Commit c2fe8584 authored by Matthieu Tanon's avatar Matthieu Tanon
Browse files

Fix SecurityLevelDowngraded skipped when adding untrusted participant device

parent 54a63ed1
......@@ -795,15 +795,27 @@ void ClientGroupChatRoom::onParticipantDeviceAdded (const shared_ptr<ConferenceP
return;
}
participant->getPrivate()->addDevice(event->getDeviceAddress());
// Get LIMEv2 context if enabled and get the new device status
LimeV2 *limeV2Engine = nullptr;
shared_ptr<ConferenceSecurityEvent> securityEvent;
bool securityLevelDegraded = false;
if (getCore()->limeV2Enabled()) {
limeV2Engine = static_cast<LimeV2 *>(getCore()->getEncryptionEngine());
lime::PeerDeviceStatus newDeviceStatus = limeV2Engine->getLimeManager()->get_peerDeviceStatus(event->getDeviceAddress().asString());
// If the new device degrades the chatroom security level it must be notified to the user
if (getSecurityLevel() == SecurityLevel::Safe && newDeviceStatus != lime::PeerDeviceStatus::trusted)
securityLevelDegraded = true;
}
participant->getPrivate()->addDevice(event->getDeviceAddress());
if (limeV2Engine) {
int nbDevice = int(participant->getPrivate()->getDevices().size());
int maxNbDevicesPerParticipant = linphone_config_get_int(linphone_core_get_config(L_GET_C_BACK_PTR(getCore())), "lime", "max_nb_device_per_participant", 1);
LimeV2 *limeV2Engine = static_cast<LimeV2 *>(getCore()->getEncryptionEngine());
// Check if the new participant device is unexpected, in which case a security alert is created
// Check if the new participant device is unexpected in which case a security alert is created
if (nbDevice > maxNbDevicesPerParticipant) {
lWarning() << "LIMEv2 maximum number of devices exceeded for " << participant->getAddress();
securityEvent = make_shared<ConferenceSecurityEvent>(
......@@ -812,11 +824,11 @@ void ClientGroupChatRoom::onParticipantDeviceAdded (const shared_ptr<ConferenceP
ConferenceSecurityEvent::SecurityEventType::MultideviceParticipantDetected,
event->getDeviceAddress()
);
limeV2Engine->getLimeManager()->set_peerDeviceStatus(event->getDeviceAddress().asString(), lime::PeerDeviceStatus::unsafe); // ignored if user is already safe in database
// Otherwise check if this new device degrades the chatroom security level, in which case a security event is created
} else {
lime::PeerDeviceStatus newDeviceStatus = limeV2Engine->getLimeManager()->get_peerDeviceStatus(event->getDeviceAddress().asString());
if (getSecurityLevel() == SecurityLevel::Safe && newDeviceStatus != lime::PeerDeviceStatus::trusted) {
limeV2Engine->getLimeManager()->set_peerDeviceStatus(event->getDeviceAddress().asString(), lime::PeerDeviceStatus::unsafe);
}
// Otherwise if the chatroom security level was degraded a corresponding security event is created
else {
if (securityLevelDegraded) {
lInfo() << "LIMEv2 chat room security level degraded by " << event->getDeviceAddress().asString();
securityEvent = make_shared<ConferenceSecurityEvent>(
time(nullptr),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment