diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-09 17:45:50 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-09 17:45:50 +0000 |
commit | 5d5cd3d00b2f75d7b6e630f9ea9bd354af9a0d5f (patch) | |
tree | 90ead2eca1b073a7bf78f73a726a79097d6c70da /src/identity-provider | |
parent | 3941d4252602eb9e6689897a8264380012fdf7e6 (diff) | |
download | gnunet-5d5cd3d00b2f75d7b6e630f9ea9bd354af9a0d5f.tar.gz gnunet-5d5cd3d00b2f75d7b6e630f9ea9bd354af9a0d5f.zip |
-add config
Diffstat (limited to 'src/identity-provider')
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 131 | ||||
-rw-r--r-- | src/identity-provider/identity-provider.conf | 12 |
2 files changed, 91 insertions, 52 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 2e914428e..ac4fd0961 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -19,7 +19,7 @@ | |||
19 | */ | 19 | */ |
20 | /** | 20 | /** |
21 | * @author Martin Schanzenbach | 21 | * @author Martin Schanzenbach |
22 | * @file src/identity/gnunet-service-identity-provider.c | 22 | * @file src/identity-provider/gnunet-service-identity-provider.c |
23 | * @brief Identity Token Service | 23 | * @brief Identity Token Service |
24 | * | 24 | * |
25 | */ | 25 | */ |
@@ -53,6 +53,11 @@ | |||
53 | #define MIN_WAIT_TIME GNUNET_TIME_UNIT_MINUTES | 53 | #define MIN_WAIT_TIME GNUNET_TIME_UNIT_MINUTES |
54 | 54 | ||
55 | /** | 55 | /** |
56 | * Standard token expiration time | ||
57 | */ | ||
58 | #define DEFAULT_TOKEN_EXPIRATION_INTERVAL GNUNET_TIME_UNIT_HOURS | ||
59 | |||
60 | /** | ||
56 | * Service state (to detect initial update pass) | 61 | * Service state (to detect initial update pass) |
57 | */ | 62 | */ |
58 | static int state; | 63 | static int state; |
@@ -73,6 +78,11 @@ static struct EgoEntry *ego_tail; | |||
73 | static struct GNUNET_IDENTITY_Handle *identity_handle; | 78 | static struct GNUNET_IDENTITY_Handle *identity_handle; |
74 | 79 | ||
75 | /** | 80 | /** |
81 | * Token expiration interval | ||
82 | */ | ||
83 | static struct GNUNET_TIME_Relative token_expiration_interval; | ||
84 | |||
85 | /** | ||
76 | * Namestore handle | 86 | * Namestore handle |
77 | */ | 87 | */ |
78 | static struct GNUNET_NAMESTORE_Handle *ns_handle; | 88 | static struct GNUNET_NAMESTORE_Handle *ns_handle; |
@@ -144,6 +154,12 @@ static struct GNUNET_STATISTICS_Handle *stats; | |||
144 | */ | 154 | */ |
145 | static struct GNUNET_SERVER_NotificationContext *nc; | 155 | static struct GNUNET_SERVER_NotificationContext *nc; |
146 | 156 | ||
157 | /** | ||
158 | * Our configuration. | ||
159 | */ | ||
160 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
161 | |||
162 | |||
147 | struct ExchangeHandle | 163 | struct ExchangeHandle |
148 | { | 164 | { |
149 | 165 | ||
@@ -275,18 +291,12 @@ struct EgoEntry | |||
275 | }; | 291 | }; |
276 | 292 | ||
277 | /** | 293 | /** |
278 | * Our configuration. | 294 | * Continuation for token store call |
295 | * | ||
296 | * @param cls NULL | ||
297 | * @param success error code | ||
298 | * @param emsg error message | ||
279 | */ | 299 | */ |
280 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
281 | |||
282 | |||
283 | /** | ||
284 | * Continuation for token store call | ||
285 | * | ||
286 | * @param cls NULL | ||
287 | * @param success error code | ||
288 | * @param emsg error message | ||
289 | */ | ||
290 | static void | 300 | static void |
291 | store_token_cont (void *cls, | 301 | store_token_cont (void *cls, |
292 | int32_t success, | 302 | int32_t success, |
@@ -576,9 +586,6 @@ token_collect (void *cls, | |||
576 | aud_key, | 586 | aud_key, |
577 | &token); | 587 | &token); |
578 | 588 | ||
579 | //token = GNUNET_GNSRECORD_value_to_string (rd->record_type, | ||
580 | // rd->data, | ||
581 | // rd->data_size); | ||
582 | label = GNUNET_strdup (lbl); | 589 | label = GNUNET_strdup (lbl); |
583 | rd_exp = token_record->expiration_time; | 590 | rd_exp = token_record->expiration_time; |
584 | 591 | ||
@@ -692,7 +699,7 @@ update_identities(void *cls, | |||
692 | ">>> Finished. Rescheduling in %d\n", | 699 | ">>> Finished. Rescheduling in %d\n", |
693 | min_rel_exp.rel_value_us); | 700 | min_rel_exp.rel_value_us); |
694 | ns_it = NULL; | 701 | ns_it = NULL; |
695 | //finished -> TODO reschedule | 702 | //finished -> reschedule |
696 | update_task = GNUNET_SCHEDULER_add_delayed (min_rel_exp, | 703 | update_task = GNUNET_SCHEDULER_add_delayed (min_rel_exp, |
697 | &update_identities, | 704 | &update_identities, |
698 | ego_head); | 705 | ego_head); |
@@ -866,7 +873,21 @@ create_issue_result_message (const char* ticket) | |||
866 | return irm; | 873 | return irm; |
867 | } | 874 | } |
868 | 875 | ||
869 | void | 876 | static void |
877 | cleanup_issue_handle (struct IssueHandle *handle) | ||
878 | { | ||
879 | if (NULL != handle->attr_map) | ||
880 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); | ||
881 | if (NULL != handle->scopes) | ||
882 | GNUNET_free (handle->scopes); | ||
883 | if (NULL != handle->token) | ||
884 | token_destroy (handle->token); | ||
885 | if (NULL != handle->ticket) | ||
886 | ticket_destroy (handle->ticket); | ||
887 | GNUNET_free (handle); | ||
888 | } | ||
889 | |||
890 | static void | ||
870 | store_token_issue_cont (void *cls, | 891 | store_token_issue_cont (void *cls, |
871 | int32_t success, | 892 | int32_t success, |
872 | const char *emsg) | 893 | const char *emsg) |
@@ -877,16 +898,19 @@ store_token_issue_cont (void *cls, | |||
877 | handle->ns_qe = NULL; | 898 | handle->ns_qe = NULL; |
878 | if (GNUNET_SYSERR == success) | 899 | if (GNUNET_SYSERR == success) |
879 | { | 900 | { |
880 | //TODO err msg | 901 | cleanup_issue_handle (handle); |
902 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", | ||
903 | "Unknown Error\n"); | ||
904 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
881 | return; | 905 | return; |
882 | } | 906 | } |
883 | if (GNUNET_OK != ticket_serialize (handle->ticket, | 907 | if (GNUNET_OK != ticket_serialize (handle->ticket, |
884 | &handle->iss_key, | 908 | &handle->iss_key, |
885 | &token_ticket_str)) | 909 | &token_ticket_str)) |
886 | { | 910 | { |
887 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); | 911 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", |
888 | ticket_destroy (handle->ticket); | 912 | "Error serializing ticket\n"); |
889 | GNUNET_free (handle); | 913 | cleanup_issue_handle (handle); |
890 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | 914 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); |
891 | return; | 915 | return; |
892 | } | 916 | } |
@@ -896,11 +920,7 @@ store_token_issue_cont (void *cls, | |||
896 | &irm->header, | 920 | &irm->header, |
897 | GNUNET_NO); | 921 | GNUNET_NO); |
898 | GNUNET_SERVER_client_set_user_context (handle->client, NULL); | 922 | GNUNET_SERVER_client_set_user_context (handle->client, NULL); |
899 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); | 923 | cleanup_issue_handle (handle); |
900 | GNUNET_free (handle->scopes); | ||
901 | token_destroy (handle->token); | ||
902 | ticket_destroy (handle->ticket); | ||
903 | GNUNET_free (handle); | ||
904 | GNUNET_free (irm); | 924 | GNUNET_free (irm); |
905 | GNUNET_free (token_ticket_str); | 925 | GNUNET_free (token_ticket_str); |
906 | } | 926 | } |
@@ -922,7 +942,6 @@ sign_and_return_token (void *cls, | |||
922 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | 942 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; |
923 | struct IssueHandle *handle = cls; | 943 | struct IssueHandle *handle = cls; |
924 | struct GNUNET_GNSRECORD_Data token_record[2]; | 944 | struct GNUNET_GNSRECORD_Data token_record[2]; |
925 | struct GNUNET_TIME_Relative etime_rel; | ||
926 | char *lbl_str; | 945 | char *lbl_str; |
927 | char *nonce_str; | 946 | char *nonce_str; |
928 | char *enc_token_str; | 947 | char *enc_token_str; |
@@ -946,31 +965,19 @@ sign_and_return_token (void *cls, | |||
946 | &lbl_str); | 965 | &lbl_str); |
947 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, | 966 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, |
948 | &pub_key); | 967 | &pub_key); |
949 | |||
950 | handle->ticket = ticket_create (nonce_str, | 968 | handle->ticket = ticket_create (nonce_str, |
951 | &pub_key, | 969 | &pub_key, |
952 | lbl_str, | 970 | lbl_str, |
953 | &handle->aud_key); | 971 | &handle->aud_key); |
954 | 972 | ||
955 | |||
956 | if (GNUNET_OK != | ||
957 | GNUNET_STRINGS_fancy_time_to_relative ("1d", //TODO | ||
958 | &etime_rel)) | ||
959 | { | ||
960 | ticket_destroy (handle->ticket); | ||
961 | GNUNET_free (handle); | ||
962 | GNUNET_SCHEDULER_add_now (&do_shutdown, handle); | ||
963 | return; | ||
964 | } | ||
965 | time = GNUNET_TIME_absolute_get().abs_value_us; | 973 | time = GNUNET_TIME_absolute_get().abs_value_us; |
966 | exp_time = time + etime_rel.rel_value_us; | 974 | exp_time = time + token_expiration_interval.rel_value_us; |
967 | 975 | ||
968 | token_add_json (handle->token, "nbf", json_integer (time)); | 976 | token_add_json (handle->token, "nbf", json_integer (time)); |
969 | token_add_json (handle->token, "iat", json_integer (time)); | 977 | token_add_json (handle->token, "iat", json_integer (time)); |
970 | token_add_json (handle->token, "exp", json_integer (exp_time)); | 978 | token_add_json (handle->token, "exp", json_integer (exp_time)); |
971 | token_add_attr (handle->token, "nonce", nonce_str); | 979 | token_add_attr (handle->token, "nonce", nonce_str); |
972 | 980 | ||
973 | |||
974 | //Token in a serialized encrypted format | 981 | //Token in a serialized encrypted format |
975 | GNUNET_assert (token_serialize (handle->token, | 982 | GNUNET_assert (token_serialize (handle->token, |
976 | &handle->iss_key, | 983 | &handle->iss_key, |
@@ -996,8 +1003,6 @@ sign_and_return_token (void *cls, | |||
996 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); | 1003 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); |
997 | memcpy (write_ptr, handle->scopes, strlen (handle->scopes) + 1); //with 0-Terminator; | 1004 | memcpy (write_ptr, handle->scopes, strlen (handle->scopes) + 1); //with 0-Terminator; |
998 | 1005 | ||
999 | GNUNET_free (ecdhe_privkey); | ||
1000 | |||
1001 | token_record[1].data = token_metadata; | 1006 | token_record[1].data = token_metadata; |
1002 | token_record[1].data_size = token_metadata_len; | 1007 | token_record[1].data_size = token_metadata_len; |
1003 | token_record[1].expiration_time = exp_time; | 1008 | token_record[1].expiration_time = exp_time; |
@@ -1010,8 +1015,9 @@ sign_and_return_token (void *cls, | |||
1010 | lbl_str, | 1015 | lbl_str, |
1011 | 2, | 1016 | 2, |
1012 | token_record, | 1017 | token_record, |
1013 | &store_token_issue_cont, | 1018 | &store_token_issue_cont, |
1014 | handle); | 1019 | handle); |
1020 | GNUNET_free (ecdhe_privkey); | ||
1015 | GNUNET_free (lbl_str); | 1021 | GNUNET_free (lbl_str); |
1016 | GNUNET_free (nonce_str); | 1022 | GNUNET_free (nonce_str); |
1017 | GNUNET_free (enc_token_str); | 1023 | GNUNET_free (enc_token_str); |
@@ -1100,6 +1106,16 @@ attr_collect (void *cls, | |||
1100 | } | 1106 | } |
1101 | 1107 | ||
1102 | static void | 1108 | static void |
1109 | cleanup_exchange_handle (struct ExchangeHandle *handle) | ||
1110 | { | ||
1111 | if (NULL != handle->ticket) | ||
1112 | ticket_destroy (handle->ticket); | ||
1113 | if (NULL != handle->token) | ||
1114 | token_destroy (handle->token); | ||
1115 | GNUNET_free (handle); | ||
1116 | } | ||
1117 | |||
1118 | static void | ||
1103 | process_lookup_result (void *cls, uint32_t rd_count, | 1119 | process_lookup_result (void *cls, uint32_t rd_count, |
1104 | const struct GNUNET_GNSRECORD_Data *rd) | 1120 | const struct GNUNET_GNSRECORD_Data *rd) |
1105 | { | 1121 | { |
@@ -1114,8 +1130,7 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1114 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1130 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1115 | "Number of tokens %d != 2.", | 1131 | "Number of tokens %d != 2.", |
1116 | rd_count); | 1132 | rd_count); |
1117 | GNUNET_free (handle->label); | 1133 | cleanup_exchange_handle (handle); |
1118 | GNUNET_free (handle); | ||
1119 | GNUNET_SCHEDULER_add_now (&do_shutdown, handle); | 1134 | GNUNET_SCHEDULER_add_now (&do_shutdown, handle); |
1120 | return; | 1135 | return; |
1121 | } | 1136 | } |
@@ -1142,11 +1157,10 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1142 | &erm->header, | 1157 | &erm->header, |
1143 | GNUNET_NO); | 1158 | GNUNET_NO); |
1144 | GNUNET_SERVER_client_set_user_context (handle->client, NULL); | 1159 | GNUNET_SERVER_client_set_user_context (handle->client, NULL); |
1145 | ticket_destroy (handle->ticket); | 1160 | |
1146 | token_destroy (handle->token); | 1161 | cleanup_exchange_handle (handle); |
1147 | GNUNET_free (record_str); | 1162 | GNUNET_free (record_str); |
1148 | GNUNET_free (token_str); | 1163 | GNUNET_free (token_str); |
1149 | GNUNET_free (handle); | ||
1150 | GNUNET_free (erm); | 1164 | GNUNET_free (erm); |
1151 | 1165 | ||
1152 | } | 1166 | } |
@@ -1184,7 +1198,7 @@ handle_exchange_message (void *cls, | |||
1184 | ticket); | 1198 | ticket); |
1185 | xchange_handle = GNUNET_malloc (sizeof (struct ExchangeHandle)); | 1199 | xchange_handle = GNUNET_malloc (sizeof (struct ExchangeHandle)); |
1186 | xchange_handle->aud_privkey = em->aud_privkey; | 1200 | xchange_handle->aud_privkey = em->aud_privkey; |
1187 | 1201 | ||
1188 | if (GNUNET_SYSERR == ticket_parse (ticket, | 1202 | if (GNUNET_SYSERR == ticket_parse (ticket, |
1189 | &xchange_handle->aud_privkey, | 1203 | &xchange_handle->aud_privkey, |
1190 | &xchange_handle->ticket)) | 1204 | &xchange_handle->ticket)) |
@@ -1228,8 +1242,9 @@ handle_issue_message (void *cls, | |||
1228 | const struct GNUNET_MessageHeader *message) | 1242 | const struct GNUNET_MessageHeader *message) |
1229 | { | 1243 | { |
1230 | const struct GNUNET_IDENTITY_PROVIDER_IssueMessage *im; | 1244 | const struct GNUNET_IDENTITY_PROVIDER_IssueMessage *im; |
1231 | uint16_t size; | ||
1232 | const char *scopes; | 1245 | const char *scopes; |
1246 | |||
1247 | uint16_t size; | ||
1233 | char *scopes_tmp; | 1248 | char *scopes_tmp; |
1234 | char *scope; | 1249 | char *scope; |
1235 | struct GNUNET_HashCode key; | 1250 | struct GNUNET_HashCode key; |
@@ -1282,8 +1297,6 @@ handle_issue_message (void *cls, | |||
1282 | &im->iss_key, | 1297 | &im->iss_key, |
1283 | &attr_collect, | 1298 | &attr_collect, |
1284 | issue_handle); | 1299 | issue_handle); |
1285 | |||
1286 | |||
1287 | } | 1300 | } |
1288 | 1301 | ||
1289 | /** | 1302 | /** |
@@ -1329,6 +1342,20 @@ run (void *cls, | |||
1329 | identity_handle = GNUNET_IDENTITY_connect (cfg, | 1342 | identity_handle = GNUNET_IDENTITY_connect (cfg, |
1330 | &list_ego, | 1343 | &list_ego, |
1331 | NULL); | 1344 | NULL); |
1345 | |||
1346 | if (GNUNET_OK == | ||
1347 | GNUNET_CONFIGURATION_get_value_time (cfg, | ||
1348 | "identity-provider", | ||
1349 | "TOKEN_EXPIRATION_INTERVAL", | ||
1350 | &token_expiration_interval)) | ||
1351 | { | ||
1352 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1353 | "Time window for zone iteration: %s\n", | ||
1354 | GNUNET_STRINGS_relative_time_to_string (token_expiration_interval, | ||
1355 | GNUNET_YES)); | ||
1356 | } else { | ||
1357 | token_expiration_interval = DEFAULT_TOKEN_EXPIRATION_INTERVAL; | ||
1358 | } | ||
1332 | 1359 | ||
1333 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, | 1360 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, |
1334 | &do_shutdown, NULL); | 1361 | &do_shutdown, NULL); |
diff --git a/src/identity-provider/identity-provider.conf b/src/identity-provider/identity-provider.conf new file mode 100644 index 000000000..bac8e69ed --- /dev/null +++ b/src/identity-provider/identity-provider.conf | |||
@@ -0,0 +1,12 @@ | |||
1 | [identity-provider] | ||
2 | AUTOSTART = NO | ||
3 | USER_SERVICE = YES | ||
4 | #PORT = 2108 | ||
5 | HOSTNAME = localhost | ||
6 | BINARY = gnunet-service-identity-provider | ||
7 | ACCEPT_FROM = 127.0.0.1; | ||
8 | ACCEPT_FROM6 = ::1; | ||
9 | UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-identity-provider.sock | ||
10 | UNIX_MATCH_UID = NO | ||
11 | UNIX_MATCH_GID = YES | ||
12 | TOKEN_EXPIRATION_INTERVAL = 30 m | ||