jami/jami-daemon
1
0
Fork 0
mirror of https://git.jami.net/savoirfairelinux/jami-daemon.git synced 2025-08-12 22:09:25 +08:00
Code Issues Projects Releases Wiki Activity

ringaccount: prevent setCertificateStatus for contacts

Browse Source 
setCertificateStatus could be used to override contact
policies.
For instance the client calls setCertificateStatus(ALLOWED)
for every ringid in the history, un-banning banned contacts.

Authorization policy for contacts is handled by the daemon,
so prevent overriding it for account contacts.

Change-Id: I52c7651a567c5ad8295f3a9ed714eb3caffdc7cb
Reviewed-by: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>
This commit is contained in:
Adrien Beraud
2017-05-01 16:51:32 -04:00
committed by Guillaume Roguez
parent 99d4971852
commit 11c13b61fb
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ringdht/ringaccount.cpp
View File

@ -2595,6 +2595,10 @@ RingAccount::findCertificate(const std::string& crt_id)
bool
RingAccount::setCertificateStatus(const std::string& cert_id, tls::TrustStore::PermissionStatus status)
{
if (contacts_.find(dht::InfoHash(cert_id)) != contacts_.end()) {
RING_ERR("Forbidden to set certificate status for existing contacts %s", cert_id.c_str());
return false;
}
findCertificate(cert_id);
bool done = trust_.setCertificateStatus(cert_id, status);
if (done)