diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-10 09:55:48 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-10 09:55:48 +0000 |
commit | 49a09a064af8cd6bbce568263e1b5152a0996fc9 (patch) | |
tree | b9fcb737c311a43fd328e2ddf942d8642625c9b9 /src/identity-provider/gnunet-service-identity-provider.c | |
parent | 3014465481e5c883ba1ab41cd4ff70a428e27b24 (diff) | |
download | gnunet-49a09a064af8cd6bbce568263e1b5152a0996fc9.tar.gz gnunet-49a09a064af8cd6bbce568263e1b5152a0996fc9.zip |
- update issue handling, fix memleaks
Diffstat (limited to 'src/identity-provider/gnunet-service-identity-provider.c')
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 190 |
1 files changed, 154 insertions, 36 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 10ecf9538..a8a8b7f16 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -255,6 +255,11 @@ struct IssueHandle | |||
255 | * QueueEntry | 255 | * QueueEntry |
256 | */ | 256 | */ |
257 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | 257 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; |
258 | |||
259 | /** | ||
260 | * The label the token is stored under | ||
261 | */ | ||
262 | char *label; | ||
258 | }; | 263 | }; |
259 | 264 | ||
260 | /** | 265 | /** |
@@ -327,7 +332,6 @@ handle_token_update (void *cls, | |||
327 | char *token_metadata; | 332 | char *token_metadata; |
328 | char *write_ptr; | 333 | char *write_ptr; |
329 | char *enc_token_str; | 334 | char *enc_token_str; |
330 | char *val_str; | ||
331 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 335 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
332 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | 336 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; |
333 | struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey; | 337 | struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey; |
@@ -402,21 +406,15 @@ handle_token_update (void *cls, | |||
402 | { | 406 | { |
403 | if (0 == strcmp (attr->name, "exp")) | 407 | if (0 == strcmp (attr->name, "exp")) |
404 | { | 408 | { |
405 | GNUNET_asprintf (&val_str, "%ul", new_exp.abs_value_us); | 409 | token_add_attr_int (new_token, attr->name, new_exp.abs_value_us); |
406 | token_add_attr (new_token, attr->name, val_str); | ||
407 | GNUNET_free (val_str); | ||
408 | } | 410 | } |
409 | else if (0 == strcmp (attr->name, "nbf")) | 411 | else if (0 == strcmp (attr->name, "nbf")) |
410 | { | 412 | { |
411 | GNUNET_asprintf (&val_str, "%ul", new_nbf.abs_value_us); | 413 | token_add_attr_int (new_token, attr->name, new_nbf.abs_value_us); |
412 | token_add_attr (new_token, attr->name, val_str); | ||
413 | GNUNET_free (val_str); | ||
414 | } | 414 | } |
415 | else if (0 == strcmp (attr->name, "iat")) | 415 | else if (0 == strcmp (attr->name, "iat")) |
416 | { | 416 | { |
417 | GNUNET_asprintf (&val_str, "%ul", new_iat.abs_value_us); | 417 | token_add_attr_int (new_token, attr->name, new_iat.abs_value_us); |
418 | token_add_attr (new_token, attr->name, val_str); | ||
419 | GNUNET_free (val_str); | ||
420 | } | 418 | } |
421 | else if ((0 == strcmp (attr->name, "iss")) | 419 | else if ((0 == strcmp (attr->name, "iss")) |
422 | || (0 == strcmp (attr->name, "aud"))) | 420 | || (0 == strcmp (attr->name, "aud"))) |
@@ -534,7 +532,6 @@ clear_ego_attrs (void *cls, | |||
534 | return GNUNET_YES; | 532 | return GNUNET_YES; |
535 | } | 533 | } |
536 | 534 | ||
537 | |||
538 | /** | 535 | /** |
539 | * | 536 | * |
540 | * Update all ID_TOKEN records for an identity and store them | 537 | * Update all ID_TOKEN records for an identity and store them |
@@ -913,9 +910,11 @@ cleanup_issue_handle (struct IssueHandle *handle) | |||
913 | if (NULL != handle->scopes) | 910 | if (NULL != handle->scopes) |
914 | GNUNET_free (handle->scopes); | 911 | GNUNET_free (handle->scopes); |
915 | if (NULL != handle->token) | 912 | if (NULL != handle->token) |
916 | token_destroy (handle->token); | 913 | token_destroy (handle->token); |
917 | if (NULL != handle->ticket) | 914 | if (NULL != handle->ticket) |
918 | ticket_destroy (handle->ticket); | 915 | ticket_destroy (handle->ticket); |
916 | if (NULL != handle->label) | ||
917 | GNUNET_free (handle->label); | ||
919 | GNUNET_free (handle); | 918 | GNUNET_free (handle); |
920 | } | 919 | } |
921 | 920 | ||
@@ -974,15 +973,12 @@ sign_and_return_token (void *cls, | |||
974 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | 973 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; |
975 | struct IssueHandle *handle = cls; | 974 | struct IssueHandle *handle = cls; |
976 | struct GNUNET_GNSRECORD_Data token_record[2]; | 975 | struct GNUNET_GNSRECORD_Data token_record[2]; |
977 | char *lbl_str; | ||
978 | char *nonce_str; | 976 | char *nonce_str; |
979 | char *enc_token_str; | 977 | char *enc_token_str; |
980 | char *token_metadata; | 978 | char *token_metadata; |
981 | char* write_ptr; | 979 | char* write_ptr; |
982 | char* attr_val; | ||
983 | uint64_t time; | 980 | uint64_t time; |
984 | uint64_t exp_time; | 981 | uint64_t exp_time; |
985 | uint64_t rnd_key; | ||
986 | size_t token_metadata_len; | 982 | size_t token_metadata_len; |
987 | 983 | ||
988 | //Remote nonce | 984 | //Remote nonce |
@@ -990,29 +986,19 @@ sign_and_return_token (void *cls, | |||
990 | GNUNET_asprintf (&nonce_str, "%d", handle->nonce); | 986 | GNUNET_asprintf (&nonce_str, "%d", handle->nonce); |
991 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); | 987 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); |
992 | 988 | ||
993 | //Label | ||
994 | rnd_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
995 | UINT64_MAX); | ||
996 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
997 | sizeof (uint64_t), | ||
998 | &lbl_str); | ||
999 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, | 989 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, |
1000 | &pub_key); | 990 | &pub_key); |
1001 | handle->ticket = ticket_create (nonce_str, | 991 | handle->ticket = ticket_create (nonce_str, |
1002 | &pub_key, | 992 | &pub_key, |
1003 | lbl_str, | 993 | handle->label, |
1004 | &handle->aud_key); | 994 | &handle->aud_key); |
1005 | 995 | ||
1006 | time = GNUNET_TIME_absolute_get().abs_value_us; | 996 | time = GNUNET_TIME_absolute_get().abs_value_us; |
1007 | exp_time = time + token_expiration_interval.rel_value_us; | 997 | exp_time = time + token_expiration_interval.rel_value_us; |
1008 | 998 | ||
1009 | GNUNET_asprintf (&attr_val, "%ul", time); | 999 | token_add_attr_int (handle->token, "nbf", time); |
1010 | token_add_attr (handle->token, "nbf", attr_val); | 1000 | token_add_attr_int (handle->token, "iat", time); |
1011 | token_add_attr (handle->token, "iat", attr_val); | 1001 | token_add_attr_int (handle->token, "exp", exp_time); |
1012 | GNUNET_free (attr_val); | ||
1013 | GNUNET_asprintf (&attr_val, "%ul", exp_time); | ||
1014 | token_add_attr (handle->token, "exp", attr_val); | ||
1015 | GNUNET_free (attr_val); | ||
1016 | token_add_attr (handle->token, "nonce", nonce_str); | 1002 | token_add_attr (handle->token, "nonce", nonce_str); |
1017 | 1003 | ||
1018 | //Token in a serialized encrypted format | 1004 | //Token in a serialized encrypted format |
@@ -1049,13 +1035,12 @@ sign_and_return_token (void *cls, | |||
1049 | //Persist token | 1035 | //Persist token |
1050 | handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, | 1036 | handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, |
1051 | &handle->iss_key, | 1037 | &handle->iss_key, |
1052 | lbl_str, | 1038 | handle->label, |
1053 | 2, | 1039 | 2, |
1054 | token_record, | 1040 | token_record, |
1055 | &store_token_issue_cont, | 1041 | &store_token_issue_cont, |
1056 | handle); | 1042 | handle); |
1057 | GNUNET_free (ecdhe_privkey); | 1043 | GNUNET_free (ecdhe_privkey); |
1058 | GNUNET_free (lbl_str); | ||
1059 | GNUNET_free (nonce_str); | 1044 | GNUNET_free (nonce_str); |
1060 | GNUNET_free (enc_token_str); | 1045 | GNUNET_free (enc_token_str); |
1061 | GNUNET_free (token_metadata); | 1046 | GNUNET_free (token_metadata); |
@@ -1195,6 +1180,8 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1195 | 1180 | ||
1196 | } | 1181 | } |
1197 | 1182 | ||
1183 | |||
1184 | |||
1198 | /** | 1185 | /** |
1199 | * | 1186 | * |
1200 | * Handler for exchange message | 1187 | * Handler for exchange message |
@@ -1258,6 +1245,137 @@ handle_exchange_message (void *cls, | |||
1258 | 1245 | ||
1259 | } | 1246 | } |
1260 | 1247 | ||
1248 | |||
1249 | /** | ||
1250 | * | ||
1251 | * Look for existing token | ||
1252 | * | ||
1253 | * @param cls the identity entry | ||
1254 | * @param zone the identity | ||
1255 | * @param lbl the name of the record | ||
1256 | * @param rd_count number of records | ||
1257 | * @param rd record data | ||
1258 | * | ||
1259 | */ | ||
1260 | static void | ||
1261 | find_existing_token (void *cls, | ||
1262 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
1263 | const char *lbl, | ||
1264 | unsigned int rd_count, | ||
1265 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1266 | { | ||
1267 | struct IssueHandle *handle = cls; | ||
1268 | const struct GNUNET_GNSRECORD_Data *token_metadata_record; | ||
1269 | struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; | ||
1270 | struct GNUNET_HashCode key; | ||
1271 | int scope_count_token; | ||
1272 | uint64_t rnd_key; | ||
1273 | char *scope; | ||
1274 | char *tmp_scopes; | ||
1275 | |||
1276 | if (NULL == lbl) | ||
1277 | { | ||
1278 | //Done | ||
1279 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1280 | ">>> No existing token found\n"); | ||
1281 | //Label | ||
1282 | rnd_key = | ||
1283 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
1284 | UINT64_MAX); | ||
1285 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
1286 | sizeof (uint64_t), | ||
1287 | &handle->label); | ||
1288 | handle->ns_it = NULL; | ||
1289 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | ||
1290 | &handle->iss_key, | ||
1291 | &attr_collect, | ||
1292 | handle); | ||
1293 | return; | ||
1294 | } | ||
1295 | |||
1296 | //There should be only a single record for a token under a label | ||
1297 | if (2 != rd_count) | ||
1298 | { | ||
1299 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1300 | return; | ||
1301 | } | ||
1302 | |||
1303 | if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) | ||
1304 | { | ||
1305 | token_metadata_record = &rd[0]; | ||
1306 | } else { | ||
1307 | token_metadata_record = &rd[1]; | ||
1308 | } | ||
1309 | if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) | ||
1310 | { | ||
1311 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1312 | return; | ||
1313 | } | ||
1314 | ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); | ||
1315 | aud_key = | ||
1316 | (struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1317 | tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
1318 | |||
1319 | if (0 != memcmp (aud_key, &handle->aud_key, | ||
1320 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
1321 | { | ||
1322 | char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key, | ||
1323 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
1324 | //Audience does not match! | ||
1325 | char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA, | ||
1326 | token_metadata_record->data, | ||
1327 | token_metadata_record->data_size); | ||
1328 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1329 | "Token does not match audience %s vs %s. Moving on\n", | ||
1330 | tmp2, | ||
1331 | tmp); | ||
1332 | GNUNET_free (tmp_scopes); | ||
1333 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1334 | return; | ||
1335 | } | ||
1336 | |||
1337 | scope = strtok (tmp_scopes, ","); | ||
1338 | scope_count_token = 0; | ||
1339 | while (NULL != scope) | ||
1340 | { | ||
1341 | GNUNET_CRYPTO_hash (scope, | ||
1342 | strlen (scope), | ||
1343 | &key); | ||
1344 | |||
1345 | if ((NULL != handle->attr_map) && | ||
1346 | (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key))) | ||
1347 | { | ||
1348 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1349 | "Issued token does not include `%s'. Moving on\n", scope); | ||
1350 | GNUNET_free (tmp_scopes); | ||
1351 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1352 | return; | ||
1353 | } | ||
1354 | scope_count_token++; | ||
1355 | scope = strtok (NULL, ","); | ||
1356 | } | ||
1357 | GNUNET_free (tmp_scopes); | ||
1358 | //All scopes in token are also in request. Now | ||
1359 | //Check length | ||
1360 | if (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token) | ||
1361 | { | ||
1362 | //We have an existing token | ||
1363 | handle->label = GNUNET_strdup (lbl); | ||
1364 | handle->ns_it = NULL; | ||
1365 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | ||
1366 | &handle->iss_key, | ||
1367 | &attr_collect, | ||
1368 | handle); | ||
1369 | |||
1370 | return; | ||
1371 | } | ||
1372 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1373 | "Nuber of attributes in token do not match request\n"); | ||
1374 | //No luck | ||
1375 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1376 | } | ||
1377 | |||
1378 | |||
1261 | /** | 1379 | /** |
1262 | * | 1380 | * |
1263 | * Handler for issue message | 1381 | * Handler for issue message |
@@ -1311,21 +1429,21 @@ handle_issue_message (void *cls, | |||
1311 | 1429 | ||
1312 | issue_handle->aud_key = im->aud_key; | 1430 | issue_handle->aud_key = im->aud_key; |
1313 | issue_handle->iss_key = im->iss_key; | 1431 | issue_handle->iss_key = im->iss_key; |
1432 | GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key, | ||
1433 | &issue_handle->iss_pkey); | ||
1314 | issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); | 1434 | issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); |
1315 | issue_handle->nonce = im->nonce; | 1435 | issue_handle->nonce = ntohl (im->nonce); |
1316 | GNUNET_SERVER_receive_done (client, GNUNET_OK); | 1436 | GNUNET_SERVER_receive_done (client, GNUNET_OK); |
1317 | GNUNET_SERVER_notification_context_add (nc, client); | 1437 | GNUNET_SERVER_notification_context_add (nc, client); |
1318 | GNUNET_SERVER_client_set_user_context (client, issue_handle); | 1438 | GNUNET_SERVER_client_set_user_context (client, issue_handle); |
1319 | issue_handle->client = client; | 1439 | issue_handle->client = client; |
1320 | issue_handle->scopes = GNUNET_strdup (scopes); | 1440 | issue_handle->scopes = GNUNET_strdup (scopes); |
1321 | GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key, | ||
1322 | &issue_handle->iss_pkey); | ||
1323 | issue_handle->token = token_create (&issue_handle->iss_pkey, | 1441 | issue_handle->token = token_create (&issue_handle->iss_pkey, |
1324 | &im->aud_key); | 1442 | &issue_handle->aud_key); |
1325 | 1443 | ||
1326 | issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | 1444 | issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, |
1327 | &im->iss_key, | 1445 | &im->iss_key, |
1328 | &attr_collect, | 1446 | &find_existing_token, |
1329 | issue_handle); | 1447 | issue_handle); |
1330 | } | 1448 | } |
1331 | 1449 | ||