Commit dcbe25d2 authored by Matthieu Tanon's avatar Matthieu Tanon

Improve message autorisation and clean code

parent 2c0e1fea
......@@ -126,6 +126,8 @@ public:
void setEncryptionPrevented (bool value) { encryptionPrevented = value; }
void enableSenderAuthentication (bool value) { senderAuthenticationEnabled = value; }
void setAuthorisationWarning (bool value) { authorizationWarning = value; } // TODO find better name
bool getAuthorisationWarning () { return authorizationWarning; } // TODO find better name
......
......@@ -510,15 +510,16 @@ LinphoneReason ChatMessagePrivate::receive () {
currentRecvStep |= ChatMessagePrivate::Step::Encryption;
}
// If LIMEv2 is enabled, it sets the authenticatedFromAddress as the decrypted CPIM From Address
// If LIMEv2 is disabled, the authenticatedFromAddress must be set here as the SIP From Address
// In case of clear message in group chat room the sender authentication is disabled
// Sender Authentication
// If LIMEv2 enabled, the authenticatedFromAddress is the decrypted CPIM From Address
// If LIMEv2 disabled, the authenticatedFromAddress must be set here as the SIP From Address
// If LIMEv2 disabled in group chat room the sender authentication is disabled
if (!core->limeV2Enabled()) {
if (q->getSharedFromThis()->getChatRoom()->getCapabilities() & ChatRoom::Capabilities::Basic) {
IdentityAddress sipFromAddress = q->getSharedFromThis()->getFromAddress();
q->getSharedFromThis()->getPrivate()->setAuthenticatedFromAddress(sipFromAddress);
} else {
lInfo() << "Sender authentication disabled";
lInfo() << "Sender authentication disabled for clear text group chat";
senderAuthenticationEnabled = false;
}
}
......@@ -533,14 +534,10 @@ LinphoneReason ChatMessagePrivate::receive () {
currentRecvStep |= ChatMessagePrivate::Step::Cpim;
}
// Message Authorisation (could be done in CPIM modifier)
// If LIMEv2 enabled, check authorisation warning flag
// If warning flag is true, check if message is an isComposing or an IMDN
// Message Authorisation
if (q->getSharedFromThis()->getPrivate()->getAuthorisationWarning()) {
if (q->getSharedFromThis()->getInternalContent().getContentType() != ContentType::Imdn && q->getSharedFromThis()->getInternalContent().getContentType() != ContentType::ImIsComposing) {
// TODO acknowledge message reception with errorCode = 0
// TODO return a "message refused because not encrypted" IMDN to the sender
errorCode = 415; // TODO 415 for example, maybe another one is better ? 488 ? 603 ?
errorCode = 415; // TODO 415/488/603
reason = linphone_error_code_to_reason(errorCode);
if (getNegativeDeliveryNotificationRequired()) {
static_cast<ChatRoomPrivate *>(q->getChatRoom()->getPrivate())->sendDeliveryErrorNotification(
......@@ -548,8 +545,9 @@ LinphoneReason ChatMessagePrivate::receive () {
reason
);
}
return reason;
return LinphoneReasonNone;
}
}
if ((currentRecvStep &ChatMessagePrivate::Step::Multipart) == ChatMessagePrivate::Step::Multipart) {
lInfo() << "Multipart step already done, skipping";
} else {
......@@ -633,7 +631,6 @@ LinphoneReason ChatMessagePrivate::receive () {
}
void ChatMessagePrivate::send () {
L_Q();
SalOp *op = salOp;
LinphoneCall *lcall = nullptr;
......
......@@ -756,20 +756,6 @@ void ClientGroupChatRoom::onSecurityEvent (const shared_ptr<ConferenceSecurityEv
finalEvent = cleanEvent ? cleanEvent : event;
// Add security events or alerts based on the type of security event
switch (finalEvent->getSecurityEventType()) {
case ConferenceSecurityEvent::SecurityEventType::MultideviceParticipantDetected:
// Always set faulty device PeerDeviceStatus to unsafe
if (getCore()->limeV2Enabled() && finalEvent->getFaultyDevice().isValid()) {
LimeV2 *limeV2Engine = static_cast<LimeV2 *>(getCore()->getEncryptionEngine());
limeV2Engine->getLimeManager()->set_peerDeviceStatus(finalEvent->getFaultyDevice().asString(), lime::PeerDeviceStatus::unsafe);
// WARNING has no effect if faulty device is not in X3DH database
}
break;
default:
// Other security event types are already managed
// Or This event is not a security event
break;
}
d->addEvent(event);
......
......@@ -138,7 +138,6 @@ ChatMessageModifier::Result LimeV2::processOutgoingMessage (const shared_ptr<Cha
// Refuse message in unsafe chatroom if not allowed
if (linphone_config_get_int(linphone_core_get_config(chatRoom->getCore()->getCCore()), "lime", "allow_message_in_unsafe_chatroom", 0) == 0) {
if (chatRoom->getSecurityLevel() == ClientGroupChatRoom::SecurityLevel::Unsafe) {
cout << "Sending encrypted message in an unsafe chatroom" << endl;
lWarning() << "Sending encrypted message in an unsafe chatroom" << endl;
return ChatMessageModifier::Result::Error;
}
......
......@@ -3577,11 +3577,7 @@ void MediaSessionPrivate::propagateEncryptionChanged () {
getCurrentParams()->setMediaEncryption(LinphoneMediaEncryptionZRTP);
} else {
// Get proxy config
LinphoneProxyConfig *proxy = nullptr;
if (destProxy)
proxy = destProxy;
else
proxy = linphone_core_get_default_proxy_config(q->getCore()->getCCore());
LinphoneProxyConfig *proxy = destProxy ? destProxy : linphone_core_get_default_proxy_config(q->getCore()->getCCore());
// Get LIMEv2 context
LimeV2 *limeV2Engine = nullptr;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment