	if (!FileMgr::existsFile(confPath.c_str())) {
-		createBasicConfig(true, false);
+		createBasicConfig(true, false, false);
 		finish(1); // cleanup and don't exit
 		init();    // re-init with InstallMgr which uses our new config
 	}
@@ -358,6 +386,7 @@
 int main(int argc, char **argv) {
 	
 	isConfirmed = false;
+	isUnvPeerAllowed = false;
 	
 	if (argc < 2) usage(*argv);
 
@@ -368,6 +397,9 @@
 		else if (!strcmp(argv[i], "--allow-internet-access-and-risk-tracing-and-jail-or-martyrdom")) {
 			isConfirmed = true;
 		}
+		else if (!strcmp(argv[i], "--allow-unverified-tls-peer")) {
+			isUnvPeerAllowed = true;
+		}
 		else if (!strcmp(argv[i], "-init")) {
 			initConfig();
 		}


