From b30b04c856bdf40136c5e1b39c5a455fc6c29f50 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 26 Jun 2018 08:20:05 +0200 Subject: disable test_psyc2, ftbfs --- src/psyc/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/psyc/Makefile.am b/src/psyc/Makefile.am index 26db608f3..d5c797f52 100644 --- a/src/psyc/Makefile.am +++ b/src/psyc/Makefile.am @@ -48,8 +48,8 @@ gnunet_service_psyc_CFLAGS = $(AM_CFLAGS) if HAVE_TESTING -check_PROGRAMS = \ - test_psyc2 +#check_PROGRAMS = \ +# test_psyc2 # test_psyc endif -- cgit v1.2.3 From 2c6dcff9bd500678ef35eeb404995f4f56ab2136 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Thu, 28 Jun 2018 19:32:08 +0000 Subject: documentation: in chapter contributing update gpl to agpl3 when it refers to code. Signed-off-by: Nils Gillmann --- doc/documentation/chapters/contributing.texi | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/documentation/chapters/contributing.texi b/doc/documentation/chapters/contributing.texi index 745acca77..dc87de3d6 100644 --- a/doc/documentation/chapters/contributing.texi +++ b/doc/documentation/chapters/contributing.texi @@ -11,12 +11,14 @@ @node Contributing to GNUnet @section Contributing to GNUnet +@cindex licenses +@cindex licenses of contributions @node Licenses of contributions @section Licenses of contributions GNUnet is a @uref{https://www.gnu.org/, GNU} package. All code contributions must thus be put under the -@uref{https://www.gnu.org/copyleft/gpl.html, GNU Public License (GPL)}. +@uref{https://www.gnu.org/licenses/agpl.html, GNU Affero Public License (AGPL)}. All documentation should be put under FSF approved licenses (see @uref{https://www.gnu.org/copyleft/fdl.html, fdl}). @@ -40,7 +42,7 @@ rights, and in particular is allowed to dual-license the code. You retain non-exclusive rights to your contributions, so you can also share your contributions freely with other projects. -GNUnet e.V. will publish all accepted contributions under the GPLv3 +GNUnet e.V. will publish all accepted contributions under the AGPLv3 or any later version. The association may decide to publish contributions under additional licenses (dual-licensing). -- cgit v1.2.3 From c4dfb182855e4d38170ca99c9de3b16713f80bd4 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Thu, 28 Jun 2018 19:35:29 +0000 Subject: include the agpl-3.0 license text in the book Signed-off-by: Nils Gillmann --- doc/documentation/Makefile.am | 5 +- doc/documentation/agpl-3.0.texi | 698 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 701 insertions(+), 2 deletions(-) create mode 100644 doc/documentation/agpl-3.0.texi diff --git a/doc/documentation/Makefile.am b/doc/documentation/Makefile.am index 0ee81304e..b6c666c4d 100644 --- a/doc/documentation/Makefile.am +++ b/doc/documentation/Makefile.am @@ -144,6 +144,7 @@ DISTCLEANFILES = \ chapters/terminology.cps \ chapters/vocabulary.cps \ fdl-1.3.cps \ + agpl-3.0.cps \ gpl-3.0.cps # if HAVE_EXTENDED_DOCUMENTATION_BUILDING @@ -166,8 +167,8 @@ lego_stack.png: images/lego_stack.svg # echo "@set EDITION $(PACKAGE_VERSION)" >> $@ # echo "@set VERSION $(PACKAGE_VERSION)" >> $@ -# Workaround for makeinfo error. Whcih in turn introduces more -# date-related 'warnings'. Well. +# Workaround for makeinfo error. Which in turn introduces more +# date-related 'warnings' for GNUism. Well. version2.texi: echo "@set UPDATED $(date +'%d %B %Y')" > $@ echo "@set UPDATED-MONTH $(date +'%B %Y')" >> $@ diff --git a/doc/documentation/agpl-3.0.texi b/doc/documentation/agpl-3.0.texi new file mode 100644 index 000000000..eabb0c6df --- /dev/null +++ b/doc/documentation/agpl-3.0.texi @@ -0,0 +1,698 @@ +@c The GNU Affero General Public License. +@center Version 3, 19 November 2007 + +@c This file is intended to be included within another document, +@c hence no sectioning command or @node. + +@display +Copyright @copyright{} 2007 Free Software Foundation, Inc. @url{https://fsf.org/} + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. +@end display + +@heading Preamble + +The GNU Affero General Public License is a free, copyleft license +for software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are +designed to take away your freedom to share and change the works. By +contrast, our General Public Licenses are intended to guarantee your +freedom to share and change all versions of a program--to make sure it +remains free software for all its users. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + +A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + +The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + +An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + +The precise terms and conditions for copying, distribution and +modification follow. + +@heading TERMS AND CONDITIONS + +@enumerate 0 +@item Definitions. + +``This License'' refers to version 3 of the GNU Affero General Public License. + +``Copyright'' also means copyright-like laws that apply to other kinds +of works, such as semiconductor masks. + +``The Program'' refers to any copyrightable work licensed under this +License. Each licensee is addressed as ``you''. ``Licensees'' and +``recipients'' may be individuals or organizations. + +To ``modify'' a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of +an exact copy. The resulting work is called a ``modified version'' of +the earlier work or a work ``based on'' the earlier work. + +A ``covered work'' means either the unmodified Program or a work based +on the Program. + +To ``propagate'' a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To ``convey'' a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user +through a computer network, with no transfer of a copy, is not +conveying. + +An interactive user interface displays ``Appropriate Legal Notices'' to +the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +@item Source Code. + +The ``source code'' for a work means the preferred form of the work for +making modifications to it. ``Object code'' means any non-source form +of a work. + +A ``Standard Interface'' means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The ``System Libraries'' of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +``Major Component'', in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The ``Corresponding Source'' for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can +regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same +work. + +@item Basic Permissions. + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, +without conditions so long as your license otherwise remains in force. +You may convey covered works to others for the sole purpose of having +them make modifications exclusively for you, or provide you with +facilities for running those works, provided that you comply with the +terms of this License in conveying all material for which you do not +control copyright. Those thus making or running the covered works for +you must do so exclusively on your behalf, under your direction and +control, on terms that prohibit them from making any copies of your +copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the +conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + +@item Protecting Users' Legal Rights From Anti-Circumvention Law. + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such +circumvention is effected by exercising rights under this License with +respect to the covered work, and you disclaim any intention to limit +operation or modification of the work as a means of enforcing, against +the work's users, your or third parties' legal rights to forbid +circumvention of technological measures. + +@item Conveying Verbatim Copies. + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +@item Conveying Modified Source Versions. + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these +conditions: + +@enumerate a +@item +The work must carry prominent notices stating that you modified it, +and giving a relevant date. + +@item +The work must carry prominent notices stating that it is released +under this License and any conditions added under section 7. This +requirement modifies the requirement in section 4 to ``keep intact all +notices''. + +@item +You must license the entire work, as a whole, under this License to +anyone who comes into possession of a copy. This License will +therefore apply, along with any applicable section 7 additional terms, +to the whole of the work, and all its parts, regardless of how they +are packaged. This License gives no permission to license the work in +any other way, but it does not invalidate such permission if you have +separately received it. + +@item +If the work has interactive user interfaces, each must display +Appropriate Legal Notices; however, if the Program has interactive +interfaces that do not display Appropriate Legal Notices, your work +need not make them do so. +@end enumerate + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +``aggregate'' if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +@item Conveying Non-Source Forms. + +You may convey a covered work in object code form under the terms of +sections 4 and 5, provided that you also convey the machine-readable +Corresponding Source under the terms of this License, in one of these +ways: + +@enumerate a +@item +Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by the +Corresponding Source fixed on a durable physical medium customarily +used for software interchange. + +@item +Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by a written +offer, valid for at least three years and valid for as long as you +offer spare parts or customer support for that product model, to give +anyone who possesses the object code either (1) a copy of the +Corresponding Source for all the software in the product that is +covered by this License, on a durable physical medium customarily used +for software interchange, for a price no more than your reasonable +cost of physically performing this conveying of source, or (2) access +to copy the Corresponding Source from a network server at no charge. + +@item +Convey individual copies of the object code with a copy of the written +offer to provide the Corresponding Source. This alternative is +allowed only occasionally and noncommercially, and only if you +received the object code with such an offer, in accord with subsection +6b. + +@item +Convey the object code by offering access from a designated place +(gratis or for a charge), and offer equivalent access to the +Corresponding Source in the same way through the same place at no +further charge. You need not require recipients to copy the +Corresponding Source along with the object code. If the place to copy +the object code is a network server, the Corresponding Source may be +on a different server (operated by you or a third party) that supports +equivalent copying facilities, provided you maintain clear directions +next to the object code saying where to find the Corresponding Source. +Regardless of what server hosts the Corresponding Source, you remain +obligated to ensure that it is available for as long as needed to +satisfy these requirements. + +@item +Convey the object code using peer-to-peer transmission, provided you +inform other peers where the object code and Corresponding Source of +the work are being offered to the general public at no charge under +subsection 6d. + +@end enumerate + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A ``User Product'' is either (1) a ``consumer product'', which means any +tangible personal property which is normally used for personal, +family, or household purposes, or (2) anything designed or sold for +incorporation into a dwelling. In determining whether a product is a +consumer product, doubtful cases shall be resolved in favor of +coverage. For a particular product received by a particular user, +``normally used'' refers to a typical or common use of that class of +product, regardless of the status of the particular user or of the way +in which the particular user actually uses, or expects or is expected +to use, the product. A product is a consumer product regardless of +whether the product has substantial commercial, industrial or +non-consumer uses, unless such uses represent the only significant +mode of use of the product. + +``Installation Information'' for a User Product means any methods, +procedures, authorization keys, or other information required to +install and execute modified versions of a covered work in that User +Product from a modified version of its Corresponding Source. The +information must suffice to ensure that the continued functioning of +the modified object code is in no case prevented or interfered with +solely because modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or +updates for a work that has been modified or installed by the +recipient, or for the User Product in which it has been modified or +installed. Access to a network may be denied when the modification +itself materially and adversely affects the operation of the network +or violates the rules and protocols for communication across the +network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +@item Additional Terms. + +``Additional permissions'' are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders +of that material) supplement the terms of this License with terms: + +@enumerate a +@item +Disclaiming warranty or limiting liability differently from the terms +of sections 15 and 16 of this License; or + +@item +Requiring preservation of specified reasonable legal notices or author +attributions in that material or in the Appropriate Legal Notices +displayed by works containing it; or + +@item +Prohibiting misrepresentation of the origin of that material, or +requiring that modified versions of such material be marked in +reasonable ways as different from the original version; or + +@item +Limiting the use for publicity purposes of names of licensors or +authors of the material; or + +@item +Declining to grant rights under trademark law for use of some trade +names, trademarks, or service marks; or + +@item +Requiring indemnification of licensors and authors of that material by +anyone who conveys the material (or modified versions of it) with +contractual assumptions of liability to the recipient, for any +liability that these contractual assumptions directly impose on those +licensors and authors. +@end enumerate + +All other non-permissive additional terms are considered ``further +restrictions'' within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; the +above requirements apply either way. + +@item Termination. + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your license +from a particular copyright holder is reinstated (a) provisionally, +unless and until the copyright holder explicitly and finally +terminates your license, and (b) permanently, if the copyright holder +fails to notify you of the violation by some reasonable means prior to +60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +@item Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run +a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +@item Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An ``entity transaction'' is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +@item Patents. + +A ``contributor'' is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's ``contributor version''. + +A contributor's ``essential patent claims'' are all patent claims owned +or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, ``control'' includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a ``patent license'' is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To ``grant'' such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. ``Knowingly relying'' means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is ``discriminatory'' if it does not include within the +scope of its coverage, prohibits the exercise of, or is conditioned on +the non-exercise of one or more of the rights that are specifically +granted under this License. You may not convey a covered work if you +are a party to an arrangement with a third party that is in the +business of distributing software, under which you make payment to the +third party based on the extent of your activity of conveying the +work, and under which the third party grants, to any of the parties +who would receive the covered work from you, a discriminatory patent +license (a) in connection with copies of the covered work conveyed by +you (or copies made from those copies), or (b) primarily for and in +connection with specific products or compilations that contain the +covered work, unless you entered into that arrangement, or that patent +license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +@item No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey +a covered work so as to satisfy simultaneously your obligations under +this License and any other pertinent obligations, then as a +consequence you may not convey it at all. For example, if you agree +to terms that obligate you to collect a royalty for further conveying +from those to whom you convey the Program, the only way you could +satisfy both those terms and this License would be to refrain entirely +from conveying the Program. + +@item Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users interacting +with it remotely through a computer network (if your version supports such +interaction) an opportunity to receive the Corresponding Source of your +version by providing access to the Corresponding Source from a network +server at no charge, through some standard or customary means of +facilitating copying of software. This Corresponding Source shall include +the Corresponding Source for any work covered by version 3 of the GNU +General Public License that is incorporated pursuant to the following +paragraph. + +Notwithstanding any other provision of this License, you have permission to +link or combine any covered work with a work licensed under version 3 of +the GNU General Public License into a single combined work, and to convey +the resulting work. The terms of this License will continue to apply to +the part which is the covered work, but the work with which it is combined +will remain governed by version 3 of the GNU General Public License. + +@item Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions +of the GNU Affero General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies that a certain numbered version of the GNU Affero General Public +License ``or any later version'' applies to it, you have the option of +following the terms and conditions either of that numbered version or +of any later version published by the Free Software Foundation. If +the Program does not specify a version number of the GNU Affero General +Public License, you may choose any version ever published by the Free +Software Foundation. + +If the Program specifies that a proxy can decide which future versions +of the GNU Affero General Public License can be used, that proxy's public +statement of acceptance of a version permanently authorizes you to +choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +@item Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM ``AS IS'' WITHOUT +WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND +PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE +DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR +CORRECTION. + +@item Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR +CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES +ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT +NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR +LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM +TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER +PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +@item Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + +@end enumerate + +@heading END OF TERMS AND CONDITIONS + +@heading How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + +To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the ``copyright'' line and a pointer to where the full notice is found. + +@smallexample +@var{one line to give the program's name and a brief idea of what it does.} +Copyright (C) @var{year} @var{name of author} + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see @url{https://www.gnu.org/licenses/}. +@end smallexample + +Also add information on how to contact you by electronic and paper mail. + +If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a ``Source'' link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + +You should also get your employer (if you work as a programmer) or school, +if any, to sign a ``copyright disclaimer'' for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +@url{https://www.gnu.org/licenses/}. -- cgit v1.2.3 From 81dfffc5beac5b94ad0b6834eeeab9dfcac3a9f3 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Thu, 28 Jun 2018 19:35:51 +0000 Subject: fix Signed-off-by: Nils Gillmann --- doc/documentation/gnunet.texi | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index 2ef5a2b59..12b52f35c 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi @@ -226,6 +226,12 @@ GNUnet Developer Handbook @cindex license, GNU General Public License @include gpl-3.0.texi +@c ********************************************************************* +@node GNU Affero General Public License +@appendix GNU Affero General Public License +@cindex license, GNU Affero General Public License +@include agpl-3.0.texi + @c ********************************************************************* @node Concept Index @unnumbered Concept Index -- cgit v1.2.3 From 8a9a639ad45d0900e185221f015bb64936361629 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 28 Jun 2018 23:47:51 +0200 Subject: fix documentation: add missing section to menu --- doc/documentation/gnunet.texi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index 12b52f35c..c1905e899 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi @@ -90,7 +90,8 @@ This document is the Reference Manual for GNUnet version @value{VERSION}. * GNUnet Contributors Handbook:: Contributing to GNUnet * GNUnet Developer Handbook:: Developing GNUnet * GNU Free Documentation License:: The license of this manual -* GNU General Public License:: The license of this manual +* GNU General Public License:: +* GNU Affero General Public License:: * Concept Index:: Concepts * Programming Index:: Data types, functions, and variables -- cgit v1.2.3 From 2bd272b4e4f779ca0a1dd4b52bb710be5c68a7bd Mon Sep 17 00:00:00 2001 From: lurchi Date: Fri, 29 Jun 2018 00:01:48 +0200 Subject: introduce API functions for duplicating the DNSPARSER record types --- src/include/gnunet_dnsparser_lib.h | 53 +++++++++++++++++ src/util/dnsparser.c | 116 +++++++++++++++++++++++++++++++++++++ 2 files changed, 169 insertions(+) diff --git a/src/include/gnunet_dnsparser_lib.h b/src/include/gnunet_dnsparser_lib.h index ba1392510..0fc6ac19c 100644 --- a/src/include/gnunet_dnsparser_lib.h +++ b/src/include/gnunet_dnsparser_lib.h @@ -82,6 +82,7 @@ #define GNUNET_DNSPARSER_TYPE_OPENPGPKEY 61 #define GNUNET_DNSPARSER_TYPE_TKEY 249 #define GNUNET_DNSPARSER_TYPE_TSIG 250 +#define GNUNET_DNSPARSER_TYPE_ALL 255 #define GNUNET_DNSPARSER_TYPE_URI 256 #define GNUNET_DNSPARSER_TYPE_TA 32768 @@ -840,6 +841,58 @@ GNUNET_DNSPARSER_parse_srv (const char *udp_payload, size_t udp_payload_length, size_t *off); +/* ***************** low-level duplication API ******************** */ + +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_Record * +GNUNET_DNSPARSER_duplicate_record (const struct GNUNET_DNSPARSER_Record *r); + + +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_SoaRecord * +GNUNET_DNSPARSER_duplicate_soa_record (const struct GNUNET_DNSPARSER_SoaRecord *r); + + +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_CertRecord * +GNUNET_DNSPARSER_duplicate_cert_record (const struct GNUNET_DNSPARSER_CertRecord *r); + + +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_MxRecord * +GNUNET_DNSPARSER_duplicate_mx_record (const struct GNUNET_DNSPARSER_MxRecord *r); + + +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_SrvRecord * +GNUNET_DNSPARSER_duplicate_srv_record (const struct GNUNET_DNSPARSER_SrvRecord *r); + + /* ***************** low-level deallocation API ******************** */ /** diff --git a/src/util/dnsparser.c b/src/util/dnsparser.c index cce68f2ee..57d0a014c 100644 --- a/src/util/dnsparser.c +++ b/src/util/dnsparser.c @@ -758,6 +758,122 @@ GNUNET_DNSPARSER_parse (const char *udp_payload, } +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_Record * +GNUNET_DNSPARSER_duplicate_record (const struct GNUNET_DNSPARSER_Record *r) +{ + struct GNUNET_DNSPARSER_Record *dup = GNUNET_memdup (r, sizeof (*r)); + + dup->name = GNUNET_strdup (r->name); + switch (r->type) + { + case GNUNET_DNSPARSER_TYPE_NS: + case GNUNET_DNSPARSER_TYPE_CNAME: + case GNUNET_DNSPARSER_TYPE_PTR: + { + dup->data.hostname = GNUNET_strdup (r->data.hostname); + break; + } + case GNUNET_DNSPARSER_TYPE_SOA: + { + dup->data.soa = GNUNET_DNSPARSER_duplicate_soa_record (r->data.soa); + break; + } + case GNUNET_DNSPARSER_TYPE_CERT: + { + dup->data.cert = GNUNET_DNSPARSER_duplicate_cert_record (r->data.cert); + break; + } + case GNUNET_DNSPARSER_TYPE_MX: + { + dup->data.mx = GNUNET_DNSPARSER_duplicate_mx_record (r->data.mx); + break; + } + case GNUNET_DNSPARSER_TYPE_SRV: + { + dup->data.srv = GNUNET_DNSPARSER_duplicate_srv_record (r->data.srv); + break; + } + default: + { + dup->data.raw.data = GNUNET_memdup (r->data.raw.data, + r->data.raw.data_len); + } + } + return dup; +} + + +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_SoaRecord * +GNUNET_DNSPARSER_duplicate_soa_record (const struct GNUNET_DNSPARSER_SoaRecord *r) +{ + struct GNUNET_DNSPARSER_SoaRecord *dup = GNUNET_memdup (r, sizeof (*r)); + + dup->mname = GNUNET_strdup (r->mname); + dup->rname = GNUNET_strdup (r->rname); + return dup; +} + + +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_CertRecord * +GNUNET_DNSPARSER_duplicate_cert_record (const struct GNUNET_DNSPARSER_CertRecord *r) +{ + struct GNUNET_DNSPARSER_CertRecord *dup = GNUNET_memdup (r, sizeof (*r)); + + dup->certificate_data = GNUNET_strdup (r->certificate_data); + return dup; +} + + +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_MxRecord * +GNUNET_DNSPARSER_duplicate_mx_record (const struct GNUNET_DNSPARSER_MxRecord *r) +{ + struct GNUNET_DNSPARSER_MxRecord *dup = GNUNET_memdup (r, sizeof (*r)); + + dup->mxhost = GNUNET_strdup (r->mxhost); + return dup; +} + + +/** + * Duplicate (deep-copy) the given DNS record + * + * @param r the record + * @return the newly allocated record + */ +struct GNUNET_DNSPARSER_SrvRecord * +GNUNET_DNSPARSER_duplicate_srv_record (const struct GNUNET_DNSPARSER_SrvRecord *r) +{ + struct GNUNET_DNSPARSER_SrvRecord *dup = GNUNET_memdup (r, sizeof (*r)); + + dup->target = GNUNET_strdup (r->target); + return dup; +} + + /** * Free memory taken by a packet. * -- cgit v1.2.3 From 7c04b23c8c80e06257706facf74a92bfec7a9914 Mon Sep 17 00:00:00 2001 From: lurchi Date: Fri, 29 Jun 2018 00:04:25 +0200 Subject: Allow dereferenced pointers as input for GNUNET_array_grow and GNUNET_xgrow This is now possible: char ***server_addrs = NULL unsigned int len = 0 GNUNET_array_append (*server_addrs, len, "8.8.8.8"); --- src/include/gnunet_common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/include/gnunet_common.h b/src/include/gnunet_common.h index b4bf5b0aa..1b982cc15 100644 --- a/src/include/gnunet_common.h +++ b/src/include/gnunet_common.h @@ -1074,7 +1074,7 @@ GNUNET_ntoh_double (double d); * @param tsize the target size for the resulting vector, use 0 to * free the vector (then, arr will be NULL afterwards). */ -#define GNUNET_array_grow(arr,size,tsize) GNUNET_xgrow_((void**)&arr, sizeof(arr[0]), &size, tsize, __FILE__, __LINE__) +#define GNUNET_array_grow(arr,size,tsize) GNUNET_xgrow_((void**)&(arr), sizeof((arr)[0]), &size, tsize, __FILE__, __LINE__) /** * @ingroup memory @@ -1089,7 +1089,7 @@ GNUNET_ntoh_double (double d); * array size * @param element the element that will be appended to the array */ -#define GNUNET_array_append(arr,size,element) do { GNUNET_array_grow(arr,size,size+1); arr[size-1] = element; } while(0) +#define GNUNET_array_append(arr,size,element) do { GNUNET_array_grow(arr,size,size+1); (arr)[size-1] = element; } while(0) /** * @ingroup memory -- cgit v1.2.3 From e7e14740d619777613734cec9400c33cfd30fc3d Mon Sep 17 00:00:00 2001 From: lurchi Date: Fri, 29 Jun 2018 00:10:08 +0200 Subject: Use the DNSPARSER and DNSSTUB libraries in the resolver service We are not using the libc functions anymore for forward and backup DNS resolutions and the DNSPARSER and DNSSTUB libraries instead. This has the advantage that the APIs are asynchronous now and thus multiple DNS resolutions can be done in parallel. This breaks support for Windows and other operating systems that don't use /etc/resolv.conf for defining DNS servers. For fixing this the function lookup_dns_servers can be extended with different lookup mechanisms. --- src/util/gnunet-service-resolver.c | 1161 ++++++++++++++++-------------------- src/util/resolver.h | 4 +- src/util/resolver_api.c | 26 +- 3 files changed, 532 insertions(+), 659 deletions(-) diff --git a/src/util/gnunet-service-resolver.c b/src/util/gnunet-service-resolver.c index d90d8ec10..d5d608b2f 100644 --- a/src/util/gnunet-service-resolver.c +++ b/src/util/gnunet-service-resolver.c @@ -27,721 +27,547 @@ #include "gnunet_statistics_service.h" #include "resolver.h" + +struct Record +{ + struct Record *next; + + struct Record *prev; + + struct GNUNET_DNSPARSER_Record *record; +}; + /** - * A cached DNS lookup result (for reverse lookup). + * A cached DNS lookup result. */ -struct IPCache +struct ResolveCache { /** * This is a doubly linked list. */ - struct IPCache *next; + struct ResolveCache *next; /** * This is a doubly linked list. */ - struct IPCache *prev; + struct ResolveCache *prev; /** - * Hostname in human-readable form. + * type of queried DNS record */ - char *addr; + uint16_t record_type; /** - * Binary IP address, allocated at the end of this struct. + * a pointer to the request_id if a query for this hostname/record_type + * is currently pending, NULL otherwise. */ - const void *ip; + int16_t *request_id; + + struct GNUNET_SERVICE_Client *client; /** - * Last time this entry was updated. + * head of a double linked list containing the lookup results */ - struct GNUNET_TIME_Absolute last_refresh; + struct Record *records_head; /** - * Last time this entry was requested. + * tail of a double linked list containing the lookup results */ - struct GNUNET_TIME_Absolute last_request; + struct Record *records_tail; /** - * Number of bytes in ip. + * handle for cancelling a request */ - size_t ip_len; + struct GNUNET_DNSSTUB_RequestSocket *resolve_handle; /** - * Address family of the IP. + * handle for the resolution timeout task */ - int af; + struct GNUNET_SCHEDULER_Task *timeout_task; + }; /** * Start of the linked list of cached DNS lookup results. */ -static struct IPCache *cache_head; +static struct ResolveCache *cache_head; /** * Tail of the linked list of cached DNS lookup results. */ -static struct IPCache *cache_tail; +static struct ResolveCache *cache_tail; /** - * Pipe for asynchronously notifying about resolve result + * context of dnsstub library */ -static struct GNUNET_DISK_PipeHandle *resolve_result_pipe; - -/** - * Task for reading from resolve_result_pipe - */ -static struct GNUNET_SCHEDULER_Task *resolve_result_pipe_task; +static struct GNUNET_DNSSTUB_Context *dnsstub_ctx; -#if HAVE_GETNAMEINFO -/** - * Resolve the given request using getnameinfo - * - * @param cache the request to resolve (and where to store the result) - */ -static void -getnameinfo_resolve (struct IPCache *cache) +void free_cache_entry (struct ResolveCache *entry) { - char hostname[256]; - const struct sockaddr *sa; - struct sockaddr_in v4; - struct sockaddr_in6 v6; - size_t salen; - int ret; - - switch (cache->af) + struct Record *pos; + struct Record *next; + + next = entry->records_head; + while (NULL != (pos = next)) { - case AF_INET: - GNUNET_assert (cache->ip_len == sizeof (struct in_addr)); - sa = (const struct sockaddr*) &v4; - memset (&v4, 0, sizeof (v4)); - v4.sin_addr = * (const struct in_addr*) cache->ip; - v4.sin_family = AF_INET; -#if HAVE_SOCKADDR_IN_SIN_LEN - v4.sin_len = sizeof (v4); -#endif - salen = sizeof (v4); - break; - case AF_INET6: - GNUNET_assert (cache->ip_len == sizeof (struct in6_addr)); - sa = (const struct sockaddr*) &v6; - memset (&v6, 0, sizeof (v6)); - v6.sin6_addr = * (const struct in6_addr*) cache->ip; - v6.sin6_family = AF_INET6; -#if HAVE_SOCKADDR_IN_SIN_LEN - v6.sin6_len = sizeof (v6); -#endif - salen = sizeof (v6); - break; - default: - GNUNET_assert (0); + next = pos->next; + GNUNET_CONTAINER_DLL_remove (entry->records_head, + entry->records_tail, + pos); + if (NULL != pos->record) + { + GNUNET_DNSPARSER_free_record (pos->record); + GNUNET_free (pos->record); + } + GNUNET_free (pos); } - - if (0 == - (ret = getnameinfo (sa, salen, - hostname, sizeof (hostname), - NULL, - 0, 0))) + if (NULL != entry->resolve_handle) { - cache->addr = GNUNET_strdup (hostname); + GNUNET_DNSSTUB_resolve_cancel (entry->resolve_handle); + entry->resolve_handle = NULL; } - else + if (NULL != entry->timeout_task) { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "getnameinfo failed: %s\n", - gai_strerror (ret)); + GNUNET_SCHEDULER_cancel (entry->timeout_task); + entry->timeout_task = NULL; } + GNUNET_free_non_null (entry->request_id); + GNUNET_free (entry); } -#endif -#if HAVE_GETHOSTBYADDR +static char* +extract_dns_server (const char* line, size_t line_len) +{ + if (0 == strncmp (line, "nameserver ", 11)) + return GNUNET_strndup (line + 11, line_len - 11); + return NULL; +} + + /** - * Resolve the given request using gethostbyaddr + * reads the list of nameservers from /etc/resolve.conf * - * @param cache the request to resolve (and where to store the result) + * @param server_addrs[out] a list of null-terminated server address strings + * @return the number of server addresses in @server_addrs, -1 on error */ -static void -gethostbyaddr_resolve (struct IPCache *cache) +static ssize_t +lookup_dns_servers (char ***server_addrs) { - struct hostent *ent; - - ent = gethostbyaddr (cache->ip, - cache->ip_len, - cache->af); - if (NULL != ent) + struct GNUNET_DISK_FileHandle *fh; + char buf[2048]; + ssize_t bytes_read; + size_t read_offset = 0; + unsigned int num_dns_servers = 0; + + fh = GNUNET_DISK_file_open ("/etc/resolv.conf", + GNUNET_DISK_OPEN_READ, + GNUNET_DISK_PERM_NONE); + if (NULL == fh) { - cache->addr = GNUNET_strdup (ent->h_name); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Could not open /etc/resolv.conf. " + "DNS resolution will not be possible.\n"); + return -1; } - else + bytes_read = GNUNET_DISK_file_read (fh, + buf, + sizeof (buf)); + *server_addrs = NULL; + while (read_offset < bytes_read) { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "gethostbyaddr failed: %s\n", - hstrerror (h_errno)); + char *newline; + size_t line_len; + char *dns_server; + + newline = strchr (buf + read_offset, '\n'); + if (NULL == newline) + { + break; + } + line_len = newline - buf - read_offset; + dns_server = extract_dns_server (buf + read_offset, line_len); + if (NULL != dns_server) + { + GNUNET_array_append (*server_addrs, + num_dns_servers, + dns_server); + } + read_offset += line_len + 1; } + GNUNET_DISK_file_close (fh); + return num_dns_servers; } -#endif -/** - * Resolve the given request using the available methods. - * - * @param cache the request to resolve (and where to store the result) - */ -static void -cache_resolve (struct IPCache *cache) +static char * +make_reverse_hostname (const void *ip, int af) { -#if HAVE_GETNAMEINFO - if (NULL == cache->addr) - getnameinfo_resolve (cache); -#endif -#if HAVE_GETHOSTBYADDR - if (NULL == cache->addr) - gethostbyaddr_resolve (cache); -#endif + char *buf = GNUNET_new_array (80, char); + int pos = 0; + if (AF_INET == af) + { + struct in_addr *addr = (struct in_addr *)ip; + uint32_t ip_int = addr->s_addr; + for (int i = 3; i >= 0; i--) + { + int n = GNUNET_snprintf (buf + pos, + 80 - pos, + "%u.", + ((uint8_t *)&ip_int)[i]); + if (n < 0) + { + GNUNET_free (buf); + return NULL; + } + pos += n; + } + pos += GNUNET_snprintf (buf + pos, 80 - pos, "in-addr.arpa"); + } + else if (AF_INET6 == af) + { + struct in6_addr *addr = (struct in6_addr *)ip; + for (int i = 15; i >= 0; i--) + { + int n = GNUNET_snprintf (buf + pos, 80 - pos, "%x.", addr->s6_addr[i] & 0xf); + if (n < 0) + { + GNUNET_free (buf); + return NULL; + } + pos += n; + n = GNUNET_snprintf (buf + pos, 80 - pos, "%x.", addr->s6_addr[i] >> 4); + if (n < 0) + { + GNUNET_free (buf); + return NULL; + } + pos += n; + } + pos += GNUNET_snprintf (buf + pos, 80 - pos, "ip6.arpa"); + } + buf[pos] = '\0'; + return buf; } -/** - * Function called after the replies for the request have all - * been transmitted to the client, and we can now read the next - * request from the client. - * - * @param cls the `struct GNUNET_SERVICE_Client` to continue with - */ static void -notify_service_client_done (void *cls) +send_reply (struct GNUNET_DNSPARSER_Record *record, + uint16_t request_id, + struct GNUNET_SERVICE_Client *client) { - struct GNUNET_SERVICE_Client *client = cls; - - GNUNET_SERVICE_client_continue (client); -} - - -/** - * Get an IP address as a string (works for both IPv4 and IPv6). Note - * that the resolution happens asynchronously and that the first call - * may not immediately result in the FQN (but instead in a - * human-readable IP address). - * - * @param client handle to the client making the request (for sending the reply) - * @param af AF_INET or AF_INET6 - * @param ip `struct in_addr` or `struct in6_addr` - */ -static void -get_ip_as_string (struct GNUNET_SERVICE_Client *client, - int af, - const void *ip, - uint32_t request_id) -{ - struct IPCache *pos; - struct IPCache *next; - struct GNUNET_TIME_Absolute now; - struct GNUNET_MQ_Envelope *env; - struct GNUNET_MQ_Handle *mq; struct GNUNET_RESOLVER_ResponseMessage *msg; - size_t ip_len; - struct in6_addr ix; - size_t alen; + struct GNUNET_MQ_Envelope *env; + void *payload; + size_t payload_len; - switch (af) - { - case AF_INET: - ip_len = sizeof (struct in_addr); - break; - case AF_INET6: - ip_len = sizeof (struct in6_addr); - break; - default: - GNUNET_assert (0); - } - now = GNUNET_TIME_absolute_get (); - next = cache_head; - while ( (NULL != (pos = next)) && - ( (pos->af != af) || - (pos->ip_len != ip_len) || - (0 != memcmp (pos->ip, ip, ip_len))) ) + switch (record->type) { - next = pos->next; - if (GNUNET_TIME_absolute_get_duration (pos->last_request).rel_value_us < - 60 * 60 * 1000 * 1000LL) + case GNUNET_DNSPARSER_TYPE_PTR: { - GNUNET_CONTAINER_DLL_remove (cache_head, - cache_tail, - pos); - GNUNET_free_non_null (pos->addr); - GNUNET_free (pos); - continue; + char *hostname = record->data.hostname; + payload = hostname; + payload_len = strlen (hostname) + 1; + break; } - } - if (NULL != pos) - { - if ( (1 == inet_pton (af, - pos->ip, - &ix)) && - (GNUNET_TIME_absolute_get_duration (pos->last_request).rel_value_us > - 120 * 1000 * 1000LL) ) + case GNUNET_DNSPARSER_TYPE_A: + case GNUNET_DNSPARSER_TYPE_AAAA: { - /* try again if still numeric AND 2 minutes have expired */ - GNUNET_free_non_null (pos->addr); - pos->addr = NULL; - cache_resolve (pos); - pos->last_request = now; + payload = record->data.raw.data; + payload_len = record->data.raw.data_len; + break; + } + default: + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot handle DNS response type: unimplemented\n"); + return; } } - else - { - pos = GNUNET_malloc (sizeof (struct IPCache) + ip_len); - pos->ip = &pos[1]; - GNUNET_memcpy (&pos[1], - ip, - ip_len); - pos->last_request = now; - pos->last_refresh = now; - pos->ip_len = ip_len; - pos->af = af; - GNUNET_CONTAINER_DLL_insert (cache_head, - cache_tail, - pos); - cache_resolve (pos); - } - if (NULL != pos->addr) - alen = strlen (pos->addr) + 1; - else - alen = 0; - mq = GNUNET_SERVICE_client_get_mq (client); env = GNUNET_MQ_msg_extra (msg, - alen, - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); + payload_len, + GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); msg->id = request_id; GNUNET_memcpy (&msg[1], - pos->addr, - alen); - GNUNET_MQ_send (mq, - env); - // send end message - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = request_id; - GNUNET_MQ_notify_sent (env, - ¬ify_service_client_done, - client); - GNUNET_MQ_send (mq, - env); + payload, + payload_len); + GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client), + env); } -#if HAVE_GETADDRINFO_A -struct AsyncCls -{ - struct gaicb *host; - struct sigevent *sig; - struct GNUNET_MQ_Handle *mq; - uint32_t request_id; -}; - - static void -resolve_result_pipe_cb (void *cls) +send_end_msg (uint16_t request_id, + struct GNUNET_SERVICE_Client *client) { - struct AsyncCls *async_cls; - struct gaicb *host; struct GNUNET_RESOLVER_ResponseMessage *msg; struct GNUNET_MQ_Envelope *env; - GNUNET_DISK_file_read (GNUNET_DISK_pipe_handle (resolve_result_pipe, - GNUNET_DISK_PIPE_END_READ), - &async_cls, - sizeof (struct AsyncCls *)); - resolve_result_pipe_task = - GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL, - GNUNET_DISK_pipe_handle (resolve_result_pipe, - GNUNET_DISK_PIPE_END_READ), - &resolve_result_pipe_cb, - NULL); - host = async_cls->host; - for (struct addrinfo *pos = host->ar_result; pos != NULL; pos = pos->ai_next) + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Sending end message\n"); + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); + msg->id = request_id; + GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client), + env); +} + + +static void +handle_resolve_result (void *cls, + const struct GNUNET_TUN_DnsHeader *dns, + size_t dns_len) +{ + struct ResolveCache *cache = cls; + struct GNUNET_DNSPARSER_Packet *parsed; + uint16_t request_id = *cache->request_id; + struct GNUNET_SERVICE_Client *client = cache->client; + + parsed = GNUNET_DNSPARSER_parse ((const char *)dns, + dns_len); + if (NULL == parsed) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to parse DNS reply (request ID %u\n", + request_id); + return; + } + if (request_id != ntohs (parsed->id)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Request ID in DNS reply does not match\n"); + return; + } + else if (0 == parsed->num_answers) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Lookup result for hostname %s: %s (request ID %u)\n", - host->ar_name, - GNUNET_a2s (pos->ai_addr, pos->ai_addrlen), - async_cls->request_id); - switch (pos->ai_family) + "DNS reply (request ID %u) contains no answers\n", + request_id); + GNUNET_CONTAINER_DLL_remove (cache_head, + cache_tail, + cache); + free_cache_entry (cache); + cache = NULL; + } + else + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Got reply for request ID %u\n", + request_id); + for (unsigned int i = 0; i != parsed->num_answers; i++) { - case AF_INET: - env = GNUNET_MQ_msg_extra (msg, - sizeof (struct in_addr), - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = async_cls->request_id; - GNUNET_memcpy (&msg[1], - &((struct sockaddr_in*) pos->ai_addr)->sin_addr, - sizeof (struct in_addr)); - GNUNET_MQ_send (async_cls->mq, - env); - break; - case AF_INET6: - env = GNUNET_MQ_msg_extra (msg, - sizeof (struct in6_addr), - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = async_cls->request_id; - GNUNET_memcpy (&msg[1], - &((struct sockaddr_in6*) pos->ai_addr)->sin6_addr, - sizeof (struct in6_addr)); - GNUNET_MQ_send (async_cls->mq, - env); - break; - default: - /* unsupported, skip */ - break; + struct Record *cache_entry = GNUNET_new (struct Record); + struct GNUNET_DNSPARSER_Record *record = &parsed->answers[i]; + cache_entry->record = GNUNET_DNSPARSER_duplicate_record (record); + GNUNET_CONTAINER_DLL_insert (cache->records_head, + cache->records_tail, + cache_entry); + send_reply (cache_entry->record, + request_id, + cache->client); } + GNUNET_free_non_null (cache->request_id); + cache->request_id = NULL; } - // send end message - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = async_cls->request_id; - GNUNET_MQ_send (async_cls->mq, - env); - freeaddrinfo (host->ar_result); - GNUNET_free ((struct gaicb *)host->ar_request); // free hints - GNUNET_free (host); - GNUNET_free (async_cls->sig); - GNUNET_free (async_cls); + send_end_msg (request_id, + client); + if (NULL != cache) + cache->client = NULL; + GNUNET_SCHEDULER_cancel (cache->timeout_task); + GNUNET_DNSSTUB_resolve_cancel (cache->resolve_handle); + cache->timeout_task = NULL; + cache->resolve_handle = NULL; + GNUNET_DNSPARSER_free_packet (parsed); } static void -handle_async_result (union sigval val) +handle_resolve_timeout (void *cls) { - GNUNET_DISK_file_write (GNUNET_DISK_pipe_handle (resolve_result_pipe, - GNUNET_DISK_PIPE_END_WRITE), - &val.sival_ptr, - sizeof (val.sival_ptr)); + struct ResolveCache *cache = cls; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "timeout!\n"); + if (NULL != cache->resolve_handle) + { + GNUNET_DNSSTUB_resolve_cancel (cache->resolve_handle); + cache->resolve_handle = NULL; + } + GNUNET_CONTAINER_DLL_remove (cache_head, + cache_tail, + cache); + free_cache_entry (cache); } static int -getaddrinfo_a_resolve (struct GNUNET_MQ_Handle *mq, - const char *hostname, - int af, - uint32_t request_id) +resolve_and_cache (const char* hostname, + uint16_t record_type, + uint16_t request_id, + struct GNUNET_SERVICE_Client *client) { - int ret; - struct gaicb *host; - struct addrinfo *hints; - struct sigevent *sig; - struct AsyncCls *async_cls; - - host = GNUNET_new (struct gaicb); - hints = GNUNET_new (struct addrinfo); - sig = GNUNET_new (struct sigevent); - async_cls = GNUNET_new (struct AsyncCls); - memset (hints, + char *packet_buf; + size_t packet_size; + struct GNUNET_DNSPARSER_Query query; + struct GNUNET_DNSPARSER_Packet packet; + struct ResolveCache *cache; + struct GNUNET_TIME_Relative timeout = + GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5); + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "resolve_and_cache\n"); + query.name = (char *)hostname; + query.type = record_type; + query.dns_traffic_class = GNUNET_TUN_DNS_CLASS_INTERNET; + memset (&packet, 0, - sizeof (struct addrinfo)); - memset (sig, - 0, - sizeof (struct sigevent)); - hints->ai_family = af; - hints->ai_socktype = SOCK_STREAM; /* go for TCP */ - host->ar_name = hostname; - host->ar_service = NULL; - host->ar_request = hints; - host->ar_result = NULL; - sig->sigev_notify = SIGEV_THREAD; - sig->sigev_value.sival_ptr = async_cls; - sig->sigev_notify_function = &handle_async_result; - async_cls->host = host; - async_cls->sig = sig; - async_cls->mq = mq; - async_cls->request_id = request_id; - ret = getaddrinfo_a (GAI_NOWAIT, - &host, - 1, - sig); - if (0 != ret) + sizeof (packet)); + packet.num_queries = 1; + packet.queries = &query; + packet.id = htons (request_id); + packet.flags.recursion_desired = 1; + if (GNUNET_OK != + GNUNET_DNSPARSER_pack (&packet, + UINT16_MAX, + &packet_buf, + &packet_size)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to pack query for hostname `%s'\n", + hostname); return GNUNET_SYSERR; + + } + cache = GNUNET_malloc (sizeof (struct ResolveCache)); + cache->record_type = record_type; + cache->request_id = GNUNET_memdup (&request_id, sizeof (request_id)); + cache->client = client; + cache->timeout_task = GNUNET_SCHEDULER_add_delayed (timeout, + &handle_resolve_timeout, + cache); + cache->resolve_handle = + GNUNET_DNSSTUB_resolve (dnsstub_ctx, + packet_buf, + packet_size, + &handle_resolve_result, + cache); + GNUNET_CONTAINER_DLL_insert (cache_head, + cache_tail, + cache); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "resolve %s, request_id = %u\n", + hostname, + request_id); + GNUNET_free (packet_buf); return GNUNET_OK; } -#elif HAVE_GETADDRINFO -static int -getaddrinfo_resolve (struct GNUNET_MQ_Handle *mq, - const char *hostname, - int af, - uint32_t request_id) +static const char * +get_hostname (struct ResolveCache *cache_entry) { - int s; - struct addrinfo hints; - struct addrinfo *result; - struct addrinfo *pos; - struct GNUNET_RESOLVER_ResponseMessage *msg; - struct GNUNET_MQ_Envelope *env; - -#ifdef WINDOWS - /* Due to a bug, getaddrinfo will not return a mix of different families */ - if (AF_UNSPEC == af) - { - int ret1; - int ret2; - ret1 = getaddrinfo_resolve (mq, - hostname, - AF_INET, - request_id); - ret2 = getaddrinfo_resolve (mq, - hostname, - AF_INET6, - request_id); - if ( (ret1 == GNUNET_OK) || - (ret2 == GNUNET_OK) ) - return GNUNET_OK; - if ( (ret1 == GNUNET_SYSERR) || - (ret2 == GNUNET_SYSERR) ) - return GNUNET_SYSERR; - return GNUNET_NO; - } -#endif - - memset (&hints, - 0, - sizeof (struct addrinfo)); - hints.ai_family = af; - hints.ai_socktype = SOCK_STREAM; /* go for TCP */ - - if (0 != (s = getaddrinfo (hostname, - NULL, - &hints, - &result))) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - _("Could not resolve `%s' (%s): %s\n"), - hostname, - (af == - AF_INET) ? "IPv4" : ((af == AF_INET6) ? "IPv6" : "any"), - gai_strerror (s)); - if ( (s == EAI_BADFLAGS) || -#ifndef WINDOWS - (s == EAI_SYSTEM) || -#endif - (s == EAI_MEMORY) ) - return GNUNET_NO; /* other function may still succeed */ - return GNUNET_SYSERR; - } - if (NULL == result) - return GNUNET_SYSERR; - for (pos = result; pos != NULL; pos = pos->ai_next) + if (NULL != cache_entry->records_head) { - switch (pos->ai_family) - { - case AF_INET: - env = GNUNET_MQ_msg_extra (msg, - sizeof (struct in_addr), - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = request_id; - GNUNET_memcpy (&msg[1], - &((struct sockaddr_in*) pos->ai_addr)->sin_addr, - sizeof (struct in_addr)); - GNUNET_MQ_send (mq, - env); - break; - case AF_INET6: - env = GNUNET_MQ_msg_extra (msg, - sizeof (struct in6_addr), - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = request_id; - GNUNET_memcpy (&msg[1], - &((struct sockaddr_in6*) pos->ai_addr)->sin6_addr, - sizeof (struct in6_addr)); - GNUNET_MQ_send (mq, - env); - break; - default: - /* unsupported, skip */ - break; - } + GNUNET_assert (NULL != cache_entry->records_head); + GNUNET_assert (NULL != cache_entry->records_head->record); + GNUNET_assert (NULL != cache_entry->records_head->record->name); + return cache_entry->records_head->record->name; } - freeaddrinfo (result); - return GNUNET_OK; + return NULL; } -#elif HAVE_GETHOSTBYNAME2 - - -static int -gethostbyname2_resolve (struct GNUNET_MQ_Handle *mq, - const char *hostname, - int af, - uint32_t request_id) +static const uint16_t * +get_record_type (struct ResolveCache *cache_entry) { - struct hostent *hp; - int ret1; - int ret2; - struct GNUNET_MQ_Envelope *env; - struct GNUNET_RESOLVER_ResponseMessage *msg; + if (NULL != cache_entry->records_head) + return &cache_entry->record_type; + return NULL; +} -#ifdef WINDOWS - /* gethostbyname2() in plibc is a compat dummy that calls gethostbyname(). */ - return GNUNET_NO; -#endif - if (af == AF_UNSPEC) - { - ret1 = gethostbyname2_resolve (mq, - hostname, - AF_INET, - request_id); - ret2 = gethostbyname2_resolve (mq, - hostname, - AF_INET6, - request_id); - if ( (ret1 == GNUNET_OK) || - (ret2 == GNUNET_OK) ) - return GNUNET_OK; - if ( (ret1 == GNUNET_SYSERR) || - (ret2 == GNUNET_SYSERR) ) - return GNUNET_SYSERR; - return GNUNET_NO; - } - hp = gethostbyname2 (hostname, - af); - if (hp == NULL) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - _("Could not find IP of host `%s': %s\n"), - hostname, - hstrerror (h_errno)); - return GNUNET_SYSERR; - } - GNUNET_assert (hp->h_addrtype == af); - switch (af) - { - case AF_INET: - GNUNET_assert (hp->h_length == sizeof (struct in_addr)); - env = GNUNET_MQ_msg_extra (msg, - hp->h_length, - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = request_id; - GNUNET_memcpy (&msg[1], - hp->h_addr_list[0], - hp->h_length); - GNUNET_MQ_send (mq, - env); - break; - case AF_INET6: - GNUNET_assert (hp->h_length == sizeof (struct in6_addr)); - env = GNUNET_MQ_msg_extra (msg, - hp->h_length, - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = request_id; - GNUNET_memcpy (&msg[1], - hp->h_addr_list[0], - hp->h_length); - GNUNET_MQ_send (mq, - env); - break; - default: - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; +static const struct GNUNET_TIME_Absolute * +get_expiration_time (struct ResolveCache *cache_entry) +{ + if (NULL != cache_entry->records_head) + return &cache_entry->records_head->record->expiration_time; + return NULL; } -#elif HAVE_GETHOSTBYNAME - static int -gethostbyname_resolve (struct GNUNET_MQ_Handle *mq, - const char *hostname, - uint32_t request_id) +remove_if_expired (struct ResolveCache *cache_entry) { - struct hostent *hp; - struct GNUNET_RESOLVER_ResponseMessage *msg; - struct GNUNET_MQ_Envelope *env; + struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); - hp = GETHOSTBYNAME (hostname); - if (NULL == hp) + if ( (NULL != cache_entry->records_head) && + (now.abs_value_us > get_expiration_time (cache_entry)->abs_value_us) ) { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - _("Could not find IP of host `%s': %s\n"), - hostname, - hstrerror (h_errno)); - return GNUNET_SYSERR; - } - if (hp->h_addrtype != AF_INET) - { - GNUNET_break (0); - return GNUNET_SYSERR; + GNUNET_CONTAINER_DLL_remove (cache_head, + cache_tail, + cache_entry); + free_cache_entry (cache_entry); + return GNUNET_YES; } - GNUNET_assert (hp->h_length == sizeof (struct in_addr)); - env = GNUNET_MQ_msg_extra (msg, - hp->h_length, - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = request_id; - GNUNET_memcpy (&msg[1], - hp->h_addr_list[0], - hp->h_length); - GNUNET_MQ_send (mq, - env); - return GNUNET_OK; + return GNUNET_NO; } -#endif /** - * Convert a string to an IP address. + * Get an IP address as a string (works for both IPv4 and IPv6). Note + * that the resolution happens asynchronously and that the first call + * may not immediately result in the FQN (but instead in a + * human-readable IP address). * - * @param client where to send the IP address - * @param hostname the hostname to resolve - * @param af AF_INET or AF_INET6; use AF_UNSPEC for "any" + * @param client handle to the client making the request (for sending the reply) + * @param af AF_INET or AF_INET6 + * @param ip `struct in_addr` or `struct in6_addr` */ -static void -get_ip_from_hostname (struct GNUNET_SERVICE_Client *client, - const char *hostname, - int af, - uint32_t request_id) +static int +try_cache (const char *hostname, + uint16_t record_type, + uint16_t request_id, + struct GNUNET_SERVICE_Client *client) { - struct GNUNET_MQ_Envelope *env; - struct GNUNET_RESOLVER_ResponseMessage *msg; - struct GNUNET_MQ_Handle *mq; - - mq = GNUNET_SERVICE_client_get_mq (client); -#if HAVE_GETADDRINFO_A - getaddrinfo_a_resolve (mq, - hostname, - af, - request_id); - GNUNET_SERVICE_client_continue (client); - return; -#elif HAVE_GETADDRINFO - getaddrinfo_resolve (mq, - hostname, - af, - request_id); -#elif HAVE_GETHOSTBYNAME2 - gethostbyname2_resolve (mq, - hostname, - af, - request_id); -#elif HAVE_GETHOSTBYNAME - if ( ( (af == AF_UNSPEC) || - (af == PF_INET) ) ) - gethostbyname_resolve (mq, - hostname, - request_id); -#endif - // send end message - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE); - msg->id = request_id; - GNUNET_MQ_notify_sent (env, - ¬ify_service_client_done, - client); - GNUNET_MQ_send (mq, - env); + struct ResolveCache *pos; + struct ResolveCache *next; + + next = cache_head; + while ( (NULL != (pos = next)) && + ( (NULL == pos->records_head) || + (0 != strcmp (get_hostname (pos), hostname)) || + (*get_record_type (pos) != record_type) ) ) + { + next = pos->next; + remove_if_expired (pos); + } + if (NULL != pos) + { + if (GNUNET_NO == remove_if_expired (pos)) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "found cache entry for '%s', record type '%u'\n", + hostname, + record_type); + struct Record *cache_pos = pos->records_head; + while (NULL != cache_pos) + { + send_reply (cache_pos->record, + request_id, + client); + cache_pos = cache_pos->next; + } + send_end_msg (request_id, + client); + return GNUNET_YES; + } + } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "no cache entry for '%s'\n", + hostname); + return GNUNET_NO; } @@ -801,6 +627,23 @@ check_get (void *cls, } +static void +process_get (const char *hostname, + uint16_t record_type, + uint16_t request_id, + struct GNUNET_SERVICE_Client *client) +{ + if (GNUNET_NO == try_cache (hostname, record_type, request_id, client)) + { + int result = resolve_and_cache (hostname, + record_type, + request_id, + client); + GNUNET_assert (GNUNET_OK == result); + } +} + + /** * Handle GET-message. * @@ -812,45 +655,100 @@ handle_get (void *cls, const struct GNUNET_RESOLVER_GetMessage *msg) { struct GNUNET_SERVICE_Client *client = cls; - const void *ip; int direction; int af; - uint32_t id; + uint16_t request_id; + const char *hostname; direction = ntohl (msg->direction); af = ntohl (msg->af); - id = ntohl (msg->id); + request_id = ntohs (msg->id); if (GNUNET_NO == direction) { /* IP from hostname */ - const char *hostname; - - hostname = (const char *) &msg[1]; - get_ip_from_hostname (client, - hostname, - af, - id); - return; + hostname = GNUNET_strdup ((const char *) &msg[1]); + switch (af) + { + case AF_UNSPEC: + { + process_get (hostname, GNUNET_DNSPARSER_TYPE_ALL, request_id, client); + break; + } + case AF_INET: + { + process_get (hostname, GNUNET_DNSPARSER_TYPE_A, request_id, client); + break; + } + case AF_INET6: + { + process_get (hostname, GNUNET_DNSPARSER_TYPE_AAAA, request_id, client); + break; + } + default: + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "got invalid af: %d\n", + af); + GNUNET_assert (0); + } + } } - ip = &msg[1]; + else + { + /* hostname from IP */ + hostname = make_reverse_hostname (&msg[1], af); + process_get (hostname, GNUNET_DNSPARSER_TYPE_PTR, request_id, client); + } + GNUNET_free_non_null ((char *)hostname); + GNUNET_SERVICE_client_continue (client); +} + -#if !defined(GNUNET_CULL_LOGGING) +static void +shutdown_task (void *cls) +{ + (void) cls; + struct ResolveCache *pos; + + while (NULL != (pos = cache_head)) { - char buf[INET6_ADDRSTRLEN]; + GNUNET_CONTAINER_DLL_remove (cache_head, + cache_tail, + pos); + free_cache_entry (pos); + } + GNUNET_DNSSTUB_stop (dnsstub_ctx); +} + +static void +init_cb (void *cls, + const struct GNUNET_CONFIGURATION_Handle *cfg, + struct GNUNET_SERVICE_Handle *sh) +{ + (void) cfg; + (void) sh; + + GNUNET_SCHEDULER_add_shutdown (&shutdown_task, + cls); + dnsstub_ctx = GNUNET_DNSSTUB_start (128); + char **dns_servers; + ssize_t num_dns_servers = lookup_dns_servers (&dns_servers); + if (0 == num_dns_servers) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "no DNS server available. DNS resolution will not be possible.\n"); + } + for (int i = 0; i != num_dns_servers; i++) + { + int result = GNUNET_DNSSTUB_add_dns_ip (dnsstub_ctx, dns_servers[i]); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Resolver asked to look up IP address `%s (request ID %u)'.\n", - inet_ntop (af, - ip, - buf, - sizeof (buf)), - id); + "Adding DNS server '%s': %s\n", + dns_servers[i], + GNUNET_OK == result ? "success" : "failure"); + GNUNET_free (dns_servers[i]); } -#endif - get_ip_as_string (client, - af, - ip, - id); + GNUNET_free_non_null (dns_servers); } @@ -870,19 +768,6 @@ connect_cb (void *cls, (void) cls; (void) mq; -#if HAVE_GETADDRINFO_A - resolve_result_pipe = GNUNET_DISK_pipe (GNUNET_NO, - GNUNET_NO, - GNUNET_NO, - GNUNET_NO); - GNUNET_assert (NULL != resolve_result_pipe); - resolve_result_pipe_task = - GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL, - GNUNET_DISK_pipe_handle (resolve_result_pipe, - GNUNET_DISK_PIPE_END_READ), - &resolve_result_pipe_cb, - NULL); -#endif return c; } @@ -900,19 +785,16 @@ disconnect_cb (void *cls, void *internal_cls) { (void) cls; + struct ResolveCache *pos = cache_head; -#if HAVE_GETADDRINFO_A - if (NULL != resolve_result_pipe_task) - { - GNUNET_SCHEDULER_cancel (resolve_result_pipe_task); - resolve_result_pipe_task = NULL; - } - if (NULL != resolve_result_pipe) + while (NULL != pos) { - GNUNET_DISK_pipe_close (resolve_result_pipe); - resolve_result_pipe = NULL; + if (pos->client == c) + { + pos->client = NULL; + } + pos = pos->next; } -#endif GNUNET_assert (c == internal_cls); } @@ -923,7 +805,7 @@ disconnect_cb (void *cls, GNUNET_SERVICE_MAIN ("resolver", GNUNET_SERVICE_OPTION_NONE, - NULL, + &init_cb, &connect_cb, &disconnect_cb, NULL, @@ -950,23 +832,4 @@ GNUNET_RESOLVER_memory_init () #endif -/** - * Free globals on exit. - */ -void __attribute__ ((destructor)) -GNUNET_RESOLVER_memory_done () -{ - struct IPCache *pos; - - while (NULL != (pos = cache_head)) - { - GNUNET_CONTAINER_DLL_remove (cache_head, - cache_tail, - pos); - GNUNET_free_non_null (pos->addr); - GNUNET_free (pos); - } -} - - /* end of gnunet-service-resolver.c */ diff --git a/src/util/resolver.h b/src/util/resolver.h index a0f105afa..07851d052 100644 --- a/src/util/resolver.h +++ b/src/util/resolver.h @@ -60,7 +60,7 @@ struct GNUNET_RESOLVER_GetMessage * identifies the request and is contained in the response message. The * client has to match response to request by this identifier. */ - uint32_t id GNUNET_PACKED; + uint16_t id GNUNET_PACKED; /* followed by 0-terminated string for A/AAAA-lookup or by 'struct in_addr' / 'struct in6_addr' for reverse lookup */ @@ -79,7 +79,7 @@ struct GNUNET_RESOLVER_ResponseMessage * identifies the request this message responds to. The client * has to match response to request by this identifier. */ - uint32_t id GNUNET_PACKED; + uint16_t id GNUNET_PACKED; /* followed by 0-terminated string for response to a reverse lookup * or by 'struct in_addr' / 'struct in6_addr' for response to diff --git a/src/util/resolver_api.c b/src/util/resolver_api.c index b94819f06..8a054327b 100644 --- a/src/util/resolver_api.c +++ b/src/util/resolver_api.c @@ -68,10 +68,10 @@ static struct GNUNET_RESOLVER_RequestHandle *req_head; */ static struct GNUNET_RESOLVER_RequestHandle *req_tail; -/** - * ID of the last request we sent to the service - */ -static uint32_t last_request_id; +///** +// * ID of the last request we sent to the service +// */ +//static uint16_t last_request_id; /** * How long should we wait to reconnect? @@ -445,7 +445,7 @@ process_requests () GNUNET_MESSAGE_TYPE_RESOLVER_REQUEST); msg->direction = htonl (rh->direction); msg->af = htonl (rh->af); - msg->id = htonl (rh->id); + msg->id = htons (rh->id); GNUNET_memcpy (&msg[1], &rh[1], rh->data_len); @@ -491,7 +491,7 @@ handle_response (void *cls, struct GNUNET_RESOLVER_RequestHandle *rh = req_head; uint16_t size; char *nret; - uint32_t request_id = msg->id; + uint16_t request_id = msg->id; for (; rh != NULL; rh = rh->next) { @@ -911,6 +911,14 @@ handle_lookup_timeout (void *cls) } +static uint16_t +get_request_id () +{ + return (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, + UINT16_MAX); +} + + /** * Convert a string to one or more IP addresses. * @@ -945,7 +953,8 @@ GNUNET_RESOLVER_ip_get (const char *hostname, hostname); rh = GNUNET_malloc (sizeof (struct GNUNET_RESOLVER_RequestHandle) + slen); rh->af = af; - rh->id = ++last_request_id; + //rh->id = ++last_request_id; + rh->id = get_request_id (); rh->addr_callback = callback; rh->cls = callback_cls; GNUNET_memcpy (&rh[1], @@ -1092,7 +1101,8 @@ GNUNET_RESOLVER_hostname_get (const struct sockaddr *sa, rh->name_callback = callback; rh->cls = cls; rh->af = sa->sa_family; - rh->id = ++last_request_id; + //rh->id = ++last_request_id; + rh->id = get_request_id (); rh->timeout = GNUNET_TIME_relative_to_absolute (timeout); GNUNET_memcpy (&rh[1], ip, -- cgit v1.2.3 From 059aa99083b26474f9fa55ad218c611f67db8e1e Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Fri, 29 Jun 2018 00:15:42 +0200 Subject: fix cadet api: handle shutdon correctly --- src/cadet/cadet_api.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/cadet/cadet_api.c b/src/cadet/cadet_api.c index 85a8be522..319279110 100644 --- a/src/cadet/cadet_api.c +++ b/src/cadet/cadet_api.c @@ -1253,18 +1253,21 @@ GNUNET_CADET_disconnect (struct GNUNET_CADET_Handle *handle) void GNUNET_CADET_close_port (struct GNUNET_CADET_Port *p) { - struct GNUNET_CADET_PortMessage *msg; - struct GNUNET_MQ_Envelope *env; - GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multihashmap_remove (p->cadet->ports, &p->id, p)); - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_CADET_LOCAL_PORT_CLOSE); - msg->port = p->id; - GNUNET_MQ_send (p->cadet->mq, - env); + if (NULL != p->cadet->mq) + { + struct GNUNET_CADET_PortMessage *msg; + struct GNUNET_MQ_Envelope *env; + + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_CADET_LOCAL_PORT_CLOSE); + msg->port = p->id; + GNUNET_MQ_send (p->cadet->mq, + env); + } GNUNET_free_non_null (p->handlers); GNUNET_free (p); } -- cgit v1.2.3 From b9754b34dd6460da9e4789fcb3cb8b0f0d95b0ca Mon Sep 17 00:00:00 2001 From: lurchi Date: Fri, 29 Jun 2018 00:23:37 +0200 Subject: add documentatioN --- src/util/gnunet-service-resolver.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/util/gnunet-service-resolver.c b/src/util/gnunet-service-resolver.c index d5d608b2f..d2464846c 100644 --- a/src/util/gnunet-service-resolver.c +++ b/src/util/gnunet-service-resolver.c @@ -63,6 +63,9 @@ struct ResolveCache */ int16_t *request_id; + /** + * The client that queried the records contained in this cache entry. + */ struct GNUNET_SERVICE_Client *client; /** -- cgit v1.2.3 From 9a407ea7b33ae9146f275b670600880661237995 Mon Sep 17 00:00:00 2001 From: lurchi Date: Fri, 29 Jun 2018 00:44:23 +0200 Subject: fix segfault --- src/util/gnunet-service-resolver.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/util/gnunet-service-resolver.c b/src/util/gnunet-service-resolver.c index d2464846c..5b890261b 100644 --- a/src/util/gnunet-service-resolver.c +++ b/src/util/gnunet-service-resolver.c @@ -378,10 +378,19 @@ handle_resolve_result (void *cls, client); if (NULL != cache) cache->client = NULL; - GNUNET_SCHEDULER_cancel (cache->timeout_task); - GNUNET_DNSSTUB_resolve_cancel (cache->resolve_handle); - cache->timeout_task = NULL; - cache->resolve_handle = NULL; + if (NULL != cache) + { + if (NULL != cache->timeout_task) + { + GNUNET_SCHEDULER_cancel (cache->timeout_task); + cache->timeout_task = NULL; + } + if (NULL != cache->resolve_handle) + { + GNUNET_DNSSTUB_resolve_cancel (cache->resolve_handle); + cache->resolve_handle = NULL; + } + } GNUNET_DNSPARSER_free_packet (parsed); } -- cgit v1.2.3 From d73a5008c715bd9fe607e43eff9cd7655dcd3b49 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Fri, 29 Jun 2018 06:17:25 +0000 Subject: Move wip'ish share of shepherd service to https://d.n0.is/pub/tmp/ where it is regulary updated Signed-off-by: Nils Gillmann --- contrib/services/shepherd/ng0_wip/.gitignore | 1 - .../00001-gnu-services-Add-gnunet-service.patch | 186 ----------------- .../0001-gnu-services-Add-gnunet-service.patch | 225 --------------------- .../001-gnu-services-Add-gnunet-service.patch | 204 ------------------- contrib/services/shepherd/ng0_wip/README | 11 - contrib/services/shepherd/ng0_wip/gnunet.scm | 173 ---------------- .../shepherd/ng0_wip/janneke-os-modified.scm | 62 ------ 7 files changed, 862 deletions(-) delete mode 100644 contrib/services/shepherd/ng0_wip/.gitignore delete mode 100644 contrib/services/shepherd/ng0_wip/00001-gnu-services-Add-gnunet-service.patch delete mode 100644 contrib/services/shepherd/ng0_wip/0001-gnu-services-Add-gnunet-service.patch delete mode 100644 contrib/services/shepherd/ng0_wip/001-gnu-services-Add-gnunet-service.patch delete mode 100644 contrib/services/shepherd/ng0_wip/README delete mode 100644 contrib/services/shepherd/ng0_wip/gnunet.scm delete mode 100644 contrib/services/shepherd/ng0_wip/janneke-os-modified.scm diff --git a/contrib/services/shepherd/ng0_wip/.gitignore b/contrib/services/shepherd/ng0_wip/.gitignore deleted file mode 100644 index 9b974979a..000000000 --- a/contrib/services/shepherd/ng0_wip/.gitignore +++ /dev/null @@ -1 +0,0 @@ -!*.patch \ No newline at end of file diff --git a/contrib/services/shepherd/ng0_wip/00001-gnu-services-Add-gnunet-service.patch b/contrib/services/shepherd/ng0_wip/00001-gnu-services-Add-gnunet-service.patch deleted file mode 100644 index 609a0a5ef..000000000 --- a/contrib/services/shepherd/ng0_wip/00001-gnu-services-Add-gnunet-service.patch +++ /dev/null @@ -1,186 +0,0 @@ -From 60a4c0f7c60ef705db17561fd3e930bbe11730c9 Mon Sep 17 00:00:00 2001 -From: ng0 -Date: Mon, 12 Sep 2016 12:26:52 +0000 -Subject: [PATCH] gnu: services: Add gnunet-service. - -* gnu/services/networking.scm (gnunet): New service. - -Signed-off-by: Nils Gillmann ---- - doc/guix.texi | 36 ++++++++++++++ - gnu/services/networking.scm | 93 ++++++++++++++++++++++++++++++++++++- - 2 files changed, 128 insertions(+), 1 deletion(-) - -diff --git a/doc/guix.texi b/doc/guix.texi -index d925b4eda..eb7b409d7 100644 ---- a/doc/guix.texi -+++ b/doc/guix.texi -@@ -11016,6 +11016,42 @@ Package object of the Open vSwitch. - @end table - @end deftp - -+@cindex GNUnet -+@cindex gnunet -+@subsubheading GNUnet Service -+ -+@deffn {Scheme Variable} gnunet-service-type -+This is the type of the @uref{https://gnunet.org, GNUnet} -+service, whose value should be an @code{gnunet-configuration} object -+as in this example: -+ -+@example -+(service gnunet-service-type -+ (gnunet-configuration -+ (config-file (local-file "./gnunet.conf")))) -+@end example -+@end deffn -+ -+@deftp {Data Type} gnunet-configuration -+Data type representing the configuration of GNUnet. -+ -+@table @asis -+@item @code{package} (default: @var{gnunet}) -+Package object of the GNUnet service. -+ -+@item @code{config-file} (default: @var{%default-gnunet-file}) -+File-like object of the GNUnet configuration file to use. For NAT is -+assumes by default that you are behind a NAT (@var{BEHIND_NAT = YES}) -+and enables UPNP (@var{ENABLE_UPNP = YES}). -+The hostlist is configured with the options @var{-b} (bootstrap using -+configured hostlist servers) and @var{-e} (enable learning advertised hostlists). -+Read the configuration files in @var{"~/.guix-profile/share/gnunet/config.d/"} -+for more information. These files also set the defaults when you don't set -+any explicit values to override them. -+ -+@end table -+@end deftp -+ - @node X Window - @subsubsection X Window - -diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm -index b0c23aafc..0ff20e707 100644 ---- a/gnu/services/networking.scm -+++ b/gnu/services/networking.scm -@@ -5,6 +5,7 @@ - ;;; Copyright © 2016 John Darrington - ;;; Copyright © 2017 Clément Lassieur - ;;; Copyright © 2017 Thomas Danckaert -+;;; Copyright © 2017 ng0 - ;;; - ;;; This file is part of GNU Guix. - ;;; -@@ -29,6 +30,7 @@ - #:use-module (gnu system pam) - #:use-module (gnu packages admin) - #:use-module (gnu packages connman) -+ #:use-module (gnu packages gnunet) - #:use-module (gnu packages linux) - #:use-module (gnu packages tor) - #:use-module (gnu packages messaging) -@@ -92,7 +94,12 @@ - wpa-supplicant-service-type - - openvswitch-service-type -- openvswitch-configuration)) -+ openvswitch-configuration -+ -+ gnunet-configuration -+ gnunet-configuration? -+ gnunet-service -+ gnunet-service-type)) - - ;;; Commentary: - ;;; -@@ -1125,4 +1132,88 @@ a network connection manager.")))) - switch designed to enable massive network automation through programmatic - extension."))) - -+;;; -+;;; GNUnet -+;;; -+ -+(define-record-type* -+ gnunet-configuration make-gnunet-configuration -+ gnunet-configuration? -+ (package gnunet-configuration-package -+ (default gnunet)) -+ (config-file gnunet-configuration-config-file -+ (default %default-gnunet-config-file))) -+ -+(define %default-gnunet-config-file -+ (plain-file "gnunet.conf" " -+[PATHS] -+SERVICEHOME = /var/lib/gnunet -+GNUNET_CONFIG_HOME = /var/lib/gnunet -+ -+[arm] -+SYSTEM_ONLY = YES -+USER_ONLY = NO -+ -+[nat] -+BEHIND_NAT = YES -+ENABLE_UPNP = YES -+ -+[hostlist] -+OPTIONS = -b -e -+")) -+ -+(define gnunet-shepherd-service -+ (match-lambda -+ (($ package config-file) -+ (list (shepherd-service -+ (provision '(gnunet)) -+ (requirement '(loopback)) -+ (documentation "Run the GNUnet service.") -+ (start -+ (let ((gnunet -+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) -+ #~(make-forkexec-constructor -+ (list #$gnunet "-c" #$config-file) -+ #:log-file "/var/log/gnunet.log" -+ #:pid-file "/var/run/gnunet.pid"))) -+ (stop -+ #~(make-kill-destructor))))))) -+ -+(define %gnunet-accounts -+ (list (user-group -+ (name "gnunetdns") -+ (system? #t)) -+ (user-group -+ (name "gnunet") -+ (system? #t)) -+ (user-account -+ (name "gnunet") -+ (group "gnunet") -+ (system? #t) -+ (comment "GNUnet system user") -+ (home-directory "/var/lib/gnunet") -+ (shell #~(string-append #$shadow "/sbin/nologin"))))) -+ -+(define gnunet-activation -+ (match-lambda -+ (($ package config-file) -+ (let ((gnunet -+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) -+ #~(begin -+ ;; Create the .config + .cache for gnunet user -+ (mkdir-p "/var/lib/gnunet/.config/gnunet") -+ (mkdir-p "/var/lib/gnunet/.cache/gnunet")))))) -+ -+(define gnunet-service-type -+ (service-type -+ (name 'gnunet) -+ (extensions (list (service-extension account-service-type -+ (const %gnunet-accounts)) -+ (service-extension activation-service-type -+ gnunet-activation) -+ (service-extension profile-service-type -+ (compose list gnunet-configuration-package)) -+ (service-extension shepherd-root-service-type -+ gnunet-shepherd-service))))) -+ - ;;; networking.scm ends here --- -2.17.0 - diff --git a/contrib/services/shepherd/ng0_wip/0001-gnu-services-Add-gnunet-service.patch b/contrib/services/shepherd/ng0_wip/0001-gnu-services-Add-gnunet-service.patch deleted file mode 100644 index a494434e0..000000000 --- a/contrib/services/shepherd/ng0_wip/0001-gnu-services-Add-gnunet-service.patch +++ /dev/null @@ -1,225 +0,0 @@ -From 434b05bc1a11b4865c0bd634281acd91dfce972c Mon Sep 17 00:00:00 2001 -From: ng0 -Date: Mon, 12 Sep 2016 12:26:52 +0000 -Subject: [PATCH] gnu: services: Add gnunet-service. - -Signed-off-by: Nils Gillmann ---- - doc/guix.texi | 36 ++++++++++ - gnu/services/networking.scm | 134 +++++++++++++++++++++++++++++++++++- - 2 files changed, 169 insertions(+), 1 deletion(-) - -diff --git a/doc/guix.texi b/doc/guix.texi -index 00bf24d3f..73589c88b 100644 ---- a/doc/guix.texi -+++ b/doc/guix.texi -@@ -10138,6 +10138,42 @@ Package object of the Open vSwitch. - @end table - @end deftp - -+@cindex GNUnet -+@cindex gnunet -+@subsubheading GNUnet Service -+ -+@deffn {Scheme Variable} gnunet-service-type -+This is the type of the @uref{https://gnunet.org, GNUnet} -+service, whose value should be an @code{gnunet-configuration} object -+as in this example: -+ -+@example -+(service gnunet-service-type -+ (gnunet-configuration -+ (config-file (local-file "./gnunet.conf")))) -+@end example -+@end deffn -+ -+@deftp {Data Type} gnunet-configuration -+Data type representing the configuration of GNUnet. -+ -+@table @asis -+@item @code{package} (default: @var{gnunet}) -+Package object of the GNUnet service. -+ -+@item @code{config-file} (default: @var{%default-gnunet-file}) -+File-like object of the GNUnet configuration file to use. For NAT is -+assumes by default that you are behind a NAT (@var{BEHIND_NAT = YES}) -+and enables UPNP (@var{ENABLE_UPNP = YES}). -+The hostlist is configured with the options @var{-b} (bootstrap using -+configured hostlist servers) and @var{-e} (enable learning advertised hostlists). -+Read the configuration files in @var{"~/.guix-profile/share/gnunet/config.d/"} -+for more information. These files also set the defaults when you don't set -+any explicit values to override them. -+ -+@end table -+@end deftp -+ - @node X Window - @subsubsection X Window - -diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm -index 99a3d493c..fe682b267 100644 ---- a/gnu/services/networking.scm -+++ b/gnu/services/networking.scm -@@ -5,6 +5,7 @@ - ;;; Copyright © 2016 John Darrington - ;;; Copyright © 2017 Clément Lassieur - ;;; Copyright © 2017 Thomas Danckaert -+;;; Copyright © 2017 ng0 - ;;; - ;;; This file is part of GNU Guix. - ;;; -@@ -29,6 +30,7 @@ - #:use-module (gnu system pam) - #:use-module (gnu packages admin) - #:use-module (gnu packages connman) -+ #:use-module (gnu packages gnunet) - #:use-module (gnu packages linux) - #:use-module (gnu packages tor) - #:use-module (gnu packages messaging) -@@ -92,7 +94,12 @@ - wpa-supplicant-service-type - - openvswitch-service-type -- openvswitch-configuration)) -+ openvswitch-configuration -+ -+ gnunet-configuration -+ gnunet-configuration? -+ gnunet-service-type -+ %default-gnunet-config-file)) - - ;;; Commentary: - ;;; -@@ -1069,4 +1076,129 @@ dns=" dns " - (service-extension shepherd-root-service-type - openvswitch-shepherd-service))))) - -+;;; -+;;; GNUnet -+;;; -+ -+;; steps: -+;; 0. The service works!!! -+;; 1. We want a completely adjustable config. -+;; 2. We want to extend this service with functions like -+;; vpn, comparable to tor-service -+;; Because of (1) we can't have a default. We can have -+;; default values which can be adjusted. A config is -+;; generated from these. -+ -+(define-record-type* -+ gnunet-configuration make-gnunet-configuration -+ gnunet-configuration? -+ (gnunet gnunet-configuration-package -+ (default gnunet)) -+ (config-file gnunet-configuration-config-file -+ (default (plain-file "empty" "")))) -+ -+(define %default-gnunet-config-file -+ (plain-file "gnunet.conf" " -+[PATHS] -+SERVICEHOME = /var/lib/gnunet -+GNUNET_CONFIG_HOME = /var/lib/gnunet -+ -+[arm] -+SYSTEM_ONLY = NO -+USER_ONLY = NO -+ -+[nat] -+BEHIND_NAT = YES -+ENABLE_UPNP = YES -+ -+[hostlist] -+OPTIONS = -b -e -+")) -+ -+(define gnunet-shepherd-service -+ (match-lambda -+ (($ package config-file) -+ (list (shepherd-service -+ (provision '(gnunet)) -+ (requirement '(user-processes loopback networking)) -+ (documentation "Run the GNUnet service.") -+ (start -+ (let ((gnunet -+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) -+ #~(make-forkexec-constructor -+ (list #$gnunet "-c" #$config-file "-d") -+ #:pid-file "/var/run/gnunet/arm-service.pid" -+ #:user "gnunet" -+ #:group "gnunet" -+ ;;#:log-file "/var/lib/gnunet/gnunet.log"))) -+ #:log-file "/var/log/gnunet.log"))) -+ (stop #~(make-kill-destructor))))))) -+ -+(define %gnunet-accounts -+ (list (user-group (name "gnunetdns") (system? #t)) -+ (user-group (name "gnunet") (system? #t)) -+ (user-account -+ (name "gnunet") -+ (group "gnunet") -+ (system? #t) -+ (comment "GNUnet system user") -+ (home-directory "/var/empty") -+ (shell (file-append shadow "/sbin/nologin"))))) -+ -+;; ${GNUNET_HOME}/.local/share/gnunet/gnunet.conf -> chmod 600 -+;; mkdir -p ${GNUNET_HOME}/.cache/gnunet -+ -+(define gnunet-activation -+ (match-lambda -+ (($ package config-file) -+ (let ((gnunet -+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) -+ #~(begin -+ (use-modules (guix build utils)) -+ (define %user (getpw "gnunet")) -+ (mkdir-p "/var/lib/gnunet/") -+ (chown "/var/lib/gnunet" (passwd:uid %user) (passwd:gid %user)) -+ ;;(chmod "/var/lib/gnunet/" #o755) -+ (mkdir-p "/var/lib/gnunet/.local/share/gnunet") -+ (mkdir-p "/var/lib/gnunet/.cache/gnunet") -+ (mkdir-p "/var/lib/gnunet/hostlist") -+ (mkdir-p "/var/lib/gnunet/.config/gnunet") -+ (chown "/var/lib/gnunet/.local/share/gnunet" (passwd:uid %user) (passwd:gid %user)) -+ (chown "/var/lib/gnunet/.cache/gnunet" (passwd:uid %user) (passwd:gid %user)) -+ (chown "/var/lib/gnunet/hostlist" (passwd:uid %user) (passwd:gid %user)) -+ ;;(chown "/var/lib/gnunet/gnunet.conf" (passwd:uid %user) (passwd:gid %user)) -+ (chown "/var/lib/gnunet/.config/gnunet" (passwd:uid %user) (passwd:gid %user))))))) -+ ;;(chmod "/var/lib/gnunet/.config/gnunet" #o755) -+ ;;(chmod "/var/lib/gnunet/.cache/gnunet" #o755) -+ ;;(chmod "/var/lib/gnunet/.local/share/gnunet" #o755)))))) -+ -+;; SUID_ROOT_HELPERS="exit nat-server nat-client transport-bluetooth transport-wlan vpn" -+;; set chmod u+s for those above. -+;; chmodown_execbin ${libexec}/gnunet-helper-dns 4750 root:gnunetdns -+;; chmodown_execbin ${libexec}/gnunet-service-dns 2750 gnunet:gnunetdns -+(define gnunet-setuid-programs -+ (match-lambda -+ (($ package) -+ (list (file-append package "/lib/gnunet/libexec/gnunet-helper-exit") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-nat-server") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-nat-client") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-transport-bluetooth") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-transport-wlan") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-vpn"))))) -+ -+(define gnunet-service-type -+ (service-type -+ (name 'gnunet) -+ (extensions (list (service-extension account-service-type -+ (const %gnunet-accounts)) -+ (service-extension activation-service-type -+ gnunet-activation) -+ (service-extension profile-service-type -+ (compose list gnunet-configuration-package)) -+ (service-extension setuid-program-service-type -+ gnunet-setuid-programs) -+ (service-extension shepherd-root-service-type -+ gnunet-shepherd-service))))) -+;;; --- here starts the rewrite. -+ - ;;; networking.scm ends here --- -2.17.0 - diff --git a/contrib/services/shepherd/ng0_wip/001-gnu-services-Add-gnunet-service.patch b/contrib/services/shepherd/ng0_wip/001-gnu-services-Add-gnunet-service.patch deleted file mode 100644 index 0017ec8cf..000000000 --- a/contrib/services/shepherd/ng0_wip/001-gnu-services-Add-gnunet-service.patch +++ /dev/null @@ -1,204 +0,0 @@ -From 91241bacb6533745535ff28d20f087ecd571e7be Mon Sep 17 00:00:00 2001 -From: ng0 -Date: Mon, 12 Sep 2016 12:26:52 +0000 -Subject: [PATCH] gnu: services: Add gnunet-service. - ---- - doc/guix.texi | 36 ++++++++++++++ - gnu/services/networking.scm | 114 +++++++++++++++++++++++++++++++++++++++++++- - 2 files changed, 149 insertions(+), 1 deletion(-) - -diff --git a/doc/guix.texi b/doc/guix.texi -index 99bde4aca..6c683393e 100644 ---- a/doc/guix.texi -+++ b/doc/guix.texi -@@ -8903,6 +8903,42 @@ Boolean values @var{ipv4?} and @var{ipv6?} determine whether to use IPv4/IPv6 - sockets. - @end deffn - -+@cindex GNUnet -+@cindex gnunet -+@subsubheading GNUnet Service -+ -+@deffn {Scheme Variable} gnunet-service-type -+This is the type of the @uref{https://gnunet.org, GNUnet} -+service, whose value should be an @code{gnunet-configuration} object -+as in this example: -+ -+@example -+(service gnunet-service-type -+ (gnunet-configuration -+ (config-file (local-file "./gnunet.conf")))) -+@end example -+@end deffn -+ -+@deftp {Data Type} gnunet-configuration -+Data type representing the configuration of GNUnet. -+ -+@table @asis -+@item @code{package} (default: @var{gnunet}) -+Package object of the GNUnet service. -+ -+@item @code{config-file} (default: @var{%default-gnunet-file}) -+File-like object of the GNUnet configuration file to use. For NAT is -+assumes by default that you are behind a NAT (@var{BEHIND_NAT = YES}) -+and enables UPNP (@var{ENABLE_UPNP = YES}). -+The hostlist is configured with the options @var{-b} (bootstrap using -+configured hostlist servers) and @var{-e} (enable learning advertised hostlists). -+Read the configuration files in @var{"~/.guix-profile/share/gnunet/config.d/"} -+for more information. These files also set the defaults when you don't set -+any explicit values to override them. -+ -+@end table -+@end deftp -+ - - @node X Window - @subsubsection X Window -diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm -index d672ecf68..ff3615ea2 100644 ---- a/gnu/services/networking.scm -+++ b/gnu/services/networking.scm -@@ -3,6 +3,7 @@ - ;;; Copyright © 2015 Mark H Weaver - ;;; Copyright © 2016 Efraim Flashner - ;;; Copyright © 2016 John Darrington -+;;; Copyright © 2016 ng0 - ;;; - ;;; This file is part of GNU Guix. - ;;; -@@ -27,6 +28,7 @@ - #:use-module (gnu system pam) - #:use-module (gnu packages admin) - #:use-module (gnu packages connman) -+ #:use-module (gnu packages gnunet) - #:use-module (gnu packages linux) - #:use-module (gnu packages tor) - #:use-module (gnu packages messaging) -@@ -66,7 +68,12 @@ - wicd-service - network-manager-service - connman-service -- wpa-supplicant-service-type)) -+ wpa-supplicant-service-type -+ -+ gnunet-configuration -+ gnunet-configuration? -+ gnunet-service-type -+ %default-gnunet-config-file)) - - ;;; Commentary: - ;;; -@@ -781,4 +788,109 @@ configure networking." - (service-extension dbus-root-service-type list) - (service-extension profile-service-type list))))) - -+ -+;;; GNUnet -+;;; -+;;; -+ -+(define-record-type* -+ gnunet-configuration make-gnunet-configuration -+ gnunet-configuration? -+ (package gnunet-configuration-package -+ (default gnunet)) -+ (config-file gnunet-configuration-config-file -+ (default %default-gnunet-config-file))) -+ -+(define %default-gnunet-config-file -+ (plain-file "gnunet.conf" " -+[PATHS] -+SERVICEHOME = /var/lib/gnunet -+GNUNET_CONFIG_HOME = /var/lib/gnunet -+ -+[arm] -+SYSTEM_ONLY = YES -+USER_ONLY = NO -+ -+[nat] -+BEHIND_NAT = YES -+ENABLE_UPNP = YES -+ -+[hostlist] -+OPTIONS = -b -e -+")) -+ -+(define gnunet-shepherd-service -+ (match-lambda -+ (($ package config-file) -+ (list (shepherd-service -+ (provision '(gnunet)) -+ (requirement '(user-processes loopback)) -+ (documentation "Run the GNUnet service.") -+ (start -+ (let ((gnunet -+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) -+ #~(make-forkexec-constructor -+ (list #$gnunet "-c" #$config-file) -+ #:pid-file "/var/run/gnunet.pid"))) -+ (stop -+ #~(make-kill-destructor -+ (list #$gnunet "-e")))))))) -+ -+(define %gnunet-accounts -+ (list (user-group -+ (name "gnunetdns") -+ (system? #t)) -+ (user-group -+ (name "gnunet") -+ (system? #t)) -+ (user-account -+ (name "gnunet") -+ (group "gnunet") -+ (system? #t) -+ (comment "GNUnet system user") -+ (home-directory "/var/empty") -+ (shell #~(string-append #$shadow "/sbin/nologin"))))) -+ -+(define gnunet-activation -+ (match-lambda -+ (($ package config-file) -+ (let ((gnunet -+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) -+ #~(begin -+ (use-modules (guix build utils)) -+ (define %user (getpw "gnunet")) -+ (mkdir-p "/var/lib/gnunet/") -+ (chown "/var/lib/gnunet" (passwd:uid %user) (passwd:gid %user)) -+ (chmod "/var/lib/gnunet/" #o600) -+ (mkdir-p "/var/lib/gnunet/.local/share/gnunet") -+ (mkdir-p "/var/lib/gnunet/.cache/gnunet") -+ (mkdir-p "/var/lib/gnunet/.config/gnunet") -+ (chmod "/var/lib/gnunet/.config/gnunet" #o600) -+ (chmod "/var/lib/gnunet/.cache/gnunet" #o600) -+ (chmod "/var/lib/gnunet/.local/share/gnunet" #o600)))))) -+ -+(define gnunet-setuid-programs -+ (match-lambda -+ (($ package) -+ (list (file-append package "/lib/gnunet/libexec/gnunet-helper-exit") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-nat-server") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-nat-client") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-transport-bluetooth") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-transport-wlan") -+ (file-append package "/lib/gnunet/libexec/gnunet-helper-vpn"))))) -+ -+(define gnunet-service-type -+ (service-type -+ (name 'gnunet) -+ (extensions (list (service-extension account-service-type -+ (const %gnunet-accounts)) -+ (service-extension activation-service-type -+ gnunet-activation) -+ (service-extension profile-service-type -+ (compose list gnunet-configuration-package)) -+ (service-extension setuid-program-service-type -+ gnunet-setuid-programs) -+ (service-extension shepherd-root-service-type -+ gnunet-shepherd-service))))) -+ - ;;; networking.scm ends here --- -2.11.0 - diff --git a/contrib/services/shepherd/ng0_wip/README b/contrib/services/shepherd/ng0_wip/README deleted file mode 100644 index c36c10959..000000000 --- a/contrib/services/shepherd/ng0_wip/README +++ /dev/null @@ -1,11 +0,0 @@ -short notes: - -* you are not expected to be able to run this as-is. -* you must keep it GPL3 licensed and NOT license it to GNUnet e.V., - for changes add your line to the header. -* does not apply to a guix checkout, you have to search and replace - the imported modules. in my development of plant, infotropique - services is equivalent to gnu services (same for packages) and plant - XYZ is guix XYZ. -* Understanding is optional. -* Patches come as context reading material. \ No newline at end of file diff --git a/contrib/services/shepherd/ng0_wip/gnunet.scm b/contrib/services/shepherd/ng0_wip/gnunet.scm deleted file mode 100644 index 80b807e74..000000000 --- a/contrib/services/shepherd/ng0_wip/gnunet.scm +++ /dev/null @@ -1,173 +0,0 @@ -;;; plant --- -;;; Copyright (C) 2016, 2017, 2018 Nils Gillmann -;;; -;;; This file is part of plant. -;;; -;;; plant is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; plant is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of thye GNU General Public License -;;; along with plant. If not, see . - -(define-module (infotropique services networking) - #:use-module (infotropique services) - #:use-module (infotropique services shepherd) - #:use-module (infotropique services dbus) - #:use-module (infotropique system shadow) - #:use-module (infotropique system pam) - #:use-module (infotropique packages admin) - #:use-module (infotropique packages connman) - #:use-module (infotropique packages linux) - #:use-module (infotropique packages tor) - #:use-module (infotropique packages messaging) - #:use-module (infotropique packages networking) - #:use-module (infotropique packages ntp) - #:use-module (infotropique packages wicd) - #:use-module (infotropique packages gnome) - #:use-module (infotropique packages gnunet) - #:use-module (plant gexp) - #:use-module (plant records) - #:use-module (plant modules) - #:use-module (srfi srfi-1) - #:use-module (srfi srfi-9) - #:use-module (srfi srfi-26) - #:use-module (ice-9 match) - #:export (gnunet-configuration - gnunet-configuration? - gnunet-service - gnunet-service-type)) - -;;; -;;; Commentary: -;;; gnunet (GNUnet) related services, mainly gnunet itself. -;;; - -;; GENTOO OpenRC: -DONE: depends on "net". -DONE: PIDFILE=/run/gnunet/arm-service.pid -SUID_ROOT_HELPERS=exit, nat-server, nat-client, transport-bluetooth, transport-wlan, vpn - -/var/lib/gnunet/.local/share/gnunet/gnunet.conf must be chmod 600 and chown gnunet:gnunet -/var/lib/gnunet/.cache/gnunet must exist. -/usr/lib/gnunet/libexec/gnunet-helper-SUID_ROOT_HELPERS must be s+u (--> suid) - -/usr/lib/gnunet/libexec/gnunet-helper-dns must be: chown root:gnunetdns and chmod 4750 -/usr/lib/gnunet/libexec/gnunet-service-dns must be: chown gnunet:gnunetdns and chmod 2750 - -directory with PID file must then be chowned by gnunet:gnunet - -user gnunet startet dann /usr/lib/gnunet/libexec/gnunet-service-arm -d - -stop process hat: -start-stop-daemon --stop --signal QUIT --pidfile ${PIDFILE} -sleep 1 -killall -u gnunet -sleep 1 -rm -rf /tmp/gnunet-gnunet-runtime >/dev/null 2>&1 -rm -rf /tmp/gnunet-system-runtime >/dev/null 2>&1 - -/etc/nsswitch.conf kriegt den eintrag: -hosts: files gns [NOTFOUND=return] dns - -und die dateien die in der source rumliegen bzgl nss müssen noch kopiert werden -UND nss muss sie finden. - - - -(define-record-type* - gnunet-configuration make-gnunet-configuration - gnunet-configuration? - (package gnunet-configuration-package - (default gnunet)) - (config-file gnunet-configuration-config-file - (default %default-gnunet-config-file))) - -;; TODO: [PATHS] DEFAULTCONFIG = ? -(define %default-gnunet-config-file - (plain-file "gnunet.conf" " -[PATHS] -SERVICEHOME = /var/lib/gnunet -GNUNET_CONFIG_HOME = /var/lib/gnunet - -[arm] -SYSTEM_ONLY = YES -USER_ONLY = NO - -[nat] -BEHIND_NAT = YES -ENABLE_UPNP = NO -USE_LOCALADDR = NO -DISABLEV6 = YES - -[hostlist] -OPTIONS = -b -e -")) - -(define gnunet-shepherd-service - (match-lambda - (($ package config-file) - (list (shepherd-service - (provision '(gnunet)) - ;; do we require networking? arm will try to reconnect until a connection - ;; exists (again), but we might also set up vpn and not succeed at service - ;; boot time as well as the general certificate issue we have especially on - ;; Guix-on-GuixSD systems. - (requirement '(loopback)) - (documentation "Run the GNUnet service.") - (start - (let ((gnunet - (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) - #~(make-forkexec-constructor - (list #$gnunet "-c" #$config-file) - #:log-file "/var/log/gnunet.log" - #:pid-file "/var/run/gnunet/arm-service.pid"))) - (stop - #~(make-kill-destructor))))))) - -(define %gnunet-accounts - (list (user-group - (name "gnunetdns") - (system? #t)) - (user-group - (name "gnunet") - (system? #t)) - (user-account - (name "gnunet") - (group "gnunet") - (system? #t) - (comment "GNUnet system user") - (home-directory "/var/lib/gnunet") - (shell #~(string-append #$shadow "/sbin/nologin"))))) - -;; TODO: setuids. -;; TODO: certificate issues -- gnunet should honor CURL_CA_BUNDLE! -(define gnunet-activation - (match-lambda - (($ package config-file) - (let ((gnunet - (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) - #~(begin - ;; Create the .config + .cache for gnunet user - (mkdir-p "/var/lib/gnunet/.config/gnunet") - (mkdir-p "/var/lib/gnunet/.cache/gnunet")))))) - -(define gnunet-service-type - (service-type - (name 'gnunet) - (extensions (list (service-extension account-service-type - (const %gnunet-accounts)) - (service-extension activation-service-type - gnunet-activation) - (service-extension profile-service-type - (compose list gnunet-configuration-package)) - (service-extension shepherd-root-service-type - gnunet-shepherd-service))))) - -;;; gnunet.scm ends here diff --git a/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm b/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm deleted file mode 100644 index d75d14598..000000000 --- a/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm +++ /dev/null @@ -1,62 +0,0 @@ -(use-modules (gnu)) -(use-service-modules -;; admin - base - mcron - networking - ssh) - -(use-package-modules - admin - ssh - version-control - gnunet) - -(define %user (getenv "USER")) - -(define os - (operating-system - (host-name "os") - (timezone "Europe/Amsterdam") - (locale "en_US.UTF-8") - - (bootloader - (grub-configuration - (device "/dev/sda"))) - - (file-systems - (cons* (file-system (mount-point "/") - (device "/dev/sda1") - (type "ext4")) - %base-file-systems)) - - (groups - (cons* (user-group (name %user)) - %base-groups)) - - (users - (cons* (user-account (name %user) - (group %user) - (password (crypt "" "xx")) - (uid 1000) - (supplementary-groups '("wheel" "gnunet")) - (home-directory (string-append "/home/" %user))) - %base-user-accounts)) - - (packages - (cons* - git - openssh - gnunet - %base-packages)) - - (services - (cons* - (dhcp-client-service) - (lsh-service #:port-number 2222 - #:allow-empty-passwords? #t - #:root-login? #t) - (gnunet-service) - %base-services - )))) -os -- cgit v1.2.3 From 06ee3c33943d100fa547624104221c282ab6f827 Mon Sep 17 00:00:00 2001 From: lurchi Date: Fri, 29 Jun 2018 14:21:33 +0200 Subject: fix warning about callback signature --- src/cadet/gnunet-cadet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cadet/gnunet-cadet.c b/src/cadet/gnunet-cadet.c index d629df9b2..13b04b885 100644 --- a/src/cadet/gnunet-cadet.c +++ b/src/cadet/gnunet-cadet.c @@ -231,7 +231,7 @@ shutdown_task (void *cls) } } -void * +void mq_cb(void *cls) { listen_stdio (); -- cgit v1.2.3 From a5a879c7462f9f1628d2372907a645d9dcaaccf1 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 29 Jun 2018 16:10:25 +0200 Subject: update gitignore --- src/util/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/src/util/.gitignore b/src/util/.gitignore index 23139a1ab..8e7093568 100644 --- a/src/util/.gitignore +++ b/src/util/.gitignore @@ -69,3 +69,4 @@ perf_crypto_hash perf_crypto_symmetric perf_crypto_rsa perf_crypto_ecc_dlog +test_hexcoder test_regex test_tun -- cgit v1.2.3 From 23567e541296989792ac5db3d8820401d63b50c4 Mon Sep 17 00:00:00 2001 From: xrs Date: Sat, 30 Jun 2018 07:28:36 +0200 Subject: cadet/cadet.conf.in: change UNIX_MATCH_UID to give gnunet-cadet socket access --- src/cadet/cadet.conf.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cadet/cadet.conf.in b/src/cadet/cadet.conf.in index 2f4c6a6db..d1ddcb96f 100644 --- a/src/cadet/cadet.conf.in +++ b/src/cadet/cadet.conf.in @@ -8,7 +8,7 @@ BINARY = gnunet-service-cadet ACCEPT_FROM = 127.0.0.1; ACCEPT_FROM6 = ::1; UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-cadet.sock -UNIX_MATCH_UID = YES +UNIX_MATCH_UID = NO UNIX_MATCH_GID = YES -- cgit v1.2.3 From bc458ee7949e01e0b5a1f7f15773c02be94cb8fa Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 30 Jun 2018 11:57:07 +0200 Subject: simplify memory allocation in plugin_namestore_flat, use cleaner signatures for base64 encoding/decoding functions --- src/gnsrecord/plugin_gnsrecord_dns.c | 4 +-- src/include/gnunet_strings_lib.h | 8 +++-- src/namestore/plugin_namestore_flat.c | 65 ++++++++++++++++++++--------------- src/util/strings.c | 39 +++++++++++---------- 4 files changed, 64 insertions(+), 52 deletions(-) diff --git a/src/gnsrecord/plugin_gnsrecord_dns.c b/src/gnsrecord/plugin_gnsrecord_dns.c index 188afcae7..254ae15ea 100644 --- a/src/gnsrecord/plugin_gnsrecord_dns.c +++ b/src/gnsrecord/plugin_gnsrecord_dns.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -463,7 +463,7 @@ dns_string_to_value (void *cls, } cert_size = GNUNET_STRINGS_base64_decode (certp, strlen (certp), - &cert_data); + (void **) &cert_data); GNUNET_free (sdup); cert.cert_type = type; cert.cert_tag = key; diff --git a/src/include/gnunet_strings_lib.h b/src/include/gnunet_strings_lib.h index 1fdab93b2..c1d76ef71 100644 --- a/src/include/gnunet_strings_lib.h +++ b/src/include/gnunet_strings_lib.h @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -339,7 +339,9 @@ GNUNET_STRINGS_string_to_data (const char *enc, * @return the size of the output */ size_t -GNUNET_STRINGS_base64_encode (const char *data, size_t len, char **output); +GNUNET_STRINGS_base64_encode (const void *in, + size_t len, + char **output); /** @@ -354,7 +356,7 @@ GNUNET_STRINGS_base64_encode (const char *data, size_t len, char **output); size_t GNUNET_STRINGS_base64_decode (const char *data, size_t len, - char **output); + void **output); /** diff --git a/src/namestore/plugin_namestore_flat.c b/src/namestore/plugin_namestore_flat.c index 33c48b244..e16fe91b7 100644 --- a/src/namestore/plugin_namestore_flat.c +++ b/src/namestore/plugin_namestore_flat.c @@ -55,7 +55,7 @@ struct FlatFileEntry /** * Entry zone */ - struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key; + struct GNUNET_CRYPTO_EcdsaPrivateKey private_key; /** * Record cound @@ -93,7 +93,6 @@ static int database_setup (struct Plugin *plugin) { char *afsdir; - char *key; char *record_data; char *zone_private_key; char *record_data_b64; @@ -104,7 +103,6 @@ database_setup (struct Plugin *plugin) char *record_count; size_t record_data_size; uint64_t size; - size_t key_len; struct GNUNET_HashCode hkey; struct GNUNET_DISK_FileHandle *fh; struct FlatFileEntry *entry; @@ -232,7 +230,7 @@ database_setup (struct Plugin *plugin) record_data_size = GNUNET_STRINGS_base64_decode (record_data_b64, strlen (record_data_b64), - &record_data); + (void **) &record_data); entry->record_data = GNUNET_new_array (entry->record_count, struct GNUNET_GNSRECORD_Data); @@ -251,21 +249,34 @@ database_setup (struct Plugin *plugin) break; } GNUNET_free (record_data); - GNUNET_STRINGS_base64_decode (zone_private_key, - strlen (zone_private_key), - (char**)&entry->private_key); - key_len = strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey); - key = GNUNET_malloc (strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)); - GNUNET_memcpy (key, - label, - strlen (label)); - GNUNET_memcpy (key+strlen(label), - entry->private_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)); - GNUNET_CRYPTO_hash (key, - key_len, - &hkey); - GNUNET_free (key); + + { + struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key; + + GNUNET_STRINGS_base64_decode (zone_private_key, + strlen (zone_private_key), + (void**)&private_key); + entry->private_key = *private_key; + GNUNET_free (private_key); + } + + { + char *key; + size_t key_len; + + key_len = strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey); + key = GNUNET_malloc (strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)); + GNUNET_memcpy (key, + label, + strlen (label)); + GNUNET_memcpy (key+strlen(label), + &entry->private_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)); + GNUNET_CRYPTO_hash (key, + key_len, + &hkey); + GNUNET_free (key); + } if (GNUNET_OK != GNUNET_CONTAINER_multihashmap_put (plugin->hm, &hkey, @@ -302,7 +313,7 @@ store_and_free_entries (void *cls, ssize_t data_size; (void) key; - GNUNET_STRINGS_base64_encode ((char*)entry->private_key, + GNUNET_STRINGS_base64_encode (&entry->private_key, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), &zone_private_key); data_size = GNUNET_GNSRECORD_records_get_size (entry->record_count, @@ -353,7 +364,6 @@ store_and_free_entries (void *cls, strlen (line)); GNUNET_free (line); - GNUNET_free (entry->private_key); GNUNET_free (entry->label); GNUNET_free (entry->record_data); GNUNET_free (entry); @@ -441,11 +451,10 @@ namestore_flat_store_records (void *cls, return GNUNET_OK; } entry = GNUNET_new (struct FlatFileEntry); - entry->private_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPrivateKey); GNUNET_asprintf (&entry->label, label, strlen (label)); - GNUNET_memcpy (entry->private_key, + GNUNET_memcpy (&entry->private_key, zone_key, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)); entry->rvalue = rvalue; @@ -519,7 +528,7 @@ namestore_flat_lookup_records (void *cls, if (NULL != iter) iter (iter_cls, 0, - entry->private_key, + &entry->private_key, entry->label, entry->record_count, entry->record_data); @@ -586,7 +595,7 @@ iterate_zones (void *cls, if (0 == ic->limit) return GNUNET_NO; if ( (NULL != ic->zone) && - (0 != memcmp (entry->private_key, + (0 != memcmp (&entry->private_key, ic->zone, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey))) ) return GNUNET_YES; @@ -598,7 +607,7 @@ iterate_zones (void *cls, } ic->iter (ic->iter_cls, ic->pos, - entry->private_key, + &entry->private_key, entry->label, entry->record_count, entry->record_data); @@ -668,7 +677,7 @@ zone_to_name (void *cls, struct FlatFileEntry *entry = value; (void) key; - if (0 != memcmp (entry->private_key, + if (0 != memcmp (&entry->private_key, ztn->zone, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey))) return GNUNET_YES; @@ -683,7 +692,7 @@ zone_to_name (void *cls, { ztn->iter (ztn->iter_cls, 0, - entry->private_key, + &entry->private_key, entry->label, entry->record_count, entry->record_data); diff --git a/src/util/strings.c b/src/util/strings.c index 5ed195933..ea3c8cfb9 100644 --- a/src/util/strings.c +++ b/src/util/strings.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -1947,27 +1947,27 @@ static char *cvt = /** * Encode into Base64. * - * @param data the data to encode + * @param in the data to encode * @param len the length of the input * @param output where to write the output (*output should be NULL, * is allocated) * @return the size of the output */ size_t -GNUNET_STRINGS_base64_encode (const char *data, +GNUNET_STRINGS_base64_encode (const void *in, size_t len, char **output) { - size_t i; - char c; + const char *data = in; size_t ret; char *opt; ret = 0; opt = GNUNET_malloc (2 + (len * 4 / 3) + 8); - *output = opt; - for (i = 0; i < len; ++i) + for (size_t i = 0; i < len; ++i) { + char c; + c = (data[i] >> 2) & 0x3f; opt[ret++] = cvt[(int) c]; c = (data[i] << 4) & 0x3f; @@ -1997,6 +1997,7 @@ GNUNET_STRINGS_base64_encode (const char *data, } } opt[ret++] = FILLCHAR; + *output = opt; return ret; } @@ -2018,11 +2019,10 @@ GNUNET_STRINGS_base64_encode (const char *data, */ size_t GNUNET_STRINGS_base64_decode (const char *data, - size_t len, char **output) + size_t len, + void **out) { - size_t i; - char c; - char c1; + char *output; size_t ret = 0; #define CHECK_CRLF while (data[i] == '\r' || data[i] == '\n') {\ @@ -2031,12 +2031,15 @@ GNUNET_STRINGS_base64_decode (const char *data, if (i >= len) goto END; \ } - *output = GNUNET_malloc ((len * 3 / 4) + 8); + output = GNUNET_malloc ((len * 3 / 4) + 8); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "base64_decode decoding len=%d\n", (int) len); - for (i = 0; i < len; ++i) + for (size_t i = 0; i < len; ++i) { + char c; + char c1; + CHECK_CRLF; if (FILLCHAR == data[i]) break; @@ -2045,7 +2048,7 @@ GNUNET_STRINGS_base64_decode (const char *data, CHECK_CRLF; c1 = (char) cvtfind (data[i]); c = (c << 2) | ((c1 >> 4) & 0x3); - (*output)[ret++] = c; + output[ret++] = c; if (++i < len) { CHECK_CRLF; @@ -2054,7 +2057,7 @@ GNUNET_STRINGS_base64_decode (const char *data, break; c = (char) cvtfind (c); c1 = ((c1 << 4) & 0xf0) | ((c >> 2) & 0xf); - (*output)[ret++] = c1; + output[ret++] = c1; } if (++i < len) { @@ -2065,15 +2068,13 @@ GNUNET_STRINGS_base64_decode (const char *data, c1 = (char) cvtfind (c1); c = ((c << 6) & 0xc0) | c1; - (*output)[ret++] = c; + output[ret++] = c; } } END: + *out = output; return ret; } - - - /* end of strings.c */ -- cgit v1.2.3 From dd68d665e140970c7d9dfd899fbdd4fefacb54a7 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 30 Jun 2018 12:01:27 +0200 Subject: fix memory leak --- src/namestore/gnunet-zoneimport.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/namestore/gnunet-zoneimport.c b/src/namestore/gnunet-zoneimport.c index 6c89cdb05..ddc8b483a 100644 --- a/src/namestore/gnunet-zoneimport.c +++ b/src/namestore/gnunet-zoneimport.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -456,6 +456,7 @@ build_dns_query (struct Request *req, char *rawp; struct GNUNET_DNSPARSER_Packet p; struct GNUNET_DNSPARSER_Query q; + int ret; q.name = (char *) req->hostname; q.type = GNUNET_DNSPARSER_TYPE_NS; @@ -467,12 +468,14 @@ build_dns_query (struct Request *req, p.num_queries = 1; p.queries = &q; p.id = req->id; - if (GNUNET_OK != - GNUNET_DNSPARSER_pack (&p, - UINT16_MAX, - &rawp, - raw_size)) + ret = GNUNET_DNSPARSER_pack (&p, + UINT16_MAX, + &rawp, + raw_size); + if (GNUNET_OK != ret) { + if (GNUNET_NO == ret) + GNUNET_free (rawp); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to pack query for hostname `%s'\n", req->hostname); -- cgit v1.2.3 From f47bd9b4f08d9995d62697782cecc4967b1422d0 Mon Sep 17 00:00:00 2001 From: xrs Date: Sat, 30 Jun 2018 19:22:10 +0200 Subject: fix --enable-documentation option --- Makefile.am | 7 +++++-- configure.ac | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index 45a693ac9..ad32cf920 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3,8 +3,11 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/include if DOCUMENTATION_ONLY SUBDIRS = doc -else - SUBDIRS = doc m4 src po pkgconfig +else + SUBDIRS = m4 src po pkgconfig +if DOCUMENTATION + SUBDIRS += doc +endif endif if !TALER_ONLY diff --git a/configure.ac b/configure.ac index 5d308c658..ee2f1f49f 100644 --- a/configure.ac +++ b/configure.ac @@ -679,7 +679,7 @@ AC_MSG_CHECKING(whether to build documentation) AC_ARG_ENABLE([documentation], [AS_HELP_STRING([--enable-documentation], [build the documentation])], [documentation=${enableval}], - [documentation=yes]) + [documentation=no]) AC_MSG_RESULT($documentation) if test "x$documentation" = "xyes" then -- cgit v1.2.3 From de088421e347875c7688a5b8a4bdcafb0e50515a Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Sun, 1 Jul 2018 09:18:14 +0000 Subject: wrap lines Signed-off-by: Nils Gillmann --- doc/documentation/chapters/installation.texi | 97 ++++++++++++++++++++-------- 1 file changed, 69 insertions(+), 28 deletions(-) diff --git a/doc/documentation/chapters/installation.texi b/doc/documentation/chapters/installation.texi index f5e38fd3d..23de13184 100644 --- a/doc/documentation/chapters/installation.texi +++ b/doc/documentation/chapters/installation.texi @@ -1,11 +1,17 @@ @node Installing GNUnet @chapter Installing GNUnet -This guide is intended for those who want to install Gnunet from source. For instructions on how to install GNUnet as a binary package please refer to the official documentation of your operating system or package manager. +This guide is intended for those who want to install Gnunet from +source. For instructions on how to install GNUnet as a binary package +please refer to the official documentation of your operating system or +package manager. @node Getting the Source Code @section Installing dependencies -GNUnet needs few libraries and applications for being able to run and another few optional ones for using certain features. Preferably they should be installed with a package manager. Just in case we include a link to the project websites. +GNUnet needs few libraries and applications for being able to run and +another few optional ones for using certain features. Preferably they +should be installed with a package manager. Just in case we include a +link to the project websites. The mandatory libraries and applications are @itemize @bullet @@ -43,30 +49,40 @@ These are the dependencies only required for certain features @item libpulse (for running the GNUnet conversation telephony application) @item libogg (for running the GNUnet conversation telephony application) @item bluez (for bluetooth support) -@item libpbc (for attribute-based encryption and the identity provider subsystem) -@item libgabe (for attribute-based encryption and the identity provider subsystem) +@item libpbc +(for attribute-based encryption and the identity provider subsystem) +@item libgabe +(for attribute-based encryption and the identity provider subsystem) @end itemize @section Getting the Source Code -You can either download the source code using git (you obviously need git installed) or as an archive. +You can either download the source code using git (you obviously need +git installed) or as an archive. Using git type @example git clone https://gnunet.org/git/gnunet.git @end example -The archive can be found at @uref{https://gnunet.org/downloads}. Extract it using a graphical archive tool or @code{tar}: +The archive can be found at +@uref{https://gnunet.org/downloads}. Extract it using a graphical +archive tool or @code{tar}: @example tar xzvf gnunet-0.11.0pre66.tar.gz @end example -In the next chapter we will assume that the source code is available in the home directory at @code{~/gnunet}. +In the next chapter we will assume that the source code is available +in the home directory at @code{~/gnunet}. @section Create @code{gnunet} user and group -The GNUnet services should be run as a dedicated user called @code{gnunet}. For using them a user should be in the same group as this system user. +The GNUnet services should be run as a dedicated user called +@code{gnunet}. For using them a user should be in the same group as +this system user. -Create user @code{gnunet} who is member of the group @code{gnunet} and specify a home directory where the GNUnet services will store persistant data such as information about peers. +Create user @code{gnunet} who is member of the group @code{gnunet} and +specify a home directory where the GNUnet services will store +persistant data such as information about peers. @example $ sudo useradd --system --groups gnunet --home-dir /var/lib/gnunet @end example @@ -77,7 +93,10 @@ $ sudo adduser alice gnunet @end example @section Preparing and Compiling the Source Code -For preparing the source code for compilation a bootstrap script and @code{configure} has to be run from the source code directory. When running @code{configure} the following options can be specified to customize the compilation and installation process: +For preparing the source code for compilation a bootstrap script and +@code{configure} has to be run from the source code directory. When +running @code{configure} the following options can be specified to +customize the compilation and installation process: @itemize @bullet @item @code{--disable-documentation} - don't build the configuration documents @@ -91,27 +110,38 @@ For preparing the source code for compilation a bootstrap script and @code{confi @item @code{--with-sudo=[PATH]} - path to the sudo binary (no need to run @code{make install} as root if specified) @end itemize -The following example configures the installation prefix @code{/usr/lib} and disables building the documentation +The following example configures the installation prefix +@code{/usr/lib} and disables building the documentation @example $ cd ~/gnunet $ ./bootstrap $ configure --prefix=/usr/lib --disable-configuration @end example -After running the bootstrap script and @code{configure} successfully the source code can be compiled with make. Here @code{-j5} specifies that 5 threads should be used. +After running the bootstrap script and @code{configure} successfully +the source code can be compiled with make. Here @code{-j5} specifies +that 5 threads should be used. @example $ make -j5 @end example @section Installation -The compiled binaries can be installed using @code{make install}. It needs to be run as root (or with sudo) because some binaries need the @code{suid} bit set. Without that some GNUnet subsystems (such as VPN) will not work. +The compiled binaries can be installed using @code{make install}. It +needs to be run as root (or with sudo) because some binaries need the +@code{suid} bit set. Without that some GNUnet subsystems (such as VPN) +will not work. @example $ sudo make install @end example -One important library is the GNS plugin for NSS (the name services switch) which allows using GNS (the GNU name system) in the normal DNS resolution process. Unfortunately NSS expects it in a specific location (probably @code{/lib}) which may differ from the installation prefix (see @code{--prefix} option in the previous section). This is why the pugin has to be installed manually. +One important library is the GNS plugin for NSS (the name services +switch) which allows using GNS (the GNU name system) in the normal DNS +resolution process. Unfortunately NSS expects it in a specific +location (probably @code{/lib}) which may differ from the installation +prefix (see @code{--prefix} option in the previous section). This is +why the pugin has to be installed manually. Find the directory where nss plugins are installed on your system, e.g. @@ -129,24 +159,30 @@ Copy the GNS NSS plugin to that directory: cp ~/gnunet/src/gns/nss/libnss_gns.so.2 /lib @end example -Now, to activate the plugin, you need to edit your @code{/etc/nsswitch.conf} where you should find a line like this: +Now, to activate the plugin, you need to edit your +@code{/etc/nsswitch.conf} where you should find a line like this: @example hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 @end example -The exact details may differ a bit, which is fine. Add the text @code{"gns [NOTFOUND=return]"} after @code{"files"}. +The exact details may differ a bit, which is fine. Add the text +@code{"gns [NOTFOUND=return]"} after @code{"files"}. @example hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 @end example -Optionally, if GNS shall be used with a browser, execute the GNS CA-setup script. It will isetup the GNS Certificate Authority with the user's browser. +Optionally, if GNS shall be used with a browser, execute the GNS +CA-setup script. It will isetup the GNS Certificate Authority with the +user's browser. @example $ gnunet-gns-proxy-setup-ca @end example -Finally install a configuration file in @code{~/.gnunet/gnunet.conf}. Below you find an example config which allows you to start GNUnet. +Finally install a configuration file in +@code{~/.gnunet/gnunet.conf}. Below you find an example config which +allows you to start GNUnet. @example [arm] @@ -170,7 +206,8 @@ This section describes a quick, casual way to check if your GNUnet installation works. However, if it does not, we do not cover steps for recovery --- for this, please study the instructions provided in the developer handbook as well as the system-specific -instruction in the source code repository@footnote{The system specific instructions are not provided as part of this handbook!}. +instruction in the source code repository@footnote{The system specific +instructions are not provided as part of this handbook!}. @menu @@ -203,21 +240,25 @@ Currently these interfaces cover: @subsection Statistics @c %**end of header -First, you should launch GNUnet gtk@footnote{Obviously you should also start gnunet, via gnunet-arm or the system provided method}. +First, you should launch GNUnet gtk@footnote{Obviously you should also +start gnunet, via gnunet-arm or the system provided method}. You can do this from the command-line by typing @example gnunet-statistics-gtk @end example -If your peer@footnote{The term ``peer'' is a common word used in federated and distributed networks to describe a participating device which is connected to the network. Thus, your Personal Computer or whatever it is you are looking at the Gtk+ interface describes a ``Peer'' or a ``Node''.} -is running correctly, you should see a bunch of lines, -all of which should be ``significantly'' above zero (at least if your -peer has been running for more than a few seconds). The lines indicate -how many other peers your peer is connected to (via different -mechanisms) and how large the entire overlay network is currently -estimated to be. The X-axis represents time (in seconds since the -start of @command{gnunet-gtk}). +If your peer@footnote{The term ``peer'' is a common word used in +federated and distributed networks to describe a participating device +which is connected to the network. Thus, your Personal Computer or +whatever it is you are looking at the Gtk+ interface describes a +``Peer'' or a ``Node''.} is running correctly, you should see a bunch +of lines, all of which should be ``significantly'' above zero (at +least if your peer has been running for more than a few seconds). The +lines indicate how many other peers your peer is connected to (via +different mechanisms) and how large the entire overlay network is +currently estimated to be. The X-axis represents time (in seconds +since the start of @command{gnunet-gtk}). You can click on "Traffic" to see information about the amount of bandwidth your peer has consumed, and on "Storage" to check the amount -- cgit v1.2.3 From dd0737b3c9ecd13b8a6b48cf84e6952251e4060c Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Sun, 1 Jul 2018 09:26:53 +0000 Subject: Add menu entries for installation, add nodes, fix the build Signed-off-by: Nils Gillmann --- doc/documentation/chapters/installation.texi | 24 +++++++++++++++++++++--- doc/documentation/gnunet.texi | 8 ++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/doc/documentation/chapters/installation.texi b/doc/documentation/chapters/installation.texi index 23de13184..f6dd69216 100644 --- a/doc/documentation/chapters/installation.texi +++ b/doc/documentation/chapters/installation.texi @@ -6,7 +6,19 @@ source. For instructions on how to install GNUnet as a binary package please refer to the official documentation of your operating system or package manager. -@node Getting the Source Code +@menu +* Installing dependencies:: +* Getting the Source Code:: +* Create @code{gnunet} user and group:: +* Preparing and Compiling the Source Code:: +* Installation:: +* MOVED FROM USER Checking the Installation:: +* MOVED FROM USER The graphical configuration interface:: +* MOVED FROM USER Config Leftovers:: +@end menu + +@c ----------------------------------------------------------------------- +@node Installing dependencies @section Installing dependencies GNUnet needs few libraries and applications for being able to run and another few optional ones for using certain features. Preferably they @@ -55,7 +67,8 @@ These are the dependencies only required for certain features (for attribute-based encryption and the identity provider subsystem) @end itemize - +@c ----------------------------------------------------------------------- +@node Getting the Source Code @section Getting the Source Code You can either download the source code using git (you obviously need git installed) or as an archive. @@ -75,6 +88,8 @@ tar xzvf gnunet-0.11.0pre66.tar.gz In the next chapter we will assume that the source code is available in the home directory at @code{~/gnunet}. +@c ----------------------------------------------------------------------- +@node Create @code{gnunet} user and group @section Create @code{gnunet} user and group The GNUnet services should be run as a dedicated user called @code{gnunet}. For using them a user should be in the same group as @@ -92,6 +107,8 @@ Now add your own user to the @code{gnunet} group. $ sudo adduser alice gnunet @end example +@c ----------------------------------------------------------------------- +@node Preparing and Compiling the Source Code @section Preparing and Compiling the Source Code For preparing the source code for compilation a bootstrap script and @code{configure} has to be run from the source code directory. When @@ -125,7 +142,8 @@ that 5 threads should be used. $ make -j5 @end example - +@c ----------------------------------------------------------------------- +@node Installation @section Installation The compiled binaries can be installed using @code{make install}. It needs to be run as root (or with sudo) because some binaries need the diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index c1905e899..747df5cf5 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi @@ -125,6 +125,14 @@ Key Concepts * Revocation:: Installing GNUnet +* Installing dependencies:: +* Getting the Source Code:: +* Create @code{gnunet} user and group:: +* Preparing and Compiling the Source Code:: +* Installation:: +* MOVED FROM USER Checking the Installation:: +* MOVED FROM USER The graphical configuration interface:: +* MOVED FROM USER Config Leftovers:: Using GNUnet -- cgit v1.2.3 From 981ce540583cae841156b9a25dc826b4233a1a49 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 1 Jul 2018 12:18:13 +0200 Subject: attempt #5375 --- src/gns/gnunet-dns2gns.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/gns/gnunet-dns2gns.c b/src/gns/gnunet-dns2gns.c index e6e53d405..8d39e8c53 100644 --- a/src/gns/gnunet-dns2gns.c +++ b/src/gns/gnunet-dns2gns.c @@ -269,6 +269,7 @@ dns_result_processor (void *cls, } request->packet = GNUNET_DNSPARSER_parse ((char*)dns, r); + GNUNET_DNSSTUB_resolve_cancel (request->dns_lookup); send_response (request); } -- cgit v1.2.3 From 2e7ba8a6c7dc317fdec310e04290acb1aa94a417 Mon Sep 17 00:00:00 2001 From: xrs Date: Sun, 1 Jul 2018 15:32:27 +0200 Subject: make --enable-documentation default --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index ee2f1f49f..c7314d765 100644 --- a/configure.ac +++ b/configure.ac @@ -677,9 +677,9 @@ AC_CHECK_LIB([kstat],[kstat_open]) # should the build process be building the documentation? AC_MSG_CHECKING(whether to build documentation) AC_ARG_ENABLE([documentation], - [AS_HELP_STRING([--enable-documentation], [build the documentation])], + [AS_HELP_STRING([--disable-documentation], [do not build the documentation])], [documentation=${enableval}], - [documentation=no]) + [documentation=yes]) AC_MSG_RESULT($documentation) if test "x$documentation" = "xyes" then -- cgit v1.2.3 From d409018c1da52d051bf2e95cd97a73e72cb5accd Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 1 Jul 2018 19:38:06 +0200 Subject: move gnunet-timeout to src/util/, fix issues related to #5375 --- contrib/Makefile.am | 11 -- contrib/timeout_watchdog.c | 116 ---------------- contrib/timeout_watchdog_w32.c | 191 -------------------------- doc/man/Makefile.am | 1 + doc/man/gnunet-gns.1 | 2 +- src/gns/gns_api.c | 7 +- src/gns/gnunet-gns.c | 10 +- src/gns/nss/nss_gns.c | 269 +++++++++++++++++++------------------ src/gns/nss/nss_gns_query.c | 25 +++- src/gns/nss/nss_gns_query.h | 30 +++-- src/identity/identity_api_lookup.c | 8 +- src/util/Makefile.am | 16 ++- src/util/client.c | 13 +- src/util/gnunet-timeout-w32.c | 191 ++++++++++++++++++++++++++ src/util/gnunet-timeout.c | 128 ++++++++++++++++++ 15 files changed, 534 insertions(+), 484 deletions(-) delete mode 100644 contrib/timeout_watchdog.c delete mode 100644 contrib/timeout_watchdog_w32.c create mode 100644 src/util/gnunet-timeout-w32.c create mode 100644 src/util/gnunet-timeout.c diff --git a/contrib/Makefile.am b/contrib/Makefile.am index 158e43998..eec3300b9 100644 --- a/contrib/Makefile.am +++ b/contrib/Makefile.am @@ -5,17 +5,6 @@ tap32dir = $(pkgdatadir)/openvpn-tap32/tapw32/ tap64dir = $(pkgdatadir)/openvpn-tap32/tapw64/ -noinst_PROGRAMS = \ - timeout_watchdog - -if !MINGW -timeout_watchdog_SOURCES = \ - timeout_watchdog.c -else -timeout_watchdog_SOURCES = \ - timeout_watchdog_w32.c -endif - noinst_SCRIPTS = \ scripts/terminate.py \ scripts/pydiffer.py \ diff --git a/contrib/timeout_watchdog.c b/contrib/timeout_watchdog.c deleted file mode 100644 index 70e840d55..000000000 --- a/contrib/timeout_watchdog.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2010 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @file contrib/timeout_watchdog.c - * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period - * @author Matthias Wachs - */ - -#include -#include -#include -#include -#include -#include - -static pid_t child; - - -static void -sigchld_handler (int val) -{ - int status = 0; - int ret = 0; - - (void) val; - waitpid (child, &status, 0); - if (WIFEXITED (status) != 0) - { - ret = WEXITSTATUS (status); - printf ("Test process exited with result %u\n", ret); - } - if (WIFSIGNALED (status) != 0) - { - ret = WTERMSIG (status); - printf ("Test process was signaled %u\n", ret); - } - exit (ret); -} - - -static void -sigint_handler (int val) -{ - kill (0, val); - exit (val); -} - - -int -main (int argc, - char *argv[]) -{ - int timeout = 0; - pid_t gpid = 0; - - if (argc < 3) - { - printf - ("arg 1: timeout in sec., arg 2: executable, arg arguments\n"); - exit (1); - } - - timeout = atoi (argv[1]); - - if (timeout == 0) - timeout = 600; - -/* with getpgid() it does not compile, but getpgrp is the BSD version and working */ - gpid = getpgrp (); - - signal (SIGCHLD, sigchld_handler); - signal (SIGABRT, sigint_handler); - signal (SIGFPE, sigint_handler); - signal (SIGILL, sigint_handler); - signal (SIGINT, sigint_handler); - signal (SIGSEGV, sigint_handler); - signal (SIGTERM, sigint_handler); - - child = fork (); - if (child == 0) - { - /* int setpgrp(pid_t pid, pid_t pgid); is not working on this machine */ - //setpgrp (0, pid_t gpid); - if (-1 != gpid) - setpgid (0, gpid); - execvp (argv[2], &argv[2]); - exit (1); - } - if (child > 0) - { - sleep (timeout); - printf ("Child processes were killed after timeout of %u seconds\n", - timeout); - kill (0, SIGTERM); - exit (1); - } - exit (1); -} - -/* end of timeout_watchdog.c */ diff --git a/contrib/timeout_watchdog_w32.c b/contrib/timeout_watchdog_w32.c deleted file mode 100644 index 901eb6207..000000000 --- a/contrib/timeout_watchdog_w32.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2010 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @file contrib/timeout_watchdog_w32.c - * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period - * @author LRN - */ - -#include -#include -#include - -int -main (int argc, char *argv[]) -{ - int i; - DWORD wait_result; - wchar_t *commandline; - wchar_t **wargv; - wchar_t *arg; - unsigned int cmdlen; - STARTUPINFOW start; - PROCESS_INFORMATION proc; - - wchar_t wpath[MAX_PATH + 1]; - - wchar_t *pathbuf; - DWORD pathbuf_len, alloc_len; - wchar_t *ptr; - wchar_t *non_const_filename; - wchar_t *wcmd; - int wargc; - int timeout = 0; - ssize_t wrote; - - HANDLE job; - - if (argc < 3) - { - printf - ("arg 1: timeout in sec., arg 2: executable, arg arguments\n"); - exit (1); - } - - timeout = atoi (argv[1]); - - if (timeout == 0) - timeout = 600; - - commandline = GetCommandLineW (); - if (commandline == NULL) - { - printf ("Failed to get commandline: %lu\n", GetLastError ()); - exit (2); - } - - wargv = CommandLineToArgvW (commandline, &wargc); - if (wargv == NULL || wargc <= 1) - { - printf ("Failed to get parse commandline: %lu\n", GetLastError ()); - exit (3); - } - - job = CreateJobObject (NULL, NULL); - if (job == NULL) - { - printf ("Failed to create a job: %lu\n", GetLastError ()); - exit (4); - } - - pathbuf_len = GetEnvironmentVariableW (L"PATH", (wchar_t *) &pathbuf, 0); - - alloc_len = pathbuf_len + 1; - - pathbuf = malloc (alloc_len * sizeof (wchar_t)); - - ptr = pathbuf; - - alloc_len = GetEnvironmentVariableW (L"PATH", ptr, pathbuf_len); - - cmdlen = wcslen (wargv[2]); - if (cmdlen < 5 || wcscmp (&wargv[2][cmdlen - 4], L".exe") != 0) - { - non_const_filename = malloc (sizeof (wchar_t) * (cmdlen + 5)); - swprintf (non_const_filename, cmdlen + 5, L"%S.exe", wargv[2]); - } - else - { - non_const_filename = wcsdup (wargv[2]); - } - - /* Check that this is the full path. If it isn't, search. */ - if (non_const_filename[1] == L':') - swprintf (wpath, sizeof (wpath) / sizeof (wchar_t), L"%S", non_const_filename); - else if (!SearchPathW - (pathbuf, non_const_filename, NULL, sizeof (wpath) / sizeof (wchar_t), - wpath, NULL)) - { - printf ("Failed to get find executable: %lu\n", GetLastError ()); - exit (5); - } - free (pathbuf); - free (non_const_filename); - - cmdlen = wcslen (wpath) + 4; - i = 3; - while (NULL != (arg = wargv[i++])) - cmdlen += wcslen (arg) + 4; - - wcmd = malloc (sizeof (wchar_t) * (cmdlen + 1)); - wrote = 0; - i = 2; - while (NULL != (arg = wargv[i++])) - { - /* This is to escape trailing slash */ - wchar_t arg_lastchar = arg[wcslen (arg) - 1]; - if (wrote == 0) - { - wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\" ", wpath, - arg_lastchar == L'\\' ? L"\\" : L""); - } - else - { - if (wcschr (arg, L' ') != NULL) - wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\"%S", arg, - arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" "); - else - wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"%S%S%S", arg, - arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" "); - } - } - - LocalFree (wargv); - - memset (&start, 0, sizeof (start)); - start.cb = sizeof (start); - - if (!CreateProcessW (wpath, wcmd, NULL, NULL, TRUE, CREATE_SUSPENDED, - NULL, NULL, &start, &proc)) - { - wprintf (L"Failed to get spawn process `%S' with arguments `%S': %lu\n", wpath, wcmd, GetLastError ()); - exit (6); - } - - AssignProcessToJobObject (job, proc.hProcess); - - ResumeThread (proc.hThread); - CloseHandle (proc.hThread); - - free (wcmd); - - wait_result = WaitForSingleObject (proc.hProcess, timeout * 1000); - if (wait_result == WAIT_OBJECT_0) - { - DWORD status; - wait_result = GetExitCodeProcess (proc.hProcess, &status); - CloseHandle (proc.hProcess); - if (wait_result != 0) - { - printf ("Test process exited with result %lu\n", status); - TerminateJobObject (job, status); - exit (status); - } - printf ("Test process exited (failed to obtain exit status)\n"); - TerminateJobObject (job, 0); - exit (0); - } - printf ("Child processes were killed after timeout of %u seconds\n", - timeout); - TerminateJobObject (job, 1); - CloseHandle (proc.hProcess); - exit (1); -} - -/* end of timeout_watchdog_w32.c */ diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index a6a116dca..37f881d60 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -37,6 +37,7 @@ man_MANS = \ gnunet-statistics.1 \ gnunet-testbed-profiler.1 \ gnunet-testing-run-service.1 \ + gnunet-timeout.1 \ gnunet-transport.1 \ gnunet-transport-certificate-creation.1 \ gnunet-unindex.1 \ diff --git a/doc/man/gnunet-gns.1 b/doc/man/gnunet-gns.1 index 9466dae03..9e4482653 100644 --- a/doc/man/gnunet-gns.1 +++ b/doc/man/gnunet-gns.1 @@ -46,7 +46,7 @@ Print GNUnet version number. .SH RETURN VALUE gnunet\-gns will return 0 on success, 1 on internal failures, 2 on -launch failures, 3 if the given name is not configured to use GNS. +launch failures, 4 if the given name is not configured to use GNS. .SH BUGS diff --git a/src/gns/gns_api.c b/src/gns/gns_api.c index 0ec9209da..3b658da92 100644 --- a/src/gns/gns_api.c +++ b/src/gns/gns_api.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -232,7 +232,6 @@ reconnect (struct GNUNET_GNS_Handle *handle) handle), GNUNET_MQ_handler_end () }; - struct GNUNET_GNS_LookupRequest *lh; GNUNET_assert (NULL == handle->mq); LOG (GNUNET_ERROR_TYPE_DEBUG, @@ -244,7 +243,9 @@ reconnect (struct GNUNET_GNS_Handle *handle) handle); if (NULL == handle->mq) return; - for (lh = handle->lookup_head; NULL != lh; lh = lh->next) + for (struct GNUNET_GNS_LookupRequest *lh = handle->lookup_head; + NULL != lh; + lh = lh->next) GNUNET_MQ_send_copy (handle->mq, lh->env); } diff --git a/src/gns/gnunet-gns.c b/src/gns/gnunet-gns.c index 149c8a7bb..463348ed3 100644 --- a/src/gns/gnunet-gns.c +++ b/src/gns/gnunet-gns.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -65,8 +65,9 @@ static struct GNUNET_GNS_LookupWithTldRequest *lr; /** * Global return value. * 0 on success (default), - * 1 on internal failures, 2 on launch failure, - * 3 if the name is not a GNS-supported TLD, + * 1 on internal failures + * 2 on launch failure, + * 4 if the name is not a GNS-supported TLD, */ static int global_ret; @@ -114,7 +115,7 @@ process_lookup_result (void *cls, lr = NULL; if (GNUNET_NO == was_gns) { - global_ret = 3; + global_ret = 4; /* not for GNS */ GNUNET_SCHEDULER_shutdown (); return; } @@ -183,7 +184,6 @@ run (void *cls, global_ret = 2; return; } - GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); diff --git a/src/gns/nss/nss_gns.c b/src/gns/nss/nss_gns.c index 9c9233d35..58aab47fd 100644 --- a/src/gns/nss/nss_gns.c +++ b/src/gns/nss/nss_gns.c @@ -54,121 +54,126 @@ * @return a nss_status code */ enum nss_status -_nss_gns_gethostbyname2_r( - const char *name, - int af, - struct hostent * result, - char *buffer, - size_t buflen, - int *errnop, - int *h_errnop) { - - struct userdata u; - enum nss_status status = NSS_STATUS_UNAVAIL; - int i; - size_t address_length, l, idx, astart; - - if (af == AF_UNSPEC) +_nss_gns_gethostbyname2_r(const char *name, + int af, + struct hostent *result, + char *buffer, + size_t buflen, + int *errnop, + int *h_errnop) +{ + struct userdata u; + enum nss_status status = NSS_STATUS_UNAVAIL; + int i; + size_t address_length; + size_t l; + size_t idx; + size_t astart; + + if (af == AF_UNSPEC) #ifdef NSS_IPV6_ONLY - af = AF_INET6; + af = AF_INET6; #else - af = AF_INET; + af = AF_INET; #endif #ifdef NSS_IPV4_ONLY - if (af != AF_INET) + if (af != AF_INET) #elif NSS_IPV6_ONLY - if (af != AF_INET6) + if (af != AF_INET6) #else - if (af != AF_INET && af != AF_INET6) + if ( (af != AF_INET) && + (af != AF_INET6) ) #endif - { - *errnop = EINVAL; - *h_errnop = NO_RECOVERY; - - goto finish; - } - - address_length = af == AF_INET ? sizeof(ipv4_address_t) : sizeof(ipv6_address_t); - if (buflen < - sizeof(char*)+ /* alias names */ - strlen(name)+1) { /* official name */ - - *errnop = ERANGE; - *h_errnop = NO_RECOVERY; - status = NSS_STATUS_TRYAGAIN; - - goto finish; - } - - u.count = 0; - u.data_len = 0; - - i = gns_resolve_name(af, name, &u); - if (-3 == i) - { - status = NSS_STATUS_NOTFOUND; - goto finish; - } - if (-2 == i) - { - status = NSS_STATUS_UNAVAIL; - goto finish; - } - if ( (-1 == i) || - (u.count == 0) ) - { - *errnop = ETIMEDOUT; - *h_errnop = HOST_NOT_FOUND; - status = NSS_STATUS_NOTFOUND; - goto finish; - } - - - /* Alias names */ - *((char**) buffer) = NULL; - result->h_aliases = (char**) buffer; - idx = sizeof(char*); - - /* Official name */ - strcpy(buffer+idx, name); - result->h_name = buffer+idx; - idx += strlen(name)+1; - - ALIGN(idx); - - result->h_addrtype = af; - result->h_length = address_length; - - /* Check if there's enough space for the addresses */ - if (buflen < idx+u.data_len+sizeof(char*)*(u.count+1)) { - *errnop = ERANGE; - *h_errnop = NO_RECOVERY; - status = NSS_STATUS_TRYAGAIN; - goto finish; - } + { + *errnop = EINVAL; + *h_errnop = NO_RECOVERY; + + goto finish; + } + address_length = (af == AF_INET) ? sizeof(ipv4_address_t) : sizeof(ipv6_address_t); + if (buflen < + sizeof(char*)+ /* alias names */ + strlen(name)+1) + { /* official name */ + *errnop = ERANGE; + *h_errnop = NO_RECOVERY; + status = NSS_STATUS_TRYAGAIN; + + goto finish; + } + u.count = 0; + u.data_len = 0; + i = gns_resolve_name (af, + name, + &u); + if (-3 == i) + { + status = NSS_STATUS_NOTFOUND; + goto finish; + } + if (-2 == i) + { + status = NSS_STATUS_UNAVAIL; + goto finish; + } + if ( (-1 == i) || + (u.count == 0) ) + { + *errnop = ETIMEDOUT; + *h_errnop = HOST_NOT_FOUND; + status = NSS_STATUS_NOTFOUND; + goto finish; + } + /* Alias names */ + *((char**) buffer) = NULL; + result->h_aliases = (char**) buffer; + idx = sizeof(char*); + + /* Official name */ + strcpy (buffer+idx, + name); + result->h_name = buffer+idx; + idx += strlen (name)+1; + + ALIGN(idx); + + result->h_addrtype = af; + result->h_length = address_length; + + /* Check if there's enough space for the addresses */ + if (buflen < idx+u.data_len+sizeof(char*)*(u.count+1)) + { + *errnop = ERANGE; + *h_errnop = NO_RECOVERY; + status = NSS_STATUS_TRYAGAIN; + goto finish; + } /* Addresses */ - astart = idx; - l = u.count*address_length; - if (0 != l) - memcpy(buffer+astart, &u.data, l); - /* address_length is a multiple of 32bits, so idx is still aligned - * correctly */ - idx += l; - - /* Address array address_length is always a multiple of 32bits */ - for (i = 0; i < u.count; i++) - ((char**) (buffer+idx))[i] = buffer+astart+address_length*i; - ((char**) (buffer+idx))[i] = NULL; - result->h_addr_list = (char**) (buffer+idx); - - status = NSS_STATUS_SUCCESS; + astart = idx; + l = u.count*address_length; + if (0 != l) + memcpy (buffer+astart, + &u.data, + l); + /* address_length is a multiple of 32bits, so idx is still aligned + * correctly */ + idx += l; + + /* Address array address_length is always a multiple of 32bits */ + for (i = 0; i < u.count; i++) + ((char**) (buffer+idx))[i] = buffer+astart+address_length*i; + ((char**) (buffer+idx))[i] = NULL; + result->h_addr_list = (char**) (buffer+idx); + + status = NSS_STATUS_SUCCESS; finish: - return status; + return status; } + /** * The gethostbyname hook executed by nsswitch * @@ -176,29 +181,28 @@ finish: * @param result the result hostent * @param buffer the result buffer * @param buflen length of the buffer - * @param errnop idk + * @param errnop[out] the low-level error code to return to the application * @param h_errnop idk * @return a nss_status code */ enum nss_status -_nss_gns_gethostbyname_r ( - const char *name, - struct hostent *result, - char *buffer, - size_t buflen, - int *errnop, - int *h_errnop) { - - return _nss_gns_gethostbyname2_r( - name, - AF_UNSPEC, - result, - buffer, - buflen, - errnop, - h_errnop); +_nss_gns_gethostbyname_r (const char *name, + struct hostent *result, + char *buffer, + size_t buflen, + int *errnop, + int *h_errnop) +{ + return _nss_gns_gethostbyname2_r (name, + AF_UNSPEC, + result, + buffer, + buflen, + errnop, + h_errnop); } + /** * The gethostbyaddr hook executed by nsswitch * We can't do this so we always return NSS_STATUS_UNAVAIL @@ -209,23 +213,22 @@ _nss_gns_gethostbyname_r ( * @param result the result hostent * @param buffer the result buffer * @param buflen length of the buffer - * @param errnop idk + * @param errnop[out] the low-level error code to return to the application * @param h_errnop idk * @return NSS_STATUS_UNAVAIL */ enum nss_status -_nss_gns_gethostbyaddr_r( - const void* addr, - int len, - int af, - struct hostent *result, - char *buffer, - size_t buflen, - int *errnop, - int *h_errnop) { - - *errnop = EINVAL; - *h_errnop = NO_RECOVERY; - //NOTE we allow to leak this into DNS so no NOTFOUND - return NSS_STATUS_UNAVAIL; +_nss_gns_gethostbyaddr_r (const void* addr, + int len, + int af, + struct hostent *result, + char *buffer, + size_t buflen, + int *errnop, + int *h_errnop) +{ + *errnop = EINVAL; + *h_errnop = NO_RECOVERY; + //NOTE we allow to leak this into DNS so no NOTFOUND + return NSS_STATUS_UNAVAIL; } diff --git a/src/gns/nss/nss_gns_query.c b/src/gns/nss/nss_gns_query.c index 094e25ed5..867ead624 100644 --- a/src/gns/nss/nss_gns_query.c +++ b/src/gns/nss/nss_gns_query.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -48,14 +48,16 @@ gns_resolve_name (int af, { if (-1 == asprintf (&cmd, "%s -t AAAA -u %s\n", - "gnunet-gns -r", name)) + "gnunet-gns -r", + name)) return -1; } else { if (-1 == asprintf (&cmd, "%s %s\n", - "gnunet-gns -r -u", name)) + "gnunet-gns -r -u", + name)) return -1; } if (NULL == (p = popen (cmd, "r"))) @@ -63,7 +65,9 @@ gns_resolve_name (int af, free (cmd); return -1; } - while (NULL != fgets (line, sizeof(line), p)) + while (NULL != fgets (line, + sizeof(line), + p)) { if (u->count >= MAX_ENTRIES) break; @@ -72,7 +76,9 @@ gns_resolve_name (int af, line[strlen(line)-1] = '\0'; if (AF_INET == af) { - if (inet_pton(af, line, &(u->data.ipv4[u->count]))) + if (inet_pton(af, + line, + &u->data.ipv4[u->count])) { u->count++; u->data_len += sizeof(ipv4_address_t); @@ -86,7 +92,9 @@ gns_resolve_name (int af, } else if (AF_INET6 == af) { - if (inet_pton(af, line, &(u->data.ipv6[u->count]))) + if (inet_pton(af, + line, + &u->data.ipv6[u->count])) { u->count++; u->data_len += sizeof(ipv6_address_t); @@ -105,7 +113,10 @@ gns_resolve_name (int af, if (4 == ret) return -2; /* not for GNS */ if (3 == ret) - return -3; /* timeout */ + return -3; /* timeout -> not found */ + if ( (2 == ret) || (1 == ret) ) + return -2; /* launch failure -> service unavailable */ return 0; } + /* end of nss_gns_query.c */ diff --git a/src/gns/nss/nss_gns_query.h b/src/gns/nss/nss_gns_query.h index bb04f9004..48cab4b22 100644 --- a/src/gns/nss/nss_gns_query.h +++ b/src/gns/nss/nss_gns_query.h @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -26,25 +26,30 @@ /* Maximum number of entries to return */ #define MAX_ENTRIES 16 -typedef struct { - uint32_t address; +typedef struct +{ + uint32_t address; } ipv4_address_t; -typedef struct { - uint8_t address[16]; + +typedef struct +{ + uint8_t address[16]; } ipv6_address_t; -struct userdata { +struct userdata +{ int count; int data_len; /* only valid when doing reverse lookup */ union { - ipv4_address_t ipv4[MAX_ENTRIES]; - ipv6_address_t ipv6[MAX_ENTRIES]; - char *name[MAX_ENTRIES]; + ipv4_address_t ipv4[MAX_ENTRIES]; + ipv6_address_t ipv6[MAX_ENTRIES]; + char *name[MAX_ENTRIES]; } data; }; + /** * Wrapper function that uses gnunet-gns cli tool to resolve * an IPv4/6 address. @@ -54,8 +59,9 @@ struct userdata { * @param u the userdata (result struct) * @return -1 on error else 0 */ -int gns_resolve_name(int af, - const char *name, - struct userdata *userdata); +int +gns_resolve_name(int af, + const char *name, + struct userdata *userdata); #endif diff --git a/src/identity/identity_api_lookup.c b/src/identity/identity_api_lookup.c index 593a5dbb0..25aec8ede 100644 --- a/src/identity/identity_api_lookup.c +++ b/src/identity/identity_api_lookup.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -131,6 +131,12 @@ GNUNET_IDENTITY_ego_lookup (const struct GNUNET_CONFIGURATION_Handle *cfg, el->identity = GNUNET_IDENTITY_connect (cfg, &identity_cb, el); + if (NULL == el->identity) + { + GNUNET_free (el->name); + GNUNET_free (el); + return NULL; + } return el; } diff --git a/src/util/Makefile.am b/src/util/Makefile.am index ec7bcb016..4ae073c2c 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -166,6 +166,7 @@ lib_LTLIBRARIES = libgnunetutil.la libexec_PROGRAMS = \ gnunet-service-resolver \ + gnunet-timeout \ $(W32CONSOLEHELPER) bin_SCRIPTS =\ @@ -192,6 +193,15 @@ endif endif +if !MINGW +gnunet_timeout_SOURCES = \ + gnunet-timeout.c +else +gnunet_timeout_SOURCES = \ + gnunet-timeout-w32.c +endif + + do_subst = $(SED) -e 's,[@]PYTHON[@],$(PYTHON),g' gnunet-qr: gnunet-qr.py.in Makefile @@ -334,12 +344,12 @@ test_hexcoder_LDADD = \ test_tun_SOURCES = \ test_tun.c test_tun_LDADD = \ - libgnunetutil.la + libgnunetutil.la test_regex_SOURCES = \ test_regex.c test_regex_LDADD = \ - libgnunetutil.la + libgnunetutil.la test_os_start_process_SOURCES = \ test_os_start_process.c @@ -622,4 +632,4 @@ EXTRA_DIST = \ test_resolver_api_data.conf \ test_service_data.conf \ test_speedup_data.conf \ - gnunet-qr.py.in + gnunet-qr.py.in diff --git a/src/util/client.c b/src/util/client.c index 44e326eab..1f569255a 100644 --- a/src/util/client.c +++ b/src/util/client.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -721,6 +721,17 @@ test_service_configuration (const char *service_name, &unixpath)) && (0 < strlen (unixpath))) ret = GNUNET_OK; + else if ((GNUNET_OK == + GNUNET_CONFIGURATION_have_value (cfg, + service_name, + "UNIXPATH"))) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + service_name, + "UNIXPATH", + _("not a valid filename")); + return GNUNET_SYSERR; /* UNIXPATH specified but invalid! */ + } GNUNET_free_non_null (unixpath); #endif diff --git a/src/util/gnunet-timeout-w32.c b/src/util/gnunet-timeout-w32.c new file mode 100644 index 000000000..78b268fe2 --- /dev/null +++ b/src/util/gnunet-timeout-w32.c @@ -0,0 +1,191 @@ +/* + This file is part of GNUnet + Copyright (C) 2010 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @file src/util/gnunet-timeout-w32.c + * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period + * @author LRN + */ + +#include +#include +#include + +int +main (int argc, char *argv[]) +{ + int i; + DWORD wait_result; + wchar_t *commandline; + wchar_t **wargv; + wchar_t *arg; + unsigned int cmdlen; + STARTUPINFOW start; + PROCESS_INFORMATION proc; + + wchar_t wpath[MAX_PATH + 1]; + + wchar_t *pathbuf; + DWORD pathbuf_len, alloc_len; + wchar_t *ptr; + wchar_t *non_const_filename; + wchar_t *wcmd; + int wargc; + int timeout = 0; + ssize_t wrote; + + HANDLE job; + + if (argc < 3) + { + printf + ("arg 1: timeout in sec., arg 2: executable, arg arguments\n"); + exit (1); + } + + timeout = atoi (argv[1]); + + if (timeout == 0) + timeout = 600; + + commandline = GetCommandLineW (); + if (commandline == NULL) + { + printf ("Failed to get commandline: %lu\n", GetLastError ()); + exit (2); + } + + wargv = CommandLineToArgvW (commandline, &wargc); + if (wargv == NULL || wargc <= 1) + { + printf ("Failed to get parse commandline: %lu\n", GetLastError ()); + exit (3); + } + + job = CreateJobObject (NULL, NULL); + if (job == NULL) + { + printf ("Failed to create a job: %lu\n", GetLastError ()); + exit (4); + } + + pathbuf_len = GetEnvironmentVariableW (L"PATH", (wchar_t *) &pathbuf, 0); + + alloc_len = pathbuf_len + 1; + + pathbuf = malloc (alloc_len * sizeof (wchar_t)); + + ptr = pathbuf; + + alloc_len = GetEnvironmentVariableW (L"PATH", ptr, pathbuf_len); + + cmdlen = wcslen (wargv[2]); + if (cmdlen < 5 || wcscmp (&wargv[2][cmdlen - 4], L".exe") != 0) + { + non_const_filename = malloc (sizeof (wchar_t) * (cmdlen + 5)); + swprintf (non_const_filename, cmdlen + 5, L"%S.exe", wargv[2]); + } + else + { + non_const_filename = wcsdup (wargv[2]); + } + + /* Check that this is the full path. If it isn't, search. */ + if (non_const_filename[1] == L':') + swprintf (wpath, sizeof (wpath) / sizeof (wchar_t), L"%S", non_const_filename); + else if (!SearchPathW + (pathbuf, non_const_filename, NULL, sizeof (wpath) / sizeof (wchar_t), + wpath, NULL)) + { + printf ("Failed to get find executable: %lu\n", GetLastError ()); + exit (5); + } + free (pathbuf); + free (non_const_filename); + + cmdlen = wcslen (wpath) + 4; + i = 3; + while (NULL != (arg = wargv[i++])) + cmdlen += wcslen (arg) + 4; + + wcmd = malloc (sizeof (wchar_t) * (cmdlen + 1)); + wrote = 0; + i = 2; + while (NULL != (arg = wargv[i++])) + { + /* This is to escape trailing slash */ + wchar_t arg_lastchar = arg[wcslen (arg) - 1]; + if (wrote == 0) + { + wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\" ", wpath, + arg_lastchar == L'\\' ? L"\\" : L""); + } + else + { + if (wcschr (arg, L' ') != NULL) + wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\"%S", arg, + arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" "); + else + wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"%S%S%S", arg, + arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" "); + } + } + + LocalFree (wargv); + + memset (&start, 0, sizeof (start)); + start.cb = sizeof (start); + + if (!CreateProcessW (wpath, wcmd, NULL, NULL, TRUE, CREATE_SUSPENDED, + NULL, NULL, &start, &proc)) + { + wprintf (L"Failed to get spawn process `%S' with arguments `%S': %lu\n", wpath, wcmd, GetLastError ()); + exit (6); + } + + AssignProcessToJobObject (job, proc.hProcess); + + ResumeThread (proc.hThread); + CloseHandle (proc.hThread); + + free (wcmd); + + wait_result = WaitForSingleObject (proc.hProcess, timeout * 1000); + if (wait_result == WAIT_OBJECT_0) + { + DWORD status; + wait_result = GetExitCodeProcess (proc.hProcess, &status); + CloseHandle (proc.hProcess); + if (wait_result != 0) + { + printf ("Test process exited with result %lu\n", status); + TerminateJobObject (job, status); + exit (status); + } + printf ("Test process exited (failed to obtain exit status)\n"); + TerminateJobObject (job, 0); + exit (0); + } + printf ("Child processes were killed after timeout of %u seconds\n", + timeout); + TerminateJobObject (job, 1); + CloseHandle (proc.hProcess); + exit (1); +} + +/* end of timeout_watchdog_w32.c */ diff --git a/src/util/gnunet-timeout.c b/src/util/gnunet-timeout.c new file mode 100644 index 000000000..8dfb6ad17 --- /dev/null +++ b/src/util/gnunet-timeout.c @@ -0,0 +1,128 @@ +/* + This file is part of GNUnet + Copyright (C) 2010 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @file src/util/gnunet-timeout.c + * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period + * @author Matthias Wachs + */ + +#include +#include +#include +#include +#include +#include + +static pid_t child; + + +static void +sigchld_handler (int val) +{ + int status = 0; + int ret = 0; + + (void) val; + waitpid (child, + &status, + 0); + if (WIFEXITED (status) != 0) + { + ret = WEXITSTATUS (status); + fprintf (stderr, + "Process exited with result %u\n", + ret); + exit (ret); /* return same status code */ + } + if (WIFSIGNALED (status) != 0) + { + ret = WTERMSIG (status); + fprintf (stderr, + "Process received signal %u\n", + ret); + kill (getpid (), + ret); /* kill self with the same signal */ + } + exit (-1); +} + + +static void +sigint_handler (int val) +{ + kill (0, + val); + exit (val); +} + + +int +main (int argc, + char *argv[]) +{ + int timeout = 0; + pid_t gpid = 0; + + if (argc < 3) + { + fprintf (stderr, + "arg 1: timeout in sec., arg 2: executable, arg arguments\n"); + exit (-1); + } + + timeout = atoi (argv[1]); + + if (timeout == 0) + timeout = 600; + + /* with getpgid() it does not compile, but getpgrp is the BSD version and working */ + gpid = getpgrp (); + + signal (SIGCHLD, sigchld_handler); + signal (SIGABRT, sigint_handler); + signal (SIGFPE, sigint_handler); + signal (SIGILL, sigint_handler); + signal (SIGINT, sigint_handler); + signal (SIGSEGV, sigint_handler); + signal (SIGTERM, sigint_handler); + + child = fork (); + if (child == 0) + { + /* int setpgrp(pid_t pid, pid_t pgid); is not working on this machine */ + //setpgrp (0, pid_t gpid); + if (-1 != gpid) + setpgid (0, gpid); + execvp (argv[2], + &argv[2]); + exit (-1); + } + if (child > 0) + { + sleep (timeout); + printf ("Child processes were killed after timeout of %u seconds\n", + timeout); + kill (0, + SIGTERM); + exit (3); + } + exit (-1); +} + +/* end of timeout_watchdog.c */ -- cgit v1.2.3 From 2d38fd259f56e8a8c04e35615e745b7250c8933b Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 1 Jul 2018 19:39:44 +0200 Subject: more timeout code moving --- contrib/.gitignore | 1 - doc/man/gnunet-timeout.1 | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 doc/man/gnunet-timeout.1 diff --git a/contrib/.gitignore b/contrib/.gitignore index 304706d7e..d6ef469ba 100644 --- a/contrib/.gitignore +++ b/contrib/.gitignore @@ -2,7 +2,6 @@ gnunet_janitor.py gnunet_pyexpect.py pydiffer.py terminate.py -timeout_watchdog gnunet_pyexpect.py gnunet_pyexpect.pyc pydiffer.pyc diff --git a/doc/man/gnunet-timeout.1 b/doc/man/gnunet-timeout.1 new file mode 100644 index 000000000..e413254f4 --- /dev/null +++ b/doc/man/gnunet-timeout.1 @@ -0,0 +1,20 @@ +.TH GNUNET\-TIMOUET 1 "Jun 5, 2018" "GNUnet" + +.SH NAME +gnunet\-timeout \- run process with timeout + +.SH SYNOPSIS +.B gnunet\-timeout +.RI TIMEOUT PROGRAM ARGS +.br + +.SH DESCRIPTION +\fBgnunet\-timeout\fP can be used to run another process with a +timeout. Provided as the standard "timout" utility may not be +available on all platforms. + +.SH BUGS +Report bugs by using Mantis or by sending electronic mail to + +.SH SEE +timeout(1) -- cgit v1.2.3 From f726b73c4bdcbfb00b5728dbfaa738f5d6969345 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 1 Jul 2018 19:40:19 +0200 Subject: update gitignore --- src/util/.gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/util/.gitignore b/src/util/.gitignore index 8e7093568..40a3dbc5c 100644 --- a/src/util/.gitignore +++ b/src/util/.gitignore @@ -70,3 +70,5 @@ perf_crypto_symmetric perf_crypto_rsa perf_crypto_ecc_dlog test_hexcoder test_regex test_tun +gnunet-timeout +test_hexcoder test_regex test_tun -- cgit v1.2.3 From a62a0839916306a4007d3f2b076878b7a29022ec Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 1 Jul 2018 19:40:48 +0200 Subject: update gitignore --- src/util/.gitignore | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/util/.gitignore b/src/util/.gitignore index 40a3dbc5c..7b190ca76 100644 --- a/src/util/.gitignore +++ b/src/util/.gitignore @@ -69,6 +69,7 @@ perf_crypto_hash perf_crypto_symmetric perf_crypto_rsa perf_crypto_ecc_dlog -test_hexcoder test_regex test_tun +test_hexcoder +test_regex +test_tun gnunet-timeout -test_hexcoder test_regex test_tun -- cgit v1.2.3 From 4e5b0abe868d344b1b415719db34b1f5f3aa94d0 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 1 Jul 2018 19:54:13 +0200 Subject: clarify error message of #5375 --- src/util/dnsparser.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/util/dnsparser.c b/src/util/dnsparser.c index 57d0a014c..6fb6d657f 100644 --- a/src/util/dnsparser.c +++ b/src/util/dnsparser.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -956,8 +956,11 @@ GNUNET_DNSPARSER_builder_add_name (char *dst, len = dot - idna_name; if ( (len >= 64) || (0 == len) ) { - GNUNET_break (0); - goto fail; /* segment too long or empty */ + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Invalid DNS name `%s': label with %u characters encountered\n", + name, + len); + goto fail; /* label too long or empty */ } dst[pos++] = (char) (uint8_t) len; GNUNET_memcpy (&dst[pos], -- cgit v1.2.3 From 76cba102f24b8d6e356b36e63474cd6896a082aa Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 1 Jul 2018 20:05:30 +0200 Subject: address #3706 --- src/set/gnunet-service-set_intersection.c | 19 ++++++++++++++++++- src/set/gnunet-service-set_union.c | 19 ++++++++++++++----- 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/src/set/gnunet-service-set_intersection.c b/src/set/gnunet-service-set_intersection.c index 254763b45..1083384f5 100644 --- a/src/set/gnunet-service-set_intersection.c +++ b/src/set/gnunet-service-set_intersection.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -23,6 +23,7 @@ */ #include "platform.h" #include "gnunet_util_lib.h" +#include "gnunet_statistics_service.h" #include "gnunet-service-set.h" #include "gnunet_block_lib.h" #include "gnunet-service-set_protocol.h" @@ -215,6 +216,10 @@ send_client_removed_element (struct Operation *op, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending removed element (size %u) to client\n", element->size); + GNUNET_STATISTICS_update (_GSS_statistics, + "# Element removed messages sent", + 1, + GNUNET_NO); GNUNET_assert (0 != op->client_request_id); ev = GNUNET_MQ_msg_extra (rm, element->size, @@ -406,6 +411,10 @@ fail_intersection_operation (struct Operation *op) GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Intersection operation failed\n"); + GNUNET_STATISTICS_update (_GSS_statistics, + "# Intersection operations failed", + 1, + GNUNET_NO); if (NULL != op->state->my_elements) { GNUNET_CONTAINER_multihashmap_destroy (op->state->my_elements); @@ -466,6 +475,10 @@ send_bloomfilter (struct Operation *op) op); /* send our Bloom filter */ + GNUNET_STATISTICS_update (_GSS_statistics, + "# Intersection Bloom filters sent", + 1, + GNUNET_NO); chunk_size = 60 * 1024 - sizeof (struct BFMessage); if (bf_size <= chunk_size) { @@ -534,6 +547,10 @@ send_client_done_and_destroy (void *cls) GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Intersection succeeded, sending DONE to local client\n"); + GNUNET_STATISTICS_update (_GSS_statistics, + "# Intersection operations succeeded", + 1, + GNUNET_NO); ev = GNUNET_MQ_msg (rm, GNUNET_MESSAGE_TYPE_SET_RESULT); rm->request_id = htonl (op->client_request_id); diff --git a/src/set/gnunet-service-set_union.c b/src/set/gnunet-service-set_union.c index c3c14f1ba..c1268948a 100644 --- a/src/set/gnunet-service-set_union.c +++ b/src/set/gnunet-service-set_union.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -758,8 +758,8 @@ get_order_from_difference (unsigned int diff) */ static int send_full_element_iterator (void *cls, - const struct GNUNET_HashCode *key, - void *value) + const struct GNUNET_HashCode *key, + void *value) { struct Operation *op = cls; struct GNUNET_SET_ElementMessage *emsg; @@ -1371,7 +1371,8 @@ send_client_element (struct Operation *op, * * @param op operation */ -void destroy_channel (struct Operation *op) +static void +destroy_channel (struct Operation *op) { struct GNUNET_CADET_Channel *channel; @@ -1404,7 +1405,11 @@ send_client_done (void *cls) if (PHASE_DONE != op->state->phase) { LOG (GNUNET_ERROR_TYPE_WARNING, - "union operation failed\n"); + "Union operation failed\n"); + GNUNET_STATISTICS_update (_GSS_statistics, + "# Union operations failed", + 1, + GNUNET_NO); ev = GNUNET_MQ_msg (rm, GNUNET_MESSAGE_TYPE_SET_RESULT); rm->result_status = htons (GNUNET_SET_STATUS_FAILURE); rm->request_id = htonl (op->client_request_id); @@ -1416,6 +1421,10 @@ send_client_done (void *cls) op->state->client_done_sent = GNUNET_YES; + GNUNET_STATISTICS_update (_GSS_statistics, + "# Union operations succeeded", + 1, + GNUNET_NO); LOG (GNUNET_ERROR_TYPE_INFO, "Signalling client that union operation is done\n"); ev = GNUNET_MQ_msg (rm, -- cgit v1.2.3 From bb3371542e3c1fff2c4abb4d2ba3decf925b4352 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Mon, 2 Jul 2018 12:48:05 +0200 Subject: rps service: set delete flags on channel properly --- po/POTFILES.in | 1 + src/rps/gnunet-service-rps.c | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/po/POTFILES.in b/po/POTFILES.in index 38fa52508..8a95064a6 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -325,6 +325,7 @@ src/rps/gnunet-service-rps_sampler.c src/rps/gnunet-service-rps_sampler_elem.c src/rps/gnunet-service-rps_view.c src/rps/rps_api.c +src/rps/rps_test_lib.c src/rps/rps-test_util.c src/scalarproduct/gnunet-scalarproduct.c src/scalarproduct/gnunet-service-scalarproduct_alice.c diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index 84fb33be2..5a75ac55a 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -1666,10 +1666,11 @@ Peers_cleanup_destroyed_channel (void *cls, { struct GNUNET_PeerIdentity *peer = cls; struct PeerContext *peer_ctx; + uint32_t *channel_flag; if (GNUNET_NO == Peers_check_peer_known (peer)) {/* We don't want to implicitly create a context that we're about to kill */ - LOG (GNUNET_ERROR_TYPE_DEBUG, + LOG (GNUNET_ERROR_TYPE_WARNING, "channel (%s) without associated context was destroyed\n", GNUNET_i2s (peer)); return; @@ -1697,12 +1698,16 @@ Peers_cleanup_destroyed_channel (void *cls, if (NULL != peer_ctx->send_channel) { GNUNET_CADET_channel_destroy (peer_ctx->send_channel); + channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_SENDING); + Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING); peer_ctx->send_channel = NULL; peer_ctx->mq = NULL; } if (NULL != peer_ctx->recv_channel) { GNUNET_CADET_channel_destroy (peer_ctx->recv_channel); + channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_RECEIVING); + Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING); peer_ctx->recv_channel = NULL; } /* Set the #Peers_ONLINE flag accordingly */ -- cgit v1.2.3 From c579fa83c2652aac6a093ceeb36854bee3800cbe Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Tue, 3 Jul 2018 06:48:54 +0000 Subject: Documentation: Contributing testcases Signed-off-by: Nils Gillmann --- doc/documentation/chapters/contributing.texi | 19 +++++++++++++++++++ doc/documentation/gnunet.texi | 1 + 2 files changed, 20 insertions(+) diff --git a/doc/documentation/chapters/contributing.texi b/doc/documentation/chapters/contributing.texi index dc87de3d6..6367f8ce6 100644 --- a/doc/documentation/chapters/contributing.texi +++ b/doc/documentation/chapters/contributing.texi @@ -6,6 +6,7 @@ * Licenses of contributions:: * Copyright Assignment:: * Contributing to the Reference Manual:: +* Contributing testcases:: @end menu @node Contributing to GNUnet @@ -90,3 +91,21 @@ In a 200+ pages handbook it's better to have footnotes accessible without having to skip over to the end. @end itemize + +@node Contributing testcases +@section Contributing testcases + +In the core of gnunet, we restrict new testcases to a small subset +of languages, in order of preference: +@enumerate +@item C +@item Bash (preferable portable without too much specifics to Bash) +@item Python (@gt{} 3.6) +@end enumerate + +We welcome efforts to remove our existing python-2.7 scripts to +replace them either with Bash or, at your choice, python-3.6+. + +If you contribute new python based testcases, we advise you to +not repeat our past misfortunes and write the tests in a standard +test framework like for example pytest. diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index 747df5cf5..7743fddea 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi @@ -150,6 +150,7 @@ GNUnet Contributors Handbook * Licenses of contributions:: * Copyright Assignment:: * Contributing to the Reference Manual:: +* Contributing testcases:: GNUnet Developer Handbook -- cgit v1.2.3 From ee6d0b2da028de0e3e2802cb06a91c25edfcadc3 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Tue, 3 Jul 2018 07:00:07 +0000 Subject: fix Signed-off-by: Nils Gillmann --- doc/documentation/chapters/contributing.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/documentation/chapters/contributing.texi b/doc/documentation/chapters/contributing.texi index 6367f8ce6..a92df45c3 100644 --- a/doc/documentation/chapters/contributing.texi +++ b/doc/documentation/chapters/contributing.texi @@ -100,7 +100,7 @@ of languages, in order of preference: @enumerate @item C @item Bash (preferable portable without too much specifics to Bash) -@item Python (@gt{} 3.6) +@item Python (@geq{}3.6) @end enumerate We welcome efforts to remove our existing python-2.7 scripts to -- cgit v1.2.3 From e16465c65f516ee841fcc622343a4a56432712b0 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Tue, 3 Jul 2018 07:02:07 +0000 Subject: Documentation: use texinfo greater-equal-than in installation Signed-off-by: Nils Gillmann --- doc/documentation/chapters/installation.texi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/documentation/chapters/installation.texi b/doc/documentation/chapters/installation.texi index f6dd69216..559a97f96 100644 --- a/doc/documentation/chapters/installation.texi +++ b/doc/documentation/chapters/installation.texi @@ -28,13 +28,13 @@ link to the project websites. The mandatory libraries and applications are @itemize @bullet @item libtool -@item autoconf >= version 2.59 -@item automake >= version 1.11.1 +@item autoconf @geq{}2.59 +@item automake @geq{}1.11.1 @item pkg-config -@item libgcrypt >= version 1.6 +@item libgcrypt @geq{}1.6 @item libextractor @item libidn -@item libmicrohttpd >= version 0.9.52 +@item libmicrohttpd @geq{}0.9.52 @item libnss @item libunistring @item gettext -- cgit v1.2.3 From efc19a03fece07c47b8ac1189903bb7051639c39 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Tue, 3 Jul 2018 07:25:37 +0000 Subject: Documentation: extend repository list Signed-off-by: Nils Gillmann --- doc/documentation/chapters/developer.texi | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/doc/documentation/chapters/developer.texi b/doc/documentation/chapters/developer.texi index 1f74a8163..e82e32b59 100644 --- a/doc/documentation/chapters/developer.texi +++ b/doc/documentation/chapters/developer.texi @@ -214,9 +214,7 @@ Installation and update tool Template for starting 'external' GNUnet projects @item @command{gnunet-java} Java APIs for writing GNUnet services and applications -@c ** FIXME: Point to new website repository once we have it: -@c ** @item svn/gnunet-www/ Code and media helping drive the GNUnet -@c website +@item @command{gnunet-java-ext} @item @command{eclectic} Code to run GNUnet nodes on testbeds for research, development, testing and evaluation @@ -227,6 +225,8 @@ Qt-based GNUnet GUI (is it deprecated?) cocoa-based GNUnet GUI (is it deprecated?) @item @command{gnunet-guile} Guile bindings for GNUnet +@item @command{gnunet-python} +Python bindings for GNUnet @end table @@ -246,6 +246,13 @@ Tool for automated debugging of distributed systems Library for accessing satellite connection quality reports @item @command{libgnurl} gnURL (feature-restricted variant of cURL/libcurl) +@item @command{www} +work in progress of the new gnunet.org website (Jinja2 framework based to +replace our current Drupal website) +@item @command{bibliography} +Our collected bibliography, papers, references, and so forth +@item @command{gnunet-videos-} +Videos about and around gnunet activities @end table Finally, there are various external projects (see links for a list of -- cgit v1.2.3 From 04bc4d622a4ebdc903fa6feb35192a4efddcc2ca Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 3 Jul 2018 10:30:30 +0200 Subject: rps profiler: correct condition for writing bytes --- src/rps/rps-test_util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 78 insertions(+), 2 deletions(-) diff --git a/src/rps/rps-test_util.c b/src/rps/rps-test_util.c index d47e4952f..08fe96097 100644 --- a/src/rps/rps-test_util.c +++ b/src/rps/rps-test_util.c @@ -31,6 +31,17 @@ #define LOG(kind, ...) GNUNET_log_from(kind,"rps-test_util",__VA_ARGS__) +#define B2B_PAT "%c%c%c%c%c%c%c%c" +#define B2B(byte) \ + (byte & 0x80 ? '1' : '0'), \ + (byte & 0x40 ? '1' : '0'), \ + (byte & 0x20 ? '1' : '0'), \ + (byte & 0x10 ? '1' : '0'), \ + (byte & 0x08 ? '1' : '0'), \ + (byte & 0x04 ? '1' : '0'), \ + (byte & 0x02 ? '1' : '0'), \ + (byte & 0x01 ? '1' : '0') + #ifndef TO_FILE #define TO_FILE #endif /* TO_FILE */ @@ -155,6 +166,9 @@ to_file_raw (const char *file_name, const char *buf, size_t size_buf) return; } + LOG (GNUNET_ERROR_TYPE_WARNING, + "Wrote %u bytes raw.\n", + size_written); if (GNUNET_YES != GNUNET_DISK_file_close (f)) LOG (GNUNET_ERROR_TYPE_WARNING, "Unable to close file\n"); @@ -180,6 +194,8 @@ to_file_raw_unaligned (const char *file_name, // num_bits_buf_unaligned = bits_needed % 8; // return; //} + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Was asked to write %u bits\n", bits_needed); char buf_write[size_buf + 1]; const unsigned bytes_iter = (0 != bits_needed % 8? @@ -187,6 +203,14 @@ to_file_raw_unaligned (const char *file_name, bits_needed/8); // TODO what if no iteration happens? unsigned size_buf_write = 0; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "num_bits_buf_unaligned: %u\n", + num_bits_buf_unaligned); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "ua args: size_buf: %u, bits_needed: %u -> iter: %u\n", + size_buf, + bits_needed, + bytes_iter); buf_write[0] = buf_unaligned; /* Iterate over input bytes */ for (unsigned i = 0; i < bytes_iter; i++) @@ -227,17 +251,57 @@ to_file_raw_unaligned (const char *file_name, { num_bits_needed_iter = 8; } + LOG (GNUNET_ERROR_TYPE_DEBUG, + "number of bits needed in this iteration: %u\n", + num_bits_needed_iter); mask_bits_needed_iter = ((char) 1 << num_bits_needed_iter) - 1; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "mask needed bits (current iter): "B2B_PAT"\n", + B2B(mask_bits_needed_iter)); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Unaligned byte: "B2B_PAT" (%u bits)\n", + B2B(buf_unaligned), + num_bits_buf_unaligned); byte_input = buf[i]; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "next whole input byte: "B2B_PAT"\n", + B2B(byte_input)); byte_input &= mask_bits_needed_iter; num_bits_to_align = 8 - num_bits_buf_unaligned; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "input byte, needed bits: "B2B_PAT"\n", + B2B(byte_input)); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "number of bits needed to align unaligned bit: %u\n", + num_bits_to_align); num_bits_to_move = min (num_bits_to_align, num_bits_needed_iter); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "number of bits of new byte to move: %u\n", + num_bits_to_move); mask_input_to_move = ((char) 1 << num_bits_to_move) - 1; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "mask of bits of new byte to take for moving: "B2B_PAT"\n", + B2B(mask_input_to_move)); bits_to_move = byte_input & mask_input_to_move; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "masked bits of new byte to take for moving: "B2B_PAT"\n", + B2B(bits_to_move)); distance_shift_bits = num_bits_buf_unaligned; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "distance needed to shift bits to their correct spot: %u\n", + distance_shift_bits); bits_moving = bits_to_move << distance_shift_bits; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "shifted, masked bits of new byte being moved: "B2B_PAT"\n", + B2B(bits_moving)); byte_to_fill = buf_unaligned | bits_moving; - if (num_bits_buf_unaligned + num_bits_needed_iter > 8) + LOG (GNUNET_ERROR_TYPE_DEBUG, + "byte being filled: "B2B_PAT"\n", + B2B(byte_to_fill)); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "pending bytes: %u\n", + num_bits_buf_unaligned + num_bits_needed_iter); + if (num_bits_buf_unaligned + num_bits_needed_iter >= 8) { /* buf_unaligned was aligned by filling * -> can be written to storage */ @@ -246,10 +310,22 @@ to_file_raw_unaligned (const char *file_name, /* store the leftover, unaligned bits in buffer */ mask_input_leftover = mask_bits_needed_iter & (~ mask_input_to_move); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "mask of leftover bits of new byte: "B2B_PAT"\n", + B2B(mask_input_leftover)); byte_input_leftover = byte_input & mask_input_leftover; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "masked, leftover bits of new byte: "B2B_PAT"\n", + B2B(byte_input_leftover)); num_bits_leftover = num_bits_needed_iter - num_bits_to_move; - num_bits_discard = 8 - num_bits_needed_iter; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "number of unaligned bits left: %u\n", + num_bits_leftover); + //num_bits_discard = 8 - num_bits_needed_iter; byte_unaligned_new = byte_input_leftover >> num_bits_to_move; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "new unaligned byte: "B2B_PAT"\n", + B2B(byte_unaligned_new)); buf_unaligned = byte_unaligned_new; num_bits_buf_unaligned = num_bits_leftover % 8; } -- cgit v1.2.3 From ca09329c05855671f08611dc4cfafd19494842b0 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 3 Jul 2018 17:36:55 +0200 Subject: assert no MQ error after MQ destroy --- src/cadet/cadet_api.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cadet/cadet_api.c b/src/cadet/cadet_api.c index 319279110..92dd39b97 100644 --- a/src/cadet/cadet_api.c +++ b/src/cadet/cadet_api.c @@ -841,6 +841,7 @@ handle_mq_error (void *cls, h); GNUNET_MQ_destroy (h->mq); h->mq = NULL; + GNUNET_assert (NULL == h->reconnect_task); h->reconnect_task = GNUNET_SCHEDULER_add_delayed (h->reconnect_time, &reconnect_cbk, h); -- cgit v1.2.3 From 54a27e268ac6d754232f0d5098fe7c95bc90901f Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 3 Jul 2018 17:56:15 +0200 Subject: reduce relogin time --- src/identity-provider/plugin_rest_openid_connect.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/identity-provider/plugin_rest_openid_connect.c b/src/identity-provider/plugin_rest_openid_connect.c index d87a345cf..19aac224f 100644 --- a/src/identity-provider/plugin_rest_openid_connect.c +++ b/src/identity-provider/plugin_rest_openid_connect.c @@ -1014,10 +1014,11 @@ login_check (void *cls) return; } } - handle->emsg = GNUNET_strdup("invalid_cookie"); - handle->edesc = GNUNET_strdup( - "The cookie of the login identity is not valid"); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + //handle->emsg = GNUNET_strdup("invalid_cookie"); + //handle->edesc = GNUNET_strdup( + // "The cookie of the login identity is not valid"); + //GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + GNUNET_SCHEDULER_add_now (&login_redirection,handle); return; } } @@ -1359,8 +1360,8 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, current_time = GNUNET_new(struct GNUNET_TIME_Absolute); *current_time = GNUNET_TIME_relative_to_absolute ( - GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (), - 30)); + GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), + 5)); last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); if (NULL != last_time) { -- cgit v1.2.3 From 7653605896fe4485804bdff609a351b6c742f5f6 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 3 Jul 2018 18:14:24 +0200 Subject: update --- po/POTFILES.in | 127 +++++++++++---------- src/identity-provider/plugin_rest_openid_connect.c | 2 + 2 files changed, 66 insertions(+), 63 deletions(-) diff --git a/po/POTFILES.in b/po/POTFILES.in index 8a95064a6..83c3c7bdd 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -4,13 +4,21 @@ src/arm/arm_monitor_api.c src/arm/gnunet-arm.c src/arm/gnunet-service-arm.c src/arm/mockup-service.c +src/ats-tests/ats-testing-experiment.c +src/ats-tests/ats-testing-log.c +src/ats-tests/ats-testing-preferences.c +src/ats-tests/ats-testing-traffic.c +src/ats-tests/ats-testing.c +src/ats-tests/gnunet-ats-sim.c +src/ats-tests/gnunet-solver-eval.c +src/ats-tool/gnunet-ats.c src/ats/ats_api_connectivity.c src/ats/ats_api_performance.c src/ats/ats_api_scanner.c src/ats/ats_api_scheduling.c src/ats/gnunet-ats-solver-eval.c -src/ats/gnunet-service-ats_addresses.c src/ats/gnunet-service-ats.c +src/ats/gnunet-service-ats_addresses.c src/ats/gnunet-service-ats_connectivity.c src/ats/gnunet-service-ats_normalization.c src/ats/gnunet-service-ats_performance.c @@ -21,14 +29,6 @@ src/ats/gnunet-service-ats_scheduling.c src/ats/plugin_ats_mlp.c src/ats/plugin_ats_proportional.c src/ats/plugin_ats_ril.c -src/ats-tests/ats-testing.c -src/ats-tests/ats-testing-experiment.c -src/ats-tests/ats-testing-log.c -src/ats-tests/ats-testing-preferences.c -src/ats-tests/ats-testing-traffic.c -src/ats-tests/gnunet-ats-sim.c -src/ats-tests/gnunet-solver-eval.c -src/ats-tool/gnunet-ats.c src/auction/gnunet-auction-create.c src/auction/gnunet-auction-info.c src/auction/gnunet-auction-join.c @@ -40,8 +40,8 @@ src/block/plugin_block_test.c src/cadet/cadet_api.c src/cadet/cadet_test_lib.c src/cadet/desirability_table.c -src/cadet/gnunet-cadet.c src/cadet/gnunet-cadet-profiler.c +src/cadet/gnunet-cadet.c src/cadet/gnunet-service-cadet.c src/cadet/gnunet-service-cadet_channel.c src/cadet/gnunet-service-cadet_connection.c @@ -57,15 +57,15 @@ src/consensus/gnunet-service-consensus.c src/consensus/plugin_block_consensus.c src/conversation/conversation_api.c src/conversation/conversation_api_call.c -src/conversation/gnunet-conversation.c src/conversation/gnunet-conversation-test.c -src/conversation/gnunet_gst.c -src/conversation/gnunet_gst_test.c -src/conversation/gnunet-helper-audio-playback.c +src/conversation/gnunet-conversation.c src/conversation/gnunet-helper-audio-playback-gst.c -src/conversation/gnunet-helper-audio-record.c +src/conversation/gnunet-helper-audio-playback.c src/conversation/gnunet-helper-audio-record-gst.c +src/conversation/gnunet-helper-audio-record.c src/conversation/gnunet-service-conversation.c +src/conversation/gnunet_gst.c +src/conversation/gnunet_gst_test.c src/conversation/microphone.c src/conversation/plugin_gnsrecord_conversation.c src/conversation/speaker.c @@ -102,7 +102,6 @@ src/dht/dht_api.c src/dht/dht_test_lib.c src/dht/gnunet-dht-get.c src/dht/gnunet-dht-monitor.c -src/dht/gnunet_dht_profiler.c src/dht/gnunet-dht-put.c src/dht/gnunet-service-dht.c src/dht/gnunet-service-dht_clients.c @@ -111,6 +110,7 @@ src/dht/gnunet-service-dht_hello.c src/dht/gnunet-service-dht_neighbours.c src/dht/gnunet-service-dht_nse.c src/dht/gnunet-service-dht_routing.c +src/dht/gnunet_dht_profiler.c src/dht/plugin_block_dht.c src/dns/dns_api.c src/dns/gnunet-dns-monitor.c @@ -124,8 +124,8 @@ src/dv/gnunet-dv.c src/dv/gnunet-service-dv.c src/dv/plugin_transport_dv.c src/exit/gnunet-daemon-exit.c -src/exit/gnunet-helper-exit.c src/exit/gnunet-helper-exit-windows.c +src/exit/gnunet-helper-exit.c src/fragmentation/defragmentation.c src/fragmentation/fragmentation.c src/fs/fs_api.c @@ -150,8 +150,8 @@ src/fs/gnunet-auto-share.c src/fs/gnunet-daemon-fsprofiler.c src/fs/gnunet-directory.c src/fs/gnunet-download.c -src/fs/gnunet-fs.c src/fs/gnunet-fs-profiler.c +src/fs/gnunet-fs.c src/fs/gnunet-helper-fs-publish.c src/fs/gnunet-publish.c src/fs/gnunet-search.c @@ -171,10 +171,10 @@ src/gns/gns_tld_api.c src/gns/gnunet-bcd.c src/gns/gnunet-dns2gns.c src/gns/gnunet-gns-benchmark.c -src/gns/gnunet-gns.c src/gns/gnunet-gns-helper-service-w32.c src/gns/gnunet-gns-import.c src/gns/gnunet-gns-proxy.c +src/gns/gnunet-gns.c src/gns/gnunet-service-gns.c src/gns/gnunet-service-gns_interceptor.c src/gns/gnunet-service-gns_resolver.c @@ -183,15 +183,15 @@ src/gns/nss/nss_gns_query.c src/gns/plugin_block_gns.c src/gns/plugin_gnsrecord_gns.c src/gns/plugin_rest_gns.c +src/gns/w32nsp-install.c +src/gns/w32nsp-resolve.c +src/gns/w32nsp-uninstall.c +src/gns/w32nsp.c src/gnsrecord/gnsrecord.c src/gnsrecord/gnsrecord_crypto.c src/gnsrecord/gnsrecord_misc.c src/gnsrecord/gnsrecord_serialization.c src/gnsrecord/plugin_gnsrecord_dns.c -src/gns/w32nsp.c -src/gns/w32nsp-install.c -src/gns/w32nsp-resolve.c -src/gns/w32nsp-uninstall.c src/hello/address.c src/hello/gnunet-hello.c src/hello/hello.c @@ -200,11 +200,6 @@ src/hostlist/gnunet-daemon-hostlist_client.c src/hostlist/gnunet-daemon-hostlist_server.c src/identity-attribute/identity_attribute.c src/identity-attribute/plugin_identity_attribute_gnuid.c -src/identity/gnunet-identity.c -src/identity/gnunet-service-identity.c -src/identity/identity_api.c -src/identity/identity_api_lookup.c -src/identity/plugin_rest_identity.c src/identity-provider/gnunet-idp.c src/identity-provider/gnunet-service-identity-provider.c src/identity-provider/identity_provider_api.c @@ -213,15 +208,20 @@ src/identity-provider/plugin_gnsrecord_identity_provider.c src/identity-provider/plugin_identity_provider_sqlite.c src/identity-provider/plugin_rest_identity_provider.c src/identity-provider/plugin_rest_openid_connect.c +src/identity/gnunet-identity.c +src/identity/gnunet-service-identity.c +src/identity/identity_api.c +src/identity/identity_api_lookup.c +src/identity/plugin_rest_identity.c +src/json/json.c +src/json/json_generator.c +src/json/json_helper.c +src/json/json_mhd.c src/jsonapi/jsonapi.c src/jsonapi/jsonapi_document.c src/jsonapi/jsonapi_error.c src/jsonapi/jsonapi_relationship.c src/jsonapi/jsonapi_resource.c -src/json/json.c -src/json/json_generator.c -src/json/json_helper.c -src/json/json_mhd.c src/multicast/gnunet-multicast.c src/multicast/gnunet-service-multicast.c src/multicast/multicast_api.c @@ -235,8 +235,8 @@ src/namecache/namecache_api.c src/namecache/plugin_namecache_flat.c src/namecache/plugin_namecache_postgres.c src/namecache/plugin_namecache_sqlite.c -src/namestore/gnunet-namestore.c src/namestore/gnunet-namestore-fcfsd.c +src/namestore/gnunet-namestore.c src/namestore/gnunet-service-namestore.c src/namestore/gnunet-zoneimport.c src/namestore/namestore_api.c @@ -252,10 +252,10 @@ src/nat-auto/gnunet-service-nat-auto.c src/nat-auto/gnunet-service-nat-auto_legacy.c src/nat-auto/nat_auto_api.c src/nat-auto/nat_auto_api_test.c -src/nat/gnunet-helper-nat-client.c src/nat/gnunet-helper-nat-client-windows.c -src/nat/gnunet-helper-nat-server.c +src/nat/gnunet-helper-nat-client.c src/nat/gnunet-helper-nat-server-windows.c +src/nat/gnunet-helper-nat-server.c src/nat/gnunet-nat.c src/nat/gnunet-service-nat.c src/nat/gnunet-service-nat_externalip.c @@ -264,15 +264,15 @@ src/nat/gnunet-service-nat_mini.c src/nat/gnunet-service-nat_stun.c src/nat/nat_api.c src/nat/nat_api_stun.c -src/nse/gnunet-nse.c src/nse/gnunet-nse-profiler.c +src/nse/gnunet-nse.c src/nse/gnunet-service-nse.c src/nse/nse_api.c +src/peerinfo-tool/gnunet-peerinfo.c +src/peerinfo-tool/gnunet-peerinfo_plugins.c src/peerinfo/gnunet-service-peerinfo.c src/peerinfo/peerinfo_api.c src/peerinfo/peerinfo_api_notify.c -src/peerinfo-tool/gnunet-peerinfo.c -src/peerinfo-tool/gnunet-peerinfo_plugins.c src/peerstore/gnunet-peerstore.c src/peerstore/gnunet-service-peerstore.c src/peerstore/peerstore_api.c @@ -317,21 +317,20 @@ src/revocation/gnunet-revocation.c src/revocation/gnunet-service-revocation.c src/revocation/plugin_block_revocation.c src/revocation/revocation_api.c -src/rps/gnunet-rps.c src/rps/gnunet-rps-profiler.c +src/rps/gnunet-rps.c src/rps/gnunet-service-rps.c src/rps/gnunet-service-rps_custommap.c src/rps/gnunet-service-rps_sampler.c src/rps/gnunet-service-rps_sampler_elem.c src/rps/gnunet-service-rps_view.c -src/rps/rps_api.c -src/rps/rps_test_lib.c src/rps/rps-test_util.c +src/rps/rps_api.c src/scalarproduct/gnunet-scalarproduct.c -src/scalarproduct/gnunet-service-scalarproduct_alice.c -src/scalarproduct/gnunet-service-scalarproduct_bob.c src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c +src/scalarproduct/gnunet-service-scalarproduct_alice.c +src/scalarproduct/gnunet-service-scalarproduct_bob.c src/scalarproduct/scalarproduct_api.c src/secretsharing/gnunet-secretsharing-profiler.c src/secretsharing/gnunet-service-secretsharing.c @@ -360,15 +359,16 @@ src/statistics/gnunet-statistics.c src/statistics/statistics_api.c src/template/gnunet-service-template.c src/template/gnunet-template.c +src/testbed-logger/gnunet-service-testbed-logger.c +src/testbed-logger/testbed_logger_api.c src/testbed/generate-underlay-topology.c src/testbed/gnunet-daemon-latency-logger.c src/testbed/gnunet-daemon-testbed-blacklist.c src/testbed/gnunet-daemon-testbed-underlay.c src/testbed/gnunet-helper-testbed.c -src/testbed/gnunet_mpi_test.c src/testbed/gnunet-service-test-barriers.c -src/testbed/gnunet-service-testbed_barriers.c src/testbed/gnunet-service-testbed.c +src/testbed/gnunet-service-testbed_barriers.c src/testbed/gnunet-service-testbed_cache.c src/testbed/gnunet-service-testbed_connectionpool.c src/testbed/gnunet-service-testbed_cpustatus.c @@ -376,20 +376,19 @@ src/testbed/gnunet-service-testbed_links.c src/testbed/gnunet-service-testbed_meminfo.c src/testbed/gnunet-service-testbed_oc.c src/testbed/gnunet-service-testbed_peers.c -src/testbed/gnunet_testbed_mpi_spawn.c src/testbed/gnunet-testbed-profiler.c -src/testbed-logger/gnunet-service-testbed-logger.c -src/testbed-logger/testbed_logger_api.c -src/testbed/testbed_api_barriers.c +src/testbed/gnunet_mpi_test.c +src/testbed/gnunet_testbed_mpi_spawn.c src/testbed/testbed_api.c +src/testbed/testbed_api_barriers.c src/testbed/testbed_api_hosts.c src/testbed/testbed_api_operations.c src/testbed/testbed_api_peers.c src/testbed/testbed_api_sd.c src/testbed/testbed_api_services.c src/testbed/testbed_api_statistics.c -src/testbed/testbed_api_testbed.c src/testbed/testbed_api_test.c +src/testbed/testbed_api_testbed.c src/testbed/testbed_api_topology.c src/testbed/testbed_api_underlay.c src/testing/gnunet-testing.c @@ -398,28 +397,28 @@ src/testing/testing.c src/topology/friends.c src/topology/gnunet-daemon-topology.c src/transport/gnunet-helper-transport-bluetooth.c -src/transport/gnunet-helper-transport-wlan.c src/transport/gnunet-helper-transport-wlan-dummy.c -src/transport/gnunet-service-transport_ats.c +src/transport/gnunet-helper-transport-wlan.c src/transport/gnunet-service-transport.c +src/transport/gnunet-service-transport_ats.c src/transport/gnunet-service-transport_hello.c src/transport/gnunet-service-transport_manipulation.c src/transport/gnunet-service-transport_neighbours.c src/transport/gnunet-service-transport_plugins.c src/transport/gnunet-service-transport_validation.c -src/transport/gnunet-transport.c src/transport/gnunet-transport-certificate-creation.c src/transport/gnunet-transport-profiler.c src/transport/gnunet-transport-wlan-receiver.c src/transport/gnunet-transport-wlan-sender.c +src/transport/gnunet-transport.c src/transport/plugin_transport_http_client.c src/transport/plugin_transport_http_common.c src/transport/plugin_transport_http_server.c src/transport/plugin_transport_smtp.c src/transport/plugin_transport_tcp.c src/transport/plugin_transport_template.c -src/transport/plugin_transport_udp_broadcasting.c src/transport/plugin_transport_udp.c +src/transport/plugin_transport_udp_broadcasting.c src/transport/plugin_transport_unix.c src/transport/plugin_transport_wlan.c src/transport/plugin_transport_xt.c @@ -428,6 +427,11 @@ src/transport/tcp_connection_legacy.c src/transport/tcp_server_legacy.c src/transport/tcp_server_mst_legacy.c src/transport/tcp_service_legacy.c +src/transport/transport-testing-filenames.c +src/transport/transport-testing-loggers.c +src/transport/transport-testing-main.c +src/transport/transport-testing-send.c +src/transport/transport-testing.c src/transport/transport_api_address_to_string.c src/transport/transport_api_blacklist.c src/transport/transport_api_core.c @@ -436,11 +440,6 @@ src/transport/transport_api_manipulation.c src/transport/transport_api_monitor_peers.c src/transport/transport_api_monitor_plugins.c src/transport/transport_api_offer_hello.c -src/transport/transport-testing.c -src/transport/transport-testing-filenames.c -src/transport/transport-testing-loggers.c -src/transport/transport-testing-main.c -src/transport/transport-testing-send.c src/util/bandwidth.c src/util/bio.c src/util/client.c @@ -452,8 +451,8 @@ src/util/configuration_loader.c src/util/container_bloomfilter.c src/util/container_heap.c src/util/container_meta_data.c -src/util/container_multihashmap32.c src/util/container_multihashmap.c +src/util/container_multihashmap32.c src/util/container_multipeermap.c src/util/container_multishortmap.c src/util/crypto_abe.c @@ -475,13 +474,15 @@ src/util/dnsparser.c src/util/dnsstub.c src/util/getopt.c src/util/getopt_helpers.c -src/util/gnunet-config.c src/util/gnunet-config-diff.c +src/util/gnunet-config.c src/util/gnunet-ecc.c src/util/gnunet-helper-w32-console.c src/util/gnunet-resolver.c src/util/gnunet-scrypt.c src/util/gnunet-service-resolver.c +src/util/gnunet-timeout-w32.c +src/util/gnunet-timeout.c src/util/gnunet-uri.c src/util/helper.c src/util/load.c @@ -509,13 +510,13 @@ src/util/tun.c src/util/w32cat.c src/util/win.c src/util/winproc.c -src/vpn/gnunet-helper-vpn.c src/vpn/gnunet-helper-vpn-windows.c +src/vpn/gnunet-helper-vpn.c src/vpn/gnunet-service-vpn.c src/vpn/gnunet-vpn.c src/vpn/vpn_api.c -src/zonemaster/gnunet-service-zonemaster.c src/zonemaster/gnunet-service-zonemaster-monitor.c +src/zonemaster/gnunet-service-zonemaster.c src/fs/fs_api.h src/include/gnunet_common.h src/include/gnunet_mq_lib.h diff --git a/src/identity-provider/plugin_rest_openid_connect.c b/src/identity-provider/plugin_rest_openid_connect.c index 19aac224f..9c2f7fb3d 100644 --- a/src/identity-provider/plugin_rest_openid_connect.c +++ b/src/identity-provider/plugin_rest_openid_connect.c @@ -732,6 +732,8 @@ cookie_identity_interpretation (struct RequestHandle *handle) { handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY); handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity); + } else { + handle->oidc->login_identity = NULL; } } else -- cgit v1.2.3 From edefc4c42202fd10a48ea9037e3fe04e5ead840d Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 3 Jul 2018 17:27:10 +0200 Subject: fix rps profiler: mark cancelled task as done --- src/rps/gnunet-rps-profiler.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index 16f23e86c..54dc7d65e 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -888,6 +888,7 @@ shutdown_op (void *cls) if (NULL != post_test_task) { GNUNET_SCHEDULER_cancel (post_test_task); + post_test_task = NULL; } if (NULL != churn_task) { -- cgit v1.2.3 From 7940449e54a2716d69aed0fd01953ef6204b0229 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 3 Jul 2018 21:09:47 +0200 Subject: fix rps profiler: mark handle unusable after closing it --- src/rps/gnunet-rps-profiler.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index 54dc7d65e..f75f9794f 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -900,6 +900,7 @@ shutdown_op (void *cls) if (NULL != rps_peers[i].rps_handle) { GNUNET_RPS_disconnect (rps_peers[i].rps_handle); + rps_peers[i].rps_handle = NULL; } if (NULL != rps_peers[i].op) { -- cgit v1.2.3 From 37d12e4bcfc456ae488cce7d93853339812035fe Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 3 Jul 2018 21:10:38 +0200 Subject: rps profiler: different time for hard shutdown --- src/rps/gnunet-rps-profiler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index f75f9794f..ec73f1803 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -2572,7 +2572,7 @@ test_run (void *cls, if (NULL != churn_task) GNUNET_SCHEDULER_cancel (churn_task); post_test_task = GNUNET_SCHEDULER_add_delayed (timeout, &post_test_op, NULL); - timeout = GNUNET_TIME_relative_multiply (timeout, 1 + (0.1 * num_peers)); + timeout = GNUNET_TIME_relative_multiply (timeout, 1.2 + (0.01 * num_peers)); shutdown_task = GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL); shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, &shutdown_op, NULL); -- cgit v1.2.3 From 00fc4513ebdb851c79b8f7c2591dffb6bd70c5bd Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 3 Jul 2018 21:11:40 +0200 Subject: rps service: stop ignoring own peer id --- src/rps/gnunet-service-rps.c | 60 ++++++++++++++------------------------------ 1 file changed, 19 insertions(+), 41 deletions(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index 5a75ac55a..db09c68d2 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -1045,12 +1045,10 @@ restore_valid_peers () */ void Peers_initialise (char* fn_valid_peers, - struct GNUNET_CADET_Handle *cadet_h, - const struct GNUNET_PeerIdentity *own_id) + struct GNUNET_CADET_Handle *cadet_h) { filename_valid_peers = GNUNET_strdup (fn_valid_peers); cadet_handle = cadet_h; - own_identity = *own_id; peer_map = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO); valid_peers = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO); restore_valid_peers (); @@ -1136,14 +1134,12 @@ Peers_get_valid_peers (PeersIterator iterator, * @param peer the new #GNUNET_PeerIdentity * * @return #GNUNET_YES if peer was inserted - * #GNUNET_NO otherwise (if peer was already known or - * peer was #own_identity) + * #GNUNET_NO otherwise */ int Peers_insert_peer (const struct GNUNET_PeerIdentity *peer) { - if ( (GNUNET_YES == Peers_check_peer_known (peer)) || - (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity)) ) + if (GNUNET_YES == Peers_check_peer_known (peer)) { return GNUNET_NO; /* We already know this peer - nothing to do */ } @@ -1161,8 +1157,7 @@ Peers_check_peer_flag (const struct GNUNET_PeerIdentity *peer, enum Peers_PeerFl * * @param peer the peer whose liveliness is to be checked * @return #GNUNET_YES if peer had to be inserted - * #GNUNET_NO otherwise (if peer was already known or - * peer was #own_identity) + * #GNUNET_NO otherwise */ int Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer) @@ -1170,10 +1165,6 @@ Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer) struct PeerContext *peer_ctx; int ret; - if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity)) - { - return GNUNET_NO; - } ret = Peers_insert_peer (peer); peer_ctx = get_peer_ctx (peer); if (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE)) @@ -1791,10 +1782,6 @@ Peers_schedule_operation (const struct GNUNET_PeerIdentity *peer, struct PeerPendingOp pending_op; struct PeerContext *peer_ctx; - if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity)) - { - return GNUNET_NO; - } GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer)); //TODO if LIVE/ONLINE execute immediately @@ -3373,9 +3360,7 @@ handle_peer_pull_reply (void *cls, if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (att_peer_set, &peers[i]) && GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (mal_peer_set, - &peers[i]) - && 0 != GNUNET_CRYPTO_cmp_peer_identity (&peers[i], - &own_identity)) + &peers[i])) { tmp_att_peer = GNUNET_new (struct AttackedPeer); tmp_att_peer->peer_id = peers[i]; @@ -3387,21 +3372,17 @@ handle_peer_pull_reply (void *cls, continue; } #endif /* ENABLE_MALICIOUS */ - if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, - &peers[i])) - { - /* Make sure we 'know' about this peer */ - (void) Peers_insert_peer (&peers[i]); + /* Make sure we 'know' about this peer */ + (void) Peers_insert_peer (&peers[i]); - if (GNUNET_YES == Peers_check_peer_valid (&peers[i])) - { - CustomPeerMap_put (pull_map, &peers[i]); - } - else - { - Peers_schedule_operation (&peers[i], insert_in_pull_map); - (void) Peers_issue_peer_liveliness_check (&peers[i]); - } + if (GNUNET_YES == Peers_check_peer_valid (&peers[i])) + { + CustomPeerMap_put (pull_map, &peers[i]); + } + else + { + Peers_schedule_operation (&peers[i], insert_in_pull_map); + (void) Peers_issue_peer_liveliness_check (&peers[i]); } } @@ -3836,10 +3817,8 @@ do_round (void *cls) for (i = 0; i < a_peers; i++) { peer = view_array[permut[i]]; - if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer)) // TODO - { // FIXME if this fails schedule/loop this for later - send_push (&peer); - } + // FIXME if this fails schedule/loop this for later + send_push (&peer); } /* Send PULL requests */ @@ -3857,8 +3836,7 @@ do_round (void *cls) for (i = first_border; i < second_border; i++) { peer = view_array[permut[i]]; - if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer) && - GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING)) // TODO + if ( GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING)) { // FIXME if this fails schedule/loop this for later send_pull_request (&peer); } @@ -4372,7 +4350,7 @@ run (void *cls, peerinfo_handle = GNUNET_PEERINFO_connect (cfg); - Peers_initialise (fn_valid_peers, cadet_handle, &own_identity); + Peers_initialise (fn_valid_peers, cadet_handle); GNUNET_free (fn_valid_peers); /* Initialise sampler */ -- cgit v1.2.3 From 18fdfc54ce13a4b67d24c835e013492fc30507db Mon Sep 17 00:00:00 2001 From: xrs Date: Tue, 3 Jul 2018 22:47:49 +0200 Subject: fix codesonar finding 2366.9987 --- src/arm/test_exponential_backoff.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/arm/test_exponential_backoff.c b/src/arm/test_exponential_backoff.c index 4a7d51bc7..71c98211a 100644 --- a/src/arm/test_exponential_backoff.c +++ b/src/arm/test_exponential_backoff.c @@ -343,7 +343,10 @@ init () cfg = GNUNET_CONFIGURATION_create (); if (GNUNET_OK != GNUNET_CONFIGURATION_parse (cfg, "test_arm_api_data.conf")) + { + GNUNET_free (cfg); return GNUNET_SYSERR; + } if (NULL == getcwd (pwd, PATH_MAX)) return GNUNET_SYSERR; GNUNET_assert (0 < GNUNET_asprintf (&binary, -- cgit v1.2.3 From 0a5d0d80c6e2896c0561f77ddafeb0aa99fbf456 Mon Sep 17 00:00:00 2001 From: xrs Date: Tue, 3 Jul 2018 22:53:57 +0200 Subject: fix codesonar finding 2287.9399 --- src/multicast/test_multicast_multipeer.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/multicast/test_multicast_multipeer.c b/src/multicast/test_multicast_multipeer.c index 3a7c6d961..92209b774 100644 --- a/src/multicast/test_multicast_multipeer.c +++ b/src/multicast/test_multicast_multipeer.c @@ -328,6 +328,7 @@ origin_notify (void *cls, pp_msg->msg = PONG; *data_size = sizeof (struct pingpong_msg); GNUNET_memcpy(data, pp_msg, *data_size); + GNUNET_free (pp_msg); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "origin sends pong\n"); -- cgit v1.2.3 From bdb1ee3242fe915f2648295f7430fab70eb31121 Mon Sep 17 00:00:00 2001 From: xrs Date: Tue, 3 Jul 2018 22:58:38 +0200 Subject: fix codesonar finding 2289.9403 --- src/multicast/test_multicast_multipeer.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/multicast/test_multicast_multipeer.c b/src/multicast/test_multicast_multipeer.c index 92209b774..7766ff875 100644 --- a/src/multicast/test_multicast_multipeer.c +++ b/src/multicast/test_multicast_multipeer.c @@ -160,6 +160,7 @@ notify (void *cls, *data_size = sizeof (struct pingpong_msg); GNUNET_memcpy(data, pp_msg, *data_size); + GNUNET_free (pp_msg); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Peer #%u sents ping to origin\n", mc_peer->peer); -- cgit v1.2.3 From 76fc90b73c0fe99379e600da48efbb5e5d080052 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 4 Jul 2018 00:17:20 +0200 Subject: fix --- src/identity-provider/plugin_rest_identity_provider.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index a83163db2..f8176a101 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -844,7 +844,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res, "rnd"); identity_json = GNUNET_JSONAPI_resource_read_attr (json_res, - "identity"); + "issuer"); audience_json = GNUNET_JSONAPI_resource_read_attr (json_res, "audience"); rnd_str = json_string_value (rnd_json); -- cgit v1.2.3 From b658d8c71b3f822fdcd09e2e97cc35a69bcc5f64 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 4 Jul 2018 01:27:46 +0200 Subject: fix --- src/identity-provider/identity_provider_api.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 772b4a244..9ea7a5d11 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -1350,7 +1350,6 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle * void *cb_cls) { struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct GNUNET_MQ_Envelope *env; struct RevokeTicketMessage *msg; uint32_t rid; @@ -1363,7 +1362,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle * GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); - env = GNUNET_MQ_msg_extra (msg, + op->env = GNUNET_MQ_msg_extra (msg, sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket), GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET); msg->id = htonl (rid); @@ -1371,11 +1370,9 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle * GNUNET_memcpy (&msg[1], ticket, sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); - if (NULL == h->mq) - op->env = env; - else + if (NULL != h->mq) GNUNET_MQ_send (h->mq, - env); + op->env); return op; } -- cgit v1.2.3 From 1d3e9bf8749be3a67b0b2488af19067cb3a43527 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 4 Jul 2018 01:37:01 +0200 Subject: fix --- src/identity-provider/gnunet-service-identity-provider.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index c53e72477..915e8bf44 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1206,9 +1206,6 @@ reissue_ticket_cont (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", "Unknown Error\n"); send_revocation_finished (rh, GNUNET_SYSERR); - GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head, - rh->client->revoke_op_tail, - rh); cleanup_revoke_ticket_handle (rh); return; } @@ -1374,9 +1371,6 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh) if (GNUNET_NO == ret) { send_revocation_finished (rh, GNUNET_OK); - GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head, - rh->client->revoke_op_tail, - rh); cleanup_revoke_ticket_handle (rh); return; } @@ -1392,9 +1386,6 @@ check_attr_error (void *cls) GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to check for existing attribute\n"); send_revocation_finished (rh, GNUNET_SYSERR); - GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head, - rh->client->revoke_op_tail, - rh); cleanup_revoke_ticket_handle (rh); } @@ -1458,9 +1449,6 @@ check_attr_cb (void *cls, policy); GNUNET_free (policy); send_revocation_finished (rh, GNUNET_SYSERR); - GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head, - rh->client->revoke_op_tail, - rh); cleanup_revoke_ticket_handle (rh); return; } @@ -1571,9 +1559,6 @@ process_attributes_to_update (void *cls, { /* No attributes to reencrypt */ send_revocation_finished (rh, GNUNET_OK); - GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head, - rh->client->revoke_op_tail, - rh); cleanup_revoke_ticket_handle (rh); return; } else { -- cgit v1.2.3 From a69d1a0fe703dd269982df7e50bc2c89bea63e07 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 4 Jul 2018 02:01:57 +0200 Subject: fixes --- src/identity-provider/gnunet-service-identity-provider.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 915e8bf44..7f71988f8 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1385,6 +1385,7 @@ check_attr_error (void *cls) struct TicketRevocationHandle *rh = cls; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to check for existing attribute\n"); + rh->ns_qe = NULL; send_revocation_finished (rh, GNUNET_SYSERR); cleanup_revoke_ticket_handle (rh); } @@ -1417,6 +1418,7 @@ check_attr_cb (void *cls, char* policy; uint32_t attr_ver; + rh->ns_qe = NULL; if (1 != rd_count) { GNUNET_SCHEDULER_add_now (&reenc_next_attribute, rh); @@ -1515,6 +1517,7 @@ attr_reenc_cont (void *cls, struct TicketRevocationHandle *rh = cls; struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + rh->ns_qe = NULL; if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, -- cgit v1.2.3 From 0584cf962c6cf44d6ac97e0f81b3dedfd0d1f059 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 4 Jul 2018 06:54:57 +0200 Subject: fix --- src/identity-provider/identity_provider_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 9ea7a5d11..33efe726f 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -1370,9 +1370,11 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle * GNUNET_memcpy (&msg[1], ticket, sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); - if (NULL != h->mq) + if (NULL != h->mq) { GNUNET_MQ_send (h->mq, op->env); + op->env = NULL; + } return op; } -- cgit v1.2.3 From 0d128388d4c4da4afc6b65913d1d2e25e039cd8c Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 4 Jul 2018 07:41:14 +0200 Subject: acutally delete ticket --- .../gnunet-service-identity-provider.c | 28 +++++++++++++++------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 7f71988f8..4563fdfa1 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1157,6 +1157,9 @@ send_revocation_finished (struct TicketRevocationHandle *rh, { struct GNUNET_MQ_Envelope *env; struct RevokeTicketResultMessage *trm; + + GNUNET_break(TKT_database->delete_ticket (TKT_database->cls, + &rh->ticket)); env = GNUNET_MQ_msg (trm, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT); @@ -1255,9 +1258,18 @@ ticket_reissue_proc (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Do not reissue for this identity.!\n"); - - rh->offset++; - GNUNET_SCHEDULER_add_now (&reissue_next, rh); + label = GNUNET_STRINGS_data_to_string_alloc (&rh->ticket.rnd, + sizeof (uint64_t)); + //Delete record + rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &rh->identity, + label, + 0, + NULL, + &reissue_ticket_cont, + rh); + + GNUNET_free (label); return; } @@ -1955,7 +1967,7 @@ attr_store_cont (void *cls, struct AttributeStoreHandle *as_handle = cls; struct GNUNET_MQ_Envelope *env; struct AttributeStoreResultMessage *acr_msg; - + as_handle->ns_qe = NULL; GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head, as_handle->client->store_op_tail, @@ -2177,14 +2189,14 @@ attr_iter_cb (void *cls, if (rd_count != 1) { GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, - 1); + 1); return; } if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type) { GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, - 1); + 1); return; } attr_ver = ntohl(*((uint32_t*)rd->data)); @@ -2201,7 +2213,7 @@ attr_iter_cb (void *cls, if (GNUNET_SYSERR == msg_extra_len) { GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, - 1); + 1); return; } @@ -2252,7 +2264,7 @@ iterate_next_after_abe_bootstrap (void *cls, struct AttributeIterator *ai = cls; ai->abe_key = abe_key; GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, - 1); + 1); } -- cgit v1.2.3 From 5894928c7a8489c314ca6089a34220d2bded6265 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Wed, 4 Jul 2018 08:16:38 +0000 Subject: Documentation: Various additions, including pindex. Signed-off-by: Nils Gillmann --- doc/documentation/chapters/user.texi | 89 ++++++++++++++++++++++-------------- doc/documentation/gnunet.texi | 4 ++ 2 files changed, 59 insertions(+), 34 deletions(-) diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi index fe47abb86..72b95d16f 100644 --- a/doc/documentation/chapters/user.texi +++ b/doc/documentation/chapters/user.texi @@ -43,6 +43,7 @@ To stop GNUnet: @example $ gnunet-arm -e @end example + @node First steps - Using the GNU Name System @section First steps - Using the GNU Name System @c %**end of header @@ -246,7 +247,7 @@ more an experimental feature and not really our primary goal at this time. Still, it is a possible use-case and we welcome help with testing and development. - +@pindex gnunet-bcd @node Creating a Business Card @subsection Creating a Business Card @c FIXME: Which parts of texlive are needed? Some systems offer a modular @@ -257,7 +258,9 @@ Note that this requires having @command{LaTeX} installed on your system. If you are using a Debian GNU/Linux based operating system, the following command should install the required components. Keep in mind that this @b{requires 3GB} of downloaded data and possibly -@b{even more} when unpacked. +@b{even more}@footnote{Author's note: +@command{guix size `guix build texlive`} in summer 2018 returns a DAG +size of 5032.4 MiB} when unpacked. @b{We welcome any help in identifying the required components of the TexLive Distribution. This way we could just state the required components without pulling in the full distribution of TexLive.} @@ -312,12 +315,14 @@ you might need a trip to the store together. Before we get started, we need to tell @code{gnunet-qr} which zone it should import new records into. For this, run: +@pindex gnunet-identity @example $ gnunet-identity -s namestore -e NAME @end example where NAME is the name of the zone you want to import records into. In our running example, this would be ``gnu''. +@pindex gnunet-qr Henceforth, for every business card you collect, simply run: @example $ gnunet-qr @@ -335,6 +340,7 @@ GNUnet network at this time, you should thus be able to resolve your friends names. Suppose your friend's nickname is "Bob". Then, type +@pindex gnunet-gns @example $ gnunet-gns -u test.bob.gnu @end example @@ -381,6 +387,7 @@ a revocation certificate corresponding to your ego. This certificate, when published on the P2P network, flags your private key as invalid, and all further resolutions or other checks involving the key will fail. +@pindex gnunet-revocation A revocation certificate is thus a useful tool when things go out of control, but at the same time it should be stored securely. Generation of the revocation certificate for a zone can be done through @@ -433,6 +440,7 @@ private conversation with your friend. Finally, help us with the next GNUnet release for even more applications using this new public key infrastructure. +@pindex gnunet-conservation-gtk @node First steps - Using GNUnet Conversation @section First steps - Using GNUnet Conversation @c %**end of header @@ -485,6 +493,7 @@ that will show up when you call somebody else, as well as the GNS zone that will be used to resolve names of users that you are calling. Run +@pindex gnunet-conversation @example gnunet-conversation -e zone-name @end example @@ -564,7 +573,7 @@ Either of you can end the call using @command{/cancel}. You can exit @menu * VPN Preliminaries:: -* Exit configuration:: +* GNUNet-Exit configuration:: * GNS configuration:: * Accessing the service:: * Using a Browser:: @@ -595,6 +604,9 @@ The exact details may differ a bit, which is fine. Add the text hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 @end example +@c TODO: outdated section, we no longer install this as part of the +@c TODO: standard installation procedure and should point out the manual +@c TODO: steps required to make it useful. @noindent You might want to make sure that @code{/lib/libnss_gns.so.2} exists on your system, it should have been created during the installation. @@ -608,8 +620,8 @@ $ cd src/gns/nss; sudo make install @noindent to install the NSS plugins in the proper location. -@node Exit configuration -@subsection Exit configuration +@node GNUnet-Exit configuration +@subsection GNUnet-Exit configuration @c %**end of header Stop your peer (as user @code{gnunet}, run @command{gnunet-arm -e}) and @@ -696,9 +708,10 @@ the searcher/downloader specify "no anonymity", non-anonymous file-sharing is used. If either user specifies some desired degree of anonymity, anonymous file-sharing will be used. -After a short introduction, we will first look at the various concepts in -GNUnet's file-sharing implementation. Then, we will discuss specifics as to how -they impact users that publish, search or download files. +After a short introduction, we will first look at the various concepts +in GNUnet's file-sharing implementation. Then, we will discuss +specifics as to how they impact users that publish, search or download +files. @menu @@ -724,10 +737,11 @@ $ gnunet-search [-t TIMEOUT] KEYWORD @end example @noindent -The -t option specifies that the query should timeout after -approximately TIMEOUT seconds. A value of zero is interpreted -as @emph{no timeout}, which is also the default. In this case, -gnunet-search will never terminate (unless you press CTRL-C). +The @command{-t} option specifies that the query should timeout after +approximately TIMEOUT seconds. A value of zero (``0'') is interpreted +as @emph{no timeout}, which is the default. In this case, +@command{gnunet-search} will never terminate (unless you press +@command{CTRL-C}). If multiple words are passed as keywords, they will all be considered optional. Prefix keywords with a "+" to make them mandatory. @@ -750,10 +764,11 @@ as the first will match files shared under the keywords "Das" or "Kapital" whereas the second will match files shared under the keyword "Das Kapital". -Search results are printed by gnunet-search like this: +Search results are printed by @command{gnunet-search} like this: @c it will be better the avoid the ellipsis altogether because I don't @c understand the explanation below that +@c ng0: who is ``I'' and what was the complete sentence? @example #15: gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446 @@ -762,10 +777,11 @@ gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446 @noindent The whole line is the command you would have to enter to download -the file. The argument passed to @code{-o} is the suggested +the file. The first argument passed to @code{-o} is the suggested filename (you may change it to whatever you like). -It is followed by the key for decrypting the file, the query for searching the -file, a checksum (in hexadecimal) finally the size of the file in bytes. +It is followed by the key for decrypting the file, the query for +searching the file, a checksum (in hexadecimal) finally the size of +the file in bytes. @node fs-Downloading @subsection Downloading @@ -802,9 +818,9 @@ already present. GNUnet's file-encoding mechanism will ensure file integrity, even if the existing file was not downloaded from GNUnet in the first place. -You may want to use the @command{-V} switch to turn on verbose reporting. In -this case, @command{gnunet-download} will print the current number of bytes -downloaded whenever new data was received. +You may want to use the @command{-V} switch to turn on verbose +reporting. In this case, @command{gnunet-download} will print the +current number of bytes downloaded whenever new data was received. @node fs-Publishing @subsection Publishing @@ -845,10 +861,14 @@ list by running @command{extract -L}. Use quotes around the entire meta-data argument if the value contains spaces. The meta-data is displayed to other users when they select which files to download. The meta-data and the keywords are optional and -maybe inferred using @code{GNU libextractor}. +may be inferred using @code{GNU libextractor}. + +@command{gnunet-publish} has a few additional options to handle +namespaces and directories. Refer to the man-page for details: -gnunet-publish has a few additional options to handle namespaces and -directories. See the man-page for details. +@example +man gnunet-publish +@end example @node Indexing vs. Inserting @subsubsection Indexing vs Inserting @@ -1528,11 +1548,11 @@ record you want to access). @subsection Using Public Keys as Top Level Domains -GNS also assumes responsibility for any name that uses in a well-formed -public key for the TLD. Names ending this way are then resolved by querying -the respective zone. Such public key TLDs are expected to be used under rare -circumstances where globally unique names are required, and for -integration with legacy systems. +GNS also assumes responsibility for any name that uses in a +well-formed public key for the TLD. Names ending this way are then +resolved by querying the respective zone. Such public key TLDs are +expected to be used under rare circumstances where globally unique +names are required, and for integration with legacy systems. @node Resource Records in GNS @subsection Resource Records in GNS @@ -1574,13 +1594,14 @@ GNS currently supports the following record types: @node NICK @subsubsection NICK -A NICK record is used to give a zone a name. With a NICK record, you can -essentially specify how you would like to be called. GNS expects this -record under the empty label ``@@'' in the zone's database (NAMESTORE); however, -it will then automatically be copied into each record set, so that -clients never need to do a separate lookup to discover the NICK record. -Also, users do not usually have to worry about setting the NICK record: -it is automatically set to the local name of the TLD. +A NICK record is used to give a zone a name. With a NICK record, you +can essentially specify how you would like to be called. GNS expects +this record under the empty label ``@@'' in the zone's database +(NAMESTORE); however, it will then automatically be copied into each +record set, so that clients never need to do a separate lookup to +discover the NICK record. Also, users do not usually have to worry +about setting the NICK record: it is automatically set to the local +name of the TLD. @b{Example}@ diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index 7743fddea..66747afbb 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi @@ -247,6 +247,10 @@ GNUnet Developer Handbook @unnumbered Concept Index @printindex cp +@node Program Index +@unnumbered Program Index +@printindex pg + @node Programming Index @unnumbered Programming Index @syncodeindex tp fn -- cgit v1.2.3 From 630bd474065048c7ec2ba0d4e74ef040e5ad2814 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Wed, 4 Jul 2018 08:25:02 +0000 Subject: Documentation: fix. Signed-off-by: Nils Gillmann --- doc/documentation/chapters/user.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi index 72b95d16f..e91812500 100644 --- a/doc/documentation/chapters/user.texi +++ b/doc/documentation/chapters/user.texi @@ -573,7 +573,7 @@ Either of you can end the call using @command{/cancel}. You can exit @menu * VPN Preliminaries:: -* GNUNet-Exit configuration:: +* GNUnet-Exit configuration:: * GNS configuration:: * Accessing the service:: * Using a Browser:: -- cgit v1.2.3 From 0ad42db17c383b26243beb722e00ae69a7f51402 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Wed, 4 Jul 2018 08:32:17 +0000 Subject: Documentation: fix? Signed-off-by: Nils Gillmann --- doc/documentation/gnunet.texi | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index 66747afbb..3cce4deb8 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi @@ -247,14 +247,11 @@ GNUnet Developer Handbook @unnumbered Concept Index @printindex cp -@node Program Index -@unnumbered Program Index -@printindex pg - @node Programming Index @unnumbered Programming Index @syncodeindex tp fn @syncodeindex vr fn +@syncodeindex pg fn @printindex fn @bye -- cgit v1.2.3 From a08b943874919809fb17656baa0c5e7c99557d92 Mon Sep 17 00:00:00 2001 From: xrs Date: Wed, 4 Jul 2018 19:11:41 +0200 Subject: refix codesonar finding 2366.9987 --- src/arm/test_exponential_backoff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/arm/test_exponential_backoff.c b/src/arm/test_exponential_backoff.c index 71c98211a..f15bca2db 100644 --- a/src/arm/test_exponential_backoff.c +++ b/src/arm/test_exponential_backoff.c @@ -344,7 +344,7 @@ init () if (GNUNET_OK != GNUNET_CONFIGURATION_parse (cfg, "test_arm_api_data.conf")) { - GNUNET_free (cfg); + GNUNET_CONFIGURATION_destroy (cfg); return GNUNET_SYSERR; } if (NULL == getcwd (pwd, PATH_MAX)) -- cgit v1.2.3 From 61421b558cfd8b0f31328f4d99d045990bd311de Mon Sep 17 00:00:00 2001 From: xrs Date: Wed, 4 Jul 2018 20:04:52 +0200 Subject: fix wrong condition --- src/multicast/gnunet-service-multicast.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/multicast/gnunet-service-multicast.c b/src/multicast/gnunet-service-multicast.c index 20d29b906..f8441cc2b 100644 --- a/src/multicast/gnunet-service-multicast.c +++ b/src/multicast/gnunet-service-multicast.c @@ -1449,17 +1449,15 @@ check_client_member_join (void *cls, struct GNUNET_PeerIdentity *relays = (struct GNUNET_PeerIdentity *) &msg[1]; uint32_t relay_count = ntohl (msg->relay_count); - if (0 == relay_count) + if (0 != relay_count) { - GNUNET_break (0); - return GNUNET_SYSERR; - } - if (UINT32_MAX / relay_count < sizeof (*relays)){ - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "relay_count (%lu) * sizeof (*relays) (%lu) exceeds UINT32_MAX!\n", - (unsigned long)relay_count, - sizeof (*relays)); - return GNUNET_SYSERR; + if (UINT32_MAX / relay_count < sizeof (*relays)){ + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "relay_count (%lu) * sizeof (*relays) (%lu) exceeds UINT32_MAX!\n", + (unsigned long)relay_count, + sizeof (*relays)); + return GNUNET_SYSERR; + } } uint32_t relay_size = relay_count * sizeof (*relays); struct GNUNET_MessageHeader *join_msg = NULL; -- cgit v1.2.3 From e5268d826a72dab5c10f6228303cc728d865ef64 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Wed, 4 Jul 2018 20:06:07 +0000 Subject: Documentation: Typo fixes, links. Signed-off-by: Nils Gillmann --- doc/documentation/chapters/preface.texi | 40 +++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/doc/documentation/chapters/preface.texi b/doc/documentation/chapters/preface.texi index 00e6290f0..3bc38941d 100644 --- a/doc/documentation/chapters/preface.texi +++ b/doc/documentation/chapters/preface.texi @@ -66,25 +66,33 @@ immediately. A few months after the first release we contacted the GNU project, happily agreed to their governance model and became an official GNU package. -Within the first year, we created GNU libextractor, a helper library +Within the first year, we created +@uref{https://gnu.org/s/libextractor, GNU libextractor}, a helper library for meta data extraction which has been used by a few other projects as well. 2003 saw the emergence of pluggable transports, the ability for GNUnet to use different mechanisms for communication, starting with TCP, UDP and SMTP (support for the latter was later dropped due to a lack of maintenance). In 2005, the project first started to evolve beyond the original file-sharing application with a first -simple P2P chat. In 2007, we created GNU libmicrohttpd +simple P2P chat. In 2007, we created +@uref{https://gnu.org/s/libmicrohttpd, GNU libmicrohttpd} to support a pluggable transport based on HTTP. In 2009, the architecture was radically modularized into the multi-process system -that exists today. Coincidentally, the first version of the ARM +that exists today. Coincidentally, the first version of the ARM@footnote{ARM: Automatic Restart Manager} service was implemented a day before systemd was announced. From 2009 to 2014 work progressed rapidly thanks to a significant research grant from the Deutsche Forschungsgesellschaft. This resulted in particular in the creation of the R5N DHT, CADET, ATS and the GNU Name System. -In 2010, GNUnet was selected as the basis for the SecuShare online -social network, resutling in a significant growth of the core team. -In 2013, we launched GNU Taler to address the challenge of convenient -and privacy-preserving online payments. In 2015, the pEp project +@c So is it secushare or SecuShare? +In 2010, GNUnet was selected as the basis for the +@uref{https://secushare.org, SecuShare} online +social network, resulting in a significant growth of the core team. +In 2013, we launched @uref{https://taler.net, GNU Taler} to address +the challenge of convenient +and privacy-preserving online payments. In 2015, the +@c TODO: URL for pEp. Maybe even markup for the E if it renders in +@c TODO: most outputs. +@uref{https://pep.org, pEp}@footnote{pretty easy privacy} project announced that they will use GNUnet as the technology for their meta-data protection layer, ultimately resulting in GNUnet e.V. entering into a formal long-term collaboration with the pEp @@ -99,9 +107,9 @@ computing has been the core driver of the GNU project. With GNUnet we are focusing on informational self-determination for collaborative computing and communication over networks. -The Internet is shaped as much by code and protocols as by its -associated political processes (IETF, ICANN, IEEE, etc.), and its -flaws are similarly not limited to the protocol design. Thus, +The Internet is shaped as much by code and protocols as it is by its +associated political processes (IETF, ICANN, IEEE, etc.). +Similarly its flaws are not limited to the protocol design. Thus, technical excellence by itself will not suffice to create a better network. We also need to build a community that is wise, humble and has a sense of humor to achieve our goal to create a technical @@ -116,15 +124,21 @@ follows the governance model of a benevolent dictator. This means that ultimately, the GNU project appoints the GNU maintainer and can overrule decisions made by the GNUnet maintainer. Similarly, the GNUnet maintainer can overrule any decisions made by individual +@c TODO: Should we mention if this is just about GNUnet? Other projects +@c TODO: in GNU seem to have rare issues (GCC, the 2018 documentation +@c TODO: discussion. developers. Still, in practice neither has happened in the last 20 years, and we hope to keep it that way. +@c TODO: Actually we are a Swiss association, or just a German association +@c TODO: with Swiss bylaws/Satzung? +@c TODO: Rewrite one of the 'GNUnet eV may also' sentences. The GNUnet project is supported by GNUnet e.V., a German association -where any developer can become a member. GNUnet e.V. servers as a +where any developer can become a member. GNUnet e.V. serves as a legal entity to hold the copyrights to GNUnet. GNUnet e.V. may also choose to pay for project resources, and can collect donations. GNUnet e.V. may also choose to adjust the license of the -software (with the constraint that it has to remain free software). +software (with the constraint that it has to remain free software)@footnote{For example in 2018 we switched from GPL3 to AGPL3. In practice these changes do not happen very often.} @node General Terminology @@ -142,3 +156,5 @@ command should/can be issued as root, or if "normal" user privileges are sufficient. We use a @code{#} for root's shell prompt, a @code{%} for users' shell prompt, assuming they use the C-shell or tcsh and a @code{$} for bourne shell and derivatives. +@c TODO: Really? Why the different prompts? Do we already have c-shell +@c TODO: examples? -- cgit v1.2.3 From 8d26fbd142a4dd20fe6990059e1bce3e0afbccd5 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Wed, 4 Jul 2018 20:17:14 +0000 Subject: README: retire d.n0.is and replace it with docs.gnunet.org Signed-off-by: Nils Gillmann --- README | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README b/README index a00c5a0a9..256a6c69c 100644 --- a/README +++ b/README @@ -453,12 +453,12 @@ Further Reading * Documentation - A preliminary rendering of the new GNUnet manual is deployed at + A HTML version of the new GNUnet manual is deployed at - https://d.n0.is/pub/doc/gnunet/manual/ + https://docs.gnunet.org - we plan to have a complete new gnunet.org up and running in 2019. - This website output exists as a convenience solution until then. + which currently displays just GNUnet documentation. Until 2019 + we will add more reading material. * Academia / papers -- cgit v1.2.3 From 08c8ffb79f1a1b35ed6271591885115838b17074 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Wed, 4 Jul 2018 20:29:19 +0000 Subject: Documentation: Fix some TODOs in preface Signed-off-by: Nils Gillmann --- doc/documentation/chapters/preface.texi | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/doc/documentation/chapters/preface.texi b/doc/documentation/chapters/preface.texi index 3bc38941d..65e627368 100644 --- a/doc/documentation/chapters/preface.texi +++ b/doc/documentation/chapters/preface.texi @@ -83,16 +83,14 @@ service was implemented a day before systemd was announced. From 2009 to 2014 work progressed rapidly thanks to a significant research grant from the Deutsche Forschungsgesellschaft. This resulted in particular in the creation of the R5N DHT, CADET, ATS and the GNU Name System. -@c So is it secushare or SecuShare? In 2010, GNUnet was selected as the basis for the -@uref{https://secushare.org, SecuShare} online +@uref{https://secushare.org, secushare} online social network, resulting in a significant growth of the core team. In 2013, we launched @uref{https://taler.net, GNU Taler} to address the challenge of convenient and privacy-preserving online payments. In 2015, the -@c TODO: URL for pEp. Maybe even markup for the E if it renders in -@c TODO: most outputs. -@uref{https://pep.org, pEp}@footnote{pretty easy privacy} project +@c TODO: Maybe even markup for the E if it renders in most outputs. +@uref{https://pep.foundation/, pEp}@footnote{pretty easy privacy} project announced that they will use GNUnet as the technology for their meta-data protection layer, ultimately resulting in GNUnet e.V. entering into a formal long-term collaboration with the pEp -- cgit v1.2.3 From 79b600acfc7cbcd20cdaac04be7716c8c893ac4e Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 5 Jul 2018 17:09:06 +0200 Subject: fix rps profiler: mark operation as done on shutdown --- src/rps/gnunet-rps-profiler.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index ec73f1803..dcd72aef1 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -905,6 +905,7 @@ shutdown_op (void *cls) if (NULL != rps_peers[i].op) { GNUNET_TESTBED_operation_done (rps_peers[i].op); + rps_peers[i].op = NULL; } } } @@ -2263,12 +2264,6 @@ void write_final_stats (void){ stat_type < STAT_TYPE_MAX; stat_type++) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Add to sum (%" PRIu64 ") %" PRIu64 " of stat type %u - %s\n", - sums[stat_type], - rps_peers[i].stats[stat_type], - stat_type, - stat_type_2_str (stat_type)); sums[stat_type] += rps_peers[i].stats[stat_type]; } } -- cgit v1.2.3 From 411abad7976fb483fb29bddd8982cbe746502b95 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 5 Jul 2018 22:05:16 +0200 Subject: rps profiler: additional checks and assertions before disconnect from rps --- src/rps/gnunet-rps-profiler.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index dcd72aef1..0427608f1 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -1177,8 +1177,12 @@ rps_disconnect_adapter (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "disconnect_adapter()\n"); GNUNET_assert (NULL != peer); - GNUNET_RPS_disconnect (h); - peer->rps_handle = NULL; + if (NULL != peer->rps_handle) + { + GNUNET_assert (h == peer->rps_handle); + GNUNET_RPS_disconnect (h); + peer->rps_handle = NULL; + } } -- cgit v1.2.3 From dbdb128c604560e22b56b9ba139f0b8ff28efcb3 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 5 Jul 2018 22:06:11 +0200 Subject: rps profiler: different delay for hard shutdown --- src/rps/gnunet-rps-profiler.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index 0427608f1..09797eaf7 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -2571,7 +2571,8 @@ test_run (void *cls, if (NULL != churn_task) GNUNET_SCHEDULER_cancel (churn_task); post_test_task = GNUNET_SCHEDULER_add_delayed (timeout, &post_test_op, NULL); - timeout = GNUNET_TIME_relative_multiply (timeout, 1.2 + (0.01 * num_peers)); + timeout = GNUNET_TIME_relative_multiply (timeout, 0.2 + (0.01 * num_peers)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for hard shutdown is %u\n", timeout.rel_value_us/1000000); shutdown_task = GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL); shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, &shutdown_op, NULL); -- cgit v1.2.3 From 8d2bd1dd06bc416277f623d2c9d84cf0da5624fe Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 5 Jul 2018 22:06:54 +0200 Subject: rps service: additional logging of unexpected channel establishing --- src/rps/gnunet-service-rps.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index db09c68d2..aef6a72de 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -1534,6 +1534,9 @@ Peers_handle_inbound_channel (void *cls, /* We only accept one incoming channel per peer */ if (GNUNET_YES == Peers_check_peer_send_intention (initiator)) { + LOG (GNUNET_ERROR_TYPE_WARNING, + "Already got one receive channel. Destroying old one.\n"); + GNUNET_break_op (0); set_channel_flag (peer_ctx->recv_channel_flags, Peers_CHANNEL_ESTABLISHED_TWICE); //GNUNET_CADET_channel_destroy (channel); -- cgit v1.2.3 From ead5b511755860cefc793257120338a44a08c9dd Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Jul 2018 11:51:44 +0200 Subject: add some reclaim --- doc/documentation/chapters/user.texi | 93 ++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi index e91812500..0a62c5fdb 100644 --- a/doc/documentation/chapters/user.texi +++ b/doc/documentation/chapters/user.texi @@ -26,6 +26,7 @@ always welcome. * First steps - Using the GNUnet VPN:: * File-sharing:: * The GNU Name System:: +* reclaim:: * Using the Virtual Public Network:: @end menu @@ -1790,6 +1791,98 @@ is thus advisable to disable the namecache by setting the option ``DISABLE'' to ``YES'' in section ``[namecache]''. +@node reclaim +@section re:claim Identity Provider + +The re:claim Identity Provider (IdP) is a decentralized IdP service. +It allows its users to manage and authorize third parties to access their identity attributes such as email or shipping addresses. + +It basically mimics the concepts of centralized IdPs, such as those offered by Google or Facebook. +Like other IdPs, re:claim features an (optional) OpenID-Connect 1.0-compliant protocol layer that can be used for websites to integrate re:claim as an Identity Provider with little effort. + +@menu +* reclaim-Attributes:: +* reclaim-Authorization:: +* reclaim-Revocation:: +* reclaim-OpenID:: +@end menu + +@node reclaim-Attributes +@subsection Managing Attributes + +Before adding attributes to an identity, you must first create an ego: + +@example +$ gnunet-identity -C "username" +@end example + +Henceforth, you can manage a new user profile of the user ``username''. + +To add an email address to your user profile, simply use the @command{gnunet-idp} command line tool:: + +@example +$ gnunet-idp -e "username" -a "email" -V "username@@example.gnunet" +@end example + +All of your attributes can be listed using the @command{gnunet-idp} +command line tool as well: + +@example +$ gnunet-idp -e "username" -D +@end example + +Currently, and by default, attribute values are interpreted as plain text. +In the future there might be more value types such as X.509 certificate credentials. + +@node reclaim-Authorization +@subsection Sharing Attributes with Third Parties + +If you want to allow a third party such as a website or friend to access to your attributes (or a subset thereof) execute: + +@example +$ gnunet-idp -e "username" -r "PKEY" -i "attribute1,attribute2,..." +@end example + +Where "PKEY" is the public key of the third party and "attribute1,attribute2,..." is a comma-separated list of attribute names, such as "email", that you want to share. + +The command will return a "ticket" string. +You must give this "ticket" to the requesting third party. + +The third party can then retrieve your shared identity attributes using: + +@example +$ gnunet-idp -e "friend" -C "ticket" +@end example + +This will retrieve and list the shared identity attributes. +The above command will also work if the user "username" is currently offline since the attributes are retrieved from GNS. +Further, the "ticket" can be re-used later to retrieve up-to-date attributes in case "username" has changed the value(s). For instance, becasue his email address changed. + +To list all given authorizations (tickets) you can execute: +@example +$ gnunet-idp -e "friend" -T (TODO there is only a REST API for this ATM) +@end example + + +@node reclaim-Revocation +@subsection Revoking Authorizations of Third Parties + +If you want to revoke the access of a third party to your attributes you can execute: + +@example +$ gnunet-idp -e "username" -R "ticket" +@end example + +This will prevent the third party from accessing the attribute in the future. +Please note that if the third party has previously accessed the attribute, there is not way in which the system could have prevented the thiry party from storing the data. +As such, only access to updated data in the future can be revoked. +This behaviour is _exactly the same_ as with other IdPs. + +@node reclaim-OpenID +@subsection Using the OpenID-Connect IdP + +TODO: Document setup and REST endpoints + @node Using the Virtual Public Network @section Using the Virtual Public Network -- cgit v1.2.3 From 54ba272c812dfe9b5056bb916379569f41baf24e Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Jul 2018 11:58:06 +0200 Subject: fix titles --- doc/documentation/chapters/user.texi | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi index 0a62c5fdb..711d1d4a8 100644 --- a/doc/documentation/chapters/user.texi +++ b/doc/documentation/chapters/user.texi @@ -26,7 +26,7 @@ always welcome. * First steps - Using the GNUnet VPN:: * File-sharing:: * The GNU Name System:: -* reclaim:: +* re@:claim Identity Provider:: * Using the Virtual Public Network:: @end menu @@ -1791,8 +1791,8 @@ is thus advisable to disable the namecache by setting the option ``DISABLE'' to ``YES'' in section ``[namecache]''. -@node reclaim -@section re:claim Identity Provider +@node re@:claim Identity Provider +@section re@:claim Identity Provider The re:claim Identity Provider (IdP) is a decentralized IdP service. It allows its users to manage and authorize third parties to access their identity attributes such as email or shipping addresses. @@ -1801,13 +1801,13 @@ It basically mimics the concepts of centralized IdPs, such as those offered by G Like other IdPs, re:claim features an (optional) OpenID-Connect 1.0-compliant protocol layer that can be used for websites to integrate re:claim as an Identity Provider with little effort. @menu -* reclaim-Attributes:: -* reclaim-Authorization:: -* reclaim-Revocation:: -* reclaim-OpenID:: +* Managing Attributes:: +* Sharing Attributes with Third Parties:: +* Revoking Authorizations of Third Parties:: +* Using the OpenID-Connect IdP:: @end menu -@node reclaim-Attributes +@node Managing Attributes @subsection Managing Attributes Before adding attributes to an identity, you must first create an ego: @@ -1834,7 +1834,7 @@ $ gnunet-idp -e "username" -D Currently, and by default, attribute values are interpreted as plain text. In the future there might be more value types such as X.509 certificate credentials. -@node reclaim-Authorization +@node Sharing Attributes with Third Parties @subsection Sharing Attributes with Third Parties If you want to allow a third party such as a website or friend to access to your attributes (or a subset thereof) execute: @@ -1864,7 +1864,7 @@ $ gnunet-idp -e "friend" -T (TODO there is only a REST API for this ATM) @end example -@node reclaim-Revocation +@node Revoking Authorizations of Third Parties @subsection Revoking Authorizations of Third Parties If you want to revoke the access of a third party to your attributes you can execute: @@ -1878,7 +1878,7 @@ Please note that if the third party has previously accessed the attribute, there As such, only access to updated data in the future can be revoked. This behaviour is _exactly the same_ as with other IdPs. -@node reclaim-OpenID +@node Using the OpenID-Connect IdP @subsection Using the OpenID-Connect IdP TODO: Document setup and REST endpoints -- cgit v1.2.3 From 362715ec0e3940f6ab747d787c66c8e07f88eafa Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 7 Jul 2018 17:13:25 +0200 Subject: fix numbering glitch --- src/include/gnunet_signatures.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index d7accaf2c..280fefa83 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h @@ -151,12 +151,12 @@ extern "C" /** * Signature for the first round of distributed key generation. */ -#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 22 +#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 21 /** * Signature for the second round of distributed key generation. */ -#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 23 +#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 22 /** * Signature for cooperatice decryption. -- cgit v1.2.3 From 5cf1f3d86bdb95f6df41405df063061d03eb9bcf Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 7 Jul 2018 20:53:11 +0200 Subject: add missing index --- src/datacache/plugin_datacache_sqlite.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/datacache/plugin_datacache_sqlite.c b/src/datacache/plugin_datacache_sqlite.c index 4684e514c..dc4236a8b 100644 --- a/src/datacache/plugin_datacache_sqlite.c +++ b/src/datacache/plugin_datacache_sqlite.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -749,7 +749,8 @@ libgnunet_plugin_datacache_sqlite_init (void *cls) " value BLOB NOT NULL," " path BLOB DEFAULT '')"); SQLITE3_EXEC (dbh, "CREATE INDEX idx_hashidx ON ds091 (key,type,expire)"); - SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire ON ds091 (prox,expire)"); + SQLITE3_EXEC (dbh, "CREATE INDEX idx_prox_expire ON ds091 (prox,expire)"); + SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire_only ON ds091 (expire)"); plugin = GNUNET_new (struct Plugin); plugin->env = env; plugin->dbh = dbh; -- cgit v1.2.3 From b35da95733c873d6bb625764fd3c43c76a7172f7 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 7 Jul 2018 20:54:34 +0200 Subject: fix fmt string --- src/util/dnsparser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/dnsparser.c b/src/util/dnsparser.c index 6fb6d657f..24f1b18cf 100644 --- a/src/util/dnsparser.c +++ b/src/util/dnsparser.c @@ -959,7 +959,7 @@ GNUNET_DNSPARSER_builder_add_name (char *dst, GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Invalid DNS name `%s': label with %u characters encountered\n", name, - len); + (unsigned int) len); goto fail; /* label too long or empty */ } dst[pos++] = (char) (uint8_t) len; -- cgit v1.2.3 From 3208b4d3ea802ad56a50dcc63fe70e428a5eca5d Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Sun, 8 Jul 2018 19:12:20 +0000 Subject: Documentation: Contributing to this book. A motivational short section on how and why to contribute to the book. Signed-off-by: Nils Gillmann --- doc/documentation/chapters/preface.texi | 21 +++++++++++++++++++++ doc/documentation/gnunet.texi | 1 + 2 files changed, 22 insertions(+) diff --git a/doc/documentation/chapters/preface.texi b/doc/documentation/chapters/preface.texi index 65e627368..12abc2b7b 100644 --- a/doc/documentation/chapters/preface.texi +++ b/doc/documentation/chapters/preface.texi @@ -12,6 +12,7 @@ all kinds of basic applications for the foundation of a new Internet. @menu * About this book:: +* Contributing to this book:: * Introduction:: * Project governance:: * General Terminology:: @@ -37,6 +38,26 @@ The first chapter (``Preface'') as well as the the second chapter (``Philosophy'') give an introduction to GNUnet as a project, what GNUnet tries to achieve. +@node Contributing to this book +@section Contributing to this book + +The GNUnet Reference Manual is a collective work produced by various +people throughout the years. The version you are reading is derived +from many individual efforts hosted on our website. This was a failed +experiment, and with the conversion to Texinfo we hope to address this +in the longterm. Texinfo is the documentation language of the GNU project. +While it can be intimidating at first and look scary or complicated, +it is just another way to express text format instructions. We encourage +you to take this opportunity and learn about Texinfo, learn about GNUnet, +and one word at a time we will arrive at a book which explains GNUnet in +the least complicated way to you. Even when you don't want or can't learn +Texinfo, you can contribute. Send us an Email or join our IRC chat room +on freenode and talk with us about the documentation (the prefered way +to reach out is the mailinglist, since you can communicate with us +without waiting on someone in the chatroom). One way or another you +can help shape the understanding of GNUnet without the ability to read +and understand its sourcecode. + @node Introduction @section Introduction diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index 3cce4deb8..d60f484db 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi @@ -101,6 +101,7 @@ This document is the Reference Manual for GNUnet version @value{VERSION}. Preface * About this book +* Contributing to this book * Introduction * General Terminology:: * Typography:: -- cgit v1.2.3 From cacaac22f864f31e41b3600d9eb4babbe7af9fd9 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Sun, 8 Jul 2018 19:17:02 +0000 Subject: Documentation: Drop the empty '1.5 General Terminology' section for now Signed-off-by: Nils Gillmann --- doc/documentation/chapters/preface.texi | 8 -------- doc/documentation/gnunet.texi | 1 - 2 files changed, 9 deletions(-) diff --git a/doc/documentation/chapters/preface.texi b/doc/documentation/chapters/preface.texi index 12abc2b7b..29cf924a2 100644 --- a/doc/documentation/chapters/preface.texi +++ b/doc/documentation/chapters/preface.texi @@ -15,7 +15,6 @@ all kinds of basic applications for the foundation of a new Internet. * Contributing to this book:: * Introduction:: * Project governance:: -* General Terminology:: * Typography:: @end menu @@ -160,13 +159,6 @@ GNUnet e.V. may also choose to adjust the license of the software (with the constraint that it has to remain free software)@footnote{For example in 2018 we switched from GPL3 to AGPL3. In practice these changes do not happen very often.} -@node General Terminology -@section General Terminology - -In the following manual we may use words that can not be found in the -Appendix. Since we want to keep the manual selfcontained, we will -explain words here. - @node Typography @section Typography diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index d60f484db..50630d4fe 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi @@ -103,7 +103,6 @@ Preface * About this book * Contributing to this book * Introduction -* General Terminology:: * Typography:: Philosophy -- cgit v1.2.3 From 041218a66dff4e23ac0944a7c1bca7b0833fc2fe Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 10 Jul 2018 11:00:06 +0200 Subject: rps profiler: logging and indentation --- src/rps/gnunet-rps-profiler.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index 09797eaf7..26675d782 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -882,7 +882,7 @@ shutdown_op (void *cls) { unsigned int i; - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Shutdown task scheduled, going down.\n"); in_shutdown = GNUNET_YES; if (NULL != post_test_task) @@ -1033,9 +1033,9 @@ info_cb (void *cb_cls, */ static void rps_connect_complete_cb (void *cls, - struct GNUNET_TESTBED_Operation *op, - void *ca_result, - const char *emsg) + struct GNUNET_TESTBED_Operation *op, + void *ca_result, + const char *emsg) { struct RPSPeer *rps_peer = cls; struct GNUNET_RPS_Handle *rps = ca_result; @@ -1060,7 +1060,9 @@ rps_connect_complete_cb (void *cls, return; } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Started client successfully\n"); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Started client successfully (%u)\n", + rps_peer->index); cur_test_run.main_test (rps_peer); } @@ -1078,7 +1080,7 @@ rps_connect_complete_cb (void *cls, */ static void * rps_connect_adapter (void *cls, - const struct GNUNET_CONFIGURATION_Handle *cfg) + const struct GNUNET_CONFIGURATION_Handle *cfg) { struct GNUNET_RPS_Handle *h; @@ -1170,12 +1172,14 @@ stat_complete_cb (void *cls, struct GNUNET_TESTBED_Operation *op, */ static void rps_disconnect_adapter (void *cls, - void *op_result) + void *op_result) { struct RPSPeer *peer = cls; struct GNUNET_RPS_Handle *h = op_result; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "disconnect_adapter()\n"); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "disconnect_adapter (%u)\n", + peer->index); GNUNET_assert (NULL != peer); if (NULL != peer->rps_handle) { @@ -2556,6 +2560,8 @@ test_run (void *cls, /* Connect all peers to statistics service */ if (COLLECT_STATISTICS == cur_test_run.have_collect_statistics) { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connecting to statistics service\n"); rps_peers[i].stat_op = GNUNET_TESTBED_service_connect (NULL, peers[i], @@ -2571,9 +2577,8 @@ test_run (void *cls, if (NULL != churn_task) GNUNET_SCHEDULER_cancel (churn_task); post_test_task = GNUNET_SCHEDULER_add_delayed (timeout, &post_test_op, NULL); - timeout = GNUNET_TIME_relative_multiply (timeout, 0.2 + (0.01 * num_peers)); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for hard shutdown is %u\n", timeout.rel_value_us/1000000); - shutdown_task = GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL); + timeout = GNUNET_TIME_relative_multiply (timeout, 1.2 + (0.01 * num_peers)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for hard shutdown is %lu\n", timeout.rel_value_us/1000000); shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, &shutdown_op, NULL); } @@ -2734,7 +2739,6 @@ main (int argc, char *argv[]) GNUNET_free (rps_peers); GNUNET_free (rps_peer_ids); GNUNET_CONTAINER_multipeermap_destroy (peer_map); - printf ("test -1\n"); return ret_value; } -- cgit v1.2.3 From 857f3bc73618d69cd1122a8a519c89a46aee037b Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 10 Jul 2018 11:02:42 +0200 Subject: fix rps profiler: keep track about scheduled tasks properly --- src/rps/gnunet-rps-profiler.c | 157 ++++++++++++++++++++++++++++-------------- 1 file changed, 105 insertions(+), 52 deletions(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index 26675d782..9ad6d3c3b 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -446,6 +446,10 @@ struct RPSPeer * @brief statistics values */ uint64_t stats[STAT_TYPE_MAX]; + /** + * @brief Handle for the statistics get request + */ + struct GNUNET_STATISTICS_GetHandle *h_stat_get[STAT_TYPE_MAX]; }; /** @@ -874,6 +878,81 @@ static int check_statistics_collect_completed () return GNUNET_YES; } + +static void +cancel_pending_req (struct PendingRequest *pending_req) +{ + struct RPSPeer *rps_peer; + + rps_peer = pending_req->rps_peer; + GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head, + rps_peer->pending_req_tail, + pending_req); + rps_peer->num_pending_reqs--; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cancelling pending rps get request\n"); + GNUNET_SCHEDULER_cancel (pending_req->request_task); + GNUNET_free (pending_req); +} + +static void +cancel_request (struct PendingReply *pending_rep) +{ + struct RPSPeer *rps_peer; + + rps_peer = pending_rep->rps_peer; + GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head, + rps_peer->pending_rep_tail, + pending_rep); + rps_peer->num_pending_reps--; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cancelling rps get reply\n"); + GNUNET_RPS_request_cancel (pending_rep->req_handle); + GNUNET_free (pending_rep); +} + +void +clean_peer (unsigned peer_index) +{ + struct PendingReply *pending_rep; + struct PendingRequest *pending_req; + + pending_rep = rps_peers[peer_index].pending_rep_head; + while (NULL != (pending_rep = rps_peers[peer_index].pending_rep_head)) + { + cancel_request (pending_rep); + } + pending_req = rps_peers[peer_index].pending_req_head; + while (NULL != (pending_req = rps_peers[peer_index].pending_req_head)) + { + cancel_pending_req (pending_req); + } + if (NULL != rps_peers[peer_index].rps_handle) + { + GNUNET_RPS_disconnect (rps_peers[peer_index].rps_handle); + rps_peers[peer_index].rps_handle = NULL; + } + for (unsigned stat_type = STAT_TYPE_ROUNDS; + stat_type < STAT_TYPE_MAX; + stat_type++) + { + if (NULL != rps_peers[peer_index].h_stat_get[stat_type]) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "(%u) did not yet receive stat value for `%s'\n", + rps_peers[peer_index].index, + stat_type_2_str (stat_type)); + GNUNET_STATISTICS_get_cancel ( + rps_peers[peer_index].h_stat_get[stat_type]); + } + } + if (NULL != rps_peers[peer_index].op) + { + GNUNET_TESTBED_operation_done (rps_peers[peer_index].op); + rps_peers[peer_index].op = NULL; + } +} + /** * Task run on timeout to shut everything down. */ @@ -881,10 +960,12 @@ static void shutdown_op (void *cls) { unsigned int i; + struct OpListEntry *entry; GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Shutdown task scheduled, going down.\n"); in_shutdown = GNUNET_YES; + shutdown_task = NULL; if (NULL != post_test_task) { GNUNET_SCHEDULER_cancel (post_test_task); @@ -895,19 +976,21 @@ shutdown_op (void *cls) GNUNET_SCHEDULER_cancel (churn_task); churn_task = NULL; } + entry = oplist_head; + while (NULL != (entry = oplist_head)) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Operation still pending on shutdown (%u)\n", + entry->index); + GNUNET_TESTBED_operation_done (entry->op); + GNUNET_CONTAINER_DLL_remove (oplist_head, oplist_tail, entry); + GNUNET_free (entry); + } for (i = 0; i < num_peers; i++) { - if (NULL != rps_peers[i].rps_handle) - { - GNUNET_RPS_disconnect (rps_peers[i].rps_handle); - rps_peers[i].rps_handle = NULL; - } - if (NULL != rps_peers[i].op) - { - GNUNET_TESTBED_operation_done (rps_peers[i].op); - rps_peers[i].op = NULL; - } + clean_peer (i); } + GNUNET_SCHEDULER_shutdown (); } @@ -947,7 +1030,6 @@ post_test_op (void *cls) { GNUNET_SCHEDULER_cancel (shutdown_task); shutdown_task = GNUNET_SCHEDULER_add_now (&shutdown_op, NULL); - GNUNET_SCHEDULER_shutdown (); } } @@ -1056,7 +1138,7 @@ rps_connect_complete_cb (void *cls, "Failed to connect to RPS service: %s\n", emsg); ok = 1; - GNUNET_SCHEDULER_shutdown (); + shutdown_op (NULL); return; } @@ -1272,38 +1354,6 @@ request_peers (void *cls) rps_peer->num_pending_reqs--; } -static void -cancel_pending_req (struct PendingRequest *pending_req) -{ - struct RPSPeer *rps_peer; - - rps_peer = pending_req->rps_peer; - GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head, - rps_peer->pending_req_tail, - pending_req); - rps_peer->num_pending_reqs--; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Cancelling pending request\n"); - GNUNET_SCHEDULER_cancel (pending_req->request_task); - GNUNET_free (pending_req); -} - -static void -cancel_request (struct PendingReply *pending_rep) -{ - struct RPSPeer *rps_peer; - - rps_peer = pending_rep->rps_peer; - GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head, - rps_peer->pending_rep_tail, - pending_rep); - rps_peer->num_pending_reps--; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Cancelling request\n"); - GNUNET_RPS_request_cancel (pending_rep->req_handle); - GNUNET_free (pending_rep); -} - /** * Schedule requests for peer @a rps_peer that have neither been scheduled, nor @@ -1493,7 +1543,7 @@ churn_cb (void *cls, if (NULL != emsg) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to start/stop RPS at a peer\n"); - GNUNET_SCHEDULER_shutdown (); + shutdown_op (NULL); return; } GNUNET_assert (0 != entry->delta); @@ -2343,7 +2393,7 @@ post_test_shutdown_ready_cb (void *cls, GNUNET_free (stat_cls); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Shutting down\n"); - GNUNET_SCHEDULER_shutdown (); + shutdown_op (NULL); } else { GNUNET_free (stat_cls); } @@ -2368,10 +2418,12 @@ stat_iterator (void *cls, { const struct STATcls *stat_cls = (const struct STATcls *) cls; struct RPSPeer *rps_peer = (struct RPSPeer *) stat_cls->rps_peer; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got stat value: %s - %" PRIu64 "\n", //stat_type_2_str (stat_cls->stat_type), name, value); + rps_peer->h_stat_get[stat_str_2_type (name)] = NULL; to_file (rps_peer->file_name_stats, "%s: %" PRIu64 "\n", name, @@ -2460,12 +2512,13 @@ void post_profiler (struct RPSPeer *rps_peer) stat_cls->stat_type = stat_type; rps_peer->file_name_stats = store_prefix_file_name (rps_peer->peer_id, "stats"); - GNUNET_STATISTICS_get (rps_peer->stats_h, - "rps", - stat_type_2_str (stat_type), - post_test_shutdown_ready_cb, - stat_iterator, - (struct STATcls *) stat_cls); + rps_peer->h_stat_get[stat_type] = GNUNET_STATISTICS_get ( + rps_peer->stats_h, + "rps", + stat_type_2_str (stat_type), + post_test_shutdown_ready_cb, + stat_iterator, + (struct STATcls *) stat_cls); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Requested statistics for %s (peer %" PRIu32 ")\n", stat_type_2_str (stat_type), -- cgit v1.2.3 From d1c8a1e764430a7720bc2962414aa45e1d3b9030 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 10 Jul 2018 12:13:14 +0200 Subject: rps profiler: add option for duration of profiling --- src/rps/gnunet-rps-profiler.c | 50 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 40 insertions(+), 10 deletions(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index 9ad6d3c3b..cab7f6dc4 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -49,7 +49,11 @@ static unsigned bits_needed; /** * How long do we run the test? */ -//#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30) +static struct GNUNET_TIME_Relative duration; + +/** + * When do we do a hard shutdown? + */ static struct GNUNET_TIME_Relative timeout; @@ -995,7 +999,7 @@ shutdown_op (void *cls) /** - * Task run on timeout to collect statistics and potentially shut down. + * Task run after #duration to collect statistics and potentially shut down. */ static void post_test_op (void *cls) @@ -1314,7 +1318,8 @@ default_reply_handle (void *cls, if (0 == evaluate () && HAVE_QUICK_QUIT == cur_test_run.have_quick_quit) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Test succeeded before timeout\n"); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Test succeeded before end of duration\n"); GNUNET_assert (NULL != post_test_task); GNUNET_SCHEDULER_cancel (post_test_task); post_test_task = GNUNET_SCHEDULER_add_now (&post_test_op, NULL); @@ -2629,11 +2634,9 @@ test_run (void *cls, if (NULL != churn_task) GNUNET_SCHEDULER_cancel (churn_task); - post_test_task = GNUNET_SCHEDULER_add_delayed (timeout, &post_test_op, NULL); - timeout = GNUNET_TIME_relative_multiply (timeout, 1.2 + (0.01 * num_peers)); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for hard shutdown is %lu\n", timeout.rel_value_us/1000000); + post_test_task = GNUNET_SCHEDULER_add_delayed (duration, &post_test_op, NULL); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for shutdown is %lu\n", timeout.rel_value_us/1000000); shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, &shutdown_op, NULL); - } @@ -2669,7 +2672,7 @@ run (void *cls, if (0 == cur_test_run.num_requests) cur_test_run.num_requests = 5; //cur_test_run.have_churn = HAVE_CHURN; cur_test_run.have_churn = HAVE_NO_CHURN; - cur_test_run.have_quick_quit = HAVE_NO_QUICK_QUIT; + cur_test_run.have_quick_quit = HAVE_QUICK_QUIT; cur_test_run.have_collect_statistics = COLLECT_STATISTICS; cur_test_run.stat_collect_flags = BIT(STAT_TYPE_ROUNDS) | BIT(STAT_TYPE_BLOCKS) | @@ -2692,9 +2695,30 @@ run (void *cls, /* 'Clean' directory */ (void) GNUNET_DISK_directory_remove ("/tmp/rps/"); GNUNET_DISK_directory_create ("/tmp/rps/"); - if (0 == timeout.rel_value_us) + if (0 == duration.rel_value_us) { - timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90); + if (0 == timeout.rel_value_us) + { + duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90); + timeout = GNUNET_TIME_relative_multiply (duration, + 1.2 + (0.01 * num_peers)); + } + else + { + duration = GNUNET_TIME_relative_multiply (timeout, 0.75 ); + } + } + else + { + if (0 == timeout.rel_value_us) + { + timeout = GNUNET_TIME_relative_multiply (duration, + 1.2 + (0.01 * num_peers)); + } + else + { + GNUNET_assert (duration.rel_value_us <= timeout.rel_value_us); + } } /* Compute number of bits for representing largest peer id */ @@ -2745,6 +2769,12 @@ main (int argc, char *argv[]) gettext_noop ("number of peers to start"), &num_peers), + GNUNET_GETOPT_option_relative_time ('d', + "duration", + "DURATION", + gettext_noop ("duration of the profiling"), + &duration), + GNUNET_GETOPT_option_relative_time ('t', "timeout", "TIMEOUT", -- cgit v1.2.3 From a5c75acc95be6f1b02f5eb3fb039f7c7fa7e4877 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 10 Jul 2018 12:37:57 +0200 Subject: fix rps profiler: mark statistics get done in right place --- src/rps/gnunet-rps-profiler.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index cab7f6dc4..4ebd745e8 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -2372,6 +2372,8 @@ post_test_shutdown_ready_cb (void *cls, { struct STATcls *stat_cls = (struct STATcls *) cls; struct RPSPeer *rps_peer = stat_cls->rps_peer; + + rps_peer->h_stat_get[stat_cls->stat_type] = NULL; if (GNUNET_OK == success) { /* set flag that we we got the value */ @@ -2428,7 +2430,6 @@ stat_iterator (void *cls, //stat_type_2_str (stat_cls->stat_type), name, value); - rps_peer->h_stat_get[stat_str_2_type (name)] = NULL; to_file (rps_peer->file_name_stats, "%s: %" PRIu64 "\n", name, -- cgit v1.2.3 From efc0c09784d55ea347e6208dece55593241f2346 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Wed, 11 Jul 2018 16:36:25 +0200 Subject: rps profiler: reorganise shutdown --- src/rps/gnunet-rps-profiler.c | 70 +++++++++++++++++++++++++++++-------------- 1 file changed, 48 insertions(+), 22 deletions(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index 4ebd745e8..a1728cccf 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -497,15 +497,16 @@ static unsigned int view_sizes; static int ok; /** - * Identifier for the churn task that runs periodically + * Identifier for the task that runs after the test to collect results */ static struct GNUNET_SCHEDULER_Task *post_test_task; /** - * Identifier for the churn task that runs periodically + * Identifier for the shutdown task */ static struct GNUNET_SCHEDULER_Task *shutdown_task; + /** * Identifier for the churn task that runs periodically */ @@ -969,7 +970,12 @@ shutdown_op (void *cls) GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Shutdown task scheduled, going down.\n"); in_shutdown = GNUNET_YES; - shutdown_task = NULL; + + if (NULL != shutdown_task) + { + GNUNET_SCHEDULER_cancel (shutdown_task); + shutdown_task = NULL; + } if (NULL != post_test_task) { GNUNET_SCHEDULER_cancel (post_test_task); @@ -994,6 +1000,14 @@ shutdown_op (void *cls) { clean_peer (i); } +} + +static void +trigger_shutdown (void *cls) +{ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Shutdown was triggerd by timeout, going down.\n"); + shutdown_task = NULL; GNUNET_SCHEDULER_shutdown (); } @@ -1009,7 +1023,7 @@ post_test_op (void *cls) post_test_task = NULL; post_test = GNUNET_YES; GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Post test task scheduled, going down.\n"); + "Post test task scheduled.\n"); if (NULL != churn_task) { GNUNET_SCHEDULER_cancel (churn_task); @@ -1033,7 +1047,8 @@ post_test_op (void *cls) GNUNET_YES == check_statistics_collect_completed()) { GNUNET_SCHEDULER_cancel (shutdown_task); - shutdown_task = GNUNET_SCHEDULER_add_now (&shutdown_op, NULL); + shutdown_task = NULL; + GNUNET_SCHEDULER_shutdown (); } } @@ -1142,7 +1157,7 @@ rps_connect_complete_cb (void *cls, "Failed to connect to RPS service: %s\n", emsg); ok = 1; - shutdown_op (NULL); + GNUNET_SCHEDULER_shutdown (); return; } @@ -1316,14 +1331,15 @@ default_reply_handle (void *cls, rps_peer->num_recv_ids++; } - if (0 == evaluate () && HAVE_QUICK_QUIT == cur_test_run.have_quick_quit) + if (GNUNET_YES != post_test) return; + if (HAVE_QUICK_QUIT != cur_test_run.have_quick_quit) return; + if (0 == evaluate()) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Test succeeded before end of duration\n"); - GNUNET_assert (NULL != post_test_task); - GNUNET_SCHEDULER_cancel (post_test_task); + if (NULL != post_test_task) GNUNET_SCHEDULER_cancel (post_test_task); post_test_task = GNUNET_SCHEDULER_add_now (&post_test_op, NULL); - GNUNET_assert (NULL!= post_test_task); + GNUNET_assert (NULL != post_test_task); } } @@ -1548,7 +1564,7 @@ churn_cb (void *cls, if (NULL != emsg) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to start/stop RPS at a peer\n"); - shutdown_op (NULL); + GNUNET_SCHEDULER_shutdown (); return; } GNUNET_assert (0 != entry->delta); @@ -2400,7 +2416,7 @@ post_test_shutdown_ready_cb (void *cls, GNUNET_free (stat_cls); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Shutting down\n"); - shutdown_op (NULL); + GNUNET_SCHEDULER_shutdown (); } else { GNUNET_free (stat_cls); } @@ -2637,7 +2653,10 @@ test_run (void *cls, GNUNET_SCHEDULER_cancel (churn_task); post_test_task = GNUNET_SCHEDULER_add_delayed (duration, &post_test_op, NULL); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for shutdown is %lu\n", timeout.rel_value_us/1000000); - shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, &shutdown_op, NULL); + shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, + &trigger_shutdown, + NULL); + GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL); } @@ -2701,26 +2720,33 @@ run (void *cls, if (0 == timeout.rel_value_us) { duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90); - timeout = GNUNET_TIME_relative_multiply (duration, - 1.2 + (0.01 * num_peers)); + timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, + (90 * 1.2) + + (0.01 * num_peers)); } else { - duration = GNUNET_TIME_relative_multiply (timeout, 0.75 ); + duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, + (timeout.rel_value_us/1000000) + * 0.75); } } else { if (0 == timeout.rel_value_us) { - timeout = GNUNET_TIME_relative_multiply (duration, - 1.2 + (0.01 * num_peers)); - } - else - { - GNUNET_assert (duration.rel_value_us <= timeout.rel_value_us); + timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, + ((duration.rel_value_us/1000000) + * 1.2) + (0.01 * num_peers)); } } + GNUNET_assert (duration.rel_value_us < timeout.rel_value_us); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "duration is %lus\n", + duration.rel_value_us/1000000); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "timeout is %lus\n", + timeout.rel_value_us/1000000); /* Compute number of bits for representing largest peer id */ for (bits_needed = 1; (1 << bits_needed) < num_peers; bits_needed++) -- cgit v1.2.3 From 08159b18571f395aace0cfa11562517109900305 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Wed, 11 Jul 2018 17:32:58 +0200 Subject: fix rps profiler: clean data structure in time --- src/rps/gnunet-rps-profiler.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index a1728cccf..02259d628 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -1353,13 +1353,13 @@ request_peers (void *cls) struct RPSPeer *rps_peer; struct PendingReply *pending_rep; - if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test) - return; rps_peer = pending_req->rps_peer; GNUNET_assert (1 <= rps_peer->num_pending_reqs); GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head, rps_peer->pending_req_tail, pending_req); + rps_peer->num_pending_reqs--; + if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test) return; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Requesting one peer\n"); pending_rep = GNUNET_new (struct PendingReply); @@ -1372,7 +1372,6 @@ request_peers (void *cls) rps_peer->pending_rep_tail, pending_rep); rps_peer->num_pending_reps++; - rps_peer->num_pending_reqs--; } -- cgit v1.2.3 From 26a43982bf3b705770603828043a92663e8dc280 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 11 Jul 2018 23:59:45 +0200 Subject: fix div by zero --- src/core/test_core_api_reliability.c | 4 +++- src/core/test_core_quota_compliance.c | 5 +++-- src/transport/test_quota_compliance.c | 4 +++- src/transport/test_transport_api_reliability.c | 4 +++- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/core/test_core_api_reliability.c b/src/core/test_core_api_reliability.c index 4cc5b4bcd..c7c71f1f1 100644 --- a/src/core/test_core_api_reliability.c +++ b/src/core/test_core_api_reliability.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -143,6 +143,8 @@ do_shutdown (void *cls) unsigned long long delta; delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us; + if (0 == delta) + delta = 1; FPRINTF (stderr, "\nThroughput was %llu kb/s\n", total_bytes * 1000000LL / 1024 / delta); diff --git a/src/core/test_core_quota_compliance.c b/src/core/test_core_quota_compliance.c index a15105556..caff045f0 100644 --- a/src/core/test_core_quota_compliance.c +++ b/src/core/test_core_quota_compliance.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -227,7 +227,8 @@ measurement_stop (void *cls) running = GNUNET_NO; delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us; - + if (0 == delta) + delta = 1; throughput_out = total_bytes_sent * 1000000LL / delta; /* convert to bytes/s */ throughput_in = total_bytes_recv * 1000000LL / delta; /* convert to bytes/s */ diff --git a/src/transport/test_quota_compliance.c b/src/transport/test_quota_compliance.c index 0ef3c864a..cd93ff855 100644 --- a/src/transport/test_quota_compliance.c +++ b/src/transport/test_quota_compliance.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -65,6 +65,8 @@ report () unsigned long long datarate; delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us; + if (0 == delta) + delta = 1; datarate = (total_bytes_recv * 1000 * 1000) / delta; FPRINTF (stderr, diff --git a/src/transport/test_transport_api_reliability.c b/src/transport/test_transport_api_reliability.c index 86e2a7e9d..c6e77bae0 100644 --- a/src/transport/test_transport_api_reliability.c +++ b/src/transport/test_transport_api_reliability.c @@ -11,7 +11,7 @@ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -174,6 +174,8 @@ custom_shutdown (void *cls) /* Calculcate statistics */ delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us; + if (0 == delta) + delta = 1; rate = (1000LL* 1000ll * total_bytes) / (1024 * delta); FPRINTF (stderr, "\nThroughput was %llu KiBytes/s\n", -- cgit v1.2.3 From 4438597b90a7ed009e96aef280fd3be0b1576076 Mon Sep 17 00:00:00 2001 From: Bernd Fix Date: Thu, 12 Jul 2018 23:03:20 +0200 Subject: Changed decription of GNUNET_CRYPTO_EddsaPublicKey. --- src/include/gnunet_crypto_lib.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 0bffef212..7b69c157f 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -206,14 +206,15 @@ struct GNUNET_CRYPTO_EcdsaSignature /** - * Public ECC key (always for Curve25519) encoded in a format suitable - * for network transmission and EdDSA signatures. + * Public ECC key (always for curve Ed25519) encoded in a format + * suitable for network transmission and EdDSA signatures. */ struct GNUNET_CRYPTO_EddsaPublicKey { /** - * Q consists of an x- and a y-value, each mod p (256 bits), given - * here in affine coordinates and Ed25519 standard compact format. + * Point Q consists of a y-value mod p (256 bits); the x-value is + * always positive. The point is stored in Ed25519 standard + * compact format. */ unsigned char q_y[256 / 8]; -- cgit v1.2.3 From f5164502be55aa48ea4c3b44167e19ac15ba53af Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Fri, 13 Jul 2018 01:11:32 +0200 Subject: rps profiler: proper disconnect from service --- src/rps/gnunet-rps-profiler.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index 02259d628..a06598764 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -883,6 +883,9 @@ static int check_statistics_collect_completed () return GNUNET_YES; } +static void +rps_disconnect_adapter (void *cls, + void *op_result); static void cancel_pending_req (struct PendingRequest *pending_req) @@ -928,15 +931,8 @@ clean_peer (unsigned peer_index) cancel_request (pending_rep); } pending_req = rps_peers[peer_index].pending_req_head; - while (NULL != (pending_req = rps_peers[peer_index].pending_req_head)) - { - cancel_pending_req (pending_req); - } - if (NULL != rps_peers[peer_index].rps_handle) - { - GNUNET_RPS_disconnect (rps_peers[peer_index].rps_handle); - rps_peers[peer_index].rps_handle = NULL; - } + rps_disconnect_adapter (&rps_peers[peer_index], + &rps_peers[peer_index].rps_handle); for (unsigned stat_type = STAT_TYPE_ROUNDS; stat_type < STAT_TYPE_MAX; stat_type++) @@ -1277,6 +1273,7 @@ rps_disconnect_adapter (void *cls, { struct RPSPeer *peer = cls; struct GNUNET_RPS_Handle *h = op_result; + struct PendingRequest *pending_req; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "disconnect_adapter (%u)\n", @@ -1284,6 +1281,10 @@ rps_disconnect_adapter (void *cls, GNUNET_assert (NULL != peer); if (NULL != peer->rps_handle) { + while (NULL != (pending_req = peer->pending_req_head)) + { + cancel_pending_req (pending_req); + } GNUNET_assert (h == peer->rps_handle); GNUNET_RPS_disconnect (h); peer->rps_handle = NULL; -- cgit v1.2.3 From 330bb7242aed7c426cfdbb589155db5bb3fa83dc Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Fri, 13 Jul 2018 01:13:53 +0200 Subject: restructure rps service: start keeping track of channels --- src/rps/gnunet-service-rps.c | 55 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 8 deletions(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index aef6a72de..c60ab5e63 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -264,6 +264,34 @@ struct PeersIteratorCls void *cls; }; +/** + * @brief Context for a channel + */ +struct ChannelCtx +{ + /** + * @brief Meant to be used in a DLL + */ + struct ChannelCtx *next; + struct ChannelCtx *prev; + + /** + * @brief The channel itself + */ + struct GNUNET_CADET_Channel *channel; + + /** + * @brief The peer context associated with the channel + */ + struct PeerContext *peer_ctx; +}; + +/** + * @brief The DLL of channel contexts + */ +static struct ChannelCtx *channel_ctx_head; +static struct ChannelCtx *channel_ctx_tail; + /** * @brief Hashmap of valid peers. */ @@ -1521,6 +1549,7 @@ Peers_handle_inbound_channel (void *cls, { struct PeerContext *peer_ctx; struct GNUNET_PeerIdentity *ctx_peer; + struct ChannelCtx *channel_ctx; LOG (GNUNET_ERROR_TYPE_DEBUG, "New channel was established to us (Peer %s).\n", @@ -1531,6 +1560,10 @@ Peers_handle_inbound_channel (void *cls, set_peer_live (peer_ctx); ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity); *ctx_peer = *initiator; + channel_ctx = GNUNET_new (struct ChannelCtx); + channel_ctx->peer_ctx = peer_ctx; + channel_ctx->channel = channel; + GNUNET_CONTAINER_DLL_insert (channel_ctx_head, channel_ctx_tail, channel_ctx); /* We only accept one incoming channel per peer */ if (GNUNET_YES == Peers_check_peer_send_intention (initiator)) { @@ -1543,10 +1576,10 @@ Peers_handle_inbound_channel (void *cls, GNUNET_CADET_channel_destroy (peer_ctx->recv_channel); peer_ctx->recv_channel = channel; /* return the channel context */ - return ctx_peer; + return channel_ctx; } peer_ctx->recv_channel = channel; - return ctx_peer; + return channel_ctx; } @@ -1658,7 +1691,8 @@ void Peers_cleanup_destroyed_channel (void *cls, const struct GNUNET_CADET_Channel *channel) { - struct GNUNET_PeerIdentity *peer = cls; + struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; struct PeerContext *peer_ctx; uint32_t *channel_flag; @@ -2670,7 +2704,8 @@ static void cleanup_destroyed_channel (void *cls, const struct GNUNET_CADET_Channel *channel) { - struct GNUNET_PeerIdentity *peer = cls; + struct ChannelCtx *channel_ctx = cls; // FIXME: free this context! + struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; uint32_t *channel_flag; struct PeerContext *peer_ctx; @@ -3163,7 +3198,8 @@ static void handle_peer_check (void *cls, const struct GNUNET_MessageHeader *msg) { - const struct GNUNET_PeerIdentity *peer = cls; + const struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; LOG (GNUNET_ERROR_TYPE_DEBUG, "Received CHECK_LIVE (%s)\n", GNUNET_i2s (peer)); @@ -3183,7 +3219,8 @@ static void handle_peer_push (void *cls, const struct GNUNET_MessageHeader *msg) { - const struct GNUNET_PeerIdentity *peer = cls; + const struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; // (check the proof of work (?)) @@ -3244,7 +3281,8 @@ static void handle_peer_pull_request (void *cls, const struct GNUNET_MessageHeader *msg) { - struct GNUNET_PeerIdentity *peer = cls; + const struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; const struct GNUNET_PeerIdentity *view_array; LOG (GNUNET_ERROR_TYPE_DEBUG, "Received PULL REQUEST (%s)\n", GNUNET_i2s (peer)); @@ -3324,8 +3362,9 @@ static void handle_peer_pull_reply (void *cls, const struct GNUNET_RPS_P2P_PullReplyMessage *msg) { + const struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *sender = &channel_ctx->peer_ctx->peer_id; const struct GNUNET_PeerIdentity *peers; - struct GNUNET_PeerIdentity *sender = cls; uint32_t i; #ifdef ENABLE_MALICIOUS struct AttackedPeer *tmp_att_peer; -- cgit v1.2.3 From b197aa1988037a2839c4dcf752a343d9cfae7987 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Fri, 13 Jul 2018 01:14:43 +0200 Subject: rps service: check return value when opening cadet port --- src/rps/gnunet-service-rps.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index c60ab5e63..5d568dfac 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -4389,6 +4389,13 @@ run (void *cls, NULL, /* WindowSize handler */ cleanup_destroyed_channel, /* Disconnect handler */ cadet_handlers); + if (NULL == cadet_port) + { + LOG (GNUNET_ERROR_TYPE_ERROR, + "Cadet port `%s' is already in use.\n", + GNUNET_APPLICATION_PORT_RPS); + GNUNET_assert (0); + } peerinfo_handle = GNUNET_PEERINFO_connect (cfg); -- cgit v1.2.3 From 2a7eb7cb6d8fcc01e3d06b7c2b107549ae8dab40 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Fri, 13 Jul 2018 09:53:05 +0200 Subject: Revert "restructure rps service: start keeping track of channels" This reverts commit 330bb7242aed7c426cfdbb589155db5bb3fa83dc. --- src/rps/gnunet-service-rps.c | 55 +++++++------------------------------------- 1 file changed, 8 insertions(+), 47 deletions(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index 5d568dfac..12794945e 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -264,34 +264,6 @@ struct PeersIteratorCls void *cls; }; -/** - * @brief Context for a channel - */ -struct ChannelCtx -{ - /** - * @brief Meant to be used in a DLL - */ - struct ChannelCtx *next; - struct ChannelCtx *prev; - - /** - * @brief The channel itself - */ - struct GNUNET_CADET_Channel *channel; - - /** - * @brief The peer context associated with the channel - */ - struct PeerContext *peer_ctx; -}; - -/** - * @brief The DLL of channel contexts - */ -static struct ChannelCtx *channel_ctx_head; -static struct ChannelCtx *channel_ctx_tail; - /** * @brief Hashmap of valid peers. */ @@ -1549,7 +1521,6 @@ Peers_handle_inbound_channel (void *cls, { struct PeerContext *peer_ctx; struct GNUNET_PeerIdentity *ctx_peer; - struct ChannelCtx *channel_ctx; LOG (GNUNET_ERROR_TYPE_DEBUG, "New channel was established to us (Peer %s).\n", @@ -1560,10 +1531,6 @@ Peers_handle_inbound_channel (void *cls, set_peer_live (peer_ctx); ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity); *ctx_peer = *initiator; - channel_ctx = GNUNET_new (struct ChannelCtx); - channel_ctx->peer_ctx = peer_ctx; - channel_ctx->channel = channel; - GNUNET_CONTAINER_DLL_insert (channel_ctx_head, channel_ctx_tail, channel_ctx); /* We only accept one incoming channel per peer */ if (GNUNET_YES == Peers_check_peer_send_intention (initiator)) { @@ -1576,10 +1543,10 @@ Peers_handle_inbound_channel (void *cls, GNUNET_CADET_channel_destroy (peer_ctx->recv_channel); peer_ctx->recv_channel = channel; /* return the channel context */ - return channel_ctx; + return ctx_peer; } peer_ctx->recv_channel = channel; - return channel_ctx; + return ctx_peer; } @@ -1691,8 +1658,7 @@ void Peers_cleanup_destroyed_channel (void *cls, const struct GNUNET_CADET_Channel *channel) { - struct ChannelCtx *channel_ctx = cls; - const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; + struct GNUNET_PeerIdentity *peer = cls; struct PeerContext *peer_ctx; uint32_t *channel_flag; @@ -2704,8 +2670,7 @@ static void cleanup_destroyed_channel (void *cls, const struct GNUNET_CADET_Channel *channel) { - struct ChannelCtx *channel_ctx = cls; // FIXME: free this context! - struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; + struct GNUNET_PeerIdentity *peer = cls; uint32_t *channel_flag; struct PeerContext *peer_ctx; @@ -3198,8 +3163,7 @@ static void handle_peer_check (void *cls, const struct GNUNET_MessageHeader *msg) { - const struct ChannelCtx *channel_ctx = cls; - const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; + const struct GNUNET_PeerIdentity *peer = cls; LOG (GNUNET_ERROR_TYPE_DEBUG, "Received CHECK_LIVE (%s)\n", GNUNET_i2s (peer)); @@ -3219,8 +3183,7 @@ static void handle_peer_push (void *cls, const struct GNUNET_MessageHeader *msg) { - const struct ChannelCtx *channel_ctx = cls; - const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; + const struct GNUNET_PeerIdentity *peer = cls; // (check the proof of work (?)) @@ -3281,8 +3244,7 @@ static void handle_peer_pull_request (void *cls, const struct GNUNET_MessageHeader *msg) { - const struct ChannelCtx *channel_ctx = cls; - const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; + struct GNUNET_PeerIdentity *peer = cls; const struct GNUNET_PeerIdentity *view_array; LOG (GNUNET_ERROR_TYPE_DEBUG, "Received PULL REQUEST (%s)\n", GNUNET_i2s (peer)); @@ -3362,9 +3324,8 @@ static void handle_peer_pull_reply (void *cls, const struct GNUNET_RPS_P2P_PullReplyMessage *msg) { - const struct ChannelCtx *channel_ctx = cls; - const struct GNUNET_PeerIdentity *sender = &channel_ctx->peer_ctx->peer_id; const struct GNUNET_PeerIdentity *peers; + struct GNUNET_PeerIdentity *sender = cls; uint32_t i; #ifdef ENABLE_MALICIOUS struct AttackedPeer *tmp_att_peer; -- cgit v1.2.3 From 6f626ca4add69247a5af436c6745491a1eb0fb6e Mon Sep 17 00:00:00 2001 From: dvn Date: Sat, 14 Jul 2018 02:06:46 +0200 Subject: Guix Env/Build: Add a guix build definition without tests --- contrib/packages/guix/notest-guix-env.scm | 145 ++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 contrib/packages/guix/notest-guix-env.scm diff --git a/contrib/packages/guix/notest-guix-env.scm b/contrib/packages/guix/notest-guix-env.scm new file mode 100644 index 000000000..ffb0ec889 --- /dev/null +++ b/contrib/packages/guix/notest-guix-env.scm @@ -0,0 +1,145 @@ +;;; This file is part of GNUnet. +;;; Copyright (C) 2016, 2017, 2018 GNUnet e.V. +;;; +;;; GNUnet is free software: you can redistribute it and/or modify it +;;; under the terms of the GNU Affero General Public License as published +;;; by the Free Software Foundation, either version 3 of the License, +;;; or (at your option) any later version. +;;; +;;; GNUnet is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; Affero General Public License for more details. +;;; +;;; You should have received a copy of the GNU Affero General Public License +;;; along with this program. If not, see . + +(use-modules + (ice-9 popen) + (ice-9 match) + (ice-9 rdelim) + (guix packages) + (guix build-system gnu) + (guix gexp) + ((guix build utils) #:select (with-directory-excursion)) + (guix git-download) + (guix utils) ; current-source-directory + (gnu packages) + (gnu packages aidc) + (gnu packages autotools) + (gnu packages backup) + (gnu packages base) + (gnu packages compression) + (gnu packages curl) + (gnu packages databases) + (gnu packages file) + (gnu packages gettext) + (gnu packages glib) + (gnu packages gnome) + (gnu packages gnunet) + (gnu packages gnupg) + (gnu packages gnuzilla) + (gnu packages groff) + (gnu packages gstreamer) + (gnu packages gtk) + (gnu packages guile) + (gnu packages image) + (gnu packages image-viewers) + (gnu packages libidn) + (gnu packages libunistring) + (gnu packages linux) + (gnu packages maths) + (gnu packages multiprecision) + (gnu packages perl) + (gnu packages pkg-config) + (gnu packages pulseaudio) + (gnu packages python) + (gnu packages tex) + (gnu packages texinfo) + (gnu packages tex) + (gnu packages tls) + (gnu packages upnp) + (gnu packages video) + (gnu packages web) + (gnu packages xiph) + ((guix licenses) #:prefix license:)) + +(define %source-dir (current-source-directory)) + +(define gnunet-dev-env + (let* ((revision "1") + (select? (delay (or (git-predicate + (current-source-directory)) + source-file?)))) + (package + (inherit gnunet) + (name "gnunet") + (version (string-append "git" revision)) + (source + (local-file + (string-append (getcwd)) + #:recursive? #t)) + (inputs + `(("glpk" ,glpk) + ("gnurl" ,gnurl) + ("gstreamer" ,gstreamer) + ("gst-plugins-base" ,gst-plugins-base) + ("gnutls/dane" ,gnutls/dane) + ("libextractor" ,libextractor) + ("libgcrypt" ,libgcrypt) + ("libidn" ,libidn) + ("libmicrohttpd" ,libmicrohttpd) + ("libltdl" ,libltdl) + ("libunistring" ,libunistring) + ("openssl" ,openssl) + ("opus" ,opus) + ("pulseaudio" ,pulseaudio) + ("sqlite" ,sqlite) + ("postgresql" ,postgresql) + ("mysql" ,mariadb) + ("zlib" ,zlib) + ("perl" ,perl) + ("python-2" ,python-2) ; tests and gnunet-qr + ("python2-future" ,python2-future) + ("jansson" ,jansson) + ("nss" ,nss) + ("glib" ,glib "bin") + ("gmp" ,gmp) + ("bluez" ,bluez) ; for optional bluetooth feature + ("glib" ,glib) + ;; ("texlive" ,texlive) ;FIXME: minimize. + ("texlive-tiny" ,texlive-tiny) ;; Seems to be enough for _just_ info output. + ("miniupnpc" ,miniupnpc) + ("libogg" ,libogg))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("autoconf" ,autoconf) + ("automake" ,automake) + ("gnu-gettext" ,gnu-gettext) + ("which" ,which) + ("texinfo" ,texinfo-5) ; Debian stable: 5.2 + ("libtool" ,libtool))) + (outputs '("out" "debug")) + (arguments + `(#:configure-flags + (list (string-append "--with-nssdir=" %output "/lib") + "--enable-experimental") + #:phases + ;; swap check and install phases and set paths to installed bin + (modify-phases %standard-phases + (add-after 'unpack 'patch-bin-sh + (lambda _ + (for-each (lambda (f) (chmod f #o755)) + (find-files "po" "")) + #t)) + (add-after 'patch-bin-sh 'bootstrap + (lambda _ + (invoke "sh" "bootstrap"))) + ;;(add-before 'build 'chdir + ;; (lambda _ + ;; (chdir "doc/documentation"))) + (delete 'check) + ;; XXX: https://gnunet.org/bugs/view.php?id=4619 + )))))) + +gnunet-dev-env -- cgit v1.2.3 From 0f75e5c54c6e6c9087cf565539266514abd67e98 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 19 Jul 2018 22:16:00 +0200 Subject: change JWT algorithm to HMAC --- src/identity-provider/identity-provider.conf | 1 + src/identity-provider/jwt.c | 49 +++++----------------- src/identity-provider/jwt.h | 3 +- src/identity-provider/plugin_rest_openid_connect.c | 26 ++++++++++-- 4 files changed, 35 insertions(+), 44 deletions(-) diff --git a/src/identity-provider/identity-provider.conf b/src/identity-provider/identity-provider.conf index cc50152a1..99c0a50be 100644 --- a/src/identity-provider/identity-provider.conf +++ b/src/identity-provider/identity-provider.conf @@ -16,6 +16,7 @@ DATABASE = sqlite #ADDRESS = https://identity.gnu:8000#/login ADDRESS = https://reclaim.ui/#/login PSW = secret +JWT_SECRET = secret EXPIRATION_TIME = 3600 [identity-provider-sqlite] diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c index 1a984f7b5..7ac4f0025 100644 --- a/src/identity-provider/jwt.c +++ b/src/identity-provider/jwt.c @@ -30,15 +30,14 @@ #define JWT_ALG "alg" -/*TODO is this the correct way to define new algs? */ -#define JWT_ALG_VALUE "urn:org:gnunet:jwt:alg:ecdsa:ed25519" +/* Use 512bit HMAC */ +#define JWT_ALG_VALUE "HS512" #define JWT_TYP "typ" #define JWT_TYP_VALUE "jwt" -//TODO change server address -#define SERVER_ADDRESS "https://localhost" +#define SERVER_ADDRESS "https://reclaim.id/api/openid/userinfo" static char* create_jwt_header(void) @@ -65,13 +64,12 @@ create_jwt_header(void) */ char* jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key) + const struct GNUNET_CRYPTO_AuthKey *priv_key) { struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - struct GNUNET_CRYPTO_EcdsaPublicKey sub_key; - struct GNUNET_CRYPTO_EcdsaSignature signature; - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; + struct GNUNET_HashCode signature; char* audience; char* subject; char* header; @@ -90,32 +88,25 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, //auth_time only if max_age //nonce only if nonce // OPTIONAL acr,amr,azp - GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &sub_key); - /* TODO maybe we should use a local identity here */ subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); header = create_jwt_header (); body = json_object (); - /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */ + //iss REQUIRED case sensitive server uri with https + //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) json_object_set_new (body, "iss", json_string (SERVER_ADDRESS)); //sub REQUIRED public key identity, not exceed 255 ASCII length json_object_set_new (body, "sub", json_string (subject)); - /* TODO what should be in here exactly? */ //aud REQUIRED public key client_id must be there json_object_set_new (body, "aud", json_string (audience)); for (le = attrs->list_head; NULL != le; le = le->next) { - /** - * TODO here we should have a function that - * calls the Attribute plugins to create a - * json representation for its value - */ attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type, le->claim->data, le->claim->data_size); @@ -148,32 +139,13 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, GNUNET_free (audience); /** - * TODO * Creating the JWT signature. This might not be * standards compliant, check. */ GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); - - purpose = - GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - strlen (signature_target)); - purpose->size = - htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); - purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); - GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target)); - if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key, - purpose, - (struct GNUNET_CRYPTO_EcdsaSignature *)&signature)) - { - GNUNET_free (signature_target); - GNUNET_free (body_str); - GNUNET_free (body_base64); - GNUNET_free (header_base64); - GNUNET_free (purpose); - return NULL; - } + GNUNET_CRYPTO_hmac (priv_key, signature_target, strlen (signature_target), &signature); GNUNET_STRINGS_base64_encode ((const char*)&signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + sizeof (struct GNUNET_HashCode), &signature_base64); GNUNET_asprintf (&result, "%s.%s.%s", header_base64, body_base64, signature_base64); @@ -184,6 +156,5 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, GNUNET_free (signature_base64); GNUNET_free (body_base64); GNUNET_free (header_base64); - GNUNET_free (purpose); return result; } diff --git a/src/identity-provider/jwt.h b/src/identity-provider/jwt.h index 072958973..80b6caa33 100644 --- a/src/identity-provider/jwt.h +++ b/src/identity-provider/jwt.h @@ -3,7 +3,8 @@ char* jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key); + const struct GNUNET_CRYPTO_AuthKey *priv_key); #endif diff --git a/src/identity-provider/plugin_rest_openid_connect.c b/src/identity-provider/plugin_rest_openid_connect.c index 9c2f7fb3d..cc4b83dae 100644 --- a/src/identity-provider/plugin_rest_openid_connect.c +++ b/src/identity-provider/plugin_rest_openid_connect.c @@ -1412,6 +1412,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, json_t *root, *ticket_string, *nonce, *max_age; json_error_t error; char *json_response; + char *jwt_secret; /* * Check Authorization @@ -1447,7 +1448,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, GNUNET_SCHEDULER_add_now (&do_error, handle); return; } - GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw); + GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), (void**)&user_psw); if ( NULL == user_psw ) { @@ -1598,7 +1599,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } //decode code - GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output); + GNUNET_STRINGS_base64_decode(code,strlen(code), (void**)&code_output); root = json_loads (code_output, 0, &error); GNUNET_free(code_output); ticket_string = json_object_get (root, "ticket"); @@ -1717,15 +1718,32 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, { GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("invalid code...."); + handle->edesc = GNUNET_strdup("invalid code..."); handle->response_code = MHD_HTTP_BAD_REQUEST; GNUNET_SCHEDULER_add_now (&do_error, handle); GNUNET_free(ticket); return; } + if ( GNUNET_OK + != GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", + "jwt_secret", &jwt_secret) ) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("No signing secret configured!"); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); + GNUNET_free(ticket); + return; + } + struct GNUNET_CRYPTO_AuthKey jwt_sign_key; + struct GNUNET_CRYPTO_EcdsaPublicKey pk; + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk); + GNUNET_CRYPTO_hash (jwt_secret, strlen (jwt_secret), (struct GNUNET_HashCode*)jwt_sign_key.key); char *id_token = jwt_create_from_list(&ticket->audience, + &pk, cl, - GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego)); + &jwt_sign_key); //Create random access_token char* access_token_number; -- cgit v1.2.3 From 4fd677cec39e5621d16bc2c63926b803b31582e3 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 19 Jul 2018 23:28:53 +0200 Subject: renamed identity-provider subsystem to reclaim --- configure.ac | 4 +- po/POTFILES.in | 20 +- src/Makefile.am | 6 +- src/identity-attribute/Makefile.am | 44 - src/identity-attribute/identity_attribute.c | 444 ---- src/identity-attribute/identity_attribute.h | 54 - .../plugin_identity_attribute_gnuid.c | 182 -- src/identity-provider/.gitignore | 2 - src/identity-provider/Makefile.am | 140 - src/identity-provider/gnunet-idp.c | 517 ---- .../gnunet-service-identity-provider.c | 2786 -------------------- src/identity-provider/identity-provider.conf | 23 - src/identity-provider/identity-token.conf | 2 - src/identity-provider/identity_provider.h | 410 --- src/identity-provider/identity_provider_api.c | 1383 ---------- src/identity-provider/jwt.c | 160 -- src/identity-provider/jwt.h | 10 - .../plugin_gnsrecord_identity_provider.c | 265 -- .../plugin_identity_provider_sqlite.c | 734 ------ .../plugin_rest_identity_provider.c | 1253 --------- src/identity-provider/plugin_rest_openid_connect.c | 2227 ---------------- src/identity-provider/test_idp.conf | 33 - src/identity-provider/test_idp.sh | 31 - src/identity-provider/test_idp_attribute.sh | 40 - src/identity-provider/test_idp_consume.sh | 43 - src/identity-provider/test_idp_defaults.conf | 24 - src/identity-provider/test_idp_issue.sh | 42 - src/identity-provider/test_idp_revoke.sh | 65 - src/include/Makefile.am | 2 +- src/include/gnunet_identity_attribute_lib.h | 281 -- src/include/gnunet_identity_attribute_plugin.h | 147 -- src/include/gnunet_identity_provider_plugin.h | 121 - src/include/gnunet_identity_provider_service.h | 378 --- src/include/gnunet_protocols.h | 30 +- src/include/gnunet_reclaim_attribute_lib.h | 281 ++ src/include/gnunet_reclaim_attribute_plugin.h | 147 ++ src/include/gnunet_reclaim_plugin.h | 121 + src/include/gnunet_reclaim_service.h | 378 +++ src/reclaim-attribute/Makefile.am | 44 + .../plugin_reclaim_attribute_gnuid.c | 182 ++ src/reclaim-attribute/reclaim_attribute.c | 444 ++++ src/reclaim-attribute/reclaim_attribute.h | 54 + src/reclaim/.gitignore | 2 + src/reclaim/Makefile.am | 140 + src/reclaim/gnunet-reclaim.c | 517 ++++ src/reclaim/gnunet-service-reclaim.c | 2786 ++++++++++++++++++++ src/reclaim/jwt.c | 160 ++ src/reclaim/jwt.h | 10 + src/reclaim/plugin_gnsrecord_reclaim.c | 265 ++ src/reclaim/plugin_reclaim_sqlite.c | 734 ++++++ src/reclaim/plugin_rest_openid_connect.c | 2227 ++++++++++++++++ src/reclaim/plugin_rest_reclaim.c | 1253 +++++++++ src/reclaim/reclaim.conf | 23 + src/reclaim/reclaim.h | 410 +++ src/reclaim/reclaim_api.c | 1383 ++++++++++ src/reclaim/test_reclaim.sh | 31 + src/reclaim/test_reclaim_attribute.sh | 40 + src/reclaim/test_reclaim_consume.sh | 43 + src/reclaim/test_reclaim_defaults.conf | 24 + src/reclaim/test_reclaim_issue.sh | 42 + src/reclaim/test_reclaim_revoke.sh | 65 + 61 files changed, 11838 insertions(+), 11871 deletions(-) delete mode 100644 src/identity-attribute/Makefile.am delete mode 100644 src/identity-attribute/identity_attribute.c delete mode 100644 src/identity-attribute/identity_attribute.h delete mode 100644 src/identity-attribute/plugin_identity_attribute_gnuid.c delete mode 100644 src/identity-provider/.gitignore delete mode 100644 src/identity-provider/Makefile.am delete mode 100644 src/identity-provider/gnunet-idp.c delete mode 100644 src/identity-provider/gnunet-service-identity-provider.c delete mode 100644 src/identity-provider/identity-provider.conf delete mode 100644 src/identity-provider/identity-token.conf delete mode 100644 src/identity-provider/identity_provider.h delete mode 100644 src/identity-provider/identity_provider_api.c delete mode 100644 src/identity-provider/jwt.c delete mode 100644 src/identity-provider/jwt.h delete mode 100644 src/identity-provider/plugin_gnsrecord_identity_provider.c delete mode 100644 src/identity-provider/plugin_identity_provider_sqlite.c delete mode 100644 src/identity-provider/plugin_rest_identity_provider.c delete mode 100644 src/identity-provider/plugin_rest_openid_connect.c delete mode 100644 src/identity-provider/test_idp.conf delete mode 100755 src/identity-provider/test_idp.sh delete mode 100755 src/identity-provider/test_idp_attribute.sh delete mode 100755 src/identity-provider/test_idp_consume.sh delete mode 100644 src/identity-provider/test_idp_defaults.conf delete mode 100755 src/identity-provider/test_idp_issue.sh delete mode 100755 src/identity-provider/test_idp_revoke.sh delete mode 100644 src/include/gnunet_identity_attribute_lib.h delete mode 100644 src/include/gnunet_identity_attribute_plugin.h delete mode 100644 src/include/gnunet_identity_provider_plugin.h delete mode 100644 src/include/gnunet_identity_provider_service.h create mode 100644 src/include/gnunet_reclaim_attribute_lib.h create mode 100644 src/include/gnunet_reclaim_attribute_plugin.h create mode 100644 src/include/gnunet_reclaim_plugin.h create mode 100644 src/include/gnunet_reclaim_service.h create mode 100644 src/reclaim-attribute/Makefile.am create mode 100644 src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c create mode 100644 src/reclaim-attribute/reclaim_attribute.c create mode 100644 src/reclaim-attribute/reclaim_attribute.h create mode 100644 src/reclaim/.gitignore create mode 100644 src/reclaim/Makefile.am create mode 100644 src/reclaim/gnunet-reclaim.c create mode 100644 src/reclaim/gnunet-service-reclaim.c create mode 100644 src/reclaim/jwt.c create mode 100644 src/reclaim/jwt.h create mode 100644 src/reclaim/plugin_gnsrecord_reclaim.c create mode 100644 src/reclaim/plugin_reclaim_sqlite.c create mode 100644 src/reclaim/plugin_rest_openid_connect.c create mode 100644 src/reclaim/plugin_rest_reclaim.c create mode 100644 src/reclaim/reclaim.conf create mode 100644 src/reclaim/reclaim.h create mode 100644 src/reclaim/reclaim_api.c create mode 100755 src/reclaim/test_reclaim.sh create mode 100755 src/reclaim/test_reclaim_attribute.sh create mode 100755 src/reclaim/test_reclaim_consume.sh create mode 100644 src/reclaim/test_reclaim_defaults.conf create mode 100755 src/reclaim/test_reclaim_issue.sh create mode 100755 src/reclaim/test_reclaim_revoke.sh diff --git a/configure.ac b/configure.ac index c7314d765..535ce0ffe 100644 --- a/configure.ac +++ b/configure.ac @@ -1759,8 +1759,8 @@ src/zonemaster/Makefile src/zonemaster/zonemaster.conf src/rest/Makefile src/abe/Makefile -src/identity-attribute/Makefile -src/identity-provider/Makefile +src/reclaim-attribute/Makefile +src/reclaim/Makefile pkgconfig/Makefile pkgconfig/gnunetarm.pc pkgconfig/gnunetats.pc diff --git a/po/POTFILES.in b/po/POTFILES.in index 83c3c7bdd..86235f860 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -198,16 +198,6 @@ src/hello/hello.c src/hostlist/gnunet-daemon-hostlist.c src/hostlist/gnunet-daemon-hostlist_client.c src/hostlist/gnunet-daemon-hostlist_server.c -src/identity-attribute/identity_attribute.c -src/identity-attribute/plugin_identity_attribute_gnuid.c -src/identity-provider/gnunet-idp.c -src/identity-provider/gnunet-service-identity-provider.c -src/identity-provider/identity_provider_api.c -src/identity-provider/jwt.c -src/identity-provider/plugin_gnsrecord_identity_provider.c -src/identity-provider/plugin_identity_provider_sqlite.c -src/identity-provider/plugin_rest_identity_provider.c -src/identity-provider/plugin_rest_openid_connect.c src/identity/gnunet-identity.c src/identity/gnunet-service-identity.c src/identity/identity_api.c @@ -297,6 +287,16 @@ src/psycutil/psyc_env.c src/psycutil/psyc_message.c src/psycutil/psyc_slicer.c src/pt/gnunet-daemon-pt.c +src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c +src/reclaim-attribute/reclaim_attribute.c +src/reclaim/gnunet-reclaim.c +src/reclaim/gnunet-service-reclaim.c +src/reclaim/jwt.c +src/reclaim/plugin_gnsrecord_reclaim.c +src/reclaim/plugin_reclaim_sqlite.c +src/reclaim/plugin_rest_openid_connect.c +src/reclaim/plugin_rest_reclaim.c +src/reclaim/reclaim_api.c src/regex/gnunet-daemon-regexprofiler.c src/regex/gnunet-regex-profiler.c src/regex/gnunet-regex-simulation-profiler.c diff --git a/src/Makefile.am b/src/Makefile.am index 00f30adc3..4ded81891 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -19,11 +19,13 @@ if HAVE_EXPERIMENTAL social # dv (FTBFS) if HAVE_ABE +if HAVE_JSON EXP_DIR += \ abe \ credential \ - identity-attribute \ - identity-provider + reclaim-attribute \ + reclaim +endif endif if HAVE_JSON EXP_DIR += \ diff --git a/src/identity-attribute/Makefile.am b/src/identity-attribute/Makefile.am deleted file mode 100644 index 2c73a443e..000000000 --- a/src/identity-attribute/Makefile.am +++ /dev/null @@ -1,44 +0,0 @@ -# This Makefile.am is in the public domain -AM_CPPFLAGS = -I$(top_srcdir)/src/include - -plugindir = $(libdir)/gnunet - -pkgcfgdir= $(pkgdatadir)/config.d/ - -libexecdir= $(pkglibdir)/libexec/ - -if MINGW - WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols -endif - -if USE_COVERAGE - AM_CFLAGS = --coverage -O0 - XLIBS = -lgcov -endif - -lib_LTLIBRARIES = \ - libgnunetidentityattribute.la - -libgnunetidentityattribute_la_SOURCES = \ - identity_attribute.c -libgnunetidentityattribute_la_LIBADD = \ - $(top_builddir)/src/util/libgnunetutil.la \ - $(GN_LIBINTL) -libgnunetidentityattribute_la_LDFLAGS = \ - $(GN_LIB_LDFLAGS) $(WINFLAGS) \ - -version-info 0:0:0 - - -plugin_LTLIBRARIES = \ - libgnunet_plugin_identity_attribute_gnuid.la - - -libgnunet_plugin_identity_attribute_gnuid_la_SOURCES = \ - plugin_identity_attribute_gnuid.c -libgnunet_plugin_identity_attribute_gnuid_la_LIBADD = \ - $(top_builddir)/src/util/libgnunetutil.la \ - $(LTLIBINTL) -libgnunet_plugin_identity_attribute_gnuid_la_LDFLAGS = \ - $(GN_PLUGIN_LDFLAGS) - - diff --git a/src/identity-attribute/identity_attribute.c b/src/identity-attribute/identity_attribute.c deleted file mode 100644 index 7d47c46a7..000000000 --- a/src/identity-attribute/identity_attribute.c +++ /dev/null @@ -1,444 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2010-2015 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - */ - -/** - * @file identity-attribute/identity_attribute.c - * @brief helper library to manage identity attributes - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "identity_attribute.h" -#include "gnunet_identity_attribute_plugin.h" - -/** - * Handle for a plugin - */ -struct Plugin -{ - /** - * Name of the plugin - */ - char *library_name; - - /** - * Plugin API - */ - struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api; -}; - -/** - * Plugins - */ -static struct Plugin **attr_plugins; - -/** - * Number of plugins - */ -static unsigned int num_plugins; - -/** - * Init canary - */ -static int initialized; - -/** - * Add a plugin - */ -static void -add_plugin (void* cls, - const char *library_name, - void *lib_ret) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = lib_ret; - struct Plugin *plugin; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Loading attribute plugin `%s'\n", - library_name); - plugin = GNUNET_new (struct Plugin); - plugin->api = api; - plugin->library_name = GNUNET_strdup (library_name); - GNUNET_array_append (attr_plugins, num_plugins, plugin); -} - -/** - * Load plugins - */ -static void -init() -{ - if (GNUNET_YES == initialized) - return; - initialized = GNUNET_YES; - GNUNET_PLUGIN_load_all ("libgnunet_plugin_identity_attribute_", NULL, - &add_plugin, NULL); -} - -/** - * Convert a type name to the corresponding number - * - * @param typename name to convert - * @return corresponding number, UINT32_MAX on error - */ -uint32_t -GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename) -{ - unsigned int i; - struct Plugin *plugin; - uint32_t ret; - - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attr_plugins[i]; - if (UINT32_MAX != (ret = plugin->api->typename_to_number (plugin->api->cls, - typename))) - return ret; - } - return UINT32_MAX; -} - -/** - * Convert a type number to the corresponding type string - * - * @param type number of a type - * @return corresponding typestring, NULL on error - */ -const char* -GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type) -{ - unsigned int i; - struct Plugin *plugin; - const char *ret; - - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attr_plugins[i]; - if (NULL != (ret = plugin->api->number_to_typename (plugin->api->cls, - type))) - return ret; - } - return NULL; -} - -/** - * Convert human-readable version of a 'claim' of an attribute to the binary - * representation - * - * @param type type of the claim - * @param s human-readable string - * @param data set to value in binary encoding (will be allocated) - * @param data_size set to number of bytes in @a data - * @return #GNUNET_OK on success - */ -int -GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type, - const char *s, - void **data, - size_t *data_size) -{ - unsigned int i; - struct Plugin *plugin; - - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attr_plugins[i]; - if (GNUNET_OK == plugin->api->string_to_value (plugin->api->cls, - type, - s, - data, - data_size)) - return GNUNET_OK; - } - return GNUNET_SYSERR; -} - -/** - * Convert the 'claim' of an attribute to a string - * - * @param type the type of attribute - * @param data claim in binary encoding - * @param data_size number of bytes in @a data - * @return NULL on error, otherwise human-readable representation of the claim - */ -char * -GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type, - const void* data, - size_t data_size) -{ - unsigned int i; - struct Plugin *plugin; - char *ret; - - init(); - for (i = 0; i < num_plugins; i++) - { - plugin = attr_plugins[i]; - if (NULL != (ret = plugin->api->value_to_string (plugin->api->cls, - type, - data, - data_size))) - return ret; - } - return NULL; -} - -/** - * Create a new attribute. - * - * @param attr_name the attribute name - * @param type the attribute type - * @param data the attribute value - * @param data_size the attribute value size - * @return the new attribute - */ -struct GNUNET_IDENTITY_ATTRIBUTE_Claim * -GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name, - uint32_t type, - const void* data, - size_t data_size) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr; - char *write_ptr; - - attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) + - strlen (attr_name) + 1 + - data_size); - attr->type = type; - attr->data_size = data_size; - attr->version = 0; - write_ptr = (char*)&attr[1]; - GNUNET_memcpy (write_ptr, - attr_name, - strlen (attr_name) + 1); - attr->name = write_ptr; - write_ptr += strlen (attr->name) + 1; - GNUNET_memcpy (write_ptr, - data, - data_size); - attr->data = write_ptr; - return attr; -} - -/** - * Add a new claim list entry. - * - * @param claim_list the attribute name - * @param attr_name the attribute name - * @param type the attribute type - * @param data the attribute value - * @param data_size the attribute value size - * @return - */ -void -GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *claim_list, - const char* attr_name, - uint32_t type, - const void* data, - size_t data_size) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); - le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name, - type, - data, - data_size); - GNUNET_CONTAINER_DLL_insert (claim_list->list_head, - claim_list->list_tail, - le); -} - -size_t -GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - size_t len = 0; - for (le = attrs->list_head; NULL != le; le = le->next) - len += GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim); - return len; -} - -size_t -GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - char *result) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - size_t len; - size_t total_len; - char* write_ptr; - - write_ptr = result; - total_len = 0; - for (le = attrs->list_head; NULL != le; le = le->next) - { - len = GNUNET_IDENTITY_ATTRIBUTE_serialize (le->claim, - write_ptr); - total_len += len; - write_ptr += len; - } - return total_len; -} - -struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList * -GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data, - size_t data_size) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - size_t attr_len; - const char* read_ptr; - - if (data_size < sizeof (struct Attribute)) - return NULL; - - attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); - read_ptr = data; - while (((data + data_size) - read_ptr) >= sizeof (struct Attribute)) - { - - le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); - le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (read_ptr, - data_size - (read_ptr - data)); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Deserialized attribute %s\n", le->claim->name); - GNUNET_CONTAINER_DLL_insert (attrs->list_head, - attrs->list_tail, - le); - attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim); - read_ptr += attr_len; - } - return attrs; -} - -struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList* -GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *result_le; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *result; - - result = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); - for (le = attrs->list_head; NULL != le; le = le->next) - { - result_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); - result_le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (le->claim->name, - le->claim->type, - le->claim->data, - le->claim->data_size); - GNUNET_CONTAINER_DLL_insert (result->list_head, - result->list_tail, - result_le); - } - return result; -} - - -void -GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *tmp_le; - - for (le = attrs->list_head; NULL != le;) - { - GNUNET_free (le->claim); - tmp_le = le; - le = le->next; - GNUNET_free (tmp_le); - } - GNUNET_free (attrs); - -} - -size_t -GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) -{ - return sizeof (struct Attribute) - + strlen (attr->name) - + attr->data_size; -} - -size_t -GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr, - char *result) -{ - size_t data_len_ser; - size_t name_len; - struct Attribute *attr_ser; - char* write_ptr; - - attr_ser = (struct Attribute*)result; - attr_ser->attribute_type = htons (attr->type); - attr_ser->attribute_version = htonl (attr->version); - name_len = strlen (attr->name); - attr_ser->name_len = htons (name_len); - write_ptr = (char*)&attr_ser[1]; - GNUNET_memcpy (write_ptr, attr->name, name_len); - write_ptr += name_len; - //TODO plugin-ize - //data_len_ser = plugin->serialize_attribute_value (attr, - // &attr_ser[1]); - data_len_ser = attr->data_size; - GNUNET_memcpy (write_ptr, attr->data, attr->data_size); - attr_ser->data_size = htons (data_len_ser); - - return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size; -} - -struct GNUNET_IDENTITY_ATTRIBUTE_Claim * -GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data, - size_t data_size) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr; - struct Attribute *attr_ser; - size_t data_len; - size_t name_len; - char* write_ptr; - - if (data_size < sizeof (struct Attribute)) - return NULL; - - attr_ser = (struct Attribute*)data; - data_len = ntohs (attr_ser->data_size); - name_len = ntohs (attr_ser->name_len); - attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) - + data_len + name_len + 1); - attr->type = ntohs (attr_ser->attribute_type); - attr->version = ntohl (attr_ser->attribute_version); - attr->data_size = ntohs (attr_ser->data_size); - - write_ptr = (char*)&attr[1]; - GNUNET_memcpy (write_ptr, - &attr_ser[1], - name_len); - write_ptr[name_len] = '\0'; - attr->name = write_ptr; - - write_ptr += name_len + 1; - GNUNET_memcpy (write_ptr, - (char*)&attr_ser[1] + name_len, - attr->data_size); - attr->data = write_ptr; - return attr; - -} - -/* end of identity_attribute.c */ diff --git a/src/identity-attribute/identity_attribute.h b/src/identity-attribute/identity_attribute.h deleted file mode 100644 index 2346dcde1..000000000 --- a/src/identity-attribute/identity_attribute.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - */ -/** - * @author Martin Schanzenbach - * @file identity-attribute/identity_attribute.h - * @brief GNUnet Identity attributes - * - */ -#ifndef IDENTITY_ATTRIBUTE_H -#define IDENTITY_ATTRIBUTE_H - -#include "gnunet_identity_provider_service.h" - -struct Attribute -{ - /** - * Attribute type - */ - uint32_t attribute_type; - - /** - * Attribute version - */ - uint32_t attribute_version; - - /** - * Name length - */ - uint32_t name_len; - - /** - * Data size - */ - uint32_t data_size; - - //followed by data_size Attribute value data -}; - -#endif diff --git a/src/identity-attribute/plugin_identity_attribute_gnuid.c b/src/identity-attribute/plugin_identity_attribute_gnuid.c deleted file mode 100644 index c09b167f5..000000000 --- a/src/identity-attribute/plugin_identity_attribute_gnuid.c +++ /dev/null @@ -1,182 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2013, 2014, 2016 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @file identity-attribute/plugin_identity_attribute_gnuid.c - * @brief identity attribute plugin to provide the API for fundamental - * attribute types. - * - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_identity_attribute_plugin.h" -#include - - -/** - * Convert the 'value' of an attribute to a string. - * - * @param cls closure, unused - * @param type type of the attribute - * @param data value in binary encoding - * @param data_size number of bytes in @a data - * @return NULL on error, otherwise human-readable representation of the value - */ -static char * -gnuid_value_to_string (void *cls, - uint32_t type, - const void *data, - size_t data_size) -{ - - switch (type) - { - case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING: - return GNUNET_strndup (data, data_size); - default: - return NULL; - } -} - - -/** - * Convert human-readable version of a 'value' of an attribute to the binary - * representation. - * - * @param cls closure, unused - * @param type type of the attribute - * @param s human-readable string - * @param data set to value in binary encoding (will be allocated) - * @param data_size set to number of bytes in @a data - * @return #GNUNET_OK on success - */ -static int -gnuid_string_to_value (void *cls, - uint32_t type, - const char *s, - void **data, - size_t *data_size) -{ - if (NULL == s) - return GNUNET_SYSERR; - switch (type) - { - - case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING: - *data = GNUNET_strdup (s); - *data_size = strlen (s); - return GNUNET_OK; - default: - return GNUNET_SYSERR; - } -} - - -/** - * Mapping of attribute type numbers to human-readable - * attribute type names. - */ -static struct { - const char *name; - uint32_t number; -} gnuid_name_map[] = { - { "STRING", GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING }, - { NULL, UINT32_MAX } -}; - - -/** - * Convert a type name to the corresponding number. - * - * @param cls closure, unused - * @param gnuid_typename name to convert - * @return corresponding number, UINT32_MAX on error - */ -static uint32_t -gnuid_typename_to_number (void *cls, - const char *gnuid_typename) -{ - unsigned int i; - - i=0; - while ( (NULL != gnuid_name_map[i].name) && - (0 != strcasecmp (gnuid_typename, - gnuid_name_map[i].name)) ) - i++; - return gnuid_name_map[i].number; -} - - -/** - * Convert a type number (i.e. 1) to the corresponding type string - * - * @param cls closure, unused - * @param type number of a type to convert - * @return corresponding typestring, NULL on error - */ -static const char * -gnuid_number_to_typename (void *cls, - uint32_t type) -{ - unsigned int i; - - i=0; - while ( (NULL != gnuid_name_map[i].name) && - (type != gnuid_name_map[i].number) ) - i++; - return gnuid_name_map[i].name; -} - - -/** - * Entry point for the plugin. - * - * @param cls NULL - * @return the exported block API - */ -void * -libgnunet_plugin_identity_attribute_gnuid_init (void *cls) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api; - - api = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions); - api->value_to_string = &gnuid_value_to_string; - api->string_to_value = &gnuid_string_to_value; - api->typename_to_number = &gnuid_typename_to_number; - api->number_to_typename = &gnuid_number_to_typename; - return api; -} - - -/** - * Exit point from the plugin. - * - * @param cls the return value from #libgnunet_plugin_block_test_init() - * @return NULL - */ -void * -libgnunet_plugin_identity_attribute_gnuid_done (void *cls) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = cls; - - GNUNET_free (api); - return NULL; -} - -/* end of plugin_identity_attribute_type_gnuid.c */ diff --git a/src/identity-provider/.gitignore b/src/identity-provider/.gitignore deleted file mode 100644 index ef77fccdc..000000000 --- a/src/identity-provider/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -gnunet-service-identity-provider -gnunet-identity-token diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am deleted file mode 100644 index 2eb699542..000000000 --- a/src/identity-provider/Makefile.am +++ /dev/null @@ -1,140 +0,0 @@ -# This Makefile.am is in the public domain -AM_CPPFLAGS = -I$(top_srcdir)/src/include - - plugindir = $(libdir)/gnunet - -if MINGW - WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols -endif - -if USE_COVERAGE - AM_CFLAGS = --coverage -O0 - XLIB = -lgcov -endif - -if HAVE_SQLITE -SQLITE_PLUGIN = libgnunet_plugin_identity_provider_sqlite.la -endif - -EXTRA_DIST = \ - test_idp_defaults.conf \ - test_idp.conf \ - $(check_SCRIPTS) - -pkgcfgdir= $(pkgdatadir)/config.d/ - -libexecdir= $(pkglibdir)/libexec/ - -pkgcfg_DATA = \ - identity-provider.conf - -lib_LTLIBRARIES = \ - libgnunetidentityprovider.la -plugin_LTLIBRARIES = \ - libgnunet_plugin_rest_identity_provider.la \ - libgnunet_plugin_rest_openid_connect.la \ - libgnunet_plugin_gnsrecord_identity_provider.la \ - $(SQLITE_PLUGIN) - -bin_PROGRAMS = \ - gnunet-idp - -libexec_PROGRAMS = \ - gnunet-service-identity-provider - -libgnunet_plugin_gnsrecord_identity_provider_la_SOURCES = \ - plugin_gnsrecord_identity_provider.c -libgnunet_plugin_gnsrecord_identity_provider_la_LIBADD = \ - $(top_builddir)/src/util/libgnunetutil.la \ - $(LTLIBINTL) -libgnunet_plugin_gnsrecord_identity_provider_la_LDFLAGS = \ - $(GN_PLUGIN_LDFLAGS) - -libgnunet_plugin_identity_provider_sqlite_la_SOURCES = \ - plugin_identity_provider_sqlite.c -libgnunet_plugin_identity_provider_sqlite_la_LIBADD = \ - libgnunetidentityprovider.la \ - $(top_builddir)/src/sq/libgnunetsq.la \ - $(top_builddir)/src/statistics/libgnunetstatistics.la \ - $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \ - $(LTLIBINTL) -libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \ - $(GN_PLUGIN_LDFLAGS) - - - -gnunet_service_identity_provider_SOURCES = \ - gnunet-service-identity-provider.c -gnunet_service_identity_provider_LDADD = \ - $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ - $(top_builddir)/src/util/libgnunetutil.la \ - $(top_builddir)/src/namestore/libgnunetnamestore.la \ - $(top_builddir)/src/identity/libgnunetidentity.la \ - $(top_builddir)/src/statistics/libgnunetstatistics.la \ - $(top_builddir)/src/abe/libgnunetabe.la \ - $(top_builddir)/src/credential/libgnunetcredential.la \ - $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \ - libgnunetidentityprovider.la \ - $(top_builddir)/src/gns/libgnunetgns.la \ - $(GN_LIBINTL) - -libgnunetidentityprovider_la_SOURCES = \ - identity_provider_api.c \ - identity_provider.h -libgnunetidentityprovider_la_LIBADD = \ - $(top_builddir)/src/util/libgnunetutil.la \ - $(GN_LIBINTL) $(XLIB) -libgnunetidentityprovider_la_LDFLAGS = \ - $(GN_LIB_LDFLAGS) $(WINFLAGS) \ - -version-info 0:0:0 - -libgnunet_plugin_rest_identity_provider_la_SOURCES = \ - plugin_rest_identity_provider.c \ - jwt.c -libgnunet_plugin_rest_identity_provider_la_LIBADD = \ - $(top_builddir)/src/identity/libgnunetidentity.la \ - libgnunetidentityprovider.la \ - $(top_builddir)/src/rest/libgnunetrest.la \ - $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ - $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \ - $(top_builddir)/src/namestore/libgnunetnamestore.la \ - $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ - $(LTLIBINTL) -ljansson -lmicrohttpd -libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \ - $(GN_PLUGIN_LDFLAGS) - -libgnunet_plugin_rest_openid_connect_la_SOURCES = \ - plugin_rest_openid_connect.c \ - jwt.c -libgnunet_plugin_rest_openid_connect_la_LIBADD = \ - $(top_builddir)/src/identity/libgnunetidentity.la \ - libgnunetidentityprovider.la \ - $(top_builddir)/src/rest/libgnunetrest.la \ - $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ - $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \ - $(top_builddir)/src/namestore/libgnunetnamestore.la \ - $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ - $(LTLIBINTL) -ljansson -lmicrohttpd -libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \ - $(GN_PLUGIN_LDFLAGS) - -gnunet_idp_SOURCES = \ - gnunet-idp.c -gnunet_idp_LDADD = \ - $(top_builddir)/src/util/libgnunetutil.la \ - $(top_builddir)/src/namestore/libgnunetnamestore.la \ - libgnunetidentityprovider.la \ - $(top_builddir)/src/identity/libgnunetidentity.la \ - $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \ - $(GN_LIBINTL) - -check_SCRIPTS = \ - test_idp_attribute.sh \ - test_idp_issue.sh \ - test_idp_consume.sh \ - test_idp_revoke.sh - -if ENABLE_TEST_RUN - AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME; - TESTS = $(check_SCRIPTS) -endif diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c deleted file mode 100644 index 79e4f8d27..000000000 --- a/src/identity-provider/gnunet-idp.c +++ /dev/null @@ -1,517 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - */ -/** - * @author Martin Schanzenbach - * @file src/identity-provider/gnunet-idp.c - * @brief Identity Provider utility - * - */ - -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_namestore_service.h" -#include "gnunet_identity_provider_service.h" -#include "gnunet_identity_service.h" -#include "gnunet_signatures.h" - -/** - * return value - */ -static int ret; - -/** - * List attribute flag - */ -static int list; - -/** - * Relying party - */ -static char* rp; - -/** - * The attribute - */ -static char* attr_name; - -/** - * Attribute value - */ -static char* attr_value; - -/** - * Attributes to issue - */ -static char* issue_attrs; - -/** - * Ticket to consume - */ -static char* consume_ticket; - -/** - * Attribute type - */ -static char* type_str; - -/** - * Ticket to revoke - */ -static char* revoke_ticket; - -/** - * Ego name - */ -static char* ego_name; - -/** - * Identity handle - */ -static struct GNUNET_IDENTITY_Handle *identity_handle; - -/** - * IdP handle - */ -static struct GNUNET_IDENTITY_PROVIDER_Handle *idp_handle; - -/** - * IdP operation - */ -static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; - -/** - * Attribute iterator - */ -static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator; - -/** - * Master ABE key - */ -static struct GNUNET_CRYPTO_AbeMasterKey *abe_key; - -/** - * ego private key - */ -static const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey; - -/** - * rp public key - */ -static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key; - -/** - * Ticket to consume - */ -static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - -/** - * Attribute list - */ -static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list; - -/** - * Attribute expiration interval - */ -static struct GNUNET_TIME_Relative exp_interval; - -/** - * Timeout task - */ -static struct GNUNET_SCHEDULER_Task *timeout; - -static void -do_cleanup(void *cls) -{ - if (NULL != timeout) - GNUNET_SCHEDULER_cancel (timeout); - if (NULL != idp_op) - GNUNET_IDENTITY_PROVIDER_cancel (idp_op); - if (NULL != attr_iterator) - GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator); - if (NULL != idp_handle) - GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle); - if (NULL != identity_handle) - GNUNET_IDENTITY_disconnect (identity_handle); - if (NULL != abe_key) - GNUNET_free (abe_key); - if (NULL != attr_list) - GNUNET_free (attr_list); -} - -static void -ticket_issue_cb (void* cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) -{ - char* ticket_str; - idp_op = NULL; - if (NULL != ticket) { - ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); - printf("%s\n", - ticket_str); - GNUNET_free (ticket_str); - } - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); -} - -static void -store_attr_cont (void *cls, - int32_t success, - const char*emsg) -{ - idp_op = NULL; - if (GNUNET_SYSERR == success) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "%s\n", emsg); - } - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); -} - -static void -process_attrs (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) -{ - char *value_str; - if (NULL == identity) - { - idp_op = NULL; - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); - return; - } - if (NULL == attr) - { - ret = 1; - return; - } - value_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type, - attr->data, - attr->data_size); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "%s: %s\n", attr->name, value_str); -} - - -static void -iter_error (void *cls) -{ - attr_iterator = NULL; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to iterate over attributes\n"); - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); -} - -static void -timeout_task (void *cls) -{ - timeout = NULL; - ret = 1; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Timeout\n"); - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); -} - -static void -process_rvk (void *cls, int success, const char* msg) -{ - idp_op = NULL; - if (GNUNET_OK != success) - { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Revocation failed.\n"); - ret = 1; - } - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); -} - -static void -iter_finished (void *cls) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim; - char *data; - size_t data_size; - int type; - - attr_iterator = NULL; - if (list) - { - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); - return; - } - - if (issue_attrs) - { - idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle, - pkey, - &rp_key, - attr_list, - &ticket_issue_cb, - NULL); - return; - } - if (consume_ticket) - { - idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle, - pkey, - &ticket, - &process_attrs, - NULL); - timeout = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10), - &timeout_task, - NULL); - return; - } - if (revoke_ticket) - { - idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (idp_handle, - pkey, - &ticket, - &process_rvk, - NULL); - return; - } - if (attr_name) - { - if (NULL == type_str) - type = GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING; - else - type = GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (type_str); - - GNUNET_assert (GNUNET_SYSERR != GNUNET_IDENTITY_ATTRIBUTE_string_to_value (type, - attr_value, - (void**)&data, - &data_size)); - claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name, - type, - data, - data_size); - idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, - pkey, - claim, - &exp_interval, - &store_attr_cont, - NULL); - return; - } - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); -} - -static void -iter_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - char *attrs_tmp; - char *attr_str; - - if (issue_attrs) - { - attrs_tmp = GNUNET_strdup (issue_attrs); - attr_str = strtok (attrs_tmp, ","); - while (NULL != attr_str) { - if (0 != strcmp (attr_str, attr->name)) { - attr_str = strtok (NULL, ","); - continue; - } - le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); - le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, - attr->type, - attr->data, - attr->data_size); - GNUNET_CONTAINER_DLL_insert (attr_list->list_head, - attr_list->list_tail, - le); - break; - } - GNUNET_free (attrs_tmp); - } else if (list) { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "%s: %s\n", attr->name, (char*)attr->data); - } - GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator); -} - -static void -ego_iter_finished (void *cls) -{ - if (NULL == pkey) - { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Ego %s not found\n", ego_name); - return; - } - - if (NULL != rp) - GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, - strlen (rp), - &rp_key); - if (NULL != consume_ticket) - GNUNET_STRINGS_string_to_data (consume_ticket, - strlen (consume_ticket), - &ticket, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); - if (NULL != revoke_ticket) - GNUNET_STRINGS_string_to_data (revoke_ticket, - strlen (revoke_ticket), - &ticket, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); - - - attr_list = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); - - attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle, - pkey, - &iter_error, - NULL, - &iter_cb, - NULL, - &iter_finished, - NULL); - - -} - -static int init = GNUNET_YES; - -static void -ego_cb (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *name) -{ - if (NULL == name) { - if (GNUNET_YES == init) { - init = GNUNET_NO; - GNUNET_SCHEDULER_add_now (&ego_iter_finished, NULL); - } - return; - } - if (0 != strcmp (name, ego_name)) - return; - pkey = GNUNET_IDENTITY_ego_get_private_key (ego); -} - - -static void -run (void *cls, - char *const *args, - const char *cfgfile, - const struct GNUNET_CONFIGURATION_Handle *c) -{ - ret = 0; - if (NULL == ego_name) - { - ret = 1; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - _("Ego is required\n")); - return; - } - - if ( (NULL == attr_value) && (NULL != attr_name) ) - { - ret = 1; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - _("Attribute value missing!\n")); - return; - } - - if ( (NULL == rp) && (NULL != issue_attrs) ) - { - ret = 1; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - _("Requesting party key is required!\n")); - return; - } - - idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c); - //Get Ego - identity_handle = GNUNET_IDENTITY_connect (c, - &ego_cb, - NULL); - - -} - - -int -main(int argc, char *const argv[]) -{ - exp_interval = GNUNET_TIME_UNIT_HOURS; - struct GNUNET_GETOPT_CommandLineOption options[] = { - - GNUNET_GETOPT_option_string ('a', - "add", - NULL, - gettext_noop ("Add attribute"), - &attr_name), - - GNUNET_GETOPT_option_string ('V', - "value", - NULL, - gettext_noop ("Attribute value"), - &attr_value), - GNUNET_GETOPT_option_string ('e', - "ego", - NULL, - gettext_noop ("Ego"), - &ego_name), - GNUNET_GETOPT_option_string ('r', - "rp", - NULL, - gettext_noop ("Audience (relying party)"), - &rp), - GNUNET_GETOPT_option_flag ('D', - "dump", - gettext_noop ("List attributes for Ego"), - &list), - GNUNET_GETOPT_option_string ('i', - "issue", - NULL, - gettext_noop ("Issue a ticket"), - &issue_attrs), - GNUNET_GETOPT_option_string ('C', - "consume", - NULL, - gettext_noop ("Consume a ticket"), - &consume_ticket), - GNUNET_GETOPT_option_string ('R', - "revoke", - NULL, - gettext_noop ("Revoke a ticket"), - &revoke_ticket), - GNUNET_GETOPT_option_string ('t', - "type", - NULL, - gettext_noop ("Type of attribute"), - &type_str), - GNUNET_GETOPT_option_relative_time ('E', - "expiration", - NULL, - gettext_noop ("Expiration interval of the attribute"), - &exp_interval), - - GNUNET_GETOPT_OPTION_END - }; - if (GNUNET_OK != GNUNET_PROGRAM_run (argc, argv, "ct", - "ct", options, - &run, NULL)) - return 1; - else - return ret; -} diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c deleted file mode 100644 index 4563fdfa1..000000000 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ /dev/null @@ -1,2786 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - */ -/** - * @author Martin Schanzenbach - * @file src/identity-provider/gnunet-service-identity-provider.c - * @brief Identity Token Service - * - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_constants.h" -#include "gnunet_protocols.h" -#include "gnunet_identity_service.h" -#include "gnunet_gnsrecord_lib.h" -#include "gnunet_namestore_service.h" -#include "gnunet_abe_lib.h" -#include "gnunet_credential_service.h" -#include "gnunet_statistics_service.h" -#include "gnunet_gns_service.h" -#include "gnunet_identity_provider_plugin.h" -#include "gnunet_identity_attribute_lib.h" -#include "gnunet_signatures.h" -#include "identity_provider.h" - -/** - * First pass state - */ -#define STATE_INIT 0 - -/** - * Normal operation state - */ -#define STATE_POST_INIT 1 - -/** - * Minimum interval between updates - */ -#define MIN_WAIT_TIME GNUNET_TIME_UNIT_MINUTES - -/** - * Standard token expiration time - */ -#define DEFAULT_TOKEN_EXPIRATION_INTERVAL GNUNET_TIME_UNIT_HOURS - -/** - * Identity handle - */ -static struct GNUNET_IDENTITY_Handle *identity_handle; - -/** - * Database handle - */ -static struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *TKT_database; - -/** - * Name of DB plugin - */ -static char *db_lib_name; - -/** - * Token expiration interval - */ -static struct GNUNET_TIME_Relative token_expiration_interval; - -/** - * Namestore handle - */ -static struct GNUNET_NAMESTORE_Handle *ns_handle; - -/** - * GNS handle - */ -static struct GNUNET_GNS_Handle *gns_handle; - -/** - * Credential handle - */ -static struct GNUNET_CREDENTIAL_Handle *credential_handle; - -/** - * Namestore qe - */ -static struct GNUNET_NAMESTORE_QueueEntry *ns_qe; - -/** - * Namestore iterator - */ -static struct GNUNET_NAMESTORE_ZoneIterator *ns_it; - -/** - * Timeout task - */ -static struct GNUNET_SCHEDULER_Task *timeout_task; - -/** - * Update task - */ -static struct GNUNET_SCHEDULER_Task *update_task; - - -/** - * Currently processed token - */ -static struct IdentityToken *token; - -/** - * Label for currently processed token - */ -static char* label; - -/** - * Scopes for processed token - */ -static char* scopes; - -/** - * Handle to the statistics service. - */ -static struct GNUNET_STATISTICS_Handle *stats; - -/** - * Our configuration. - */ -static const struct GNUNET_CONFIGURATION_Handle *cfg; - -/** - * An idp client - */ -struct IdpClient; - -/** - * A ticket iteration operation. - */ -struct TicketIteration -{ - /** - * DLL - */ - struct TicketIteration *next; - - /** - * DLL - */ - struct TicketIteration *prev; - - /** - * Client which intiated this zone iteration - */ - struct IdpClient *client; - - /** - * Key of the identity we are iterating over. - */ - struct GNUNET_CRYPTO_EcdsaPublicKey identity; - - /** - * Identity is audience - */ - uint32_t is_audience; - - /** - * The operation id fot the iteration in the response for the client - */ - uint32_t r_id; - - /** - * Offset of the iteration used to address next result of the - * iteration in the store - * - * Initialy set to 0 in handle_iteration_start - * Incremented with by every call to handle_iteration_next - */ - uint32_t offset; - -}; - - - -/** - * Callback after an ABE bootstrap - * - * @param cls closure - * @param abe_key the ABE key that exists or was created - */ -typedef void -(*AbeBootstrapResult) (void *cls, - struct GNUNET_ABE_AbeMasterKey *abe_key); - - -struct AbeBootstrapHandle -{ - /** - * Function to call when finished - */ - AbeBootstrapResult proc; - - /** - * Callback closure - */ - char *proc_cls; - - /** - * Key of the zone we are iterating over. - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /** - * Namestore Queue Entry - */ - struct GNUNET_NAMESTORE_QueueEntry *ns_qe; - - /** - * The issuer egos ABE master key - */ - struct GNUNET_ABE_AbeMasterKey *abe_key; -}; - -/** - * An attribute iteration operation. - */ -struct AttributeIterator -{ - /** - * Next element in the DLL - */ - struct AttributeIterator *next; - - /** - * Previous element in the DLL - */ - struct AttributeIterator *prev; - - /** - * IDP client which intiated this zone iteration - */ - struct IdpClient *client; - - /** - * Key of the zone we are iterating over. - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /** - * The issuer egos ABE master key - */ - struct GNUNET_ABE_AbeMasterKey *abe_key; - - /** - * Namestore iterator - */ - struct GNUNET_NAMESTORE_ZoneIterator *ns_it; - - /** - * The operation id fot the zone iteration in the response for the client - */ - uint32_t request_id; - -}; - - - -/** - * An idp client - */ -struct IdpClient -{ - - /** - * The client - */ - struct GNUNET_SERVICE_Client *client; - - /** - * Message queue for transmission to @e client - */ - struct GNUNET_MQ_Handle *mq; - - /** - * Head of the DLL of - * Attribute iteration operations in - * progress initiated by this client - */ - struct AttributeIterator *attr_iter_head; - - /** - * Tail of the DLL of - * Attribute iteration operations - * in progress initiated by this client - */ - struct AttributeIterator *attr_iter_tail; - - /** - * Head of DLL of ticket iteration ops - */ - struct TicketIteration *ticket_iter_head; - - /** - * Tail of DLL of ticket iteration ops - */ - struct TicketIteration *ticket_iter_tail; - - /** - * Head of DLL of ticket revocation ops - */ - struct TicketRevocationHandle *revoke_op_head; - - /** - * Tail of DLL of ticket revocation ops - */ - struct TicketRevocationHandle *revoke_op_tail; - - /** - * Head of DLL of ticket issue ops - */ - struct TicketIssueHandle *issue_op_head; - - /** - * Tail of DLL of ticket issue ops - */ - struct TicketIssueHandle *issue_op_tail; - - /** - * Head of DLL of ticket consume ops - */ - struct ConsumeTicketHandle *consume_op_head; - - /** - * Tail of DLL of ticket consume ops - */ - struct ConsumeTicketHandle *consume_op_tail; - - /** - * Head of DLL of attribute store ops - */ - struct AttributeStoreHandle *store_op_head; - - /** - * Tail of DLL of attribute store ops - */ - struct AttributeStoreHandle *store_op_tail; - -}; - -struct AttributeStoreHandle -{ - /** - * DLL - */ - struct AttributeStoreHandle *next; - - /** - * DLL - */ - struct AttributeStoreHandle *prev; - - /** - * Client connection - */ - struct IdpClient *client; - - /** - * Identity - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /** - * Identity pubkey - */ - struct GNUNET_CRYPTO_EcdsaPublicKey identity_pkey; - - /** - * The issuer egos ABE master key - */ - struct GNUNET_ABE_AbeMasterKey *abe_key; - - /** - * QueueEntry - */ - struct GNUNET_NAMESTORE_QueueEntry *ns_qe; - - /** - * The attribute to store - */ - struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim; - - /** - * The attribute expiration interval - */ - struct GNUNET_TIME_Relative exp; - - /** - * request id - */ - uint32_t r_id; -}; - - -/* Prototype */ -struct ParallelLookup; - -struct ConsumeTicketHandle -{ - /** - * DLL - */ - struct ConsumeTicketHandle *next; - - /** - * DLL - */ - struct ConsumeTicketHandle *prev; - - /** - * Client connection - */ - struct IdpClient *client; - - /** - * Ticket - */ - struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - - /** - * LookupRequest - */ - struct GNUNET_GNS_LookupRequest *lookup_request; - - /** - * Audience Key - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /** - * Audience Key - */ - struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub; - - /** - * Lookup DLL - */ - struct ParallelLookup *parallel_lookups_head; - - /** - * Lookup DLL - */ - struct ParallelLookup *parallel_lookups_tail; - - /** - * Kill task - */ - struct GNUNET_SCHEDULER_Task *kill_task; - - /** - * The ABE key - */ - struct GNUNET_ABE_AbeKey *key; - - /** - * Attributes - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; - - /** - * Lookup time - */ - struct GNUNET_TIME_Absolute lookup_start_time; - - /** - * request id - */ - uint32_t r_id; -}; - -/** - * Handle for a parallel GNS lookup job - */ -struct ParallelLookup -{ - /* DLL */ - struct ParallelLookup *next; - - /* DLL */ - struct ParallelLookup *prev; - - /* The GNS request */ - struct GNUNET_GNS_LookupRequest *lookup_request; - - /* The handle the return to */ - struct ConsumeTicketHandle *handle; - - /** - * Lookup time - */ - struct GNUNET_TIME_Absolute lookup_start_time; - - /* The label to look up */ - char *label; -}; - -/** - * Ticket revocation request handle - */ -struct TicketRevocationHandle -{ - /** - * DLL - */ - struct TicketRevocationHandle *prev; - - /** - * DLL - */ - struct TicketRevocationHandle *next; - - /** - * Client connection - */ - struct IdpClient *client; - - /** - * Attributes to reissue - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; - - /** - * Attributes to revoke - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *rvk_attrs; - - /** - * Issuer Key - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /** - * Ticket to issue - */ - struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - - /** - * QueueEntry - */ - struct GNUNET_NAMESTORE_QueueEntry *ns_qe; - - /** - * Namestore iterator - */ - struct GNUNET_NAMESTORE_ZoneIterator *ns_it; - - /** - * The ABE master key - */ - struct GNUNET_ABE_AbeMasterKey *abe_key; - - /** - * Offset - */ - uint32_t offset; - - /** - * request id - */ - uint32_t r_id; -}; - - - -/** - * Ticket issue request handle - */ -struct TicketIssueHandle -{ - /** - * DLL - */ - struct TicketIssueHandle *prev; - - /** - * DLL - */ - struct TicketIssueHandle *next; - - /** - * Client connection - */ - struct IdpClient *client; - - /** - * Attributes to issue - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; - - /** - * Issuer Key - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /** - * Ticket to issue - */ - struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - - /** - * QueueEntry - */ - struct GNUNET_NAMESTORE_QueueEntry *ns_qe; - - /** - * request id - */ - uint32_t r_id; -}; - - -/** - * DLL for ego handles to egos containing the ID_ATTRS in a map in json_t format - * - */ -struct EgoEntry -{ - /** - * DLL - */ - struct EgoEntry *next; - - /** - * DLL - */ - struct EgoEntry *prev; - - /** - * Ego handle - */ - struct GNUNET_IDENTITY_Ego *ego; - - /** - * Attribute map. Contains the attributes as json_t - */ - struct GNUNET_CONTAINER_MultiHashMap *attr_map; - -}; - -/** - * Cleanup task - */ -static void -cleanup() -{ - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Cleaning up\n"); - - if (NULL != stats) - { - GNUNET_STATISTICS_destroy (stats, GNUNET_NO); - stats = NULL; - } - GNUNET_break (NULL == GNUNET_PLUGIN_unload (db_lib_name, - TKT_database)); - GNUNET_free (db_lib_name); - db_lib_name = NULL; - if (NULL != timeout_task) - GNUNET_SCHEDULER_cancel (timeout_task); - if (NULL != update_task) - GNUNET_SCHEDULER_cancel (update_task); - if (NULL != identity_handle) - GNUNET_IDENTITY_disconnect (identity_handle); - if (NULL != gns_handle) - GNUNET_GNS_disconnect (gns_handle); - if (NULL != credential_handle) - GNUNET_CREDENTIAL_disconnect (credential_handle); - if (NULL != ns_it) - GNUNET_NAMESTORE_zone_iteration_stop (ns_it); - if (NULL != ns_qe) - GNUNET_NAMESTORE_cancel (ns_qe); - if (NULL != ns_handle) - GNUNET_NAMESTORE_disconnect (ns_handle); - GNUNET_free_non_null (token); - GNUNET_free_non_null (label); - -} - -/** - * Shutdown task - * - * @param cls NULL - */ -static void -do_shutdown (void *cls) -{ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Shutting down...\n"); - cleanup(); -} - -/** - * Finished storing newly bootstrapped ABE key - */ -static void -bootstrap_store_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct AbeBootstrapHandle *abh = cls; - if (GNUNET_SYSERR == success) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to bootstrap ABE master %s\n", - emsg); - abh->proc (abh->proc_cls, NULL); - GNUNET_free (abh->abe_key); - GNUNET_free (abh); - return; - } - abh->proc (abh->proc_cls, abh->abe_key); - GNUNET_free (abh); -} - -/** - * Generates and stores a new ABE key - */ -static void -bootstrap_store_task (void *cls) -{ - struct AbeBootstrapHandle *abh = cls; - struct GNUNET_GNSRECORD_Data rd[1]; - char *key; - - rd[0].data_size = GNUNET_ABE_cpabe_serialize_master_key (abh->abe_key, - (void**)&key); - rd[0].data = key; - rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; - rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION | GNUNET_GNSRECORD_RF_PRIVATE; - rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? - abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &abh->identity, - "+", - 1, - rd, - &bootstrap_store_cont, - abh); - GNUNET_free (key); -} - -/** - * Error checking for ABE master - */ -static void -bootstrap_abe_error (void *cls) -{ - struct AbeBootstrapHandle *abh = cls; - abh->proc (abh->proc_cls, NULL); - GNUNET_free (abh); -} - - -/** - * Handle ABE lookup in namestore - */ -static void -bootstrap_abe_result (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct AbeBootstrapHandle *abh = cls; - struct GNUNET_ABE_AbeMasterKey *abe_key; - - for (uint32_t i=0;iproc (abh->proc_cls, abe_key); - GNUNET_free (abh); - return; - } - - //No ABE master found, bootstrapping... - abh->abe_key = GNUNET_ABE_cpabe_create_master_key (); - GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); -} - -/** - * Bootstrap ABE master if it does not yet exists. - * Will call the AbeBootstrapResult processor when done. - * will always recreate the ABE key of GNUNET_YES == recreate - */ -static void -bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - AbeBootstrapResult proc, - void* cls, - int recreate) -{ - struct AbeBootstrapHandle *abh; - - abh = GNUNET_new (struct AbeBootstrapHandle); - abh->proc = proc; - abh->proc_cls = cls; - abh->identity = *identity; - if (GNUNET_YES == recreate) - { - abh->abe_key = GNUNET_ABE_cpabe_create_master_key (); - GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); - } else { - abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, - identity, - "+", - &bootstrap_abe_error, - abh, - &bootstrap_abe_result, - abh); - } -} - - - -static int -create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, - struct GNUNET_CRYPTO_SymmetricSessionKey *skey, - struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) -{ - struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str; - - GNUNET_CRYPTO_hash_to_enc (new_key_hash, - &new_key_hash_str); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str); - static const char ctx_key[] = "gnuid-aes-ctx-key"; - GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), - new_key_hash, sizeof (struct GNUNET_HashCode), - ctx_key, strlen (ctx_key), - NULL, 0); - static const char ctx_iv[] = "gnuid-aes-ctx-iv"; - GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), - new_key_hash, sizeof (struct GNUNET_HashCode), - ctx_iv, strlen (ctx_iv), - NULL, 0); - return GNUNET_OK; -} - -/** - * Cleanup ticket consume handle - * @param handle the handle to clean up - */ -static void -cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) -{ - if (NULL != handle->attrs) - GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs); - if (NULL != handle->ns_qe) - GNUNET_NAMESTORE_cancel (handle->ns_qe); - GNUNET_free (handle); -} - - -static void -send_ticket_result (struct IdpClient *client, - uint32_t r_id, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) -{ - struct TicketResultMessage *irm; - struct GNUNET_MQ_Envelope *env; - struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket_buf; - - /* store ticket in DB */ - if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, - ticket, - attrs)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unable to store ticket after issue\n"); - GNUNET_break (0); - } - - env = GNUNET_MQ_msg_extra (irm, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket), - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); - ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&irm[1]; - *ticket_buf = *ticket; - irm->id = htonl (r_id); - GNUNET_MQ_send (client->mq, - env); -} - -static void -store_ticket_issue_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct TicketIssueHandle *handle = cls; - - handle->ns_qe = NULL; - GNUNET_CONTAINER_DLL_remove (handle->client->issue_op_head, - handle->client->issue_op_tail, - handle); - if (GNUNET_SYSERR == success) - { - cleanup_ticket_issue_handle (handle); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", - "Unknown Error\n"); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - send_ticket_result (handle->client, - handle->r_id, - &handle->ticket, - handle->attrs); - cleanup_ticket_issue_handle (handle); -} - - - -int -serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_ABE_AbeKey *rp_key, - struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, - char **result) -{ - struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - char *enc_keyinfo; - char *serialized_key; - char *buf; - char *write_ptr; - char attrs_str_len; - ssize_t size; - - struct GNUNET_CRYPTO_SymmetricSessionKey skey; - struct GNUNET_CRYPTO_SymmetricInitializationVector iv; - struct GNUNET_HashCode new_key_hash; - ssize_t enc_size; - - size = GNUNET_ABE_cpabe_serialize_key (rp_key, - (void**)&serialized_key); - attrs_str_len = 0; - for (le = attrs->list_head; NULL != le; le = le->next) { - attrs_str_len += strlen (le->claim->name) + 1; - } - buf = GNUNET_malloc (attrs_str_len + size); - write_ptr = buf; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Writing attributes\n"); - for (le = attrs->list_head; NULL != le; le = le->next) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "%s\n", le->claim->name); - - - GNUNET_memcpy (write_ptr, - le->claim->name, - strlen (le->claim->name)); - write_ptr[strlen (le->claim->name)] = ','; - write_ptr += strlen (le->claim->name) + 1; - } - write_ptr--; - write_ptr[0] = '\0'; //replace last , with a 0-terminator - write_ptr++; - GNUNET_memcpy (write_ptr, - serialized_key, - size); - GNUNET_free (serialized_key); - // ECDH keypair E = eG - *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); - GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, - &ecdh_pubkey); - enc_keyinfo = GNUNET_malloc (size + attrs_str_len); - // Derived key K = H(eB) - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, - &ticket->audience, - &new_key_hash)); - create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); - enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf, - size + attrs_str_len, - &skey, &iv, - enc_keyinfo); - *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+ - enc_size); - GNUNET_memcpy (*result, - &ecdh_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), - enc_keyinfo, - enc_size); - GNUNET_free (enc_keyinfo); - GNUNET_free (buf); - return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; -} - - - -static void -issue_ticket_after_abe_bootstrap (void *cls, - struct GNUNET_ABE_AbeMasterKey *abe_key) -{ - struct TicketIssueHandle *ih = cls; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; - struct GNUNET_GNSRECORD_Data code_record[1]; - struct GNUNET_ABE_AbeKey *rp_key; - char *code_record_data; - char **attrs; - char *label; - char *policy; - int attrs_len; - uint32_t i; - size_t code_record_len; - - //Create new ABE key for RP - attrs_len = 0; - for (le = ih->attrs->list_head; NULL != le; le = le->next) - attrs_len++; - attrs = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); - i = 0; - for (le = ih->attrs->list_head; NULL != le; le = le->next) { - GNUNET_asprintf (&policy, "%s_%lu", - le->claim->name, - le->claim->version); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Adding attribute to key: %s\n", - policy); - attrs[i] = policy; - i++; - } - attrs[i] = NULL; - rp_key = GNUNET_ABE_cpabe_create_key (abe_key, - attrs); - - //TODO review this wireformat - code_record_len = serialize_abe_keyinfo2 (&ih->ticket, - ih->attrs, - rp_key, - &ecdhe_privkey, - &code_record_data); - code_record[0].data = code_record_data; - code_record[0].data_size = code_record_len; - code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us; - code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; - code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; - - label = GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd, - sizeof (uint64_t)); - //Publish record - ih->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &ih->identity, - label, - 1, - code_record, - &store_ticket_issue_cont, - ih); - //for (; i > 0; i--) - // GNUNET_free (attrs[i-1]); - GNUNET_free (ecdhe_privkey); - GNUNET_free (label); - GNUNET_free (attrs); - GNUNET_free (code_record_data); - GNUNET_ABE_cpabe_delete_key (rp_key, - GNUNET_YES); - GNUNET_ABE_cpabe_delete_master_key (abe_key); -} - - -static int -check_issue_ticket_message(void *cls, - const struct IssueTicketMessage *im) -{ - uint16_t size; - - size = ntohs (im->header.size); - if (size <= sizeof (struct IssueTicketMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - - -static void -handle_issue_ticket_message (void *cls, - const struct IssueTicketMessage *im) -{ - struct TicketIssueHandle *ih; - struct IdpClient *idp = cls; - size_t attrs_len; - - ih = GNUNET_new (struct TicketIssueHandle); - attrs_len = ntohs (im->attr_len); - ih->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len); - ih->r_id = ntohl (im->id); - ih->client = idp; - ih->identity = im->identity; - GNUNET_CRYPTO_ecdsa_key_get_public (&ih->identity, - &ih->ticket.identity); - ih->ticket.audience = im->rp; - ih->ticket.rnd = - GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, - UINT64_MAX); - GNUNET_CONTAINER_DLL_insert (idp->issue_op_head, - idp->issue_op_tail, - ih); - bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih, GNUNET_NO); - GNUNET_SERVICE_client_continue (idp->client); - -} - -/********************************************************** - * Revocation - **********************************************************/ - -/** - * Cleanup revoke handle - * - * @param rh the ticket revocation handle - */ -static void -cleanup_revoke_ticket_handle (struct TicketRevocationHandle *rh) -{ - if (NULL != rh->attrs) - GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->attrs); - if (NULL != rh->rvk_attrs) - GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->rvk_attrs); - if (NULL != rh->abe_key) - GNUNET_ABE_cpabe_delete_master_key (rh->abe_key); - if (NULL != rh->ns_qe) - GNUNET_NAMESTORE_cancel (rh->ns_qe); - if (NULL != rh->ns_it) - GNUNET_NAMESTORE_zone_iteration_stop (rh->ns_it); - GNUNET_free (rh); -} - - -/** - * Send revocation result - * - * @param rh ticket revocation handle - * @param success GNUNET_OK if successful result - */ -static void -send_revocation_finished (struct TicketRevocationHandle *rh, - uint32_t success) -{ - struct GNUNET_MQ_Envelope *env; - struct RevokeTicketResultMessage *trm; - - GNUNET_break(TKT_database->delete_ticket (TKT_database->cls, - &rh->ticket)); - - env = GNUNET_MQ_msg (trm, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT); - trm->id = htonl (rh->r_id); - trm->success = htonl (success); - GNUNET_MQ_send (rh->client->mq, - env); - GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head, - rh->client->revoke_op_tail, - rh); -} - - -/** - * Process ticket from database - * - * @param cls struct TicketIterationProcResult - * @param ticket the ticket - * @param attrs the attributes - */ -static void -ticket_reissue_proc (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); - -static void -revocation_reissue_tickets (struct TicketRevocationHandle *rh); - - -static void reissue_next (void *cls) -{ - struct TicketRevocationHandle *rh = cls; - revocation_reissue_tickets (rh); -} - - -static void -reissue_ticket_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct TicketRevocationHandle *rh = cls; - - rh->ns_qe = NULL; - if (GNUNET_SYSERR == success) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", - "Unknown Error\n"); - send_revocation_finished (rh, GNUNET_SYSERR); - cleanup_revoke_ticket_handle (rh); - return; - } - rh->offset++; - GNUNET_SCHEDULER_add_now (&reissue_next, rh); -} - - -/** - * Process ticket from database - * - * @param cls struct TicketIterationProcResult - * @param ticket the ticket - * @param attrs the attributes - */ -static void -ticket_reissue_proc (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) -{ - struct TicketRevocationHandle *rh = cls; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover; - struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; - struct GNUNET_GNSRECORD_Data code_record[1]; - struct GNUNET_ABE_AbeKey *rp_key; - char *code_record_data; - char **attr_arr; - char *label; - char *policy; - int attrs_len; - uint32_t i; - int reissue_ticket; - size_t code_record_len; - - - if (NULL == ticket) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Iteration done\n"); - return; - } - - if (0 == memcmp (&ticket->audience, - &rh->ticket.audience, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Do not reissue for this identity.!\n"); - label = GNUNET_STRINGS_data_to_string_alloc (&rh->ticket.rnd, - sizeof (uint64_t)); - //Delete record - rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &rh->identity, - label, - 0, - NULL, - &reissue_ticket_cont, - rh); - - GNUNET_free (label); - return; - } - - /* - * Check if any attribute of this ticket intersects with a rollover attribute - */ - reissue_ticket = GNUNET_NO; - for (le = attrs->list_head; NULL != le; le = le->next) - { - for (le_rollover = rh->rvk_attrs->list_head; - NULL != le_rollover; - le_rollover = le_rollover->next) - { - if (0 == strcmp (le_rollover->claim->name, - le->claim->name)) - { - reissue_ticket = GNUNET_YES; - le->claim->version = le_rollover->claim->version; - } - } - } - - if (GNUNET_NO == reissue_ticket) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Skipping ticket.\n"); - - rh->offset++; - GNUNET_SCHEDULER_add_now (&reissue_next, rh); - - - return; - } - - //Create new ABE key for RP - attrs_len = 0; - - /* If this is the RP we want to revoke attributes of, the do so */ - - for (le = attrs->list_head; NULL != le; le = le->next) - attrs_len++; - attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); - i = 0; - for (le = attrs->list_head; NULL != le; le = le->next) { - GNUNET_asprintf (&policy, "%s_%lu", - le->claim->name, - le->claim->version); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Recreating key with %s\n", policy); - attr_arr[i] = policy; - i++; - } - attr_arr[i] = NULL; - rp_key = GNUNET_ABE_cpabe_create_key (rh->abe_key, - attr_arr); - - //TODO review this wireformat - code_record_len = serialize_abe_keyinfo2 (ticket, - attrs, - rp_key, - &ecdhe_privkey, - &code_record_data); - code_record[0].data = code_record_data; - code_record[0].data_size = code_record_len; - code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us; - code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; - code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; - - label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, - sizeof (uint64_t)); - //Publish record - rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &rh->identity, - label, - 1, - code_record, - &reissue_ticket_cont, - rh); - //for (; i > 0; i--) - // GNUNET_free (attr_arr[i-1]); - GNUNET_free (ecdhe_privkey); - GNUNET_free (label); - GNUNET_free (attr_arr); - GNUNET_free (code_record_data); - GNUNET_ABE_cpabe_delete_key (rp_key, GNUNET_YES); -} - - -/* Prototype for below function */ -static void -attr_reenc_cont (void *cls, - int32_t success, - const char *emsg); - -static void -revocation_reissue_tickets (struct TicketRevocationHandle *rh) -{ - int ret; - /* Done, issue new keys */ - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Revocation Phase III: Reissuing Tickets\n"); - if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls, - &rh->ticket.identity, - GNUNET_NO, - rh->offset, - &ticket_reissue_proc, - rh))) - { - GNUNET_break (0); - } - if (GNUNET_NO == ret) - { - send_revocation_finished (rh, GNUNET_OK); - cleanup_revoke_ticket_handle (rh); - return; - } -} - -/** - * Failed to check for attribute - */ -static void -check_attr_error (void *cls) -{ - struct TicketRevocationHandle *rh = cls; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unable to check for existing attribute\n"); - rh->ns_qe = NULL; - send_revocation_finished (rh, GNUNET_SYSERR); - cleanup_revoke_ticket_handle (rh); -} - - -/** - * Revoke next attribte by reencryption with - * new ABE master - */ -static void -reenc_next_attribute (void *cls); - -/** - * Check for existing attribute and overwrite - */ -static void -check_attr_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd_old) -{ - struct TicketRevocationHandle *rh = cls; - struct GNUNET_GNSRECORD_Data rd[1]; - char* buf; - char* enc_buf; - size_t enc_size; - char* rd_buf; - size_t buf_size; - char* policy; - uint32_t attr_ver; - - rh->ns_qe = NULL; - if (1 != rd_count) { - GNUNET_SCHEDULER_add_now (&reenc_next_attribute, - rh); - return; - } - - buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim); - buf = GNUNET_malloc (buf_size); - GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim, - buf); - rh->attrs->list_head->claim->version++; - GNUNET_asprintf (&policy, "%s_%lu", - rh->attrs->list_head->claim->name, - rh->attrs->list_head->claim->version); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Encrypting with policy %s\n", policy); - /** - * Encrypt the attribute value and store in namestore - */ - enc_size = GNUNET_ABE_cpabe_encrypt (buf, - buf_size, - policy, //Policy - rh->abe_key, - (void**)&enc_buf); - GNUNET_free (buf); - if (GNUNET_SYSERR == enc_size) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unable to re-encrypt with policy %s\n", - policy); - GNUNET_free (policy); - send_revocation_finished (rh, GNUNET_SYSERR); - cleanup_revoke_ticket_handle (rh); - return; - } - GNUNET_free (policy); - - rd[0].data_size = enc_size + sizeof (uint32_t); - rd_buf = GNUNET_malloc (rd[0].data_size); - attr_ver = htonl (rh->attrs->list_head->claim->version); - GNUNET_memcpy (rd_buf, - &attr_ver, - sizeof (uint32_t)); - GNUNET_memcpy (rd_buf+sizeof (uint32_t), - enc_buf, - enc_size); - rd[0].data = rd_buf; - rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; - rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; - rd[0].expiration_time = rd_old[0].expiration_time; - rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &rh->identity, - rh->attrs->list_head->claim->name, - 1, - rd, - &attr_reenc_cont, - rh); - GNUNET_free (enc_buf); - GNUNET_free (rd_buf); -} - - -/** - * Revoke next attribte by reencryption with - * new ABE master - */ -static void -reenc_next_attribute (void *cls) -{ - struct TicketRevocationHandle *rh = cls; - if (NULL == rh->attrs->list_head) - { - revocation_reissue_tickets (rh); - return; - } - /* First check if attribute still exists */ - rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, - &rh->identity, - rh->attrs->list_head->claim->name, - &check_attr_error, - rh, - &check_attr_cb, - rh); -} - - -/** - * Namestore callback after revoked attribute - * is stored - */ -static void -attr_reenc_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct TicketRevocationHandle *rh = cls; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - - rh->ns_qe = NULL; - if (GNUNET_SYSERR == success) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to reencrypt attribute %s\n", - emsg); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - if (NULL == rh->attrs->list_head) - { - revocation_reissue_tickets (rh); - return; - } - le = rh->attrs->list_head; - GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, - rh->attrs->list_tail, - le); - GNUNET_assert (NULL != rh->rvk_attrs); - GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head, - rh->rvk_attrs->list_tail, - le); - - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Re-encrypting next attribute\n"); - reenc_next_attribute (rh); -} - - -static void -process_attributes_to_update (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) -{ - struct TicketRevocationHandle *rh = cls; - - rh->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_dup (attrs); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Revocation Phase I: Collecting attributes\n"); - /* Reencrypt all attributes with new key */ - if (NULL == rh->attrs->list_head) - { - /* No attributes to reencrypt */ - send_revocation_finished (rh, GNUNET_OK); - cleanup_revoke_ticket_handle (rh); - return; - } else { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Revocation Phase II: Re-encrypting attributes\n"); - reenc_next_attribute (rh); - } - -} - - - -static void -get_ticket_after_abe_bootstrap (void *cls, - struct GNUNET_ABE_AbeMasterKey *abe_key) -{ - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Finished ABE bootstrap\n"); - struct TicketRevocationHandle *rh = cls; - rh->abe_key = abe_key; - TKT_database->get_ticket_attributes (TKT_database->cls, - &rh->ticket, - &process_attributes_to_update, - rh); -} - -static int -check_revoke_ticket_message(void *cls, - const struct RevokeTicketMessage *im) -{ - uint16_t size; - - size = ntohs (im->header.size); - if (size <= sizeof (struct RevokeTicketMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - -static void -handle_revoke_ticket_message (void *cls, - const struct RevokeTicketMessage *rm) -{ - struct TicketRevocationHandle *rh; - struct IdpClient *idp = cls; - struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; - - rh = GNUNET_new (struct TicketRevocationHandle); - ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1]; - rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); - rh->ticket = *ticket; - rh->r_id = ntohl (rm->id); - rh->client = idp; - rh->identity = rm->identity; - GNUNET_CRYPTO_ecdsa_key_get_public (&rh->identity, - &rh->ticket.identity); - GNUNET_CONTAINER_DLL_insert (idp->revoke_op_head, - idp->revoke_op_tail, - rh); - bootstrap_abe (&rh->identity, &get_ticket_after_abe_bootstrap, rh, GNUNET_NO); - GNUNET_SERVICE_client_continue (idp->client); - -} - -/** - * Cleanup ticket consume handle - * @param handle the handle to clean up - */ -static void -cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) -{ - struct ParallelLookup *lu; - struct ParallelLookup *tmp; - if (NULL != handle->lookup_request) - GNUNET_GNS_lookup_cancel (handle->lookup_request); - for (lu = handle->parallel_lookups_head; - NULL != lu;) { - GNUNET_GNS_lookup_cancel (lu->lookup_request); - GNUNET_free (lu->label); - tmp = lu->next; - GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, - handle->parallel_lookups_tail, - lu); - GNUNET_free (lu); - lu = tmp; - } - - if (NULL != handle->key) - GNUNET_ABE_cpabe_delete_key (handle->key, - GNUNET_YES); - if (NULL != handle->attrs) - GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs); - GNUNET_free (handle); -} - - - -static int -check_consume_ticket_message(void *cls, - const struct ConsumeTicketMessage *cm) -{ - uint16_t size; - - size = ntohs (cm->header.size); - if (size <= sizeof (struct ConsumeTicketMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - -static void -process_parallel_lookup2 (void *cls, uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Parallel lookup finished (count=%u)\n", rd_count); - struct ParallelLookup *parallel_lookup = cls; - struct ConsumeTicketHandle *handle = parallel_lookup->handle; - struct ConsumeTicketResultMessage *crm; - struct GNUNET_MQ_Envelope *env; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *attr_le; - struct GNUNET_TIME_Absolute decrypt_duration; - char *data; - char *data_tmp; - ssize_t attr_len; - size_t attrs_len; - - GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, - handle->parallel_lookups_tail, - parallel_lookup); - GNUNET_free (parallel_lookup->label); - - GNUNET_STATISTICS_update (stats, - "attribute_lookup_time_total", - GNUNET_TIME_absolute_get_duration (parallel_lookup->lookup_start_time).rel_value_us, - GNUNET_YES); - GNUNET_STATISTICS_update (stats, - "attribute_lookups_count", - 1, - GNUNET_YES); - - - GNUNET_free (parallel_lookup); - if (1 != rd_count) - GNUNET_break(0);//TODO - if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) - { - decrypt_duration = GNUNET_TIME_absolute_get (); - attr_len = GNUNET_ABE_cpabe_decrypt (rd->data + sizeof (uint32_t), - rd->data_size - sizeof (uint32_t), - handle->key, - (void**)&data); - if (GNUNET_SYSERR != attr_len) - { - GNUNET_STATISTICS_update (stats, - "abe_decrypt_time_total", - GNUNET_TIME_absolute_get_duration (decrypt_duration).rel_value_us, - GNUNET_YES); - GNUNET_STATISTICS_update (stats, - "abe_decrypt_count", - 1, - GNUNET_YES); - - attr_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); - attr_le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (data, - attr_len); - attr_le->claim->version = ntohl(*(uint32_t*)rd->data); - GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, - handle->attrs->list_tail, - attr_le); - GNUNET_free (data); - } - } - if (NULL != handle->parallel_lookups_head) - return; //Wait for more - /* Else we are done */ - - /* Store ticket in DB */ - if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, - &handle->ticket, - handle->attrs)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unable to store ticket after consume\n"); - GNUNET_break (0); - } - - GNUNET_SCHEDULER_cancel (handle->kill_task); - attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (handle->attrs); - env = GNUNET_MQ_msg_extra (crm, - attrs_len, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT); - crm->id = htonl (handle->r_id); - crm->attrs_len = htons (attrs_len); - crm->identity = handle->ticket.identity; - data_tmp = (char *) &crm[1]; - GNUNET_IDENTITY_ATTRIBUTE_list_serialize (handle->attrs, - data_tmp); - GNUNET_MQ_send (handle->client->mq, env); - GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head, - handle->client->consume_op_tail, - handle); - cleanup_consume_ticket_handle (handle); -} - -void -abort_parallel_lookups2 (void *cls) -{ - struct ConsumeTicketHandle *handle = cls; - struct ParallelLookup *lu; - struct ParallelLookup *tmp; - struct AttributeResultMessage *arm; - struct GNUNET_MQ_Envelope *env; - - handle->kill_task = NULL; - for (lu = handle->parallel_lookups_head; - NULL != lu;) { - GNUNET_GNS_lookup_cancel (lu->lookup_request); - GNUNET_free (lu->label); - tmp = lu->next; - GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, - handle->parallel_lookups_tail, - lu); - GNUNET_free (lu); - lu = tmp; - } - env = GNUNET_MQ_msg (arm, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); - arm->id = htonl (handle->r_id); - arm->attr_len = htons (0); - GNUNET_MQ_send (handle->client->mq, env); - -} - - -static void -process_consume_abe_key (void *cls, uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct ConsumeTicketHandle *handle = cls; - struct GNUNET_HashCode new_key_hash; - struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; - struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; - struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; - struct ParallelLookup *parallel_lookup; - size_t size; - char *buf; - char *scope; - - handle->lookup_request = NULL; - if (1 != rd_count) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Number of keys %d != 1.", - rd_count); - cleanup_consume_ticket_handle (handle); - GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head, - handle->client->consume_op_tail, - handle); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - - //Decrypt - ecdh_key = (struct GNUNET_CRYPTO_EcdhePublicKey *)rd->data; - - buf = GNUNET_malloc (rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - - //Calculate symmetric key from ecdh parameters - GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_ecdsa_ecdh (&handle->identity, - ecdh_key, - &new_key_hash)); - create_sym_key_from_ecdh (&new_key_hash, - &enc_key, - &enc_iv); - size = GNUNET_CRYPTO_symmetric_decrypt (rd->data + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), - rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), - &enc_key, - &enc_iv, - buf); - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Decrypted bytes: %zd Expected bytes: %zd\n", - size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - GNUNET_STATISTICS_update (stats, - "abe_key_lookup_time_total", - GNUNET_TIME_absolute_get_duration (handle->lookup_start_time).rel_value_us, - GNUNET_YES); - GNUNET_STATISTICS_update (stats, - "abe_key_lookups_count", - 1, - GNUNET_YES); - scopes = GNUNET_strdup (buf); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Scopes %s\n", scopes); - handle->key = GNUNET_ABE_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), - rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) - - strlen (scopes) - 1); - - for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Looking up %s\n", scope); - parallel_lookup = GNUNET_new (struct ParallelLookup); - parallel_lookup->handle = handle; - parallel_lookup->label = GNUNET_strdup (scope); - parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get(); - parallel_lookup->lookup_request - = GNUNET_GNS_lookup (gns_handle, - scope, - &handle->ticket.identity, - GNUNET_GNSRECORD_TYPE_ID_ATTR, - GNUNET_GNS_LO_DEFAULT, - &process_parallel_lookup2, - parallel_lookup); - GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, - handle->parallel_lookups_tail, - parallel_lookup); - } - GNUNET_free (scopes); - GNUNET_free (buf); - handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3), - &abort_parallel_lookups2, - handle); -} - - -static void -handle_consume_ticket_message (void *cls, - const struct ConsumeTicketMessage *cm) -{ - struct ConsumeTicketHandle *ch; - struct IdpClient *idp = cls; - char* rnd_label; - - ch = GNUNET_new (struct ConsumeTicketHandle); - ch->r_id = ntohl (cm->id); - ch->client = idp; - ch->identity = cm->identity; - ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); - GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity, - &ch->identity_pub); - ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]); - rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd, - sizeof (uint64_t)); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Looking for ABE key under %s\n", rnd_label); - ch->lookup_start_time = GNUNET_TIME_absolute_get (); - ch->lookup_request - = GNUNET_GNS_lookup (gns_handle, - rnd_label, - &ch->ticket.identity, - GNUNET_GNSRECORD_TYPE_ABE_KEY, - GNUNET_GNS_LO_DEFAULT, - &process_consume_abe_key, - ch); - GNUNET_CONTAINER_DLL_insert (idp->consume_op_head, - idp->consume_op_tail, - ch); - GNUNET_free (rnd_label); - GNUNET_SERVICE_client_continue (idp->client); -} - -/** - * Cleanup attribute store handle - * - * @param handle handle to clean up - */ -static void -cleanup_as_handle (struct AttributeStoreHandle *handle) -{ - if (NULL != handle->ns_qe) - GNUNET_NAMESTORE_cancel (handle->ns_qe); - if (NULL != handle->claim) - GNUNET_free (handle->claim); - if (NULL != handle->abe_key) - GNUNET_ABE_cpabe_delete_master_key (handle->abe_key); - GNUNET_free (handle); -} - -static void -attr_store_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct AttributeStoreHandle *as_handle = cls; - struct GNUNET_MQ_Envelope *env; - struct AttributeStoreResultMessage *acr_msg; - - as_handle->ns_qe = NULL; - GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head, - as_handle->client->store_op_tail, - as_handle); - - if (GNUNET_SYSERR == success) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to store attribute %s\n", - emsg); - cleanup_as_handle (as_handle); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Sending ATTRIBUTE_STORE_RESPONSE message\n"); - env = GNUNET_MQ_msg (acr_msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE); - acr_msg->id = htonl (as_handle->r_id); - acr_msg->op_result = htonl (GNUNET_OK); - GNUNET_MQ_send (as_handle->client->mq, - env); - cleanup_as_handle (as_handle); -} - -static void -attr_store_task (void *cls) -{ - struct AttributeStoreHandle *as_handle = cls; - struct GNUNET_GNSRECORD_Data rd[1]; - char* buf; - char* policy; - char* enc_buf; - char* rd_buf; - size_t enc_size; - size_t buf_size; - uint32_t attr_ver; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Storing attribute\n"); - buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (as_handle->claim); - buf = GNUNET_malloc (buf_size); - - GNUNET_IDENTITY_ATTRIBUTE_serialize (as_handle->claim, - buf); - - GNUNET_asprintf (&policy, - "%s_%lu", - as_handle->claim->name, - as_handle->claim->version); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Encrypting with policy %s\n", policy); - /** - * Encrypt the attribute value and store in namestore - */ - enc_size = GNUNET_ABE_cpabe_encrypt (buf, - buf_size, - policy, //Policy - as_handle->abe_key, - (void**)&enc_buf); - if (GNUNET_SYSERR == enc_size) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to encrypt with policy %s\n", - policy); - GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head, - as_handle->client->store_op_tail, - as_handle); - - cleanup_as_handle (as_handle); - GNUNET_free (buf); - GNUNET_free (policy); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - GNUNET_free (buf); - GNUNET_free (policy); - rd[0].data_size = enc_size + sizeof (uint32_t); - rd_buf = GNUNET_malloc (rd[0].data_size); - attr_ver = htonl (as_handle->claim->version); - GNUNET_memcpy (rd_buf, - &attr_ver, - sizeof (uint32_t)); - GNUNET_memcpy (rd_buf+sizeof (uint32_t), - enc_buf, - enc_size); - rd[0].data = rd_buf; - rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; - rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; - rd[0].expiration_time = as_handle->exp.rel_value_us; - as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &as_handle->identity, - as_handle->claim->name, - 1, - rd, - &attr_store_cont, - as_handle); - GNUNET_free (enc_buf); - GNUNET_free (rd_buf); -} - - -static void -store_after_abe_bootstrap (void *cls, - struct GNUNET_ABE_AbeMasterKey *abe_key) -{ - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Finished ABE bootstrap\n"); - struct AttributeStoreHandle *ash = cls; - ash->abe_key = abe_key; - GNUNET_SCHEDULER_add_now (&attr_store_task, ash); -} - -static int -check_attribute_store_message(void *cls, - const struct AttributeStoreMessage *sam) -{ - uint16_t size; - - size = ntohs (sam->header.size); - if (size <= sizeof (struct AttributeStoreMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - - -static void -handle_attribute_store_message (void *cls, - const struct AttributeStoreMessage *sam) -{ - struct AttributeStoreHandle *as_handle; - struct IdpClient *idp = cls; - size_t data_len; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received ATTRIBUTE_STORE message\n"); - - data_len = ntohs (sam->attr_len); - - as_handle = GNUNET_new (struct AttributeStoreHandle); - as_handle->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&sam[1], - data_len); - - as_handle->r_id = ntohl (sam->id); - as_handle->identity = sam->identity; - as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp); - GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, - &as_handle->identity_pkey); - - GNUNET_SERVICE_client_continue (idp->client); - as_handle->client = idp; - GNUNET_CONTAINER_DLL_insert (idp->store_op_head, - idp->store_op_tail, - as_handle); - bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle, GNUNET_NO); -} - -static void -cleanup_attribute_iter_handle (struct AttributeIterator *ai) -{ - if (NULL != ai->abe_key) - GNUNET_ABE_cpabe_delete_master_key (ai->abe_key); - GNUNET_free (ai); -} - -static void -attr_iter_error (void *cls) -{ - struct AttributeIterator *ai = cls; - //TODO - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to iterate over attributes\n"); - GNUNET_CONTAINER_DLL_remove (ai->client->attr_iter_head, - ai->client->attr_iter_tail, - ai); - cleanup_attribute_iter_handle (ai); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); -} - -static void -attr_iter_finished (void *cls) -{ - struct AttributeIterator *ai = cls; - struct GNUNET_MQ_Envelope *env; - struct AttributeResultMessage *arm; - - env = GNUNET_MQ_msg (arm, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); - arm->id = htonl (ai->request_id); - arm->attr_len = htons (0); - GNUNET_MQ_send (ai->client->mq, env); - GNUNET_CONTAINER_DLL_remove (ai->client->attr_iter_head, - ai->client->attr_iter_tail, - ai); - cleanup_attribute_iter_handle (ai); -} - -static void -attr_iter_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct AttributeIterator *ai = cls; - struct AttributeResultMessage *arm; - struct GNUNET_ABE_AbeKey *key; - struct GNUNET_MQ_Envelope *env; - ssize_t msg_extra_len; - char* attr_ser; - char* attrs[2]; - char* data_tmp; - char* policy; - uint32_t attr_ver; - - if (rd_count != 1) - { - GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, - 1); - return; - } - - if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type) - { - GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, - 1); - return; - } - attr_ver = ntohl(*((uint32_t*)rd->data)); - GNUNET_asprintf (&policy, "%s_%lu", - label, attr_ver); - attrs[0] = policy; - attrs[1] = 0; - key = GNUNET_ABE_cpabe_create_key (ai->abe_key, - attrs); - msg_extra_len = GNUNET_ABE_cpabe_decrypt (rd->data+sizeof (uint32_t), - rd->data_size-sizeof (uint32_t), - key, - (void**)&attr_ser); - if (GNUNET_SYSERR == msg_extra_len) - { - GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, - 1); - return; - } - - GNUNET_ABE_cpabe_delete_key (key, - GNUNET_YES); - //GNUNET_free (policy); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Found attribute: %s\n", label); - env = GNUNET_MQ_msg_extra (arm, - msg_extra_len, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); - arm->id = htonl (ai->request_id); - arm->attr_len = htons (msg_extra_len); - GNUNET_CRYPTO_ecdsa_key_get_public (zone, - &arm->identity); - data_tmp = (char *) &arm[1]; - GNUNET_memcpy (data_tmp, - attr_ser, - msg_extra_len); - GNUNET_MQ_send (ai->client->mq, env); - GNUNET_free (attr_ser); - GNUNET_ABE_cpabe_delete_master_key (ai->abe_key); - ai->abe_key = NULL; -} - - -void -iterate_after_abe_bootstrap (void *cls, - struct GNUNET_ABE_AbeMasterKey *abe_key) -{ - struct AttributeIterator *ai = cls; - ai->abe_key = abe_key; - ai->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &ai->identity, - &attr_iter_error, - ai, - &attr_iter_cb, - ai, - &attr_iter_finished, - ai); -} - - -static void -iterate_next_after_abe_bootstrap (void *cls, - struct GNUNET_ABE_AbeMasterKey *abe_key) -{ - struct AttributeIterator *ai = cls; - ai->abe_key = abe_key; - GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, - 1); -} - - - -static void -handle_iteration_start (void *cls, - const struct AttributeIterationStartMessage *ais_msg) -{ - struct IdpClient *idp = cls; - struct AttributeIterator *ai; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received ATTRIBUTE_ITERATION_START message\n"); - ai = GNUNET_new (struct AttributeIterator); - ai->request_id = ntohl (ais_msg->id); - ai->client = idp; - ai->identity = ais_msg->identity; - - GNUNET_CONTAINER_DLL_insert (idp->attr_iter_head, - idp->attr_iter_tail, - ai); - bootstrap_abe (&ai->identity, &iterate_after_abe_bootstrap, ai, GNUNET_NO); - GNUNET_SERVICE_client_continue (idp->client); -} - - -static void -handle_iteration_stop (void *cls, - const struct AttributeIterationStopMessage *ais_msg) -{ - struct IdpClient *idp = cls; - struct AttributeIterator *ai; - uint32_t rid; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received `%s' message\n", - "ATTRIBUTE_ITERATION_STOP"); - rid = ntohl (ais_msg->id); - for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next) - if (ai->request_id == rid) - break; - if (NULL == ai) - { - GNUNET_break (0); - GNUNET_SERVICE_client_drop (idp->client); - return; - } - GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head, - idp->attr_iter_tail, - ai); - GNUNET_free (ai); - GNUNET_SERVICE_client_continue (idp->client); -} - - -static void -handle_iteration_next (void *cls, - const struct AttributeIterationNextMessage *ais_msg) -{ - struct IdpClient *idp = cls; - struct AttributeIterator *ai; - uint32_t rid; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received ATTRIBUTE_ITERATION_NEXT message\n"); - rid = ntohl (ais_msg->id); - for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next) - if (ai->request_id == rid) - break; - if (NULL == ai) - { - GNUNET_break (0); - GNUNET_SERVICE_client_drop (idp->client); - return; - } - bootstrap_abe (&ai->identity, - &iterate_next_after_abe_bootstrap, - ai, - GNUNET_NO); - GNUNET_SERVICE_client_continue (idp->client); -} - -/** - * Ticket iteration processor result - */ -enum ZoneIterationResult -{ - /** - * Iteration start. - */ - IT_START = 0, - - /** - * Found tickets, - * Continue to iterate with next iteration_next call - */ - IT_SUCCESS_MORE_AVAILABLE = 1, - - /** - * Iteration complete - */ - IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE = 2 -}; - - -/** - * Context for ticket iteration - */ -struct TicketIterationProcResult -{ - /** - * The ticket iteration handle - */ - struct TicketIteration *ti; - - /** - * Iteration result: iteration done? - * #IT_SUCCESS_MORE_AVAILABLE: if there may be more results overall but - * we got one for now and have sent it to the client - * #IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE: if there are no further results, - * #IT_START: if we are still trying to find a result. - */ - int res_iteration_finished; - -}; - -static void -cleanup_ticket_iter_handle (struct TicketIteration *ti) -{ - GNUNET_free (ti); -} - -/** - * Process ticket from database - * - * @param cls struct TicketIterationProcResult - * @param ticket the ticket - * @param attrs the attributes - */ -static void -ticket_iterate_proc (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) -{ - struct TicketIterationProcResult *proc = cls; - - if (NULL == ticket) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Iteration done\n"); - proc->res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE; - return; - } - proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE; - send_ticket_result (proc->ti->client, - proc->ti->r_id, - ticket, - attrs); - -} - -/** - * Perform ticket iteration step - * - * @param ti ticket iterator to process - */ -static void -run_ticket_iteration_round (struct TicketIteration *ti) -{ - struct TicketIterationProcResult proc; - struct GNUNET_MQ_Envelope *env; - struct TicketResultMessage *trm; - int ret; - - memset (&proc, 0, sizeof (proc)); - proc.ti = ti; - proc.res_iteration_finished = IT_START; - while (IT_START == proc.res_iteration_finished) - { - if (GNUNET_SYSERR == - (ret = TKT_database->iterate_tickets (TKT_database->cls, - &ti->identity, - ti->is_audience, - ti->offset, - &ticket_iterate_proc, - &proc))) - { - GNUNET_break (0); - break; - } - if (GNUNET_NO == ret) - proc.res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE; - ti->offset++; - } - if (IT_SUCCESS_MORE_AVAILABLE == proc.res_iteration_finished) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "More results available\n"); - return; /* more later */ - } - /* send empty response to indicate end of list */ - env = GNUNET_MQ_msg (trm, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); - trm->id = htonl (ti->r_id); - GNUNET_MQ_send (ti->client->mq, - env); - GNUNET_CONTAINER_DLL_remove (ti->client->ticket_iter_head, - ti->client->ticket_iter_tail, - ti); - cleanup_ticket_iter_handle (ti); -} - -static void -handle_ticket_iteration_start (void *cls, - const struct TicketIterationStartMessage *tis_msg) -{ - struct IdpClient *client = cls; - struct TicketIteration *ti; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received TICKET_ITERATION_START message\n"); - ti = GNUNET_new (struct TicketIteration); - ti->r_id = ntohl (tis_msg->id); - ti->offset = 0; - ti->client = client; - ti->identity = tis_msg->identity; - ti->is_audience = ntohl (tis_msg->is_audience); - - GNUNET_CONTAINER_DLL_insert (client->ticket_iter_head, - client->ticket_iter_tail, - ti); - run_ticket_iteration_round (ti); - GNUNET_SERVICE_client_continue (client->client); -} - - -static void -handle_ticket_iteration_stop (void *cls, - const struct TicketIterationStopMessage *tis_msg) -{ - struct IdpClient *client = cls; - struct TicketIteration *ti; - uint32_t rid; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received `%s' message\n", - "TICKET_ITERATION_STOP"); - rid = ntohl (tis_msg->id); - for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next) - if (ti->r_id == rid) - break; - if (NULL == ti) - { - GNUNET_break (0); - GNUNET_SERVICE_client_drop (client->client); - return; - } - GNUNET_CONTAINER_DLL_remove (client->ticket_iter_head, - client->ticket_iter_tail, - ti); - cleanup_ticket_iter_handle (ti); - GNUNET_SERVICE_client_continue (client->client); -} - - -static void -handle_ticket_iteration_next (void *cls, - const struct TicketIterationNextMessage *tis_msg) -{ - struct IdpClient *client = cls; - struct TicketIteration *ti; - uint32_t rid; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received TICKET_ITERATION_NEXT message\n"); - rid = ntohl (tis_msg->id); - for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next) - if (ti->r_id == rid) - break; - if (NULL == ti) - { - GNUNET_break (0); - GNUNET_SERVICE_client_drop (client->client); - return; - } - run_ticket_iteration_round (ti); - GNUNET_SERVICE_client_continue (client->client); -} - - - - -/** - * Main function that will be run - * - * @param cls closure - * @param c the configuration used - * @param server the service handle - */ -static void -run (void *cls, - const struct GNUNET_CONFIGURATION_Handle *c, - struct GNUNET_SERVICE_Handle *server) -{ - char *database; - cfg = c; - - stats = GNUNET_STATISTICS_create ("identity-provider", cfg); - - //Connect to identity and namestore services - ns_handle = GNUNET_NAMESTORE_connect (cfg); - if (NULL == ns_handle) - { - GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to namestore"); - } - - gns_handle = GNUNET_GNS_connect (cfg); - if (NULL == gns_handle) - { - GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to gns"); - } - credential_handle = GNUNET_CREDENTIAL_connect (cfg); - if (NULL == credential_handle) - { - GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to credential"); - } - identity_handle = GNUNET_IDENTITY_connect (cfg, - NULL, - NULL); - /* Loading DB plugin */ - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_string (cfg, - "identity-provider", - "database", - &database)) - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "No database backend configured\n"); - GNUNET_asprintf (&db_lib_name, - "libgnunet_plugin_identity_provider_%s", - database); - TKT_database = GNUNET_PLUGIN_load (db_lib_name, - (void *) cfg); - GNUNET_free (database); - if (NULL == TKT_database) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Could not load database backend `%s'\n", - db_lib_name); - GNUNET_SCHEDULER_shutdown (); - return; - } - - if (GNUNET_OK == - GNUNET_CONFIGURATION_get_value_time (cfg, - "identity-provider", - "TOKEN_EXPIRATION_INTERVAL", - &token_expiration_interval)) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Time window for zone iteration: %s\n", - GNUNET_STRINGS_relative_time_to_string (token_expiration_interval, - GNUNET_YES)); - } else { - token_expiration_interval = DEFAULT_TOKEN_EXPIRATION_INTERVAL; - } - - GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); -} - -/** - * Called whenever a client is disconnected. - * - * @param cls closure - * @param client identification of the client - * @param app_ctx @a client - */ -static void -client_disconnect_cb (void *cls, - struct GNUNET_SERVICE_Client *client, - void *app_ctx) -{ - struct IdpClient *idp = app_ctx; - struct AttributeIterator *ai; - struct TicketIteration *ti; - struct TicketRevocationHandle *rh; - struct TicketIssueHandle *iss; - struct ConsumeTicketHandle *ct; - struct AttributeStoreHandle *as; - - //TODO other operations - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Client %p disconnected\n", - client); - - while (NULL != (iss = idp->issue_op_head)) - { - GNUNET_CONTAINER_DLL_remove (idp->issue_op_head, - idp->issue_op_tail, - iss); - cleanup_ticket_issue_handle (iss); - } - while (NULL != (ct = idp->consume_op_head)) - { - GNUNET_CONTAINER_DLL_remove (idp->consume_op_head, - idp->consume_op_tail, - ct); - cleanup_consume_ticket_handle (ct); - } - while (NULL != (as = idp->store_op_head)) - { - GNUNET_CONTAINER_DLL_remove (idp->store_op_head, - idp->store_op_tail, - as); - cleanup_as_handle (as); - } - - while (NULL != (ai = idp->attr_iter_head)) - { - GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head, - idp->attr_iter_tail, - ai); - cleanup_attribute_iter_handle (ai); - } - while (NULL != (rh = idp->revoke_op_head)) - { - GNUNET_CONTAINER_DLL_remove (idp->revoke_op_head, - idp->revoke_op_tail, - rh); - cleanup_revoke_ticket_handle (rh); - } - while (NULL != (ti = idp->ticket_iter_head)) - { - GNUNET_CONTAINER_DLL_remove (idp->ticket_iter_head, - idp->ticket_iter_tail, - ti); - cleanup_ticket_iter_handle (ti); - } - GNUNET_free (idp); -} - - -/** - * Add a client to our list of active clients. - * - * @param cls NULL - * @param client client to add - * @param mq message queue for @a client - * @return internal namestore client structure for this client - */ -static void * -client_connect_cb (void *cls, - struct GNUNET_SERVICE_Client *client, - struct GNUNET_MQ_Handle *mq) -{ - struct IdpClient *idp; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Client %p connected\n", - client); - idp = GNUNET_new (struct IdpClient); - idp->client = client; - idp->mq = mq; - return idp; -} - - - -/** - * Define "main" method using service macro. - */ -GNUNET_SERVICE_MAIN -("identity-provider", - GNUNET_SERVICE_OPTION_NONE, - &run, - &client_connect_cb, - &client_disconnect_cb, - NULL, - GNUNET_MQ_hd_var_size (attribute_store_message, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE, - struct AttributeStoreMessage, - NULL), - GNUNET_MQ_hd_fixed_size (iteration_start, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START, - struct AttributeIterationStartMessage, - NULL), - GNUNET_MQ_hd_fixed_size (iteration_next, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT, - struct AttributeIterationNextMessage, - NULL), - GNUNET_MQ_hd_fixed_size (iteration_stop, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP, - struct AttributeIterationStopMessage, - NULL), - GNUNET_MQ_hd_var_size (issue_ticket_message, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET, - struct IssueTicketMessage, - NULL), - GNUNET_MQ_hd_var_size (consume_ticket_message, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET, - struct ConsumeTicketMessage, - NULL), - GNUNET_MQ_hd_fixed_size (ticket_iteration_start, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START, - struct TicketIterationStartMessage, - NULL), - GNUNET_MQ_hd_fixed_size (ticket_iteration_next, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT, - struct TicketIterationNextMessage, - NULL), - GNUNET_MQ_hd_fixed_size (ticket_iteration_stop, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP, - struct TicketIterationStopMessage, - NULL), - GNUNET_MQ_hd_var_size (revoke_ticket_message, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET, - struct RevokeTicketMessage, - NULL), - GNUNET_MQ_handler_end()); -/* end of gnunet-service-identity-provider.c */ diff --git a/src/identity-provider/identity-provider.conf b/src/identity-provider/identity-provider.conf deleted file mode 100644 index 99c0a50be..000000000 --- a/src/identity-provider/identity-provider.conf +++ /dev/null @@ -1,23 +0,0 @@ -[identity-provider] -START_ON_DEMAND = NO -RUN_PER_USER = YES -#PORT = 2108 -HOSTNAME = localhost -BINARY = gnunet-service-identity-provider -ACCEPT_FROM = 127.0.0.1; -ACCEPT_FROM6 = ::1; -UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-identity-provider.sock -UNIX_MATCH_UID = NO -UNIX_MATCH_GID = YES -TOKEN_EXPIRATION_INTERVAL = 30 m -DATABASE = sqlite - -[identity-rest-plugin] -#ADDRESS = https://identity.gnu:8000#/login -ADDRESS = https://reclaim.ui/#/login -PSW = secret -JWT_SECRET = secret -EXPIRATION_TIME = 3600 - -[identity-provider-sqlite] -FILENAME = $GNUNET_DATA_HOME/identity-provider/sqlite.db diff --git a/src/identity-provider/identity-token.conf b/src/identity-provider/identity-token.conf deleted file mode 100644 index f29f6cdf3..000000000 --- a/src/identity-provider/identity-token.conf +++ /dev/null @@ -1,2 +0,0 @@ -[identity-token] -BINARY=gnunet-service-identity-token diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h deleted file mode 100644 index 6a4b7769f..000000000 --- a/src/identity-provider/identity_provider.h +++ /dev/null @@ -1,410 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2016 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @author Martin Schanzenbach - * @file identity-provider/identity_provider.h - * - * @brief Common type definitions for the identity provider - * service and API. - */ -#ifndef IDENTITY_PROVIDER_H -#define IDENTITY_PROVIDER_H - -#include "gnunet_common.h" - - -GNUNET_NETWORK_STRUCT_BEGIN - -/** - * Use to store an identity attribute - */ -struct AttributeStoreMessage -{ - /** - * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * The length of the attribute - */ - uint32_t attr_len GNUNET_PACKED; - - /** - * The expiration interval of the attribute - */ - uint64_t exp GNUNET_PACKED; - - /** - * Identity - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /* followed by the serialized attribute */ - -}; - -/** - * Attribute store response message - */ -struct AttributeStoreResultMessage -{ - /** - * Message header - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * #GNUNET_SYSERR on failure, #GNUNET_OK on success - */ - int32_t op_result GNUNET_PACKED; - -}; - -/** - * Attribute is returned from the idp. - */ -struct AttributeResultMessage -{ - /** - * Message header - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Length of serialized attribute data - */ - uint16_t attr_len GNUNET_PACKED; - - /** - * always zero (for alignment) - */ - uint16_t reserved GNUNET_PACKED; - - /** - * The public key of the identity. - */ - struct GNUNET_CRYPTO_EcdsaPublicKey identity; - - /* followed by: - * serialized attribute data - */ -}; - - -/** - * Start a attribute iteration for the given identity - */ -struct AttributeIterationStartMessage -{ - /** - * Message - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Identity. - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - -}; - - -/** - * Ask for next result of attribute iteration for the given operation - */ -struct AttributeIterationNextMessage -{ - /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - -}; - - -/** - * Stop attribute iteration for the given operation - */ -struct AttributeIterationStopMessage -{ - /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - -}; - -/** - * Start a ticket iteration for the given identity - */ -struct TicketIterationStartMessage -{ - /** - * Message - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Identity. - */ - struct GNUNET_CRYPTO_EcdsaPublicKey identity; - - /** - * Identity is audience or issuer - */ - uint32_t is_audience GNUNET_PACKED; -}; - - -/** - * Ask for next result of ticket iteration for the given operation - */ -struct TicketIterationNextMessage -{ - /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - -}; - - -/** - * Stop ticket iteration for the given operation - */ -struct TicketIterationStopMessage -{ - /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - -}; - - - -/** - * Ticket issue message - */ -struct IssueTicketMessage -{ - /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Identity. - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /** - * Requesting party. - */ - struct GNUNET_CRYPTO_EcdsaPublicKey rp; - - /** - * length of serialized attribute list - */ - uint32_t attr_len GNUNET_PACKED; - - //Followed by a serialized attribute list -}; - -/** - * Ticket revoke message - */ -struct RevokeTicketMessage -{ - /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Identity. - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /** - * length of serialized attribute list - */ - uint32_t attrs_len GNUNET_PACKED; - - //Followed by a ticket and serialized attribute list -}; - -/** - * Ticket revoke message - */ -struct RevokeTicketResultMessage -{ - /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Revocation result - */ - uint32_t success GNUNET_PACKED; -}; - - -/** - * Ticket result message - */ -struct TicketResultMessage -{ - /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - -}; - -/** - * Ticket consume message - */ -struct ConsumeTicketMessage -{ - /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Identity. - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - //Followed by a serialized ticket -}; - -/** - * Attribute list is returned from the idp. - */ -struct ConsumeTicketResultMessage -{ - /** - * Message header - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Length of serialized attribute data - */ - uint16_t attrs_len GNUNET_PACKED; - - /** - * always zero (for alignment) - */ - uint16_t reserved GNUNET_PACKED; - - /** - * The public key of the identity. - */ - struct GNUNET_CRYPTO_EcdsaPublicKey identity; - - /* followed by: - * serialized attributes data - */ -}; - - - -GNUNET_NETWORK_STRUCT_END - -#endif diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c deleted file mode 100644 index 33efe726f..000000000 --- a/src/identity-provider/identity_provider_api.c +++ /dev/null @@ -1,1383 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2016 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @file identity-provider/identity_provider_api.c - * @brief api to interact with the identity provider service - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_constants.h" -#include "gnunet_protocols.h" -#include "gnunet_mq_lib.h" -#include "gnunet_identity_provider_service.h" -#include "gnunet_identity_attribute_lib.h" -#include "identity_provider.h" - -#define LOG(kind,...) GNUNET_log_from (kind, "identity-api",__VA_ARGS__) - - -/** - * Handle for an operation with the service. - */ -struct GNUNET_IDENTITY_PROVIDER_Operation -{ - - /** - * Main handle. - */ - struct GNUNET_IDENTITY_PROVIDER_Handle *h; - - /** - * We keep operations in a DLL. - */ - struct GNUNET_IDENTITY_PROVIDER_Operation *next; - - /** - * We keep operations in a DLL. - */ - struct GNUNET_IDENTITY_PROVIDER_Operation *prev; - - /** - * Message to send to the service. - * Allocated at the end of this struct. - */ - const struct GNUNET_MessageHeader *msg; - - /** - * Continuation to invoke after attribute store call - */ - GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb; - - /** - * Attribute result callback - */ - GNUNET_IDENTITY_PROVIDER_AttributeResult ar_cb; - - /** - * Revocation result callback - */ - GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus rvk_cb; - - /** - * Ticket result callback - */ - GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb; - - /** - * Envelope with the message for this queue entry. - */ - struct GNUNET_MQ_Envelope *env; - - /** - * request id - */ - uint32_t r_id; - - /** - * Closure for @e cont or @e cb. - */ - void *cls; - -}; - -/** - * Handle for a ticket iterator operation - */ -struct GNUNET_IDENTITY_PROVIDER_TicketIterator -{ - - /** - * Kept in a DLL. - */ - struct GNUNET_IDENTITY_PROVIDER_TicketIterator *next; - - /** - * Kept in a DLL. - */ - struct GNUNET_IDENTITY_PROVIDER_TicketIterator *prev; - - /** - * Main handle to access the idp. - */ - struct GNUNET_IDENTITY_PROVIDER_Handle *h; - - /** - * Function to call on completion. - */ - GNUNET_SCHEDULER_TaskCallback finish_cb; - - /** - * Closure for @e error_cb. - */ - void *finish_cb_cls; - - /** - * The continuation to call with the results - */ - GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb; - - /** - * Closure for @e tr_cb. - */ - void *cls; - - /** - * Function to call on errors. - */ - GNUNET_SCHEDULER_TaskCallback error_cb; - - /** - * Closure for @e error_cb. - */ - void *error_cb_cls; - - /** - * Envelope of the message to send to the service, if not yet - * sent. - */ - struct GNUNET_MQ_Envelope *env; - - /** - * The operation id this zone iteration operation has - */ - uint32_t r_id; - -}; - - -/** - * Handle for a attribute iterator operation - */ -struct GNUNET_IDENTITY_PROVIDER_AttributeIterator -{ - - /** - * Kept in a DLL. - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *next; - - /** - * Kept in a DLL. - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *prev; - - /** - * Main handle to access the idp. - */ - struct GNUNET_IDENTITY_PROVIDER_Handle *h; - - /** - * Function to call on completion. - */ - GNUNET_SCHEDULER_TaskCallback finish_cb; - - /** - * Closure for @e error_cb. - */ - void *finish_cb_cls; - - /** - * The continuation to call with the results - */ - GNUNET_IDENTITY_PROVIDER_AttributeResult proc; - - /** - * Closure for @e proc. - */ - void *proc_cls; - - /** - * Function to call on errors. - */ - GNUNET_SCHEDULER_TaskCallback error_cb; - - /** - * Closure for @e error_cb. - */ - void *error_cb_cls; - - /** - * Envelope of the message to send to the service, if not yet - * sent. - */ - struct GNUNET_MQ_Envelope *env; - - /** - * Private key of the zone. - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - - /** - * The operation id this zone iteration operation has - */ - uint32_t r_id; - -}; - - -/** - * Handle for the service. - */ -struct GNUNET_IDENTITY_PROVIDER_Handle -{ - /** - * Configuration to use. - */ - const struct GNUNET_CONFIGURATION_Handle *cfg; - - /** - * Socket (if available). - */ - struct GNUNET_CLIENT_Connection *client; - - /** - * Closure for 'cb'. - */ - void *cb_cls; - - /** - * Head of active operations. - */ - struct GNUNET_IDENTITY_PROVIDER_Operation *op_head; - - /** - * Tail of active operations. - */ - struct GNUNET_IDENTITY_PROVIDER_Operation *op_tail; - - /** - * Head of active iterations - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_head; - - /** - * Tail of active iterations - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_tail; - - /** - * Head of active iterations - */ - struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_head; - - /** - * Tail of active iterations - */ - struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_tail; - - - /** - * Currently pending transmission request, or NULL for none. - */ - struct GNUNET_CLIENT_TransmitHandle *th; - - /** - * Task doing exponential back-off trying to reconnect. - */ - struct GNUNET_SCHEDULER_Task * reconnect_task; - - /** - * Time for next connect retry. - */ - struct GNUNET_TIME_Relative reconnect_backoff; - - /** - * Connection to service (if available). - */ - struct GNUNET_MQ_Handle *mq; - - /** - * Request Id generator. Incremented by one for each request. - */ - uint32_t r_id_gen; - - /** - * Are we polling for incoming messages right now? - */ - int in_receive; - -}; - -/** - * Try again to connect to the service. - * - * @param h handle to the identity provider service. - */ -static void -reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h); - -/** - * Reconnect - * - * @param cls the handle - */ -static void -reconnect_task (void *cls) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; - - handle->reconnect_task = NULL; - reconnect (handle); -} - - -/** - * Disconnect from service and then reconnect. - * - * @param handle our service - */ -static void -force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle) -{ - GNUNET_MQ_destroy (handle->mq); - handle->mq = NULL; - handle->reconnect_backoff - = GNUNET_TIME_STD_BACKOFF (handle->reconnect_backoff); - handle->reconnect_task - = GNUNET_SCHEDULER_add_delayed (handle->reconnect_backoff, - &reconnect_task, - handle); -} - -/** - * Free @a it. - * - * @param it entry to free - */ -static void -free_it (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; - - GNUNET_CONTAINER_DLL_remove (h->it_head, - h->it_tail, - it); - if (NULL != it->env) - GNUNET_MQ_discard (it->env); - GNUNET_free (it); -} - -static void -free_op (struct GNUNET_IDENTITY_PROVIDER_Operation* op) -{ - if (NULL == op) - return; - if (NULL != op->env) - GNUNET_MQ_discard (op->env); - GNUNET_free(op); -} - - -/** - * Generic error handler, called with the appropriate error code and - * the same closure specified at the creation of the message queue. - * Not every message queue implementation supports an error handler. - * - * @param cls closure with the `struct GNUNET_GNS_Handle *` - * @param error error code - */ -static void -mq_error_handler (void *cls, - enum GNUNET_MQ_Error error) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; - force_reconnect (handle); -} - -/** - * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE - * - * @param cls - * @param msg the message we received - */ -static void -handle_attribute_store_response (void *cls, - const struct AttributeStoreResultMessage *msg) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - uint32_t r_id = ntohl (msg->id); - int res; - const char *emsg; - - for (op = h->op_head; NULL != op; op = op->next) - if (op->r_id == r_id) - break; - if (NULL == op) - return; - - res = ntohl (msg->op_result); - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Received ATTRIBUTE_STORE_RESPONSE with result %d\n", - res); - - /* TODO: add actual error message to response... */ - if (GNUNET_SYSERR == res) - emsg = _("failed to store record\n"); - else - emsg = NULL; - if (NULL != op->as_cb) - op->as_cb (op->cls, - res, - emsg); - GNUNET_CONTAINER_DLL_remove (h->op_head, - h->op_tail, - op); - free_op (op); - -} - - -/** - * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT - * - * @param cls - * @param msg the message we received - * @return #GNUNET_OK on success, #GNUNET_SYSERR on error - */ -static int -check_consume_ticket_result (void *cls, - const struct ConsumeTicketResultMessage *msg) -{ - size_t msg_len; - size_t attrs_len; - - msg_len = ntohs (msg->header.size); - attrs_len = ntohs (msg->attrs_len); - if (msg_len != sizeof (struct ConsumeTicketResultMessage) + attrs_len) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - - -/** - * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT - * - * @param cls - * @param msg the message we received - */ -static void -handle_consume_ticket_result (void *cls, - const struct ConsumeTicketResultMessage *msg) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - size_t attrs_len; - uint32_t r_id = ntohl (msg->id); - - attrs_len = ntohs (msg->attrs_len); - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Processing attribute result.\n"); - - - for (op = h->op_head; NULL != op; op = op->next) - if (op->r_id == r_id) - break; - if (NULL == op) - return; - - { - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&msg[1], - attrs_len); - if (NULL != op->ar_cb) - { - if (NULL == attrs) - { - op->ar_cb (op->cls, - &msg->identity, - NULL); - } - else - { - for (le = attrs->list_head; NULL != le; le = le->next) - op->ar_cb (op->cls, - &msg->identity, - le->claim); - GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs); - } - } - if (NULL != op) - { - op->ar_cb (op->cls, - NULL, - NULL); - GNUNET_CONTAINER_DLL_remove (h->op_head, - h->op_tail, - op); - free_op (op); - } - return; - } - GNUNET_assert (0); -} - - -/** - * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT - * - * @param cls - * @param msg the message we received - * @return #GNUNET_OK on success, #GNUNET_SYSERR on error - */ -static int -check_attribute_result (void *cls, - const struct AttributeResultMessage *msg) -{ - size_t msg_len; - size_t attr_len; - - msg_len = ntohs (msg->header.size); - attr_len = ntohs (msg->attr_len); - if (msg_len != sizeof (struct AttributeResultMessage) + attr_len) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - - -/** - * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT - * - * @param cls - * @param msg the message we received - */ -static void -handle_attribute_result (void *cls, - const struct AttributeResultMessage *msg) -{ - static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy; - struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; - struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it; - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - size_t attr_len; - uint32_t r_id = ntohl (msg->id); - - attr_len = ntohs (msg->attr_len); - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Processing attribute result.\n"); - - - for (it = h->it_head; NULL != it; it = it->next) - if (it->r_id == r_id) - break; - for (op = h->op_head; NULL != op; op = op->next) - if (op->r_id == r_id) - break; - if ((NULL == it) && (NULL == op)) - return; - - if ( (0 == (memcmp (&msg->identity, - &identity_dummy, - sizeof (identity_dummy)))) ) - { - if ((NULL == it) && (NULL == op)) - { - GNUNET_break (0); - force_reconnect (h); - return; - } - if (NULL != it) - { - if (NULL != it->finish_cb) - it->finish_cb (it->finish_cb_cls); - free_it (it); - } - if (NULL != op) - { - if (NULL != op->ar_cb) - op->ar_cb (op->cls, - NULL, - NULL); - GNUNET_CONTAINER_DLL_remove (h->op_head, - h->op_tail, - op); - free_op (op); - - } - return; - } - - { - struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr; - attr = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&msg[1], - attr_len); - if (NULL != it) - { - if (NULL != it->proc) - it->proc (it->proc_cls, - &msg->identity, - attr); - } else if (NULL != op) - { - if (NULL != op->ar_cb) - op->ar_cb (op->cls, - &msg->identity, - attr); - - } - GNUNET_free (attr); - return; - } - GNUNET_assert (0); -} - -/** - * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT - * - * @param cls - * @param msg the message we received - * @return #GNUNET_OK on success, #GNUNET_SYSERR on error - */ -static int -check_ticket_result (void *cls, - const struct TicketResultMessage *msg) -{ - size_t msg_len; - - msg_len = ntohs (msg->header.size); - if (msg_len < sizeof (struct TicketResultMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - - - -/** - * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT - * - * @param cls - * @param msg the message we received - */ -static void -handle_ticket_result (void *cls, - const struct TicketResultMessage *msg) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; - uint32_t r_id = ntohl (msg->id); - size_t msg_len; - - for (op = handle->op_head; NULL != op; op = op->next) - if (op->r_id == r_id) - break; - for (it = handle->ticket_it_head; NULL != it; it = it->next) - if (it->r_id == r_id) - break; - if ((NULL == op) && (NULL == it)) - return; - msg_len = ntohs (msg->header.size); - if (NULL != op) - { - GNUNET_CONTAINER_DLL_remove (handle->op_head, - handle->op_tail, - op); - if (msg_len == sizeof (struct TicketResultMessage)) - { - if (NULL != op->tr_cb) - op->tr_cb (op->cls, NULL); - } else { - ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1]; - if (NULL != op->tr_cb) - op->tr_cb (op->cls, ticket); - } - free_op (op); - return; - } else if (NULL != it) { - if (msg_len == sizeof (struct TicketResultMessage)) - { - if (NULL != it->tr_cb) - GNUNET_CONTAINER_DLL_remove (handle->ticket_it_head, - handle->ticket_it_tail, - it); - it->finish_cb (it->finish_cb_cls); - GNUNET_free (it); - } else { - ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1]; - if (NULL != it->tr_cb) - it->tr_cb (it->cls, ticket); - } - return; - } - GNUNET_break (0); -} - - -/** - * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT - * - * @param cls - * @param msg the message we received - */ -static void -handle_revoke_ticket_result (void *cls, - const struct RevokeTicketResultMessage *msg) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - uint32_t r_id = ntohl (msg->id); - int32_t success; - - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Processing revocation result.\n"); - - - for (op = h->op_head; NULL != op; op = op->next) - if (op->r_id == r_id) - break; - if (NULL == op) - return; - success = ntohl (msg->success); - { - if (NULL != op->rvk_cb) - { - op->rvk_cb (op->cls, - success, - NULL); - } - GNUNET_CONTAINER_DLL_remove (h->op_head, - h->op_tail, - op); - free_op (op); - return; - } - GNUNET_assert (0); -} - - - -/** - * Try again to connect to the service. - * - * @param h handle to the identity provider service. - */ -static void -reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) -{ - struct GNUNET_MQ_MessageHandler handlers[] = { - GNUNET_MQ_hd_fixed_size (attribute_store_response, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE, - struct AttributeStoreResultMessage, - h), - GNUNET_MQ_hd_var_size (attribute_result, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, - struct AttributeResultMessage, - h), - GNUNET_MQ_hd_var_size (ticket_result, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT, - struct TicketResultMessage, - h), - GNUNET_MQ_hd_var_size (consume_ticket_result, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT, - struct ConsumeTicketResultMessage, - h), - GNUNET_MQ_hd_fixed_size (revoke_ticket_result, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT, - struct RevokeTicketResultMessage, - h), - GNUNET_MQ_handler_end () - }; - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - - GNUNET_assert (NULL == h->mq); - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Connecting to identity provider service.\n"); - - h->mq = GNUNET_CLIENT_connect (h->cfg, - "identity-provider", - handlers, - &mq_error_handler, - h); - if (NULL == h->mq) - return; - for (op = h->op_head; NULL != op; op = op->next) - GNUNET_MQ_send_copy (h->mq, - op->env); -} - - -/** - * Connect to the identity provider service. - * - * @param cfg the configuration to use - * @return handle to use - */ -struct GNUNET_IDENTITY_PROVIDER_Handle * -GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h; - - h = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Handle); - h->cfg = cfg; - reconnect (h); - if (NULL == h->mq) - { - GNUNET_free (h); - return NULL; - } - return h; -} - - -/** - * Cancel an operation. Note that the operation MAY still - * be executed; this merely cancels the continuation; if the request - * was already transmitted, the service may still choose to complete - * the operation. - * - * @param op operation to cancel - */ -void -GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h = op->h; - - GNUNET_CONTAINER_DLL_remove (h->op_head, - h->op_tail, - op); - free_op (op); -} - - -/** - * Disconnect from service - * - * @param h handle to destroy - */ -void -GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) -{ - GNUNET_assert (NULL != h); - if (NULL != h->mq) - { - GNUNET_MQ_destroy (h->mq); - h->mq = NULL; - } - if (NULL != h->reconnect_task) - { - GNUNET_SCHEDULER_cancel (h->reconnect_task); - h->reconnect_task = NULL; - } - GNUNET_assert (NULL == h->op_head); - GNUNET_free (h); -} - -/** - * Store an attribute. If the attribute is already present, - * it is replaced with the new attribute. - * - * @param h handle to the identity provider - * @param pkey private key of the identity - * @param attr the attribute value - * @param exp_interval the relative expiration interval for the attribute - * @param cont continuation to call when done - * @param cont_cls closure for @a cont - * @return handle to abort the request - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, - const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr, - const struct GNUNET_TIME_Relative *exp_interval, - GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont, - void *cont_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct AttributeStoreMessage *sam; - size_t attr_len; - - op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); - op->h = h; - op->as_cb = cont; - op->cls = cont_cls; - op->r_id = h->r_id_gen++; - GNUNET_CONTAINER_DLL_insert_tail (h->op_head, - h->op_tail, - op); - attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (attr); - op->env = GNUNET_MQ_msg_extra (sam, - attr_len, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE); - sam->identity = *pkey; - sam->id = htonl (op->r_id); - sam->exp = GNUNET_htonll (exp_interval->rel_value_us); - - GNUNET_IDENTITY_ATTRIBUTE_serialize (attr, - (char*)&sam[1]); - - sam->attr_len = htons (attr_len); - if (NULL != h->mq) - GNUNET_MQ_send_copy (h->mq, - op->env); - return op; - -} - - -/** - * List all attributes for a local identity. - * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle` - * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and - * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once - * immediately, and then again after - * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked. - * - * On error (disconnect), @a error_cb will be invoked. - * On normal completion, @a finish_cb proc will be - * invoked. - * - * @param h handle to the idp - * @param identity identity to access - * @param error_cb function to call on error (i.e. disconnect), - * the handle is afterwards invalid - * @param error_cb_cls closure for @a error_cb - * @param proc function to call on each attribute; it - * will be called repeatedly with a value (if available) - * @param proc_cls closure for @a proc - * @param finish_cb function to call on completion - * the handle is afterwards invalid - * @param finish_cb_cls closure for @a finish_cb - * @return an iterator handle to use for iteration - */ -struct GNUNET_IDENTITY_PROVIDER_AttributeIterator * -GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - GNUNET_SCHEDULER_TaskCallback error_cb, - void *error_cb_cls, - GNUNET_IDENTITY_PROVIDER_AttributeResult proc, - void *proc_cls, - GNUNET_SCHEDULER_TaskCallback finish_cb, - void *finish_cb_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it; - struct GNUNET_MQ_Envelope *env; - struct AttributeIterationStartMessage *msg; - uint32_t rid; - - rid = h->r_id_gen++; - it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator); - it->h = h; - it->error_cb = error_cb; - it->error_cb_cls = error_cb_cls; - it->finish_cb = finish_cb; - it->finish_cb_cls = finish_cb_cls; - it->proc = proc; - it->proc_cls = proc_cls; - it->r_id = rid; - it->identity = *identity; - GNUNET_CONTAINER_DLL_insert_tail (h->it_head, - h->it_tail, - it); - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START); - msg->id = htonl (rid); - msg->identity = *identity; - if (NULL == h->mq) - it->env = env; - else - GNUNET_MQ_send (h->mq, - env); - return it; -} - - -/** - * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start - * for the next record. - * - * @param it the iterator - */ -void -GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; - struct AttributeIterationNextMessage *msg; - struct GNUNET_MQ_Envelope *env; - - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT); - msg->id = htonl (it->r_id); - GNUNET_MQ_send (h->mq, - env); -} - - -/** - * Stops iteration and releases the idp handle for further calls. Must - * be called on any iteration that has not yet completed prior to calling - * #GNUNET_IDENTITY_PROVIDER_disconnect. - * - * @param it the iterator - */ -void -GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; - struct GNUNET_MQ_Envelope *env; - struct AttributeIterationStopMessage *msg; - - if (NULL != h->mq) - { - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP); - msg->id = htonl (it->r_id); - GNUNET_MQ_send (h->mq, - env); - } - free_it (it); -} - - -/** TODO - * Issues a ticket to another identity. The identity may use - * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket - * and retrieve the attributes specified in the AttributeList. - * - * @param h the identity provider to use - * @param iss the issuing identity - * @param rp the subject of the ticket (the relying party) - * @param attrs the attributes that the relying party is given access to - * @param cb the callback - * @param cb_cls the callback closure - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, - const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - GNUNET_IDENTITY_PROVIDER_TicketCallback cb, - void *cb_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct IssueTicketMessage *tim; - size_t attr_len; - - op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); - op->h = h; - op->tr_cb = cb; - op->cls = cb_cls; - op->r_id = h->r_id_gen++; - GNUNET_CONTAINER_DLL_insert_tail (h->op_head, - h->op_tail, - op); - attr_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs); - op->env = GNUNET_MQ_msg_extra (tim, - attr_len, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET); - tim->identity = *iss; - tim->rp = *rp; - tim->id = htonl (op->r_id); - - GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs, - (char*)&tim[1]); - - tim->attr_len = htons (attr_len); - if (NULL != h->mq) - GNUNET_MQ_send_copy (h->mq, - op->env); - return op; -} - -/** - * Consumes an issued ticket. The ticket is persisted - * and used to retrieve identity information from the issuer - * - * @param h the identity provider to use - * @param identity the identity that is the subject of the issued ticket (the relying party) - * @param ticket the issued ticket to consume - * @param cb the callback to call - * @param cb_cls the callback closure - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - GNUNET_IDENTITY_PROVIDER_AttributeResult cb, - void *cb_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct ConsumeTicketMessage *ctm; - - op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); - op->h = h; - op->ar_cb = cb; - op->cls = cb_cls; - op->r_id = h->r_id_gen++; - GNUNET_CONTAINER_DLL_insert_tail (h->op_head, - h->op_tail, - op); - op->env = GNUNET_MQ_msg_extra (ctm, - sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket), - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET); - ctm->identity = *identity; - ctm->id = htonl (op->r_id); - - GNUNET_memcpy ((char*)&ctm[1], - ticket, - sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket)); - - if (NULL != h->mq) - GNUNET_MQ_send_copy (h->mq, - op->env); - return op; - -} - - -/** - * Lists all tickets that have been issued to remote - * identites (relying parties) - * - * @param h the identity provider to use - * @param identity the issuing identity - * @param error_cb function to call on error (i.e. disconnect), - * the handle is afterwards invalid - * @param error_cb_cls closure for @a error_cb - * @param proc function to call on each ticket; it - * will be called repeatedly with a value (if available) - * @param proc_cls closure for @a proc - * @param finish_cb function to call on completion - * the handle is afterwards invalid - * @param finish_cb_cls closure for @a finish_cb - * @return an iterator handle to use for iteration - */ -struct GNUNET_IDENTITY_PROVIDER_TicketIterator * -GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - GNUNET_SCHEDULER_TaskCallback error_cb, - void *error_cb_cls, - GNUNET_IDENTITY_PROVIDER_TicketCallback proc, - void *proc_cls, - GNUNET_SCHEDULER_TaskCallback finish_cb, - void *finish_cb_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; - struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub; - struct GNUNET_MQ_Envelope *env; - struct TicketIterationStartMessage *msg; - uint32_t rid; - - GNUNET_CRYPTO_ecdsa_key_get_public (identity, - &identity_pub); - rid = h->r_id_gen++; - it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator); - it->h = h; - it->error_cb = error_cb; - it->error_cb_cls = error_cb_cls; - it->finish_cb = finish_cb; - it->finish_cb_cls = finish_cb_cls; - it->tr_cb = proc; - it->cls = proc_cls; - it->r_id = rid; - GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head, - h->ticket_it_tail, - it); - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START); - msg->id = htonl (rid); - msg->identity = identity_pub; - msg->is_audience = htonl (GNUNET_NO); - if (NULL == h->mq) - it->env = env; - else - GNUNET_MQ_send (h->mq, - env); - return it; - -} - - -/** - * Lists all tickets that have been issued to remote - * identites (relying parties) - * - * @param h the identity provider to use - * @param identity the issuing identity - * @param error_cb function to call on error (i.e. disconnect), - * the handle is afterwards invalid - * @param error_cb_cls closure for @a error_cb - * @param proc function to call on each ticket; it - * will be called repeatedly with a value (if available) - * @param proc_cls closure for @a proc - * @param finish_cb function to call on completion - * the handle is afterwards invalid - * @param finish_cb_cls closure for @a finish_cb - * @return an iterator handle to use for iteration - */ -struct GNUNET_IDENTITY_PROVIDER_TicketIterator * -GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - GNUNET_SCHEDULER_TaskCallback error_cb, - void *error_cb_cls, - GNUNET_IDENTITY_PROVIDER_TicketCallback proc, - void *proc_cls, - GNUNET_SCHEDULER_TaskCallback finish_cb, - void *finish_cb_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; - struct GNUNET_MQ_Envelope *env; - struct TicketIterationStartMessage *msg; - uint32_t rid; - - rid = h->r_id_gen++; - it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator); - it->h = h; - it->error_cb = error_cb; - it->error_cb_cls = error_cb_cls; - it->finish_cb = finish_cb; - it->finish_cb_cls = finish_cb_cls; - it->tr_cb = proc; - it->cls = proc_cls; - it->r_id = rid; - GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head, - h->ticket_it_tail, - it); - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START); - msg->id = htonl (rid); - msg->identity = *identity; - msg->is_audience = htonl (GNUNET_YES); - if (NULL == h->mq) - it->env = env; - else - GNUNET_MQ_send (h->mq, - env); - return it; - - -} - -/** - * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start - * for the next record. - * - * @param it the iterator - */ -void -GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; - struct TicketIterationNextMessage *msg; - struct GNUNET_MQ_Envelope *env; - - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT); - msg->id = htonl (it->r_id); - GNUNET_MQ_send (h->mq, - env); -} - - -/** - * Stops iteration and releases the idp handle for further calls. Must - * be called on any iteration that has not yet completed prior to calling - * #GNUNET_IDENTITY_PROVIDER_disconnect. - * - * @param it the iterator - */ -void -GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; - struct GNUNET_MQ_Envelope *env; - struct TicketIterationStopMessage *msg; - - if (NULL != h->mq) - { - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP); - msg->id = htonl (it->r_id); - GNUNET_MQ_send (h->mq, - env); - } - GNUNET_free (it); -} - -/** - * Revoked an issued ticket. The relying party will be unable to retrieve - * updated attributes. - * - * @param h the identity provider to use - * @param identity the issuing identity - * @param ticket the ticket to revoke - * @param cb the callback - * @param cb_cls the callback closure - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb, - void *cb_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct RevokeTicketMessage *msg; - uint32_t rid; - - rid = h->r_id_gen++; - op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); - op->h = h; - op->rvk_cb = cb; - op->cls = cb_cls; - op->r_id = rid; - GNUNET_CONTAINER_DLL_insert_tail (h->op_head, - h->op_tail, - op); - op->env = GNUNET_MQ_msg_extra (msg, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket), - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET); - msg->id = htonl (rid); - msg->identity = *identity; - GNUNET_memcpy (&msg[1], - ticket, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); - if (NULL != h->mq) { - GNUNET_MQ_send (h->mq, - op->env); - op->env = NULL; - } - return op; -} - - - -/* end of identity_provider_api.c */ diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c deleted file mode 100644 index 7ac4f0025..000000000 --- a/src/identity-provider/jwt.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2010-2015 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - */ - -/** - * @file identity-provider/jwt.c - * @brief helper library for JSON-Web-Tokens - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_signatures.h" -#include "gnunet_identity_attribute_lib.h" -#include - - -#define JWT_ALG "alg" - -/* Use 512bit HMAC */ -#define JWT_ALG_VALUE "HS512" - -#define JWT_TYP "typ" - -#define JWT_TYP_VALUE "jwt" - -#define SERVER_ADDRESS "https://reclaim.id/api/openid/userinfo" - -static char* -create_jwt_header(void) -{ - json_t *root; - char *json_str; - - root = json_object (); - json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); - json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); - - json_str = json_dumps (root, JSON_INDENT(1)); - json_decref (root); - return json_str; -} - -/** - * Create a JWT from attributes - * - * @param aud_key the public of the subject - * @param attrs the attribute list - * @param priv_key the key used to sign the JWT - * @return a new base64-encoded JWT string. - */ -char* -jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_AuthKey *priv_key) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - struct GNUNET_HashCode signature; - char* audience; - char* subject; - char* header; - char* padding; - char* body_str; - char* result; - char* header_base64; - char* body_base64; - char* signature_target; - char* signature_base64; - char* attr_val_str; - json_t* body; - - //exp REQUIRED time expired from config - //iat REQUIRED time now - //auth_time only if max_age - //nonce only if nonce - // OPTIONAL acr,amr,azp - subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - header = create_jwt_header (); - body = json_object (); - - //iss REQUIRED case sensitive server uri with https - //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) - json_object_set_new (body, - "iss", json_string (SERVER_ADDRESS)); - //sub REQUIRED public key identity, not exceed 255 ASCII length - json_object_set_new (body, - "sub", json_string (subject)); - //aud REQUIRED public key client_id must be there - json_object_set_new (body, - "aud", json_string (audience)); - for (le = attrs->list_head; NULL != le; le = le->next) - { - attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type, - le->claim->data, - le->claim->data_size); - json_object_set_new (body, - le->claim->name, - json_string (attr_val_str)); - GNUNET_free (attr_val_str); - } - body_str = json_dumps (body, JSON_INDENT(0)); - json_decref (body); - - GNUNET_STRINGS_base64_encode (header, - strlen (header), - &header_base64); - //Remove GNUNET padding of base64 - padding = strtok(header_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); - - GNUNET_STRINGS_base64_encode (body_str, - strlen (body_str), - &body_base64); - - //Remove GNUNET padding of base64 - padding = strtok(body_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); - - GNUNET_free (subject); - GNUNET_free (audience); - - /** - * Creating the JWT signature. This might not be - * standards compliant, check. - */ - GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); - GNUNET_CRYPTO_hmac (priv_key, signature_target, strlen (signature_target), &signature); - GNUNET_STRINGS_base64_encode ((const char*)&signature, - sizeof (struct GNUNET_HashCode), - &signature_base64); - GNUNET_asprintf (&result, "%s.%s.%s", - header_base64, body_base64, signature_base64); - - GNUNET_free (signature_target); - GNUNET_free (header); - GNUNET_free (body_str); - GNUNET_free (signature_base64); - GNUNET_free (body_base64); - GNUNET_free (header_base64); - return result; -} diff --git a/src/identity-provider/jwt.h b/src/identity-provider/jwt.h deleted file mode 100644 index 80b6caa33..000000000 --- a/src/identity-provider/jwt.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef JWT_H -#define JWT_H - -char* -jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_AuthKey *priv_key); - -#endif diff --git a/src/identity-provider/plugin_gnsrecord_identity_provider.c b/src/identity-provider/plugin_gnsrecord_identity_provider.c deleted file mode 100644 index f0dc563dc..000000000 --- a/src/identity-provider/plugin_gnsrecord_identity_provider.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2013, 2014 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @file identity-provider/plugin_gnsrecord_identity_provider.c - * @brief gnsrecord plugin to provide the API for identity records - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_gnsrecord_lib.h" -#include "gnunet_gnsrecord_plugin.h" - - -/** - * Convert the 'value' of a record to a string. - * - * @param cls closure, unused - * @param type type of the record - * @param data value in binary encoding - * @param data_size number of bytes in @a data - * @return NULL on error, otherwise human-readable representation of the value - */ -static char * -value_to_string (void *cls, - uint32_t type, - const void *data, - size_t data_size) -{ - const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; - const struct GNUNET_CRYPTO_EcdsaPublicKey *audience_pubkey; - const char *scopes; - char *ecdhe_str; - char *aud_str; - char *result; - - switch (type) - { - case GNUNET_GNSRECORD_TYPE_ID_ATTR: - return GNUNET_STRINGS_data_to_string_alloc (data, data_size); - case GNUNET_GNSRECORD_TYPE_ID_TOKEN: //DEPRECATED - return GNUNET_strndup (data, data_size); - case GNUNET_GNSRECORD_TYPE_ABE_KEY: - case GNUNET_GNSRECORD_TYPE_ABE_MASTER: - return GNUNET_STRINGS_data_to_string_alloc (data, data_size); - case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: //DEPRECATED - ecdhe_privkey = data; - audience_pubkey = data+sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); - scopes = (char*) audience_pubkey+(sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - ecdhe_str = GNUNET_STRINGS_data_to_string_alloc (ecdhe_privkey, - sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); - aud_str = GNUNET_STRINGS_data_to_string_alloc (audience_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - GNUNET_asprintf (&result, - "%s;%s;%s", - ecdhe_str, aud_str, scopes); - GNUNET_free (aud_str); - GNUNET_free (ecdhe_str); - return result; - - default: - return NULL; - } -} - - -/** - * Convert human-readable version of a 'value' of a record to the binary - * representation. - * - * @param cls closure, unused - * @param type type of the record - * @param s human-readable string - * @param data set to value in binary encoding (will be allocated) - * @param data_size set to number of bytes in @a data - * @return #GNUNET_OK on success - */ -static int -string_to_value (void *cls, - uint32_t type, - const char *s, - void **data, - size_t *data_size) -{ - char* ecdhe_str; - char* aud_keystr; - char* write_ptr; - char* tmp_tok; - char* str; - - if (NULL == s) - return GNUNET_SYSERR; - switch (type) - { - case GNUNET_GNSRECORD_TYPE_ID_ATTR: - return GNUNET_STRINGS_string_to_data (s, - strlen (s), - *data, - *data_size); - case GNUNET_GNSRECORD_TYPE_ID_TOKEN: - *data = GNUNET_strdup (s); - *data_size = strlen (s); - return GNUNET_OK; - case GNUNET_GNSRECORD_TYPE_ABE_KEY: - case GNUNET_GNSRECORD_TYPE_ABE_MASTER: - return GNUNET_STRINGS_string_to_data (s, - strlen (s), - *data, - *data_size); - case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: - tmp_tok = GNUNET_strdup (s); - ecdhe_str = strtok (tmp_tok, ";"); - if (NULL == ecdhe_str) - { - GNUNET_free (tmp_tok); - return GNUNET_SYSERR; - } - aud_keystr = strtok (NULL, ";"); - if (NULL == aud_keystr) - { - GNUNET_free (tmp_tok); - return GNUNET_SYSERR; - } - str = strtok (NULL, ";"); - if (NULL == str) - { - GNUNET_free (tmp_tok); - return GNUNET_SYSERR; - } - *data_size = strlen (str) + 1 - +sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey) - +sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); - *data = GNUNET_malloc (*data_size); - - write_ptr = *data; - GNUNET_STRINGS_string_to_data (ecdhe_str, - strlen (ecdhe_str), - write_ptr, - sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); - GNUNET_STRINGS_string_to_data (aud_keystr, - strlen (aud_keystr), - write_ptr, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); - GNUNET_memcpy (write_ptr, str, strlen (str) + 1); //with 0-Terminator - GNUNET_free (tmp_tok); - return GNUNET_OK; - - default: - return GNUNET_SYSERR; - } -} - - -/** - * Mapping of record type numbers to human-readable - * record type names. - */ -static struct { - const char *name; - uint32_t number; -} name_map[] = { - { "ID_ATTR", GNUNET_GNSRECORD_TYPE_ID_ATTR }, - { "ID_TOKEN", GNUNET_GNSRECORD_TYPE_ID_TOKEN }, - { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY }, - { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER }, - { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA }, - { NULL, UINT32_MAX } -}; - - -/** - * Convert a type name (i.e. "AAAA") to the corresponding number. - * - * @param cls closure, unused - * @param dns_typename name to convert - * @return corresponding number, UINT32_MAX on error - */ -static uint32_t -typename_to_number (void *cls, - const char *dns_typename) -{ - unsigned int i; - - i=0; - while ( (NULL != name_map[i].name) && - (0 != strcasecmp (dns_typename, name_map[i].name)) ) - i++; - return name_map[i].number; -} - - -/** - * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A") - * - * @param cls closure, unused - * @param type number of a type to convert - * @return corresponding typestring, NULL on error - */ -static const char * -number_to_typename (void *cls, - uint32_t type) -{ - unsigned int i; - - i=0; - while ( (NULL != name_map[i].name) && - (type != name_map[i].number) ) - i++; - return name_map[i].name; -} - - -/** - * Entry point for the plugin. - * - * @param cls NULL - * @return the exported block API - */ -void * -libgnunet_plugin_gnsrecord_identity_provider_init (void *cls) -{ - struct GNUNET_GNSRECORD_PluginFunctions *api; - - api = GNUNET_new (struct GNUNET_GNSRECORD_PluginFunctions); - api->value_to_string = &value_to_string; - api->string_to_value = &string_to_value; - api->typename_to_number = &typename_to_number; - api->number_to_typename = &number_to_typename; - return api; -} - - -/** - * Exit point from the plugin. - * - * @param cls the return value from #libgnunet_plugin_block_test_init - * @return NULL - */ -void * -libgnunet_plugin_gnsrecord_identity_provider_done (void *cls) -{ - struct GNUNET_GNSRECORD_PluginFunctions *api = cls; - - GNUNET_free (api); - return NULL; -} - -/* end of plugin_gnsrecord_dns.c */ diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c deleted file mode 100644 index f2a8b7b54..000000000 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ /dev/null @@ -1,734 +0,0 @@ - /* - * This file is part of GNUnet - * Copyright (C) 2009-2017 GNUnet e.V. - * - * GNUnet is free software: you can redistribute it and/or modify it - * under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * GNUnet is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -/** - * @file identity-provider/plugin_identity_provider_sqlite.c - * @brief sqlite-based idp backend - * @author Martin Schanzenbach - */ - -#include "platform.h" -#include "gnunet_identity_provider_service.h" -#include "gnunet_identity_provider_plugin.h" -#include "gnunet_identity_attribute_lib.h" -#include "gnunet_sq_lib.h" -#include - -/** - * After how many ms "busy" should a DB operation fail for good? A - * low value makes sure that we are more responsive to requests - * (especially PUTs). A high value guarantees a higher success rate - * (SELECTs in iterate can take several seconds despite LIMIT=1). - * - * The default value of 1s should ensure that users do not experience - * huge latencies while at the same time allowing operations to - * succeed with reasonable probability. - */ -#define BUSY_TIMEOUT_MS 1000 - - -/** - * Log an error message at log-level 'level' that indicates - * a failure of the command 'cmd' on file 'filename' - * with the message given by strerror(errno). - */ -#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "identity-provider", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0) - -#define LOG(kind,...) GNUNET_log_from (kind, "identity-provider-sqlite", __VA_ARGS__) - - -/** - * Context for all functions in this plugin. - */ -struct Plugin -{ - - const struct GNUNET_CONFIGURATION_Handle *cfg; - - /** - * Database filename. - */ - char *fn; - - /** - * Native SQLite database handle. - */ - sqlite3 *dbh; - - /** - * Precompiled SQL to store ticket. - */ - sqlite3_stmt *store_ticket; - - /** - * Precompiled SQL to delete existing ticket. - */ - sqlite3_stmt *delete_ticket; - - /** - * Precompiled SQL to iterate tickets. - */ - sqlite3_stmt *iterate_tickets; - - /** - * Precompiled SQL to get ticket attributes. - */ - sqlite3_stmt *get_ticket_attrs; - - /** - * Precompiled SQL to iterate tickets by audience. - */ - sqlite3_stmt *iterate_tickets_by_audience; -}; - - -/** - * @brief Prepare a SQL statement - * - * @param dbh handle to the database - * @param zSql SQL statement, UTF-8 encoded - * @param ppStmt set to the prepared statement - * @return 0 on success - */ -static int -sq_prepare (sqlite3 *dbh, - const char *zSql, - sqlite3_stmt **ppStmt) -{ - char *dummy; - int result; - - result = - sqlite3_prepare_v2 (dbh, - zSql, - strlen (zSql), - ppStmt, - (const char **) &dummy); - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Prepared `%s' / %p: %d\n", - zSql, - *ppStmt, - result); - return result; -} - -/** - * Create our database indices. - * - * @param dbh handle to the database - */ -static void -create_indices (sqlite3 * dbh) -{ - /* create indices */ - if ( (SQLITE_OK != - sqlite3_exec (dbh, - "CREATE INDEX IF NOT EXISTS identity_reverse ON identity001tickets (identity,audience)", - NULL, NULL, NULL)) || - (SQLITE_OK != - sqlite3_exec (dbh, - "CREATE INDEX IF NOT EXISTS it_iter ON identity001tickets (rnd)", - NULL, NULL, NULL)) ) - LOG (GNUNET_ERROR_TYPE_ERROR, - "Failed to create indices: %s\n", - sqlite3_errmsg (dbh)); -} - - - -#if 0 -#define CHECK(a) GNUNET_break(a) -#define ENULL NULL -#else -#define ENULL &e -#define ENULL_DEFINED 1 -#define CHECK(a) if (! (a)) { GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s\n", e); sqlite3_free(e); } -#endif - - -/** - * Initialize the database connections and associated - * data structures (create tables and indices - * as needed as well). - * - * @param plugin the plugin context (state for this module) - * @return #GNUNET_OK on success - */ -static int -database_setup (struct Plugin *plugin) -{ - sqlite3_stmt *stmt; - char *afsdir; -#if ENULL_DEFINED - char *e; -#endif - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_filename (plugin->cfg, - "identity-provider-sqlite", - "FILENAME", - &afsdir)) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "identity-provider-sqlite", - "FILENAME"); - return GNUNET_SYSERR; - } - if (GNUNET_OK != - GNUNET_DISK_file_test (afsdir)) - { - if (GNUNET_OK != - GNUNET_DISK_directory_create_for_file (afsdir)) - { - GNUNET_break (0); - GNUNET_free (afsdir); - return GNUNET_SYSERR; - } - } - /* afsdir should be UTF-8-encoded. If it isn't, it's a bug */ - plugin->fn = afsdir; - - /* Open database and precompile statements */ - if (sqlite3_open (plugin->fn, &plugin->dbh) != SQLITE_OK) - { - LOG (GNUNET_ERROR_TYPE_ERROR, - _("Unable to initialize SQLite: %s.\n"), - sqlite3_errmsg (plugin->dbh)); - return GNUNET_SYSERR; - } - CHECK (SQLITE_OK == - sqlite3_exec (plugin->dbh, - "PRAGMA temp_store=MEMORY", NULL, NULL, - ENULL)); - CHECK (SQLITE_OK == - sqlite3_exec (plugin->dbh, - "PRAGMA synchronous=NORMAL", NULL, NULL, - ENULL)); - CHECK (SQLITE_OK == - sqlite3_exec (plugin->dbh, - "PRAGMA legacy_file_format=OFF", NULL, NULL, - ENULL)); - CHECK (SQLITE_OK == - sqlite3_exec (plugin->dbh, - "PRAGMA auto_vacuum=INCREMENTAL", NULL, - NULL, ENULL)); - CHECK (SQLITE_OK == - sqlite3_exec (plugin->dbh, - "PRAGMA encoding=\"UTF-8\"", NULL, - NULL, ENULL)); - CHECK (SQLITE_OK == - sqlite3_exec (plugin->dbh, - "PRAGMA locking_mode=EXCLUSIVE", NULL, NULL, - ENULL)); - CHECK (SQLITE_OK == - sqlite3_exec (plugin->dbh, - "PRAGMA page_size=4092", NULL, NULL, - ENULL)); - - CHECK (SQLITE_OK == - sqlite3_busy_timeout (plugin->dbh, - BUSY_TIMEOUT_MS)); - - - /* Create table */ - CHECK (SQLITE_OK == - sq_prepare (plugin->dbh, - "SELECT 1 FROM sqlite_master WHERE tbl_name = 'identity001tickets'", - &stmt)); - if ((sqlite3_step (stmt) == SQLITE_DONE) && - (sqlite3_exec - (plugin->dbh, - "CREATE TABLE identity001tickets (" - " identity BLOB NOT NULL DEFAULT ''," - " audience BLOB NOT NULL DEFAULT ''," - " rnd INT8 NOT NULL DEFAULT ''," - " attributes BLOB NOT NULL DEFAULT ''" - ")", - NULL, NULL, NULL) != SQLITE_OK)) - { - LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR, - "sqlite3_exec"); - sqlite3_finalize (stmt); - return GNUNET_SYSERR; - } - sqlite3_finalize (stmt); - - create_indices (plugin->dbh); - - if ( (SQLITE_OK != - sq_prepare (plugin->dbh, - "INSERT INTO identity001tickets (identity, audience, rnd, attributes)" - " VALUES (?, ?, ?, ?)", - &plugin->store_ticket)) || - (SQLITE_OK != - sq_prepare (plugin->dbh, - "DELETE FROM identity001tickets WHERE identity=? AND rnd=?", - &plugin->delete_ticket)) || - (SQLITE_OK != - sq_prepare (plugin->dbh, - "SELECT identity,audience,rnd,attributes" - " FROM identity001tickets WHERE identity=? AND rnd=?", - &plugin->get_ticket_attrs)) || - (SQLITE_OK != - sq_prepare (plugin->dbh, - "SELECT identity,audience,rnd,attributes" - " FROM identity001tickets WHERE identity=?" - " ORDER BY rnd LIMIT 1 OFFSET ?", - &plugin->iterate_tickets)) || - (SQLITE_OK != - sq_prepare (plugin->dbh, - "SELECT identity,audience,rnd,attributes" - " FROM identity001tickets WHERE audience=?" - " ORDER BY rnd LIMIT 1 OFFSET ?", - &plugin->iterate_tickets_by_audience)) ) - { - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_ERROR, - "precompiling"); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - - -/** - * Shutdown database connection and associate data - * structures. - * @param plugin the plugin context (state for this module) - */ -static void -database_shutdown (struct Plugin *plugin) -{ - int result; - sqlite3_stmt *stmt; - - if (NULL != plugin->store_ticket) - sqlite3_finalize (plugin->store_ticket); - if (NULL != plugin->delete_ticket) - sqlite3_finalize (plugin->delete_ticket); - if (NULL != plugin->iterate_tickets) - sqlite3_finalize (plugin->iterate_tickets); - if (NULL != plugin->iterate_tickets_by_audience) - sqlite3_finalize (plugin->iterate_tickets_by_audience); - if (NULL != plugin->get_ticket_attrs) - sqlite3_finalize (plugin->get_ticket_attrs); - result = sqlite3_close (plugin->dbh); - if (result == SQLITE_BUSY) - { - LOG (GNUNET_ERROR_TYPE_WARNING, - _("Tried to close sqlite without finalizing all prepared statements.\n")); - stmt = sqlite3_next_stmt (plugin->dbh, - NULL); - while (NULL != stmt) - { - GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, - "sqlite", - "Closing statement %p\n", - stmt); - result = sqlite3_finalize (stmt); - if (result != SQLITE_OK) - GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, - "sqlite", - "Failed to close statement %p: %d\n", - stmt, - result); - stmt = sqlite3_next_stmt (plugin->dbh, - NULL); - } - result = sqlite3_close (plugin->dbh); - } - if (SQLITE_OK != result) - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_ERROR, - "sqlite3_close"); - - GNUNET_free_non_null (plugin->fn); -} - - -/** - * Store a ticket in the database. - * - * @param cls closure (internal context for the plugin) - * @param ticket the ticket to persist - * @param attrs the attributes associated with the ticket - * @return #GNUNET_OK on success, else #GNUNET_SYSERR - */ -static int -identity_provider_sqlite_store_ticket (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) -{ - struct Plugin *plugin = cls; - size_t attrs_len; - char *attrs_ser; - int n; - - { - /* First delete duplicates */ - struct GNUNET_SQ_QueryParam dparams[] = { - GNUNET_SQ_query_param_auto_from_type (&ticket->identity), - GNUNET_SQ_query_param_uint64 (&ticket->rnd), - GNUNET_SQ_query_param_end - }; - if (GNUNET_OK != - GNUNET_SQ_bind (plugin->delete_ticket, - dparams)) - { - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, - "sqlite3_bind_XXXX"); - GNUNET_SQ_reset (plugin->dbh, - plugin->delete_ticket); - return GNUNET_SYSERR; - } - n = sqlite3_step (plugin->delete_ticket); - GNUNET_SQ_reset (plugin->dbh, - plugin->delete_ticket); - - attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs); - attrs_ser = GNUNET_malloc (attrs_len); - GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs, - attrs_ser); - struct GNUNET_SQ_QueryParam sparams[] = { - GNUNET_SQ_query_param_auto_from_type (&ticket->identity), - GNUNET_SQ_query_param_auto_from_type (&ticket->audience), - GNUNET_SQ_query_param_uint64 (&ticket->rnd), - GNUNET_SQ_query_param_fixed_size (attrs_ser, attrs_len), - GNUNET_SQ_query_param_end - }; - - if (GNUNET_OK != - GNUNET_SQ_bind (plugin->store_ticket, - sparams)) - { - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, - "sqlite3_bind_XXXX"); - GNUNET_SQ_reset (plugin->dbh, - plugin->store_ticket); - return GNUNET_SYSERR; - } - n = sqlite3_step (plugin->store_ticket); - GNUNET_SQ_reset (plugin->dbh, - plugin->store_ticket); - GNUNET_free (attrs_ser); - } - switch (n) - { - case SQLITE_DONE: - GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, - "sqlite", - "Ticket stored\n"); - return GNUNET_OK; - case SQLITE_BUSY: - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK, - "sqlite3_step"); - return GNUNET_NO; - default: - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, - "sqlite3_step"); - return GNUNET_SYSERR; - } -} - - -/** - * Store a ticket in the database. - * - * @param cls closure (internal context for the plugin) - * @param ticket the ticket to delete - * @return #GNUNET_OK on success, else #GNUNET_SYSERR - */ -static int -identity_provider_sqlite_delete_ticket (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) -{ - struct Plugin *plugin = cls; - int n; - - { - struct GNUNET_SQ_QueryParam sparams[] = { - GNUNET_SQ_query_param_auto_from_type (&ticket->identity), - GNUNET_SQ_query_param_uint64 (&ticket->rnd), - GNUNET_SQ_query_param_end - }; - - if (GNUNET_OK != - GNUNET_SQ_bind (plugin->delete_ticket, - sparams)) - { - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, - "sqlite3_bind_XXXX"); - GNUNET_SQ_reset (plugin->dbh, - plugin->store_ticket); - return GNUNET_SYSERR; - } - n = sqlite3_step (plugin->delete_ticket); - GNUNET_SQ_reset (plugin->dbh, - plugin->delete_ticket); - } - switch (n) - { - case SQLITE_DONE: - GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, - "sqlite", - "Ticket deleted\n"); - return GNUNET_OK; - case SQLITE_BUSY: - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK, - "sqlite3_step"); - return GNUNET_NO; - default: - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, - "sqlite3_step"); - return GNUNET_SYSERR; - } -} - - -/** - * The given 'sqlite' statement has been prepared to be run. - * It will return a record which should be given to the iterator. - * Runs the statement and parses the returned record. - * - * @param plugin plugin context - * @param stmt to run (and then clean up) - * @param iter iterator to call with the result - * @param iter_cls closure for @a iter - * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error - */ -static int -get_ticket_and_call_iterator (struct Plugin *plugin, - sqlite3_stmt *stmt, - GNUNET_IDENTITY_PROVIDER_TicketIterator iter, - void *iter_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; - int ret; - int sret; - size_t attrs_len; - char *attrs_ser; - - ret = GNUNET_NO; - if (SQLITE_ROW == (sret = sqlite3_step (stmt))) - { - struct GNUNET_SQ_ResultSpec rs[] = { - GNUNET_SQ_result_spec_auto_from_type (&ticket.identity), - GNUNET_SQ_result_spec_auto_from_type (&ticket.audience), - GNUNET_SQ_result_spec_uint64 (&ticket.rnd), - GNUNET_SQ_result_spec_variable_size ((void**)&attrs_ser, - &attrs_len), - GNUNET_SQ_result_spec_end - - }; - ret = GNUNET_SQ_extract_result (stmt, - rs); - if (GNUNET_OK != ret) - { - GNUNET_break (0); - ret = GNUNET_SYSERR; - } - else - { - attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (attrs_ser, - attrs_len); - if (NULL != iter) - iter (iter_cls, - &ticket, - attrs); - GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs); - ret = GNUNET_YES; - } - GNUNET_SQ_cleanup_result (rs); - } - else - { - if (SQLITE_DONE != sret) - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_ERROR, - "sqlite_step"); - } - GNUNET_SQ_reset (plugin->dbh, - stmt); - return ret; -} - - -/** - * Lookup tickets in the datastore. - * - * @param cls closure (internal context for the plugin) - * @param ticket the ticket to retrieve attributes for - * @param iter function to call with the result - * @param iter_cls closure for @a iter - * @return #GNUNET_OK on success, else #GNUNET_SYSERR - */ -static int -identity_provider_sqlite_ticket_get_attrs (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - GNUNET_IDENTITY_PROVIDER_TicketIterator iter, - void *iter_cls) -{ - struct Plugin *plugin = cls; - struct GNUNET_SQ_QueryParam params[] = { - GNUNET_SQ_query_param_auto_from_type (&ticket->identity), - GNUNET_SQ_query_param_uint64 (&ticket->rnd), - GNUNET_SQ_query_param_end - }; - - if (GNUNET_OK != - GNUNET_SQ_bind (plugin->get_ticket_attrs, - params)) - { - LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, - "sqlite3_bind_XXXX"); - GNUNET_SQ_reset (plugin->dbh, - plugin->get_ticket_attrs); - return GNUNET_SYSERR; - } - return get_ticket_and_call_iterator (plugin, - plugin->get_ticket_attrs, - iter, - iter_cls); -} - - -/** - * Iterate over the results for a particular key and zone in the - * datastore. Will return at most one result to the iterator. - * - * @param cls closure (internal context for the plugin) - * @param identity the issuing identity or audience (depending on audience switch) - * @param audience GNUNET_YES if identity is audience - * @param offset offset in the list of all matching records - * @param iter function to call with the result - * @param iter_cls closure for @a iter - * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error - */ -static int -identity_provider_sqlite_iterate_tickets (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - int audience, - uint64_t offset, - GNUNET_IDENTITY_PROVIDER_TicketIterator iter, - void *iter_cls) -{ - struct Plugin *plugin = cls; - sqlite3_stmt *stmt; - int err; - - if (NULL == identity) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - struct GNUNET_SQ_QueryParam params[] = { - GNUNET_SQ_query_param_auto_from_type (identity), - GNUNET_SQ_query_param_uint64 (&offset), - GNUNET_SQ_query_param_end - }; - if (GNUNET_YES == audience) - { - stmt = plugin->iterate_tickets_by_audience; - err = GNUNET_SQ_bind (stmt, - params); - } - else - { - stmt = plugin->iterate_tickets; - err = GNUNET_SQ_bind (stmt, - params); - } - if (GNUNET_OK != err) - { - LOG_SQLITE (plugin, - GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, - "sqlite3_bind_XXXX"); - GNUNET_SQ_reset (plugin->dbh, - stmt); - return GNUNET_SYSERR; - } - return get_ticket_and_call_iterator (plugin, - stmt, - iter, - iter_cls); -} - - -/** - * Entry point for the plugin. - * - * @param cls the "struct GNUNET_IDENTITY_PROVIDER_PluginEnvironment*" - * @return NULL on error, otherwise the plugin context - */ -void * -libgnunet_plugin_identity_provider_sqlite_init (void *cls) -{ - static struct Plugin plugin; - const struct GNUNET_CONFIGURATION_Handle *cfg = cls; - struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api; - - if (NULL != plugin.cfg) - return NULL; /* can only initialize once! */ - memset (&plugin, 0, sizeof (struct Plugin)); - plugin.cfg = cfg; - if (GNUNET_OK != database_setup (&plugin)) - { - database_shutdown (&plugin); - return NULL; - } - api = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_PluginFunctions); - api->cls = &plugin; - api->store_ticket = &identity_provider_sqlite_store_ticket; - api->delete_ticket = &identity_provider_sqlite_delete_ticket; - api->iterate_tickets = &identity_provider_sqlite_iterate_tickets; - api->get_ticket_attributes = &identity_provider_sqlite_ticket_get_attrs; - LOG (GNUNET_ERROR_TYPE_INFO, - _("Sqlite database running\n")); - return api; -} - - -/** - * Exit point from the plugin. - * - * @param cls the plugin context (as returned by "init") - * @return always NULL - */ -void * -libgnunet_plugin_identity_provider_sqlite_done (void *cls) -{ - struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api = cls; - struct Plugin *plugin = api->cls; - - database_shutdown (plugin); - plugin->cfg = NULL; - GNUNET_free (api); - LOG (GNUNET_ERROR_TYPE_DEBUG, - "sqlite plugin is finished\n"); - return NULL; -} - -/* end of plugin_identity_provider_sqlite.c */ diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c deleted file mode 100644 index f8176a101..000000000 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ /dev/null @@ -1,1253 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - */ -/** - * @author Martin Schanzenbach - * @author Philippe Buschmann - * @file identity/plugin_rest_identity.c - * @brief GNUnet Namestore REST plugin - * - */ - -#include "platform.h" -#include "gnunet_rest_plugin.h" -#include "gnunet_identity_service.h" -#include "gnunet_gns_service.h" -#include "gnunet_gnsrecord_lib.h" -#include "gnunet_namestore_service.h" -#include "gnunet_rest_lib.h" -#include "gnunet_jsonapi_lib.h" -#include "gnunet_jsonapi_util.h" -#include "microhttpd.h" -#include -#include -#include "gnunet_signatures.h" -#include "gnunet_identity_attribute_lib.h" -#include "gnunet_identity_provider_service.h" - -/** - * REST root namespace - */ -#define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp" - -/** - * Attribute namespace - */ -#define GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES "/idp/attributes" - -/** - * Ticket namespace - */ -#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets" - -/** - * Revoke namespace - */ -#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke" - -/** - * Revoke namespace - */ -#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume" - -/** - * Attribute key - */ -#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute" - -/** - * Ticket key - */ -#define GNUNET_REST_JSONAPI_IDENTITY_TICKET "ticket" - - -/** - * Value key - */ -#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value" - -/** - * State while collecting all egos - */ -#define ID_REST_STATE_INIT 0 - -/** - * Done collecting egos - */ -#define ID_REST_STATE_POST_INIT 1 - -/** - * The configuration handle - */ -const struct GNUNET_CONFIGURATION_Handle *cfg; - -/** - * HTTP methods allows for this plugin - */ -static char* allow_methods; - -/** - * @brief struct returned by the initialization function of the plugin - */ -struct Plugin -{ - const struct GNUNET_CONFIGURATION_Handle *cfg; -}; - -/** - * The ego list - */ -struct EgoEntry -{ - /** - * DLL - */ - struct EgoEntry *next; - - /** - * DLL - */ - struct EgoEntry *prev; - - /** - * Ego Identifier - */ - char *identifier; - - /** - * Public key string - */ - char *keystring; - - /** - * The Ego - */ - struct GNUNET_IDENTITY_Ego *ego; -}; - - -struct RequestHandle -{ - /** - * Ego list - */ - struct EgoEntry *ego_head; - - /** - * Ego list - */ - struct EgoEntry *ego_tail; - - /** - * Selected ego - */ - struct EgoEntry *ego_entry; - - /** - * Pointer to ego private key - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key; - - /** - * The processing state - */ - int state; - - /** - * Handle to Identity service. - */ - struct GNUNET_IDENTITY_Handle *identity_handle; - - /** - * Rest connection - */ - struct GNUNET_REST_RequestHandle *rest_handle; - - /** - * Handle to NAMESTORE - */ - struct GNUNET_NAMESTORE_Handle *namestore_handle; - - /** - * Iterator for NAMESTORE - */ - struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it; - - /** - * Attribute claim list - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list; - - /** - * IDENTITY Operation - */ - struct GNUNET_IDENTITY_Operation *op; - - /** - * Identity Provider - */ - struct GNUNET_IDENTITY_PROVIDER_Handle *idp; - - /** - * Idp Operation - */ - struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; - - /** - * Attribute iterator - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it; - - /** - * Ticket iterator - */ - struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it; - - /** - * A ticket - */ - struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - - /** - * Desired timeout for the lookup (default is no timeout). - */ - struct GNUNET_TIME_Relative timeout; - - /** - * ID of a task associated with the resolution process. - */ - struct GNUNET_SCHEDULER_Task *timeout_task; - - /** - * The plugin result processor - */ - GNUNET_REST_ResultProcessor proc; - - /** - * The closure of the result processor - */ - void *proc_cls; - - /** - * The url - */ - char *url; - - /** - * Error response message - */ - char *emsg; - - /** - * Reponse code - */ - int response_code; - - /** - * Response object - */ - struct GNUNET_JSONAPI_Document *resp_object; - -}; - -/** - * Cleanup lookup handle - * @param handle Handle to clean up - */ -static void -cleanup_handle (struct RequestHandle *handle) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp; - struct EgoEntry *ego_entry; - struct EgoEntry *ego_tmp; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Cleaning up\n"); - if (NULL != handle->resp_object) - GNUNET_JSONAPI_document_delete (handle->resp_object); - if (NULL != handle->timeout_task) - GNUNET_SCHEDULER_cancel (handle->timeout_task); - if (NULL != handle->identity_handle) - GNUNET_IDENTITY_disconnect (handle->identity_handle); - if (NULL != handle->attr_it) - GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it); - if (NULL != handle->ticket_it) - GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it); - if (NULL != handle->idp) - GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); - if (NULL != handle->url) - GNUNET_free (handle->url); - if (NULL != handle->emsg) - GNUNET_free (handle->emsg); - if (NULL != handle->namestore_handle) - GNUNET_NAMESTORE_disconnect (handle->namestore_handle); - if ( NULL != handle->attr_list ) - { - for (claim_entry = handle->attr_list->list_head; - NULL != claim_entry;) - { - claim_tmp = claim_entry; - claim_entry = claim_entry->next; - GNUNET_free(claim_tmp->claim); - GNUNET_free(claim_tmp); - } - GNUNET_free (handle->attr_list); - } - for (ego_entry = handle->ego_head; - NULL != ego_entry;) - { - ego_tmp = ego_entry; - ego_entry = ego_entry->next; - GNUNET_free (ego_tmp->identifier); - GNUNET_free (ego_tmp->keystring); - GNUNET_free (ego_tmp); - } - if (NULL != handle->attr_it) - { - GNUNET_free(handle->attr_it); - } - GNUNET_free (handle); -} - -static void -cleanup_handle_delayed (void *cls) -{ - cleanup_handle (cls); -} - - -/** - * Task run on error, sends error message. Cleans up everything. - * - * @param cls the `struct RequestHandle` - */ -static void -do_error (void *cls) -{ - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - char *json_error; - - GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\" }", - handle->emsg); - if ( 0 == handle->response_code ) - { - handle->response_code = MHD_HTTP_BAD_REQUEST; - } - resp = GNUNET_REST_create_response (json_error); - MHD_add_response_header (resp, "Content-Type", "application/json"); - handle->proc (handle->proc_cls, resp, handle->response_code); - GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); - GNUNET_free (json_error); -} - - -/** - * Task run on timeout, sends error message. Cleans up everything. - * - * @param cls the `struct RequestHandle` - */ -static void -do_timeout (void *cls) -{ - struct RequestHandle *handle = cls; - - handle->timeout_task = NULL; - do_error (handle); -} - - -static void -collect_error_cb (void *cls) -{ - struct RequestHandle *handle = cls; - - do_error (handle); -} - -static void -finished_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - - resp = GNUNET_REST_create_response (emsg); - if (GNUNET_OK != success) - { - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); -} - - -/** - * Return attributes for identity - * - * @param cls the request handle - */ -static void -return_response (void *cls) -{ - char* result_str; - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - - GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); - resp = GNUNET_REST_create_response (result_str); - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - GNUNET_free (result_str); - cleanup_handle (handle); -} - -static void -collect_finished_cb (void *cls) -{ - struct RequestHandle *handle = cls; - //Done - handle->attr_it = NULL; - handle->ticket_it = NULL; - GNUNET_SCHEDULER_add_now (&return_response, handle); -} - - -/** - * Collect all attributes for an ego - * - */ -static void -ticket_collect (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) -{ - struct GNUNET_JSONAPI_Resource *json_resource; - struct RequestHandle *handle = cls; - json_t *value; - char* tmp; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding ticket\n"); - tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, - sizeof (uint64_t)); - json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TICKET, - tmp); - GNUNET_free (tmp); - GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); - - tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->identity, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - value = json_string (tmp); - GNUNET_JSONAPI_resource_add_attr (json_resource, - "issuer", - value); - GNUNET_free (tmp); - json_decref (value); - tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->audience, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - value = json_string (tmp); - GNUNET_JSONAPI_resource_add_attr (json_resource, - "audience", - value); - GNUNET_free (tmp); - json_decref (value); - tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, - sizeof (uint64_t)); - value = json_string (tmp); - GNUNET_JSONAPI_resource_add_attr (json_resource, - "rnd", - value); - GNUNET_free (tmp); - json_decref (value); - GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (handle->ticket_it); -} - - - -/** - * List tickets for identity request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - char *identity; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting tickets for %s.\n", - handle->url); - if ( strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) >= - strlen (handle->url)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) + 1; - - for (ego_entry = handle->ego_head; - NULL != ego_entry; - ego_entry = ego_entry->next) - if (0 == strcmp (identity, ego_entry->identifier)) - break; - handle->resp_object = GNUNET_JSONAPI_document_new (); - - if (NULL == ego_entry) - { - //Done - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", - identity); - GNUNET_SCHEDULER_add_now (&return_response, handle); - return; - } - priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); - handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); - handle->ticket_it = GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (handle->idp, - priv_key, - &collect_error_cb, - handle, - &ticket_collect, - handle, - &collect_finished_cb, - handle); -} - - -static void -add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; - const char* identity; - const char* name_str; - const char* value_str; - const char* exp_str; - - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - struct MHD_Response *resp; - struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute; - struct GNUNET_JSONAPI_Document *json_obj; - struct GNUNET_JSONAPI_Resource *json_res; - struct GNUNET_TIME_Relative exp; - char term_data[handle->rest_handle->data_size+1]; - json_t *value_json; - json_t *data_json; - json_t *exp_json; - json_error_t err; - struct GNUNET_JSON_Specification docspec[] = { - GNUNET_JSON_spec_jsonapi_document (&json_obj), - GNUNET_JSON_spec_end() - }; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding an attribute for %s.\n", - handle->url); - if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >= - strlen (handle->url)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1; - - for (ego_entry = handle->ego_head; - NULL != ego_entry; - ego_entry = ego_entry->next) - if (0 == strcmp (identity, ego_entry->identifier)) - break; - - if (NULL == ego_entry) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Identity unknown (%s)\n", identity); - GNUNET_JSONAPI_document_delete (json_obj); - return; - } - identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); - - if (0 >= handle->rest_handle->data_size) - { - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - term_data[handle->rest_handle->data_size] = '\0'; - GNUNET_memcpy (term_data, - handle->rest_handle->data, - handle->rest_handle->data_size); - data_json = json_loads (term_data, - JSON_DECODE_ANY, - &err); - GNUNET_assert (GNUNET_OK == - GNUNET_JSON_parse (data_json, docspec, - NULL, NULL)); - json_decref (data_json); - if (NULL == json_obj) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unable to parse JSONAPI Object from %s\n", - term_data); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Cannot create more than 1 resource! (Got %d)\n", - GNUNET_JSONAPI_document_resource_count (json_obj)); - GNUNET_JSONAPI_document_delete (json_obj); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); - if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, - GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unsupported JSON data type\n"); - GNUNET_JSONAPI_document_delete (json_obj); - resp = GNUNET_REST_create_response (NULL); - handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); - cleanup_handle (handle); - return; - } - name_str = GNUNET_JSONAPI_resource_get_id (json_res); - exp_json = GNUNET_JSONAPI_resource_read_attr (json_res, - "exp"); - exp_str = json_string_value (exp_json); - if (NULL == exp_str) { - exp = GNUNET_TIME_UNIT_HOURS; - } else { - if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_relative (exp_str, - &exp)) { - exp = GNUNET_TIME_UNIT_HOURS; - } - } - - value_json = GNUNET_JSONAPI_resource_read_attr (json_res, - "value"); - value_str = json_string_value (value_json); - attribute = GNUNET_IDENTITY_ATTRIBUTE_claim_new (name_str, - GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, - value_str, - strlen (value_str) + 1); - handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); - handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp, - identity_priv, - attribute, - &exp, - &finished_cont, - handle); - GNUNET_free (attribute); - GNUNET_JSONAPI_document_delete (json_obj); -} - - - -/** - * Collect all attributes for an ego - * - */ -static void -attr_collect (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) -{ - struct GNUNET_JSONAPI_Resource *json_resource; - struct RequestHandle *handle = cls; - json_t *value; - char* tmp_value; - - if ((NULL == attr->name) || (NULL == attr->data)) - { - GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); - return; - } - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", - attr->name); - json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE, - attr->name); - GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); - - tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type, - attr->data, - attr->data_size); - - value = json_string (tmp_value); - - GNUNET_JSONAPI_resource_add_attr (json_resource, - "value", - value); - json_decref (value); - GNUNET_free(tmp_value); - GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); -} - - - -/** - * List attributes for identity request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - char *identity; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting attributes for %s.\n", - handle->url); - if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >= - strlen (handle->url)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1; - - for (ego_entry = handle->ego_head; - NULL != ego_entry; - ego_entry = ego_entry->next) - if (0 == strcmp (identity, ego_entry->identifier)) - break; - handle->resp_object = GNUNET_JSONAPI_document_new (); - - - if (NULL == ego_entry) - { - //Done - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", - identity); - GNUNET_SCHEDULER_add_now (&return_response, handle); - return; - } - priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); - handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); - handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (handle->idp, - priv_key, - &collect_error_cb, - handle, - &attr_collect, - handle, - &collect_finished_cb, - handle); -} - - -static void -revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; - const char* identity_str; - const char* audience_str; - const char* rnd_str; - - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - struct MHD_Response *resp; - struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - struct GNUNET_JSONAPI_Document *json_obj; - struct GNUNET_JSONAPI_Resource *json_res; - struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk; - char term_data[handle->rest_handle->data_size+1]; - json_t *rnd_json; - json_t *identity_json; - json_t *audience_json; - json_t *data_json; - json_error_t err; - struct GNUNET_JSON_Specification docspec[] = { - GNUNET_JSON_spec_jsonapi_document (&json_obj), - GNUNET_JSON_spec_end() - }; - - if (0 >= handle->rest_handle->data_size) - { - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - term_data[handle->rest_handle->data_size] = '\0'; - GNUNET_memcpy (term_data, - handle->rest_handle->data, - handle->rest_handle->data_size); - data_json = json_loads (term_data, - JSON_DECODE_ANY, - &err); - GNUNET_assert (GNUNET_OK == - GNUNET_JSON_parse (data_json, docspec, - NULL, NULL)); - json_decref (data_json); - if (NULL == json_obj) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unable to parse JSONAPI Object from %s\n", - term_data); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Cannot create more than 1 resource! (Got %d)\n", - GNUNET_JSONAPI_document_resource_count (json_obj)); - GNUNET_JSONAPI_document_delete (json_obj); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); - if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, - GNUNET_REST_JSONAPI_IDENTITY_TICKET)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unsupported JSON data type\n"); - GNUNET_JSONAPI_document_delete (json_obj); - resp = GNUNET_REST_create_response (NULL); - handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); - cleanup_handle (handle); - return; - } - rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res, - "rnd"); - identity_json = GNUNET_JSONAPI_resource_read_attr (json_res, - "issuer"); - audience_json = GNUNET_JSONAPI_resource_read_attr (json_res, - "audience"); - rnd_str = json_string_value (rnd_json); - identity_str = json_string_value (identity_json); - audience_str = json_string_value (audience_json); - - GNUNET_STRINGS_string_to_data (rnd_str, - strlen (rnd_str), - &ticket.rnd, - sizeof (uint64_t)); - GNUNET_STRINGS_string_to_data (identity_str, - strlen (identity_str), - &ticket.identity, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - GNUNET_STRINGS_string_to_data (audience_str, - strlen (audience_str), - &ticket.audience, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - - for (ego_entry = handle->ego_head; - NULL != ego_entry; - ego_entry = ego_entry->next) - { - GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, - &tmp_pk); - if (0 == memcmp (&ticket.identity, - &tmp_pk, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - break; - } - if (NULL == ego_entry) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Identity unknown (%s)\n", identity_str); - GNUNET_JSONAPI_document_delete (json_obj); - return; - } - identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); - - handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); - handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (handle->idp, - identity_priv, - &ticket, - &finished_cont, - handle); - GNUNET_JSONAPI_document_delete (json_obj); -} - -static void -consume_cont (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) -{ - struct RequestHandle *handle = cls; - struct GNUNET_JSONAPI_Resource *json_resource; - json_t *value; - - if (NULL == identity) - { - GNUNET_SCHEDULER_add_now (&return_response, handle); - return; - } - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", - attr->name); - json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE, - attr->name); - GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); - - value = json_string (attr->data); - GNUNET_JSONAPI_resource_add_attr (json_resource, - "value", - value); - json_decref (value); -} - -static void -consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; - const char* identity_str; - const char* audience_str; - const char* rnd_str; - - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - struct MHD_Response *resp; - struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - struct GNUNET_JSONAPI_Document *json_obj; - struct GNUNET_JSONAPI_Resource *json_res; - struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk; - char term_data[handle->rest_handle->data_size+1]; - json_t *rnd_json; - json_t *identity_json; - json_t *audience_json; - json_t *data_json; - json_error_t err; - struct GNUNET_JSON_Specification docspec[] = { - GNUNET_JSON_spec_jsonapi_document (&json_obj), - GNUNET_JSON_spec_end() - }; - - if (0 >= handle->rest_handle->data_size) - { - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - term_data[handle->rest_handle->data_size] = '\0'; - GNUNET_memcpy (term_data, - handle->rest_handle->data, - handle->rest_handle->data_size); - data_json = json_loads (term_data, - JSON_DECODE_ANY, - &err); - GNUNET_assert (GNUNET_OK == - GNUNET_JSON_parse (data_json, docspec, - NULL, NULL)); - json_decref (data_json); - if (NULL == json_obj) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unable to parse JSONAPI Object from %s\n", - term_data); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Cannot create more than 1 resource! (Got %d)\n", - GNUNET_JSONAPI_document_resource_count (json_obj)); - GNUNET_JSONAPI_document_delete (json_obj); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); - if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, - GNUNET_REST_JSONAPI_IDENTITY_TICKET)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unsupported JSON data type\n"); - GNUNET_JSONAPI_document_delete (json_obj); - resp = GNUNET_REST_create_response (NULL); - handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); - cleanup_handle (handle); - return; - } - rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res, - "rnd"); - identity_json = GNUNET_JSONAPI_resource_read_attr (json_res, - "identity"); - audience_json = GNUNET_JSONAPI_resource_read_attr (json_res, - "audience"); - rnd_str = json_string_value (rnd_json); - identity_str = json_string_value (identity_json); - audience_str = json_string_value (audience_json); - - GNUNET_STRINGS_string_to_data (rnd_str, - strlen (rnd_str), - &ticket.rnd, - sizeof (uint64_t)); - GNUNET_STRINGS_string_to_data (identity_str, - strlen (identity_str), - &ticket.identity, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - GNUNET_STRINGS_string_to_data (audience_str, - strlen (audience_str), - &ticket.audience, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - - for (ego_entry = handle->ego_head; - NULL != ego_entry; - ego_entry = ego_entry->next) - { - GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, - &tmp_pk); - if (0 == memcmp (&ticket.audience, - &tmp_pk, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - break; - } - if (NULL == ego_entry) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Identity unknown (%s)\n", identity_str); - GNUNET_JSONAPI_document_delete (json_obj); - return; - } - identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); - handle->resp_object = GNUNET_JSONAPI_document_new (); - handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); - handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (handle->idp, - identity_priv, - &ticket, - &consume_cont, - handle); - GNUNET_JSONAPI_document_delete (json_obj); -} - - - -/** - * Respond to OPTIONS request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -options_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - struct MHD_Response *resp; - struct RequestHandle *handle = cls; - - //For now, independent of path return all options - resp = GNUNET_REST_create_response (NULL); - MHD_add_response_header (resp, - "Access-Control-Allow-Methods", - allow_methods); - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - cleanup_handle (handle); - return; -} - -/** - * Handle rest request - * - * @param handle the request handle - */ -static void -init_cont (struct RequestHandle *handle) -{ - struct GNUNET_REST_RequestHandlerError err; - static const struct GNUNET_REST_RequestHandler handlers[] = { - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont}, - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont}, - {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, - &options_cont}, - GNUNET_REST_HANDLER_END - }; - - if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, - handlers, - &err, - handle)) - { - handle->response_code = err.error_code; - GNUNET_SCHEDULER_add_now (&do_error, handle); - } -} - -/** - * If listing is enabled, prints information about the egos. - * - * This function is initially called for all egos and then again - * whenever a ego's identifier changes or if it is deleted. At the - * end of the initial pass over all egos, the function is once called - * with 'NULL' for 'ego'. That does NOT mean that the callback won't - * be invoked in the future or that there was an error. - * - * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', - * this function is only called ONCE, and 'NULL' being passed in - * 'ego' does indicate an error (i.e. name is taken or no default - * value is known). If 'ego' is non-NULL and if '*ctx' - * is set in those callbacks, the value WILL be passed to a subsequent - * call to the identity callback of 'GNUNET_IDENTITY_connect' (if - * that one was not NULL). - * - * When an identity is renamed, this function is called with the - * (known) ego but the NEW identifier. - * - * When an identity is deleted, this function is called with the - * (known) ego and "NULL" for the 'identifier'. In this case, - * the 'ego' is henceforth invalid (and the 'ctx' should also be - * cleaned up). - * - * @param cls closure - * @param ego ego handle - * @param ctx context for application to store data for this ego - * (during the lifetime of this process, initially NULL) - * @param identifier identifier assigned by the user for this ego, - * NULL if the user just deleted the ego and it - * must thus no longer be used - */ -static void -list_ego (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *identifier) -{ - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - struct GNUNET_CRYPTO_EcdsaPublicKey pk; - - if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) - { - handle->state = ID_REST_STATE_POST_INIT; - init_cont (handle); - return; - } - if (ID_REST_STATE_INIT == handle->state) { - ego_entry = GNUNET_new (struct EgoEntry); - GNUNET_IDENTITY_ego_get_public_key (ego, &pk); - ego_entry->keystring = - GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); - ego_entry->ego = ego; - ego_entry->identifier = GNUNET_strdup (identifier); - GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); - } - -} - -static void -rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, - GNUNET_REST_ResultProcessor proc, - void *proc_cls) -{ - struct RequestHandle *handle = GNUNET_new (struct RequestHandle); - handle->response_code = 0; - handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; - handle->proc_cls = proc_cls; - handle->proc = proc; - handle->state = ID_REST_STATE_INIT; - handle->rest_handle = rest_handle; - - handle->url = GNUNET_strdup (rest_handle->url); - if (handle->url[strlen (handle->url)-1] == '/') - handle->url[strlen (handle->url)-1] = '\0'; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Connecting...\n"); - handle->identity_handle = GNUNET_IDENTITY_connect (cfg, - &list_ego, - handle); - handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); - handle->timeout_task = - GNUNET_SCHEDULER_add_delayed (handle->timeout, - &do_timeout, - handle); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Connected\n"); -} - -/** - * Entry point for the plugin. - * - * @param cls Config info - * @return NULL on error, otherwise the plugin context - */ -void * -libgnunet_plugin_rest_identity_provider_init (void *cls) -{ - static struct Plugin plugin; - struct GNUNET_REST_Plugin *api; - - cfg = cls; - if (NULL != plugin.cfg) - return NULL; /* can only initialize once! */ - memset (&plugin, 0, sizeof (struct Plugin)); - plugin.cfg = cfg; - api = GNUNET_new (struct GNUNET_REST_Plugin); - api->cls = &plugin; - api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER; - api->process_request = &rest_identity_process_request; - GNUNET_asprintf (&allow_methods, - "%s, %s, %s, %s, %s", - MHD_HTTP_METHOD_GET, - MHD_HTTP_METHOD_POST, - MHD_HTTP_METHOD_PUT, - MHD_HTTP_METHOD_DELETE, - MHD_HTTP_METHOD_OPTIONS); - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - _("Identity Provider REST API initialized\n")); - return api; -} - - -/** - * Exit point from the plugin. - * - * @param cls the plugin context (as returned by "init") - * @return always NULL - */ -void * -libgnunet_plugin_rest_identity_provider_done (void *cls) -{ - struct GNUNET_REST_Plugin *api = cls; - struct Plugin *plugin = api->cls; - plugin->cfg = NULL; - - GNUNET_free_non_null (allow_methods); - GNUNET_free (api); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Identity Provider REST plugin is finished\n"); - return NULL; -} - -/* end of plugin_rest_identity_provider.c */ diff --git a/src/identity-provider/plugin_rest_openid_connect.c b/src/identity-provider/plugin_rest_openid_connect.c deleted file mode 100644 index cc4b83dae..000000000 --- a/src/identity-provider/plugin_rest_openid_connect.c +++ /dev/null @@ -1,2227 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - */ -/** - * @author Martin Schanzenbach - * @author Philippe Buschmann - * @file identity/plugin_rest_openid_connect.c - * @brief GNUnet Namestore REST plugin - * - */ - -#include "platform.h" -#include "gnunet_rest_plugin.h" -#include "gnunet_identity_service.h" -#include "gnunet_gns_service.h" -#include "gnunet_gnsrecord_lib.h" -#include "gnunet_namestore_service.h" -#include "gnunet_rest_lib.h" -#include "gnunet_jsonapi_lib.h" -#include "gnunet_jsonapi_util.h" -#include "microhttpd.h" -#include -#include -#include "gnunet_signatures.h" -#include "gnunet_identity_attribute_lib.h" -#include "gnunet_identity_provider_service.h" -#include "jwt.h" - -/** - * REST root namespace - */ -#define GNUNET_REST_API_NS_OIDC "/openid" - -/** - * Authorize endpoint - */ -#define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" - -/** - * Token endpoint - */ -#define GNUNET_REST_API_NS_TOKEN "/openid/token" - -/** - * UserInfo endpoint - */ -#define GNUNET_REST_API_NS_USERINFO "/openid/userinfo" - -/** - * Login namespace - */ -#define GNUNET_REST_API_NS_LOGIN "/openid/login" - -/** - * Attribute key - */ -#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute" - -/** - * Ticket key - */ -#define GNUNET_REST_JSONAPI_IDENTITY_TICKET "ticket" - - -/** - * Value key - */ -#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value" - -/** - * State while collecting all egos - */ -#define ID_REST_STATE_INIT 0 - -/** - * Done collecting egos - */ -#define ID_REST_STATE_POST_INIT 1 - -/** - * OIDC grant_type key - */ -#define OIDC_GRANT_TYPE_KEY "grant_type" - -/** - * OIDC grant_type key - */ -#define OIDC_GRANT_TYPE_VALUE "authorization_code" - -/** - * OIDC code key - */ -#define OIDC_CODE_KEY "code" - -/** - * OIDC response_type key - */ -#define OIDC_RESPONSE_TYPE_KEY "response_type" - -/** - * OIDC client_id key - */ -#define OIDC_CLIENT_ID_KEY "client_id" - -/** - * OIDC scope key - */ -#define OIDC_SCOPE_KEY "scope" - -/** - * OIDC redirect_uri key - */ -#define OIDC_REDIRECT_URI_KEY "redirect_uri" - -/** - * OIDC state key - */ -#define OIDC_STATE_KEY "state" - -/** - * OIDC nonce key - */ -#define OIDC_NONCE_KEY "nonce" - -/** - * OIDC cookie header key - */ -#define OIDC_COOKIE_HEADER_KEY "cookie" - -/** - * OIDC cookie header information key - */ -#define OIDC_AUTHORIZATION_HEADER_KEY "authorization" - -/** - * OIDC cookie header information key - */ -#define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" - -/** - * OIDC expected response_type while authorizing - */ -#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" - -/** - * OIDC expected scope part while authorizing - */ -#define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" - -/** - * OIDC ignored parameter array - */ -static char* OIDC_ignored_parameter_array [] = -{ - "display", - "prompt", - "max_age", - "ui_locales", - "response_mode", - "id_token_hint", - "login_hint", - "acr_values" -}; - -/** - * OIDC authorized identities and times hashmap - */ -struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_login_time; - -/** - * OIDC authorized identities and times hashmap - */ -struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants; - -/** - * OIDC ticket/code use only once - */ -struct GNUNET_CONTAINER_MultiHashMap *OIDC_ticket_once; - -/** - * OIDC access_token to ticket and ego - */ -struct GNUNET_CONTAINER_MultiHashMap *OIDC_interpret_access_token; - -/** - * The configuration handle - */ -const struct GNUNET_CONFIGURATION_Handle *cfg; - -/** - * HTTP methods allows for this plugin - */ -static char* allow_methods; - -/** - * @brief struct returned by the initialization function of the plugin - */ -struct Plugin -{ - const struct GNUNET_CONFIGURATION_Handle *cfg; -}; - -/** - * OIDC needed variables - */ -struct OIDC_Variables -{ - /** - * The RP client public key - */ - struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey; - - /** - * The OIDC client id of the RP - */ - char *client_id; - - /** - * GNUNET_YES if there is a delegation to - * this RP or if it is a local identity - */ - int is_client_trusted; - - /** - * The OIDC redirect uri - */ - char *redirect_uri; - - /** - * The list of oidc scopes - */ - char *scope; - - /** - * The OIDC state - */ - char *state; - - /** - * The OIDC nonce - */ - char *nonce; - - /** - * The OIDC response type - */ - char *response_type; - - /** - * The identity chosen by the user to login - */ - char *login_identity; - - /** - * The response JSON - */ - json_t *response; - -}; - -/** - * The ego list - */ -struct EgoEntry -{ - /** - * DLL - */ - struct EgoEntry *next; - - /** - * DLL - */ - struct EgoEntry *prev; - - /** - * Ego Identifier - */ - char *identifier; - - /** - * Public key string - */ - char *keystring; - - /** - * The Ego - */ - struct GNUNET_IDENTITY_Ego *ego; -}; - - -struct RequestHandle -{ - /** - * Ego list - */ - struct EgoEntry *ego_head; - - /** - * Ego list - */ - struct EgoEntry *ego_tail; - - /** - * Selected ego - */ - struct EgoEntry *ego_entry; - - /** - * Pointer to ego private key - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key; - - /** - * OIDC variables - */ - struct OIDC_Variables *oidc; - - /** - * The processing state - */ - int state; - - /** - * Handle to Identity service. - */ - struct GNUNET_IDENTITY_Handle *identity_handle; - - /** - * Rest connection - */ - struct GNUNET_REST_RequestHandle *rest_handle; - - /** - * Handle to NAMESTORE - */ - struct GNUNET_NAMESTORE_Handle *namestore_handle; - - /** - * Iterator for NAMESTORE - */ - struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it; - - /** - * Attribute claim list - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list; - - /** - * IDENTITY Operation - */ - struct GNUNET_IDENTITY_Operation *op; - - /** - * Identity Provider - */ - struct GNUNET_IDENTITY_PROVIDER_Handle *idp; - - /** - * Idp Operation - */ - struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; - - /** - * Attribute iterator - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it; - - /** - * Ticket iterator - */ - struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it; - - /** - * A ticket - */ - struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - - /** - * Desired timeout for the lookup (default is no timeout). - */ - struct GNUNET_TIME_Relative timeout; - - /** - * ID of a task associated with the resolution process. - */ - struct GNUNET_SCHEDULER_Task *timeout_task; - - /** - * The plugin result processor - */ - GNUNET_REST_ResultProcessor proc; - - /** - * The closure of the result processor - */ - void *proc_cls; - - /** - * The url - */ - char *url; - - /** - * The tld for redirect - */ - char *tld; - - /** - * Error response message - */ - char *emsg; - - /** - * Error response description - */ - char *edesc; - - /** - * Reponse code - */ - int response_code; - - /** - * Response object - */ - struct GNUNET_JSONAPI_Document *resp_object; - -}; - -/** - * Cleanup lookup handle - * @param handle Handle to clean up - */ -static void -cleanup_handle (struct RequestHandle *handle) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp; - struct EgoEntry *ego_entry; - struct EgoEntry *ego_tmp; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Cleaning up\n"); - if (NULL != handle->resp_object) - GNUNET_JSONAPI_document_delete (handle->resp_object); - if (NULL != handle->timeout_task) - GNUNET_SCHEDULER_cancel (handle->timeout_task); - if (NULL != handle->identity_handle) - GNUNET_IDENTITY_disconnect (handle->identity_handle); - if (NULL != handle->attr_it) - GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it); - if (NULL != handle->ticket_it) - GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it); - if (NULL != handle->idp) - GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); - if (NULL != handle->url) - GNUNET_free (handle->url); - if (NULL != handle->tld) - GNUNET_free (handle->tld); - if (NULL != handle->emsg) - GNUNET_free (handle->emsg); - if (NULL != handle->edesc) - GNUNET_free (handle->edesc); - if (NULL != handle->namestore_handle) - GNUNET_NAMESTORE_disconnect (handle->namestore_handle); - if (NULL != handle->oidc) - { - if (NULL != handle->oidc->client_id) - GNUNET_free(handle->oidc->client_id); - if (NULL != handle->oidc->login_identity) - GNUNET_free(handle->oidc->login_identity); - if (NULL != handle->oidc->nonce) - GNUNET_free(handle->oidc->nonce); - if (NULL != handle->oidc->redirect_uri) - GNUNET_free(handle->oidc->redirect_uri); - if (NULL != handle->oidc->response_type) - GNUNET_free(handle->oidc->response_type); - if (NULL != handle->oidc->scope) - GNUNET_free(handle->oidc->scope); - if (NULL != handle->oidc->state) - GNUNET_free(handle->oidc->state); - if (NULL != handle->oidc->response) - json_decref(handle->oidc->response); - GNUNET_free(handle->oidc); - } - if ( NULL != handle->attr_list ) - { - for (claim_entry = handle->attr_list->list_head; - NULL != claim_entry;) - { - claim_tmp = claim_entry; - claim_entry = claim_entry->next; - GNUNET_free(claim_tmp->claim); - GNUNET_free(claim_tmp); - } - GNUNET_free (handle->attr_list); - } - for (ego_entry = handle->ego_head; - NULL != ego_entry;) - { - ego_tmp = ego_entry; - ego_entry = ego_entry->next; - GNUNET_free (ego_tmp->identifier); - GNUNET_free (ego_tmp->keystring); - GNUNET_free (ego_tmp); - } - if (NULL != handle->attr_it) - { - GNUNET_free(handle->attr_it); - } - GNUNET_free (handle); -} - -static void -cleanup_handle_delayed (void *cls) -{ - cleanup_handle (cls); -} - - -/** - * Task run on error, sends error message. Cleans up everything. - * - * @param cls the `struct RequestHandle` - */ -static void -do_error (void *cls) -{ - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - char *json_error; - - GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", - handle->emsg, - (NULL != handle->edesc) ? handle->edesc : "", - (NULL != handle->oidc->state) ? ", \"state\":\"" : "", - (NULL != handle->oidc->state) ? handle->oidc->state : "", - (NULL != handle->oidc->state) ? "\"" : ""); - if ( 0 == handle->response_code ) - { - handle->response_code = MHD_HTTP_BAD_REQUEST; - } - resp = GNUNET_REST_create_response (json_error); - if (MHD_HTTP_UNAUTHORIZED == handle->response_code) - { - MHD_add_response_header(resp, "WWW-Authenticate", "Basic"); - } - MHD_add_response_header (resp, "Content-Type", "application/json"); - handle->proc (handle->proc_cls, resp, handle->response_code); - GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); - GNUNET_free (json_error); -} - - -/** - * Task run on error in userinfo endpoint, sends error header. Cleans up - * everything - * - * @param cls the `struct RequestHandle` - */ -static void -do_userinfo_error (void *cls) -{ - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - char *error; - - GNUNET_asprintf (&error, "error=\"%s\", error_description=\"%s\"", - handle->emsg, - (NULL != handle->edesc) ? handle->edesc : ""); - resp = GNUNET_REST_create_response (""); - MHD_add_response_header(resp, "WWW-Authenticate", error); - handle->proc (handle->proc_cls, resp, handle->response_code); - GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); - GNUNET_free (error); -} - - -/** - * Task run on error, sends error message and redirects. Cleans up everything. - * - * @param cls the `struct RequestHandle` - */ -static void -do_redirect_error (void *cls) -{ - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - char* redirect; - GNUNET_asprintf (&redirect, - "%s?error=%s&error_description=%s%s%s", - handle->oidc->redirect_uri, handle->emsg, handle->edesc, - (NULL != handle->oidc->state) ? "&state=" : "", - (NULL != handle->oidc->state) ? handle->oidc->state : ""); - resp = GNUNET_REST_create_response (""); - MHD_add_response_header (resp, "Location", redirect); - handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); - GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); - GNUNET_free (redirect); -} - -/** - * Task run on timeout, sends error message. Cleans up everything. - * - * @param cls the `struct RequestHandle` - */ -static void -do_timeout (void *cls) -{ - struct RequestHandle *handle = cls; - - handle->timeout_task = NULL; - do_error (handle); -} - -/** - * Return attributes for claim - * - * @param cls the request handle - */ -static void -return_userinfo_response (void *cls) -{ - char* result_str; - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - - result_str = json_dumps (handle->oidc->response, 0); - - resp = GNUNET_REST_create_response (result_str); - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - GNUNET_free (result_str); - cleanup_handle (handle); -} - -/** - * Returns base64 encoded string without padding - * - * @param string the string to encode - * @return base64 encoded string - */ -static char* -base_64_encode(const char *s) -{ - char *enc; - char *tmp; - - GNUNET_STRINGS_base64_encode(s, strlen(s), &enc); - tmp = strrchr (enc, '='); - *tmp = '\0'; - return enc; -} - -/** - * Respond to OPTIONS request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -options_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - struct MHD_Response *resp; - struct RequestHandle *handle = cls; - - //For now, independent of path return all options - resp = GNUNET_REST_create_response (NULL); - MHD_add_response_header (resp, - "Access-Control-Allow-Methods", - allow_methods); - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - cleanup_handle (handle); - return; -} - -/** - * Interprets cookie header and pass its identity keystring to handle - */ -static void -cookie_identity_interpretation (struct RequestHandle *handle) -{ - struct GNUNET_HashCode cache_key; - char *cookies; - struct GNUNET_TIME_Absolute current_time, *relog_time; - char delimiter[] = "; "; - - //gets identity of login try with cookie - GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), - &cache_key); - if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, - &cache_key) ) - { - //splits cookies and find 'Identity' cookie - cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); - handle->oidc->login_identity = strtok(cookies, delimiter); - - while ( NULL != handle->oidc->login_identity ) - { - if ( NULL != strstr (handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY) ) - { - break; - } - handle->oidc->login_identity = strtok (NULL, delimiter); - } - GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity), - &cache_key); - if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, &cache_key) ) - { - relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, - &cache_key); - current_time = GNUNET_TIME_absolute_get (); - // 30 min after old login -> redirect to login - if ( current_time.abs_value_us <= relog_time->abs_value_us ) - { - handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY); - handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity); - } else { - handle->oidc->login_identity = NULL; - } - } - else - { - handle->oidc->login_identity = NULL; - } - } -} - -/** - * Redirects to login page stored in configuration file - */ -static void -login_redirection(void *cls) -{ - char *login_base_url; - char *new_redirect; - struct MHD_Response *resp; - struct RequestHandle *handle = cls; - - if ( GNUNET_OK - == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", - "address", &login_base_url) ) - { - GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", - login_base_url, - OIDC_RESPONSE_TYPE_KEY, - handle->oidc->response_type, - OIDC_CLIENT_ID_KEY, - handle->oidc->client_id, - OIDC_REDIRECT_URI_KEY, - handle->oidc->redirect_uri, - OIDC_SCOPE_KEY, - handle->oidc->scope, - OIDC_STATE_KEY, - (NULL != handle->oidc->state) ? handle->oidc->state : "", - OIDC_NONCE_KEY, - (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); - resp = GNUNET_REST_create_response (""); - MHD_add_response_header (resp, "Location", new_redirect); - GNUNET_free(login_base_url); - } - else - { - handle->emsg = GNUNET_strdup("server_error"); - handle->edesc = GNUNET_strdup ("gnunet configuration failed"); - handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); - GNUNET_free(new_redirect); - GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); -} - -/** - * Does internal server error when iteration failed. - */ -static void -oidc_iteration_error (void *cls) -{ - struct RequestHandle *handle = cls; - handle->emsg = GNUNET_strdup("INTERNAL_SERVER_ERROR"); - handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; - GNUNET_SCHEDULER_add_now (&do_error, handle); -} - -static void get_client_name_result (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - char *ticket_str; - char *redirect_uri; - char *code_json_string; - char *code_base64_final_string; - char *redirect_path; - char *tmp; - char *tmp_prefix; - char *prefix; - ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); - //TODO change if more attributes are needed (see max_age) - GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}", - ticket_str, - (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "", - (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "", - (NULL != handle->oidc->nonce) ? "\"" : ""); - code_base64_final_string = base_64_encode(code_json_string); - tmp = GNUNET_strdup (handle->oidc->redirect_uri); - redirect_path = strtok (tmp, "/"); - redirect_path = strtok (NULL, "/"); - redirect_path = strtok (NULL, "/"); - tmp_prefix = GNUNET_strdup (handle->oidc->redirect_uri); - prefix = strrchr (tmp_prefix, - (unsigned char) '.'); - *prefix = '\0'; - GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", - tmp_prefix, - handle->tld, - redirect_path, - handle->oidc->response_type, - code_base64_final_string, handle->oidc->state); - resp = GNUNET_REST_create_response (""); - MHD_add_response_header (resp, "Location", redirect_uri); - handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); - GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); - GNUNET_free (tmp); - GNUNET_free (tmp_prefix); - GNUNET_free (redirect_uri); - GNUNET_free (ticket_str); - GNUNET_free (code_json_string); - GNUNET_free (code_base64_final_string); - return; -} - -static void -get_client_name_error (void *cls) -{ - struct RequestHandle *handle = cls; - - handle->emsg = GNUNET_strdup("server_error"); - handle->edesc = GNUNET_strdup("Server cannot generate ticket, no name found for client."); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); -} - -/** - * Issues ticket and redirects to relying party with the authorization code as - * parameter. Otherwise redirects with error - */ -static void -oidc_ticket_issue_cb (void* cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) -{ - struct RequestHandle *handle = cls; - handle->idp_op = NULL; - handle->ticket = *ticket; - if (NULL != ticket) { - GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, - &handle->priv_key, - &handle->oidc->client_pkey, - &get_client_name_error, - handle, - &get_client_name_result, - handle); - return; - } - handle->emsg = GNUNET_strdup("server_error"); - handle->edesc = GNUNET_strdup("Server cannot generate ticket."); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); -} - -static void -oidc_collect_finished_cb (void *cls) -{ - struct RequestHandle *handle = cls; - handle->attr_it = NULL; - handle->ticket_it = NULL; - if (NULL == handle->attr_list->list_head) - { - handle->emsg = GNUNET_strdup("invalid_scope"); - handle->edesc = GNUNET_strdup("The requested scope is not available."); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); - return; - } - handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (handle->idp, - &handle->priv_key, - &handle->oidc->client_pkey, - handle->attr_list, - &oidc_ticket_issue_cb, - handle); -} - - -/** - * Collects all attributes for an ego if in scope parameter - */ -static void -oidc_attr_collect (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) -{ - struct RequestHandle *handle = cls; - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - char* scope_variables; - char* scope_variable; - char delimiter[]=" "; - - if ( (NULL == attr->name) || (NULL == attr->data) ) - { - GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); - return; - } - - scope_variables = GNUNET_strdup(handle->oidc->scope); - scope_variable = strtok (scope_variables, delimiter); - while (NULL != scope_variable) - { - if ( 0 == strcmp (attr->name, scope_variable) ) - { - break; - } - scope_variable = strtok (NULL, delimiter); - } - if ( NULL == scope_variable ) - { - GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); - GNUNET_free(scope_variables); - return; - } - GNUNET_free(scope_variables); - - le = GNUNET_new(struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); - le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, attr->type, - attr->data, attr->data_size); - GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, - handle->attr_list->list_tail, le); - GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); -} - - -/** - * Checks time and cookie and redirects accordingly - */ -static void -login_check (void *cls) -{ - struct RequestHandle *handle = cls; - struct GNUNET_TIME_Absolute current_time, *relog_time; - struct GNUNET_CRYPTO_EcdsaPublicKey pubkey, ego_pkey; - struct GNUNET_HashCode cache_key; - char *identity_cookie; - - GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity); - GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); - GNUNET_free(identity_cookie); - //No login time for identity -> redirect to login - if ( GNUNET_YES - == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, - &cache_key) ) - { - relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, - &cache_key); - current_time = GNUNET_TIME_absolute_get (); - // 30 min after old login -> redirect to login - if ( current_time.abs_value_us <= relog_time->abs_value_us ) - { - if ( GNUNET_OK - != GNUNET_CRYPTO_ecdsa_public_key_from_string ( - handle->oidc->login_identity, - strlen (handle->oidc->login_identity), &pubkey) ) - { - handle->emsg = GNUNET_strdup("invalid_cookie"); - handle->edesc = GNUNET_strdup( - "The cookie of a login identity is not valid"); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); - return; - } - // iterate over egos and compare their public key - for (handle->ego_entry = handle->ego_head; - NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) - { - GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); - if ( 0 - == memcmp (&ego_pkey, &pubkey, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key ( - handle->ego_entry->ego); - handle->resp_object = GNUNET_JSONAPI_document_new (); - handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); - handle->attr_list = GNUNET_new( - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); - handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start ( - handle->idp, &handle->priv_key, &oidc_iteration_error, handle, - &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle); - return; - } - } - //handle->emsg = GNUNET_strdup("invalid_cookie"); - //handle->edesc = GNUNET_strdup( - // "The cookie of the login identity is not valid"); - //GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); - GNUNET_SCHEDULER_add_now (&login_redirection,handle); - return; - } - } -} - -/** - * Searches for client_id in namestore. If found trust status stored in handle - * Else continues to search - * - * @param handle the RequestHandle - */ -static void -namestore_iteration_callback ( - void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, - const char *rname, unsigned int rd_len, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct RequestHandle *handle = cls; - struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey; - struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey; - int i; - - for (i = 0; i < rd_len; i++) - { - if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type ) - continue; - - if ( NULL != handle->oidc->login_identity ) - { - GNUNET_CRYPTO_ecdsa_public_key_from_string ( - handle->oidc->login_identity, - strlen (handle->oidc->login_identity), - &login_identity_pkey); - GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, - ¤t_zone_pkey); - - if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - if ( 0 == memcmp (&login_identity_pkey, ¤t_zone_pkey, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - handle->oidc->is_client_trusted = GNUNET_YES; - } - } - } - else - { - if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - handle->oidc->is_client_trusted = GNUNET_YES; - } - } - } - - GNUNET_NAMESTORE_zone_iterator_next (handle->namestore_handle_it, - 1); -} - - -/** - * Iteration over all results finished, build final - * response. - * - * @param cls the `struct RequestHandle` - */ -static void -namestore_iteration_finished (void *cls) -{ - struct RequestHandle *handle = cls; - struct GNUNET_HashCode cache_key; - - char *expected_scope; - char delimiter[]=" "; - int number_of_ignored_parameter, iterator; - - - handle->ego_entry = handle->ego_entry->next; - - if(NULL != handle->ego_entry) - { - handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); - handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key, - &oidc_iteration_error, handle, &namestore_iteration_callback, handle, - &namestore_iteration_finished, handle); - return; - } - if (GNUNET_NO == handle->oidc->is_client_trusted) - { - handle->emsg = GNUNET_strdup("unauthorized_client"); - handle->edesc = GNUNET_strdup("The client is not authorized to request an " - "authorization code using this method."); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - // REQUIRED value: redirect_uri - GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), - &cache_key); - if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->emsg=GNUNET_strdup("invalid_request"); - handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - handle->oidc->redirect_uri = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, - &cache_key)); - - // REQUIRED value: response_type - GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), - &cache_key); - if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->emsg=GNUNET_strdup("invalid_request"); - handle->edesc=GNUNET_strdup("missing parameter response_type"); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); - return; - } - handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, - &cache_key); - handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); - - // REQUIRED value: scope - GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); - if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->emsg=GNUNET_strdup("invalid_request"); - handle->edesc=GNUNET_strdup("missing parameter scope"); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); - return; - } - handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, - &cache_key); - handle->oidc->scope = GNUNET_strdup(handle->oidc->scope); - - //OPTIONAL value: nonce - GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); - if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, - &cache_key); - handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); - } - - //TODO check other values if needed - number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); - for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) - { - GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], - strlen(OIDC_ignored_parameter_array[iterator]), - &cache_key); - if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, - &cache_key)) - { - handle->emsg=GNUNET_strdup("access_denied"); - GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", - OIDC_ignored_parameter_array[iterator]); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); - return; - } - } - - // Checks if response_type is 'code' - if( 0 != strcmp( handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) ) - { - handle->emsg=GNUNET_strdup("unsupported_response_type"); - handle->edesc=GNUNET_strdup("The authorization server does not support " - "obtaining this authorization code."); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); - return; - } - - // Checks if scope contains 'openid' - expected_scope = GNUNET_strdup(handle->oidc->scope); - char* test; - test = strtok (expected_scope, delimiter); - while (NULL != test) - { - if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) - { - break; - } - test = strtok (NULL, delimiter); - } - if (NULL == test) - { - handle->emsg = GNUNET_strdup("invalid_scope"); - handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " - "malformed."); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); - GNUNET_free(expected_scope); - return; - } - - GNUNET_free(expected_scope); - - if( NULL != handle->oidc->login_identity ) - { - GNUNET_SCHEDULER_add_now(&login_check,handle); - return; - } - - GNUNET_SCHEDULER_add_now(&login_redirection,handle); -} - -/** - * Responds to authorization GET and url-encoded POST request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - struct RequestHandle *handle = cls; - struct GNUNET_HashCode cache_key; - struct EgoEntry *tmp_ego; - struct GNUNET_CRYPTO_EcdsaPublicKey pkey; - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - - cookie_identity_interpretation(handle); - - //RECOMMENDED value: state - REQUIRED for answers - GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); - if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->oidc->state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, - &cache_key); - handle->oidc->state = GNUNET_strdup (handle->oidc->state); - } - - // REQUIRED value: client_id - GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), - &cache_key); - if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, - &cache_key)) - { - handle->emsg=GNUNET_strdup("invalid_request"); - handle->edesc=GNUNET_strdup("missing parameter client_id"); - handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, - &cache_key)); - - if ( GNUNET_OK - != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, - strlen (handle->oidc->client_id), - &handle->oidc->client_pkey) ) - { - handle->emsg = GNUNET_strdup("unauthorized_client"); - handle->edesc = GNUNET_strdup("The client is not authorized to request an " - "authorization code using this method."); - handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - - if ( NULL == handle->ego_head ) - { - handle->emsg = GNUNET_strdup("server_error"); - handle->edesc = GNUNET_strdup ("Egos are missing"); - handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - handle->ego_entry = handle->ego_head; - handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); - handle->oidc->is_client_trusted = GNUNET_NO; - - //First check if client_id is one of our egos; TODO: handle other TLD cases: Delegation, from config - for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) - { - priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); - GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, - &pkey); - if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - handle->tld = GNUNET_strdup (tmp_ego->identifier); - handle->oidc->is_client_trusted = GNUNET_YES; - handle->ego_entry = handle->ego_tail; - } - } - - - // Checks if client_id is valid: - handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( - handle->namestore_handle, &handle->priv_key, &oidc_iteration_error, - handle, &namestore_iteration_callback, handle, - &namestore_iteration_finished, handle); -} - -/** - * Combines an identity with a login time and responds OK to login request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -login_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - struct MHD_Response *resp = GNUNET_REST_create_response (""); - struct RequestHandle *handle = cls; - struct GNUNET_HashCode cache_key; - struct GNUNET_TIME_Absolute *current_time; - struct GNUNET_TIME_Absolute *last_time; - char* cookie; - json_t *root; - json_error_t error; - json_t *identity; - char term_data[handle->rest_handle->data_size+1]; - term_data[handle->rest_handle->data_size] = '\0'; - GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); - root = json_loads (term_data, JSON_DECODE_ANY, &error); - identity = json_object_get (root, "identity"); - if ( json_is_string(identity) ) - { - GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); - MHD_add_response_header (resp, "Set-Cookie", cookie); - MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); - GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); - - current_time = GNUNET_new(struct GNUNET_TIME_Absolute); - *current_time = GNUNET_TIME_relative_to_absolute ( - GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), - 5)); - last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); - if (NULL != last_time) - { - GNUNET_free(last_time); - } - GNUNET_CONTAINER_multihashmap_put ( - OIDC_identity_login_time, &cache_key, current_time, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); - - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - GNUNET_free(cookie); - } - else - { - handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); - } - json_decref (root); - GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); - return; -} - -/** - * Responds to token url-encoded POST request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - //TODO static strings - struct RequestHandle *handle = cls; - struct GNUNET_HashCode cache_key; - char *authorization, *credentials; - char delimiter[]=" "; - char delimiter_user_psw[]=":"; - char *grant_type, *code; - char *user_psw = NULL, *client_id, *psw; - char *expected_psw; - int client_exists = GNUNET_NO; - struct MHD_Response *resp; - char* code_output; - json_t *root, *ticket_string, *nonce, *max_age; - json_error_t error; - char *json_response; - char *jwt_secret; - - /* - * Check Authorization - */ - GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, - strlen (OIDC_AUTHORIZATION_HEADER_KEY), - &cache_key); - if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, - &cache_key) ) - { - handle->emsg=GNUNET_strdup("invalid_client"); - handle->edesc=GNUNET_strdup("missing authorization"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); - - //split header in "Basic" and [content] - credentials = strtok (authorization, delimiter); - if (0 != strcmp ("Basic",credentials)) - { - handle->emsg=GNUNET_strdup("invalid_client"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - credentials = strtok(NULL, delimiter); - if (NULL == credentials) - { - handle->emsg=GNUNET_strdup("invalid_client"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), (void**)&user_psw); - - if ( NULL == user_psw ) - { - handle->emsg=GNUNET_strdup("invalid_client"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - client_id = strtok (user_psw, delimiter_user_psw); - if ( NULL == client_id ) - { - GNUNET_free_non_null(user_psw); - handle->emsg=GNUNET_strdup("invalid_client"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - psw = strtok (NULL, delimiter_user_psw); - if (NULL == psw) - { - GNUNET_free_non_null(user_psw); - handle->emsg=GNUNET_strdup("invalid_client"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - //check client password - if ( GNUNET_OK - == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", - "psw", &expected_psw) ) - { - if (0 != strcmp (expected_psw, psw)) - { - GNUNET_free_non_null(user_psw); - GNUNET_free(expected_psw); - handle->emsg=GNUNET_strdup("invalid_client"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - GNUNET_free(expected_psw); - } - else - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("server_error"); - handle->edesc = GNUNET_strdup ("gnunet configuration failed"); - handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - //check client_id - for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; ) - { - if ( 0 == strcmp(handle->ego_entry->keystring, client_id)) - { - client_exists = GNUNET_YES; - break; - } - handle->ego_entry = handle->ego_entry->next; - } - if (GNUNET_NO == client_exists) - { - GNUNET_free_non_null(user_psw); - handle->emsg=GNUNET_strdup("invalid_client"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - /* - * Check parameter - */ - - //TODO Do not allow multiple equal parameter names - //REQUIRED grant_type - GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key); - if ( GNUNET_NO - == GNUNET_CONTAINER_multihashmap_contains ( - handle->rest_handle->url_param_map, &cache_key) ) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("missing parameter grant_type"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - grant_type = GNUNET_CONTAINER_multihashmap_get ( - handle->rest_handle->url_param_map, &cache_key); - - //REQUIRED code - GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); - if ( GNUNET_NO - == GNUNET_CONTAINER_multihashmap_contains ( - handle->rest_handle->url_param_map, &cache_key) ) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("missing parameter code"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, - &cache_key); - - //REQUIRED redirect_uri - GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), - &cache_key); - if ( GNUNET_NO - == GNUNET_CONTAINER_multihashmap_contains ( - handle->rest_handle->url_param_map, &cache_key) ) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - //Check parameter grant_type == "authorization_code" - if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) - { - GNUNET_free_non_null(user_psw); - handle->emsg=GNUNET_strdup("unsupported_grant_type"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); - int i = 1; - if ( GNUNET_SYSERR - == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, - &cache_key, - &i, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("Cannot use the same code more than once"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - //decode code - GNUNET_STRINGS_base64_decode(code,strlen(code), (void**)&code_output); - root = json_loads (code_output, 0, &error); - GNUNET_free(code_output); - ticket_string = json_object_get (root, "ticket"); - nonce = json_object_get (root, "nonce"); - max_age = json_object_get (root, "max_age"); - - if(ticket_string == NULL && !json_is_string(ticket_string)) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("invalid code"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket); - if ( GNUNET_OK - != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string), - strlen (json_string_value(ticket_string)), - ticket, - sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("invalid code"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - GNUNET_free(ticket); - return; - } - // this is the current client (relying party) - struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; - GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); - if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("invalid code"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - GNUNET_free(ticket); - return; - } - - //create jwt - unsigned long long int expiration_time; - if ( GNUNET_OK - != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin", - "expiration_time", &expiration_time) ) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("server_error"); - handle->edesc = GNUNET_strdup ("gnunet configuration failed"); - handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; - GNUNET_SCHEDULER_add_now (&do_error, handle); - GNUNET_free(ticket); - return; - } - - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); - //aud REQUIRED public key client_id must be there - GNUNET_IDENTITY_ATTRIBUTE_list_add(cl, - "aud", - GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, - client_id, - strlen(client_id)); - //exp REQUIRED time expired from config - struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( - GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), - expiration_time)); - const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time); - GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, - "exp", - GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, - exp_time_string, - strlen(exp_time_string)); - //iat REQUIRED time now - struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); - const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); - GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, - "iat", - GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, - time_now_string, - strlen(time_now_string)); - //nonce only if nonce is provided - if ( NULL != nonce && json_is_string(nonce) ) - { - GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, - "nonce", - GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, - json_string_value(nonce), - strlen(json_string_value(nonce))); - } - //auth_time only if max_age is provided - if ( NULL != max_age && json_is_string(max_age) ) - { - GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, - "auth_time", - GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, - json_string_value(max_age), - strlen(json_string_value(max_age))); - } - //TODO OPTIONAL acr,amr,azp - - struct EgoEntry *ego_entry; - for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) - { - GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); - if (0 == memcmp (&pub_key, &ticket->audience, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) - { - break; - } - } - if ( NULL == ego_entry ) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("invalid code..."); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - GNUNET_free(ticket); - return; - } - if ( GNUNET_OK - != GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", - "jwt_secret", &jwt_secret) ) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("No signing secret configured!"); - handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; - GNUNET_SCHEDULER_add_now (&do_error, handle); - GNUNET_free(ticket); - return; - } - struct GNUNET_CRYPTO_AuthKey jwt_sign_key; - struct GNUNET_CRYPTO_EcdsaPublicKey pk; - GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk); - GNUNET_CRYPTO_hash (jwt_secret, strlen (jwt_secret), (struct GNUNET_HashCode*)jwt_sign_key.key); - char *id_token = jwt_create_from_list(&ticket->audience, - &pk, - cl, - &jwt_sign_key); - - //Create random access_token - char* access_token_number; - char* access_token; - uint64_t random_number; - random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX); - GNUNET_asprintf(&access_token_number, "%" PRIu64, random_number); - GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token); - - - - //TODO OPTIONAL add refresh_token and scope - GNUNET_asprintf (&json_response, - "{ \"access_token\" : \"%s\", " - "\"token_type\" : \"Bearer\", " - "\"expires_in\" : %d, " - "\"id_token\" : \"%s\"}", - access_token, - expiration_time, - id_token); - GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key); - char *id_ticket_combination; - GNUNET_asprintf(&id_ticket_combination, - "%s;%s", - client_id, - json_string_value(ticket_string)); - GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token, - &cache_key, - id_ticket_combination, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); - - resp = GNUNET_REST_create_response (json_response); - MHD_add_response_header (resp, "Cache-Control", "no-store"); - MHD_add_response_header (resp, "Pragma", "no-cache"); - MHD_add_response_header (resp, "Content-Type", "application/json"); - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - - GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl); - GNUNET_free(access_token_number); - GNUNET_free(access_token); - GNUNET_free(user_psw); - GNUNET_free(json_response); - GNUNET_free(ticket); - GNUNET_free(id_token); - json_decref (root); - GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); -} - -/** - * Collects claims and stores them in handle - */ -static void -consume_ticket (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) -{ - struct RequestHandle *handle = cls; - char *tmp_value; - json_t *value; - - if (NULL == identity) - { - GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); - return; - } - - tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type, - attr->data, - attr->data_size); - - value = json_string (tmp_value); - - - json_object_set_new (handle->oidc->response, - attr->name, - value); - GNUNET_free (tmp_value); -} - -/** - * Responds to userinfo GET and url-encoded POST request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, void *cls) -{ - //TODO expiration time - struct RequestHandle *handle = cls; - char delimiter[] = " "; - char delimiter_db[] = ";"; - struct GNUNET_HashCode cache_key; - char *authorization, *authorization_type, *authorization_access_token; - char *client_ticket, *client, *ticket_str; - struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; - - GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, - strlen (OIDC_AUTHORIZATION_HEADER_KEY), - &cache_key); - if ( GNUNET_NO - == GNUNET_CONTAINER_multihashmap_contains ( - handle->rest_handle->header_param_map, &cache_key) ) - { - handle->emsg = GNUNET_strdup("invalid_token"); - handle->edesc = GNUNET_strdup("No Access Token"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); - return; - } - authorization = GNUNET_CONTAINER_multihashmap_get ( - handle->rest_handle->header_param_map, &cache_key); - - //split header in "Bearer" and access_token - authorization = GNUNET_strdup(authorization); - authorization_type = strtok (authorization, delimiter); - if ( 0 != strcmp ("Bearer", authorization_type) ) - { - handle->emsg = GNUNET_strdup("invalid_token"); - handle->edesc = GNUNET_strdup("No Access Token"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); - GNUNET_free(authorization); - return; - } - authorization_access_token = strtok (NULL, delimiter); - if ( NULL == authorization_access_token ) - { - handle->emsg = GNUNET_strdup("invalid_token"); - handle->edesc = GNUNET_strdup("No Access Token"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); - GNUNET_free(authorization); - return; - } - - GNUNET_CRYPTO_hash (authorization_access_token, - strlen (authorization_access_token), - &cache_key); - if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_interpret_access_token, - &cache_key) ) - { - handle->emsg = GNUNET_strdup("invalid_token"); - handle->edesc = GNUNET_strdup("The Access Token expired"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); - GNUNET_free(authorization); - return; - } - - client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token, - &cache_key); - client_ticket = GNUNET_strdup(client_ticket); - client = strtok(client_ticket,delimiter_db); - if (NULL == client) - { - handle->emsg = GNUNET_strdup("invalid_token"); - handle->edesc = GNUNET_strdup("The Access Token expired"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); - GNUNET_free(authorization); - GNUNET_free(client_ticket); - return; - } - handle->ego_entry = handle->ego_head; - for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) - { - if (0 == strcmp(handle->ego_entry->keystring,client)) - { - break; - } - } - if (NULL == handle->ego_entry) - { - handle->emsg = GNUNET_strdup("invalid_token"); - handle->edesc = GNUNET_strdup("The Access Token expired"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); - GNUNET_free(authorization); - GNUNET_free(client_ticket); - return; - } - ticket_str = strtok(NULL, delimiter_db); - if (NULL == ticket_str) - { - handle->emsg = GNUNET_strdup("invalid_token"); - handle->edesc = GNUNET_strdup("The Access Token expired"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); - GNUNET_free(authorization); - GNUNET_free(client_ticket); - return; - } - ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket); - if ( GNUNET_OK - != GNUNET_STRINGS_string_to_data (ticket_str, - strlen (ticket_str), - ticket, - sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) - { - handle->emsg = GNUNET_strdup("invalid_token"); - handle->edesc = GNUNET_strdup("The Access Token expired"); - handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); - GNUNET_free(ticket); - GNUNET_free(authorization); - GNUNET_free(client_ticket); - return; - } - - handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); - handle->oidc->response = json_object(); - json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring)); - handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume ( - handle->idp, - GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), - ticket, - consume_ticket, - handle); - GNUNET_free(ticket); - GNUNET_free(authorization); - GNUNET_free(client_ticket); - -} - - -/** - * Handle rest request - * - * @param handle the request handle - */ -static void -init_cont (struct RequestHandle *handle) -{ - struct GNUNET_REST_RequestHandlerError err; - static const struct GNUNET_REST_RequestHandler handlers[] = { - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, //url-encoded - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, - {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, - &options_cont}, - GNUNET_REST_HANDLER_END - }; - - if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, - handlers, - &err, - handle)) - { - handle->response_code = err.error_code; - GNUNET_SCHEDULER_add_now (&do_error, handle); - } -} - -/** - * If listing is enabled, prints information about the egos. - * - * This function is initially called for all egos and then again - * whenever a ego's identifier changes or if it is deleted. At the - * end of the initial pass over all egos, the function is once called - * with 'NULL' for 'ego'. That does NOT mean that the callback won't - * be invoked in the future or that there was an error. - * - * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', - * this function is only called ONCE, and 'NULL' being passed in - * 'ego' does indicate an error (i.e. name is taken or no default - * value is known). If 'ego' is non-NULL and if '*ctx' - * is set in those callbacks, the value WILL be passed to a subsequent - * call to the identity callback of 'GNUNET_IDENTITY_connect' (if - * that one was not NULL). - * - * When an identity is renamed, this function is called with the - * (known) ego but the NEW identifier. - * - * When an identity is deleted, this function is called with the - * (known) ego and "NULL" for the 'identifier'. In this case, - * the 'ego' is henceforth invalid (and the 'ctx' should also be - * cleaned up). - * - * @param cls closure - * @param ego ego handle - * @param ctx context for application to store data for this ego - * (during the lifetime of this process, initially NULL) - * @param identifier identifier assigned by the user for this ego, - * NULL if the user just deleted the ego and it - * must thus no longer be used - */ -static void -list_ego (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *identifier) -{ - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - struct GNUNET_CRYPTO_EcdsaPublicKey pk; - - if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) - { - handle->state = ID_REST_STATE_POST_INIT; - init_cont (handle); - return; - } - if (ID_REST_STATE_INIT == handle->state) { - ego_entry = GNUNET_new (struct EgoEntry); - GNUNET_IDENTITY_ego_get_public_key (ego, &pk); - ego_entry->keystring = - GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); - ego_entry->ego = ego; - ego_entry->identifier = GNUNET_strdup (identifier); - GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); - return; - } - /* Ego renamed or added */ - if (identifier != NULL) { - for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { - if (ego_entry->ego == ego) { - /* Rename */ - GNUNET_free (ego_entry->identifier); - ego_entry->identifier = GNUNET_strdup (identifier); - break; - } - } - if (NULL == ego_entry) { - /* Add */ - ego_entry = GNUNET_new (struct EgoEntry); - GNUNET_IDENTITY_ego_get_public_key (ego, &pk); - ego_entry->keystring = - GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); - ego_entry->ego = ego; - ego_entry->identifier = GNUNET_strdup (identifier); - GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); - } - } else { - /* Delete */ - for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { - if (ego_entry->ego == ego) - break; - } - if (NULL != ego_entry) - GNUNET_CONTAINER_DLL_remove(handle->ego_head,handle->ego_tail, ego_entry); - } - -} - -static void -rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, - GNUNET_REST_ResultProcessor proc, - void *proc_cls) -{ - struct RequestHandle *handle = GNUNET_new (struct RequestHandle); - handle->oidc = GNUNET_new (struct OIDC_Variables); - if ( NULL == OIDC_identity_login_time ) - OIDC_identity_login_time = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); - if ( NULL == OIDC_identity_grants ) - OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); - if ( NULL == OIDC_ticket_once ) - OIDC_ticket_once = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); - if ( NULL == OIDC_interpret_access_token ) - OIDC_interpret_access_token = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); - handle->response_code = 0; - handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; - handle->proc_cls = proc_cls; - handle->proc = proc; - handle->state = ID_REST_STATE_INIT; - handle->rest_handle = rest_handle; - - handle->url = GNUNET_strdup (rest_handle->url); - if (handle->url[strlen (handle->url)-1] == '/') - handle->url[strlen (handle->url)-1] = '\0'; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Connecting...\n"); - handle->identity_handle = GNUNET_IDENTITY_connect (cfg, - &list_ego, - handle); - handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); - handle->timeout_task = - GNUNET_SCHEDULER_add_delayed (handle->timeout, - &do_timeout, - handle); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Connected\n"); -} - -/** - * Entry point for the plugin. - * - * @param cls Config info - * @return NULL on error, otherwise the plugin context - */ -void * -libgnunet_plugin_rest_openid_connect_init (void *cls) -{ - static struct Plugin plugin; - struct GNUNET_REST_Plugin *api; - - cfg = cls; - if (NULL != plugin.cfg) - return NULL; /* can only initialize once! */ - memset (&plugin, 0, sizeof (struct Plugin)); - plugin.cfg = cfg; - api = GNUNET_new (struct GNUNET_REST_Plugin); - api->cls = &plugin; - api->name = GNUNET_REST_API_NS_OIDC; - api->process_request = &rest_identity_process_request; - GNUNET_asprintf (&allow_methods, - "%s, %s, %s, %s, %s", - MHD_HTTP_METHOD_GET, - MHD_HTTP_METHOD_POST, - MHD_HTTP_METHOD_PUT, - MHD_HTTP_METHOD_DELETE, - MHD_HTTP_METHOD_OPTIONS); - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - _("Identity Provider REST API initialized\n")); - return api; -} - - -/** - * Exit point from the plugin. - * - * @param cls the plugin context (as returned by "init") - * @return always NULL - */ -void * -libgnunet_plugin_rest_openid_connect_done (void *cls) -{ - struct GNUNET_REST_Plugin *api = cls; - struct Plugin *plugin = api->cls; - plugin->cfg = NULL; - - struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; - void *value = NULL; - hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create ( - OIDC_identity_login_time); - while (GNUNET_YES == - GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) - { - if (NULL != value) - GNUNET_free(value); - } - GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_login_time); - hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); - while (GNUNET_YES == - GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) - { - if (NULL != value) - GNUNET_free(value); - } - GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants); - hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_ticket_once); - while (GNUNET_YES == - GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) - { - if (NULL != value) - GNUNET_free(value); - } - GNUNET_CONTAINER_multihashmap_destroy(OIDC_ticket_once); - hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_interpret_access_token); - while (GNUNET_YES == - GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) - { - if (NULL != value) - GNUNET_free(value); - } - GNUNET_CONTAINER_multihashmap_destroy(OIDC_interpret_access_token); - GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); - GNUNET_free_non_null (allow_methods); - GNUNET_free (api); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Identity Provider REST plugin is finished\n"); - return NULL; -} - -/* end of plugin_rest_identity_provider.c */ diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf deleted file mode 100644 index 3e4df561a..000000000 --- a/src/identity-provider/test_idp.conf +++ /dev/null @@ -1,33 +0,0 @@ -@INLINE@ test_idp_defaults.conf - -[PATHS] -GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-peer-1/ - -[dht] -START_ON_DEMAND = YES - -[rest] -START_ON_DEMAND = YES -PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=$GNUNET_TMP/restlog - -[transport] -PLUGINS = - -[identity-provider] -START_ON_DEMAND = YES -#PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=$GNUNET_TMP/idplog - -[gns] -#PREFIX = valgrind --leak-check=full --track-origins=yes -START_ON_DEMAND = YES -AUTO_IMPORT_PKEY = YES -MAX_PARALLEL_BACKGROUND_QUERIES = 10 -DEFAULT_LOOKUP_TIMEOUT = 15 s -RECORD_PUT_INTERVAL = 1 h -ZONE_PUBLISH_TIME_WINDOW = 1 h -DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0 - -[identity-rest-plugin] -address = http://localhost:8000/#/login -psw = mysupersecretpassword -expiration_time = 3600 diff --git a/src/identity-provider/test_idp.sh b/src/identity-provider/test_idp.sh deleted file mode 100755 index 598d1008c..000000000 --- a/src/identity-provider/test_idp.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -#trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT - -LOCATION=$(which gnunet-config) -if [ -z $LOCATION ] -then - LOCATION="gnunet-config" -fi -$LOCATION --version 1> /dev/null -if test $? != 0 -then - echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" - exit 77 -fi - -rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` - -# (1) PKEY1.user -> PKEY2.resu.user -# (2) PKEY2.resu -> PKEY3 -# (3) PKEY3.user -> PKEY4 - - -which timeout &> /dev/null && DO_TIMEOUT="timeout 30" - -TEST_ATTR="test" -gnunet-arm -s -c test_idp.conf -gnunet-identity -C testego -c test_idp.conf -valgrind gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf -gnunet-idp -e testego -a name -V John -c test_idp.conf -gnunet-idp -e testego -D -c test_idp.conf -gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_attribute.sh b/src/identity-provider/test_idp_attribute.sh deleted file mode 100755 index 7f0f06dac..000000000 --- a/src/identity-provider/test_idp_attribute.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -trap "gnunet-arm -e -c test_idp.conf" SIGINT - -LOCATION=$(which gnunet-config) -if [ -z $LOCATION ] -then - LOCATION="gnunet-config" -fi -$LOCATION --version 1> /dev/null -if test $? != 0 -then - echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" - exit 77 -fi - -rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` - -# (1) PKEY1.user -> PKEY2.resu.user -# (2) PKEY2.resu -> PKEY3 -# (3) PKEY3.user -> PKEY4 - - -which timeout &> /dev/null && DO_TIMEOUT="timeout 30" - -TEST_ATTR="test" -gnunet-arm -s -c test_idp.conf -#gnunet-arm -i rest -c test_idp.conf -gnunet-identity -C testego -c test_idp.conf -gnunet-identity -C rpego -c test_idp.conf -TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') -gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf -gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 -if test $? != 0 -then - echo "Failed." - exit 1 -fi - -#curl localhost:7776/idp/attributes/testego -gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh deleted file mode 100755 index 11f6865a4..000000000 --- a/src/identity-provider/test_idp_consume.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -trap "gnunet-arm -e -c test_idp.conf" SIGINT - -LOCATION=$(which gnunet-config) -if [ -z $LOCATION ] -then - LOCATION="gnunet-config" -fi -$LOCATION --version 1> /dev/null -if test $? != 0 -then - echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" - exit 77 -fi - -rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` - -# (1) PKEY1.user -> PKEY2.resu.user -# (2) PKEY2.resu -> PKEY3 -# (3) PKEY3.user -> PKEY4 - - -which timeout &> /dev/null && DO_TIMEOUT="timeout 30" - -TEST_ATTR="test" -gnunet-arm -s -c test_idp.conf -#gnunet-arm -i rest -c test_idp.conf -gnunet-identity -C testego -c test_idp.conf -gnunet-identity -C rpego -c test_idp.conf -SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') -TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') -gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf -gnunet-idp -e testego -a name -V John -c test_idp.conf -TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') -gnunet-idp -e rpego -C $TICKET -c test_idp.conf > /dev/null 2>&1 - -if test $? != 0 -then - "Failed." - exit 1 -fi -#curl http://localhost:7776/idp/tickets/testego -gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_defaults.conf b/src/identity-provider/test_idp_defaults.conf deleted file mode 100644 index a9a197dea..000000000 --- a/src/identity-provider/test_idp_defaults.conf +++ /dev/null @@ -1,24 +0,0 @@ -@INLINE@ ../../contrib/conf/gnunet/no_forcestart.conf - -[PATHS] -GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-testing/ - -[namestore-sqlite] -FILENAME = $GNUNET_TEST_HOME/namestore/sqlite_test.db - -[namecache-sqlite] -FILENAME=$GNUNET_TEST_HOME/namecache/namecache.db - -[identity] -# Directory where we store information about our egos -EGODIR = $GNUNET_TEST_HOME/identity/egos/ - -[dhtcache] -DATABASE = heap - -[transport] -PLUGINS = tcp - -[transport-tcp] -BINDTO = 127.0.0.1 - diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh deleted file mode 100755 index 90487ee73..000000000 --- a/src/identity-provider/test_idp_issue.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -trap "gnunet-arm -e -c test_idp.conf" SIGINT - -LOCATION=$(which gnunet-config) -if [ -z $LOCATION ] -then - LOCATION="gnunet-config" -fi -$LOCATION --version 1> /dev/null -if test $? != 0 -then - echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" - exit 77 -fi - -rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` - -# (1) PKEY1.user -> PKEY2.resu.user -# (2) PKEY2.resu -> PKEY3 -# (3) PKEY3.user -> PKEY4 - - -which timeout &> /dev/null && DO_TIMEOUT="timeout 30" - -TEST_ATTR="test" -gnunet-arm -s -c test_idp.conf -#gnunet-arm -i rest -c test_idp.conf -gnunet-identity -C testego -c test_idp.conf -gnunet-identity -C rpego -c test_idp.conf -SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') -TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') -gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1 -gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 -#gnunet-idp -e testego -D -c test_idp.conf -gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf > /dev/null 2>&1 -if test $? != 0 -then - echo "Failed." - exit 1 -fi -#curl http://localhost:7776/idp/attributes/testego -gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_revoke.sh b/src/identity-provider/test_idp_revoke.sh deleted file mode 100755 index 7a3f5d030..000000000 --- a/src/identity-provider/test_idp_revoke.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -trap "gnunet-arm -e -c test_idp.conf" SIGINT - -LOCATION=$(which gnunet-config) -if [ -z $LOCATION ] -then - LOCATION="gnunet-config" -fi -$LOCATION --version 1> /dev/null -if test $? != 0 -then - echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" - exit 77 -fi - -rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` - -# (1) PKEY1.user -> PKEY2.resu.user -# (2) PKEY2.resu -> PKEY3 -# (3) PKEY3.user -> PKEY4 - - -which timeout &> /dev/null && DO_TIMEOUT="timeout 30" - -TEST_ATTR="test" -gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null -gnunet-identity -C alice -c test_idp.conf -gnunet-identity -C bob -c test_idp.conf -gnunet-identity -C eve -c test_idp.conf -ALICE_KEY=$(gnunet-identity -d -c test_idp.conf | grep alice | awk '{print $3}') -BOB_KEY=$(gnunet-identity -d -c test_idp.conf | grep bob | awk '{print $3}') -EVE_KEY=$(gnunet-identity -d -c test_idp.conf | grep eve | awk '{print $3}') - -gnunet-idp -e alice -E 15s -a email -V john@doe.gnu -c test_idp.conf -gnunet-idp -e alice -E 15s -a name -V John -c test_idp.conf -TICKET_BOB=$(gnunet-idp -e alice -i "email,name" -r $BOB_KEY -c test_idp.conf | awk '{print $1}') -#gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf -TICKET_EVE=$(gnunet-idp -e alice -i "email" -r $EVE_KEY -c test_idp.conf | awk '{print $1}') - -#echo "Consuming $TICKET" -#gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf -gnunet-idp -e alice -R $TICKET_EVE -c test_idp.conf - -#sleep 6 - -gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf 2&>1 >/dev/null -if test $? == 0 -then - echo "Eve can still resolve attributes..." - gnunet-arm -e -c test_idp.conf - exit 1 -fi - -gnunet-arm -e -c test_idp.conf -gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null - -gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf 2&>1 >/dev/null -if test $? != 0 -then - echo "Bob cannot resolve attributes..." - gnunet-arm -e -c test_idp.conf - exit 1 -fi - -gnunet-arm -e -c test_idp.conf diff --git a/src/include/Makefile.am b/src/include/Makefile.am index 08e9dd156..41b2b1382 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -66,7 +66,7 @@ gnunetinclude_HEADERS = \ gnunet_hello_lib.h \ gnunet_helper_lib.h \ gnunet_identity_service.h \ - gnunet_identity_provider_service.h \ + gnunet_reclaim_service.h \ gnunet_json_lib.h \ gnunet_jsonapi_lib.h \ gnunet_jsonapi_util.h \ diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_identity_attribute_lib.h deleted file mode 100644 index eb01f7ac2..000000000 --- a/src/include/gnunet_identity_attribute_lib.h +++ /dev/null @@ -1,281 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2017 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @author Martin Schanzenbach - * - * @file - * Identity attribute definitions - * - * @defgroup identity-provider Identity Provider service - * @{ - */ -#ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H -#define GNUNET_IDENTITY_ATTRIBUTE_LIB_H - -#ifdef __cplusplus -extern "C" -{ -#if 0 /* keep Emacsens' auto-indent happy */ -} -#endif -#endif - -#include "gnunet_util_lib.h" - - -/** - * No value attribute. - */ -#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_NONE 0 - -/** - * String attribute. - */ -#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING 1 - - - -/** - * An attribute. - */ -struct GNUNET_IDENTITY_ATTRIBUTE_Claim -{ - /** - * The name of the attribute. Note "name" must never be individually - * free'd - */ - const char* name; - - /** - * Type of Claim - */ - uint32_t type; - - /** - * Version - */ - uint32_t version; - - /** - * Number of bytes in @e data. - */ - size_t data_size; - - /** - * Binary value stored as attribute value. Note: "data" must never - * be individually 'malloc'ed, but instead always points into some - * existing data area. - */ - const void *data; - -}; - -struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList -{ - /** - * List head - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_head; - - /** - * List tail - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_tail; -}; - -struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry -{ - /** - * DLL - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *prev; - - /** - * DLL - */ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *next; - - /** - * The attribute claim - */ - struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim; -}; - -/** - * Create a new attribute claim. - * - * @param attr_name the attribute name - * @param type the attribute type - * @param data the attribute value - * @param data_size the attribute value size - * @return the new attribute - */ -struct GNUNET_IDENTITY_ATTRIBUTE_Claim * -GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name, - uint32_t type, - const void* data, - size_t data_size); - - -/** - * Get required size for serialization buffer - * - * @param attrs the attribute list to serialize - * - * @return the required buffer size - */ -size_t -GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); - -void -GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); - -void -GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const char* attr_name, - uint32_t type, - const void* data, - size_t data_size); - -/** - * Serialize an attribute list - * - * @param attrs the attribute list to serialize - * @param result the serialized attribute - * - * @return length of serialized data - */ -size_t -GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - char *result); - -/** - * Deserialize an attribute list - * - * @param data the serialized attribute list - * @param data_size the length of the serialized data - * - * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller - */ -struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList * -GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data, - size_t data_size); - - -/** - * Get required size for serialization buffer - * - * @param attr the attribute to serialize - * - * @return the required buffer size - */ -size_t -GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr); - - - -/** - * Serialize an attribute - * - * @param attr the attribute to serialize - * @param result the serialized attribute - * - * @return length of serialized data - */ -size_t -GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr, - char *result); - -/** - * Deserialize an attribute - * - * @param data the serialized attribute - * @param data_size the length of the serialized data - * - * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller - */ -struct GNUNET_IDENTITY_ATTRIBUTE_Claim * -GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data, - size_t data_size); - -struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList* -GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); - -/** - * Convert a type name to the corresponding number - * - * @param typename name to convert - * @return corresponding number, UINT32_MAX on error - */ -uint32_t -GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename); - -/** - * Convert human-readable version of a 'claim' of an attribute to the binary - * representation - * - * @param type type of the claim - * @param s human-readable string - * @param data set to value in binary encoding (will be allocated) - * @param data_size set to number of bytes in @a data - * @return #GNUNET_OK on success - */ -int -GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type, - const char *s, - void **data, - size_t *data_size); - -/** - * Convert the 'claim' of an attribute to a string - * - * @param type the type of attribute - * @param data claim in binary encoding - * @param data_size number of bytes in @a data - * @return NULL on error, otherwise human-readable representation of the claim - */ -char * -GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type, - const void* data, - size_t data_size); - -/** - * Convert a type number to the corresponding type string - * - * @param type number of a type - * @return corresponding typestring, NULL on error - */ -const char* -GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type); - - -#if 0 /* keep Emacsens' auto-indent happy */ -{ -#endif -#ifdef __cplusplus -} -#endif - - -/* ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H */ -#endif - -/** @} */ /* end of group identity */ - -/* end of gnunet_identity_attribute_lib.h */ diff --git a/src/include/gnunet_identity_attribute_plugin.h b/src/include/gnunet_identity_attribute_plugin.h deleted file mode 100644 index 7c399c616..000000000 --- a/src/include/gnunet_identity_attribute_plugin.h +++ /dev/null @@ -1,147 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2012, 2013 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @author Martin Schanzenbach - * - * @file - * Plugin API for the idp database backend - * - * @defgroup identity-provider-plugin IdP service plugin API - * Plugin API for the idp database backend - * @{ - */ -#ifndef GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H -#define GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H - -#include "gnunet_util_lib.h" -#include "gnunet_identity_attribute_lib.h" - -#ifdef __cplusplus -extern "C" -{ -#if 0 /* keep Emacsens' auto-indent happy */ -} -#endif -#endif - - -/** - * Function called to convert the binary value @a data of an attribute of - * type @a type to a human-readable string. - * - * @param cls closure - * @param type type of the attribute - * @param data value in binary encoding - * @param data_size number of bytes in @a data - * @return NULL on error, otherwise human-readable representation of the value - */ -typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls, - uint32_t type, - const void *data, - size_t data_size); - - -/** - * Function called to convert human-readable version of the value @a s - * of an attribute of type @a type to the respective binary - * representation. - * - * @param cls closure - * @param type type of the attribute - * @param s human-readable string - * @param data set to value in binary encoding (will be allocated) - * @param data_size set to number of bytes in @a data - * @return #GNUNET_OK on success - */ -typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls, - uint32_t type, - const char *s, - void **data, - size_t *data_size); - - -/** - * Function called to convert a type name to the - * corresponding number. - * - * @param cls closure - * @param typename name to convert - * @return corresponding number, UINT32_MAX on error - */ -typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cls, - const char *typename); - - -/** - * Function called to convert a type number (i.e. 1) to the - * corresponding type string - * - * @param cls closure - * @param type number of a type to convert - * @return corresponding typestring, NULL on error - */ -typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void *cls, - uint32_t type); - - -/** - * Each plugin is required to return a pointer to a struct of this - * type as the return value from its entry point. - */ -struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions -{ - - /** - * Closure for all of the callbacks. - */ - void *cls; - - /** - * Conversion to string. - */ - GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction value_to_string; - - /** - * Conversion to binary. - */ - GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction string_to_value; - - /** - * Typename to number. - */ - GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction typename_to_number; - - /** - * Number to typename. - */ - GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction number_to_typename; - -}; - - -#if 0 /* keep Emacsens' auto-indent happy */ -{ -#endif -#ifdef __cplusplus -} -#endif - -#endif - -/** @} */ /* end of group */ diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h deleted file mode 100644 index 2330066dd..000000000 --- a/src/include/gnunet_identity_provider_plugin.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2012, 2013 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @author Martin Schanzenbach - * - * @file - * Plugin API for the idp database backend - * - * @defgroup identity-provider-plugin IdP service plugin API - * Plugin API for the idp database backend - * @{ - */ -#ifndef GNUNET_IDENTITY_PROVIDER_PLUGIN_H -#define GNUNET_IDENTITY_PROVIDER_PLUGIN_H - -#include "gnunet_util_lib.h" -#include "gnunet_identity_provider_service.h" - -#ifdef __cplusplus -extern "C" -{ -#if 0 /* keep Emacsens' auto-indent happy */ -} -#endif -#endif - - -/** - * Function called by for each matching ticket. - * - * @param cls closure - * @param ticket the ticket - */ -typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); - - -/** - * @brief struct returned by the initialization function of the plugin - */ -struct GNUNET_IDENTITY_PROVIDER_PluginFunctions -{ - - /** - * Closure to pass to all plugin functions. - */ - void *cls; - - /** - * Store a ticket in the database. - * - * @param cls closure (internal context for the plugin) - * @param ticket the ticket to store - * @return #GNUNET_OK on success, else #GNUNET_SYSERR - */ - int (*store_ticket) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); - - /** - * Delete a ticket from the database. - * - * @param cls closure (internal context for the plugin) - * @param ticket the ticket to store - * @return #GNUNET_OK on success, else #GNUNET_SYSERR - */ - int (*delete_ticket) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); - - - - /** - * Iterate over all tickets - * - * @param cls closure (internal context for the plugin) - * @param identity the identity - * @param audience GNUNET_YES if the identity is the audience of the ticket - * else it is considered the issuer - * @param iter function to call with the result - * @param iter_cls closure for @a iter - * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error - */ - int (*iterate_tickets) (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - int audience, - uint64_t offset, - GNUNET_IDENTITY_PROVIDER_TicketIterator iter, void *iter_cls); - - int (*get_ticket_attributes) (void* cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - GNUNET_IDENTITY_PROVIDER_TicketIterator iter, - void *iter_cls); -}; - -#if 0 /* keep Emacsens' auto-indent happy */ -{ -#endif -#ifdef __cplusplus -} -#endif - -#endif - -/** @} */ /* end of group */ diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h deleted file mode 100644 index 0c72556e8..000000000 --- a/src/include/gnunet_identity_provider_service.h +++ /dev/null @@ -1,378 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2016 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . -*/ - -/** - * @author Martin Schanzenbach - * - * @file - * Identity provider service; implements identity provider for GNUnet - * - * @defgroup identity-provider Identity Provider service - * @{ - */ -#ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H -#define GNUNET_IDENTITY_PROVIDER_SERVICE_H - -#ifdef __cplusplus -extern "C" -{ -#if 0 /* keep Emacsens' auto-indent happy */ -} -#endif -#endif - -#include "gnunet_util_lib.h" -#include "gnunet_identity_attribute_lib.h" - -/** - * Version number of GNUnet Identity Provider API. - */ -#define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000 - -/** - * Handle to access the identity service. - */ -struct GNUNET_IDENTITY_PROVIDER_Handle; - -/** - * Handle for a token. - */ -struct GNUNET_IDENTITY_PROVIDER_Token; - -/** - * The ticket - */ -struct GNUNET_IDENTITY_PROVIDER_Ticket -{ - /** - * The ticket issuer - */ - struct GNUNET_CRYPTO_EcdsaPublicKey identity; - - /** - * The ticket audience - */ - struct GNUNET_CRYPTO_EcdsaPublicKey audience; - - /** - * The ticket random (NBO) - */ - uint64_t rnd; -}; - -/** - * Handle for an operation with the identity provider service. - */ -struct GNUNET_IDENTITY_PROVIDER_Operation; - - -/** - * Connect to the identity provider service. - * - * @param cfg Configuration to contact the identity provider service. - * @return handle to communicate with identity provider service - */ -struct GNUNET_IDENTITY_PROVIDER_Handle * -GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); - -/** - * Continuation called to notify client about result of the - * operation. - * - * @param cls closure - * @param success #GNUNET_SYSERR on failure (including timeout/queue drop/failure to validate) - * #GNUNET_NO if content was already there or not found - * #GNUNET_YES (or other positive value) on success - * @param emsg NULL on success, otherwise an error message - */ -typedef void -(*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls, - int32_t success, - const char *emsg); - - -/** - * Store an attribute. If the attribute is already present, - * it is replaced with the new attribute. - * - * @param h handle to the identity provider - * @param pkey private key of the identity - * @param attr the attribute - * @param exp_interval the relative expiration interval for the attribute - * @param cont continuation to call when done - * @param cont_cls closure for @a cont - * @return handle to abort the request - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, - const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr, - const struct GNUNET_TIME_Relative *exp_interval, - GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont, - void *cont_cls); - - -/** - * Process an attribute that was stored in the idp. - * - * @param cls closure - * @param identity the identity - * @param attr the attribute - */ -typedef void -(*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr); - - - -/** - * List all attributes for a local identity. - * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle` - * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and - * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once - * immediately, and then again after - * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked. - * - * On error (disconnect), @a error_cb will be invoked. - * On normal completion, @a finish_cb proc will be - * invoked. - * - * @param h handle to the idp - * @param identity identity to access - * @param error_cb function to call on error (i.e. disconnect), - * the handle is afterwards invalid - * @param error_cb_cls closure for @a error_cb - * @param proc function to call on each attribute; it - * will be called repeatedly with a value (if available) - * @param proc_cls closure for @a proc - * @param finish_cb function to call on completion - * the handle is afterwards invalid - * @param finish_cb_cls closure for @a finish_cb - * @return an iterator handle to use for iteration - */ -struct GNUNET_IDENTITY_PROVIDER_AttributeIterator * -GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - GNUNET_SCHEDULER_TaskCallback error_cb, - void *error_cb_cls, - GNUNET_IDENTITY_PROVIDER_AttributeResult proc, - void *proc_cls, - GNUNET_SCHEDULER_TaskCallback finish_cb, - void *finish_cb_cls); - - -/** - * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start - * for the next record. - * - * @param it the iterator - */ -void -GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it); - - -/** - * Stops iteration and releases the idp handle for further calls. Must - * be called on any iteration that has not yet completed prior to calling - * #GNUNET_IDENTITY_PROVIDER_disconnect. - * - * @param it the iterator - */ -void -GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it); - - -/** - * Method called when a token has been issued. - * On success returns a ticket that can be given to the audience to retrive the - * token - * - * @param cls closure - * @param ticket the ticket - */ -typedef void -(*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); - -/** - * Issues a ticket to another identity. The identity may use - * GNUNET_IDENTITY_PROVIDER_ticket_consume to consume the ticket - * and retrieve the attributes specified in the AttributeList. - * - * @param h the identity provider to use - * @param iss the issuing identity - * @param rp the subject of the ticket (the relying party) - * @param attrs the attributes that the relying party is given access to - * @param cb the callback - * @param cb_cls the callback closure - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, - const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - GNUNET_IDENTITY_PROVIDER_TicketCallback cb, - void *cb_cls); - -/** - * Revoked an issued ticket. The relying party will be unable to retrieve - * updated attributes. - * - * @param h the identity provider to use - * @param identity the issuing identity - * @param ticket the ticket to revoke - * @param cb the callback - * @param cb_cls the callback closure - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb, - void *cb_cls); - - - -/** - * Consumes an issued ticket. The ticket is persisted - * and used to retrieve identity information from the issuer - * - * @param h the identity provider to use - * @param identity the identity that is the subject of the issued ticket (the audience) - * @param ticket the issued ticket to consume - * @param cb the callback to call - * @param cb_cls the callback closure - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - GNUNET_IDENTITY_PROVIDER_AttributeResult cb, - void *cb_cls); - -/** - * Lists all tickets that have been issued to remote - * identites (relying parties) - * - * @param h the identity provider to use - * @param identity the issuing identity - * @param error_cb function to call on error (i.e. disconnect), - * the handle is afterwards invalid - * @param error_cb_cls closure for @a error_cb - * @param proc function to call on each ticket; it - * will be called repeatedly with a value (if available) - * @param proc_cls closure for @a proc - * @param finish_cb function to call on completion - * the handle is afterwards invalid - * @param finish_cb_cls closure for @a finish_cb - * @return an iterator handle to use for iteration - */ -struct GNUNET_IDENTITY_PROVIDER_TicketIterator * -GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - GNUNET_SCHEDULER_TaskCallback error_cb, - void *error_cb_cls, - GNUNET_IDENTITY_PROVIDER_TicketCallback proc, - void *proc_cls, - GNUNET_SCHEDULER_TaskCallback finish_cb, - void *finish_cb_cls); - -/** - * Lists all tickets that have been issued to remote - * identites (relying parties) - * - * @param h the identity provider to use - * @param identity the issuing identity - * @param error_cb function to call on error (i.e. disconnect), - * the handle is afterwards invalid - * @param error_cb_cls closure for @a error_cb - * @param proc function to call on each ticket; it - * will be called repeatedly with a value (if available) - * @param proc_cls closure for @a proc - * @param finish_cb function to call on completion - * the handle is afterwards invalid - * @param finish_cb_cls closure for @a finish_cb - * @return an iterator handle to use for iteration - */ -struct GNUNET_IDENTITY_PROVIDER_TicketIterator * -GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - GNUNET_SCHEDULER_TaskCallback error_cb, - void *error_cb_cls, - GNUNET_IDENTITY_PROVIDER_TicketCallback proc, - void *proc_cls, - GNUNET_SCHEDULER_TaskCallback finish_cb, - void *finish_cb_cls); - -/** - * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start - * for the next record. - * - * @param it the iterator - */ -void -GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); - -/** - * Stops iteration and releases the idp handle for further calls. Must - * be called on any iteration that has not yet completed prior to calling - * #GNUNET_IDENTITY_PROVIDER_disconnect. - * - * @param it the iterator - */ -void -GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); - -/** - * Disconnect from identity provider service. - * - * @param h identity provider service to disconnect - */ -void -GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h); - - -/** - * Cancel an identity provider operation. Note that the operation MAY still - * be executed; this merely cancels the continuation; if the request - * was already transmitted, the service may still choose to complete - * the operation. - * - * @param op operation to cancel - */ -void -GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op); - -#if 0 /* keep Emacsens' auto-indent happy */ -{ -#endif -#ifdef __cplusplus -} -#endif - - -/* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */ -#endif - -/** @} */ /* end of group identity */ - -/* end of gnunet_identity_provider_service.h */ diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 36aa424b4..4400db7e1 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2656,35 +2656,35 @@ extern "C" * * IDENTITY PROVIDER MESSAGE TYPES */ -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE 961 +#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE 961 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE 962 +#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE 962 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START 963 +#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START 963 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP 964 +#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP 964 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT 965 +#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT 965 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 966 +#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT 966 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET 967 +#define GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET 967 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 968 +#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT 968 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET 969 +#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET 969 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT 970 +#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT 970 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 971 +#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET 971 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 972 +#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT 972 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 973 +#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START 973 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 974 +#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP 974 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 975 +#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT 975 /************************************************** * diff --git a/src/include/gnunet_reclaim_attribute_lib.h b/src/include/gnunet_reclaim_attribute_lib.h new file mode 100644 index 000000000..df5356d76 --- /dev/null +++ b/src/include/gnunet_reclaim_attribute_lib.h @@ -0,0 +1,281 @@ +/* + This file is part of GNUnet. + Copyright (C) 2017 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @author Martin Schanzenbach + * + * @file + * Identity attribute definitions + * + * @defgroup identity-provider Identity Provider service + * @{ + */ +#ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H +#define GNUNET_RECLAIM_ATTRIBUTE_LIB_H + +#ifdef __cplusplus +extern "C" +{ +#if 0 /* keep Emacsens' auto-indent happy */ +} +#endif +#endif + +#include "gnunet_util_lib.h" + + +/** + * No value attribute. + */ +#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_NONE 0 + +/** + * String attribute. + */ +#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING 1 + + + +/** + * An attribute. + */ +struct GNUNET_RECLAIM_ATTRIBUTE_Claim +{ + /** + * The name of the attribute. Note "name" must never be individually + * free'd + */ + const char* name; + + /** + * Type of Claim + */ + uint32_t type; + + /** + * Version + */ + uint32_t version; + + /** + * Number of bytes in @e data. + */ + size_t data_size; + + /** + * Binary value stored as attribute value. Note: "data" must never + * be individually 'malloc'ed, but instead always points into some + * existing data area. + */ + const void *data; + +}; + +struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList +{ + /** + * List head + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_head; + + /** + * List tail + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_tail; +}; + +struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry +{ + /** + * DLL + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *prev; + + /** + * DLL + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *next; + + /** + * The attribute claim + */ + struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim; +}; + +/** + * Create a new attribute claim. + * + * @param attr_name the attribute name + * @param type the attribute type + * @param data the attribute value + * @param data_size the attribute value size + * @return the new attribute + */ +struct GNUNET_RECLAIM_ATTRIBUTE_Claim * +GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name, + uint32_t type, + const void* data, + size_t data_size); + + +/** + * Get required size for serialization buffer + * + * @param attrs the attribute list to serialize + * + * @return the required buffer size + */ +size_t +GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs); + +void +GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs); + +void +GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + const char* attr_name, + uint32_t type, + const void* data, + size_t data_size); + +/** + * Serialize an attribute list + * + * @param attrs the attribute list to serialize + * @param result the serialized attribute + * + * @return length of serialized data + */ +size_t +GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + char *result); + +/** + * Deserialize an attribute list + * + * @param data the serialized attribute list + * @param data_size the length of the serialized data + * + * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller + */ +struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList * +GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data, + size_t data_size); + + +/** + * Get required size for serialization buffer + * + * @param attr the attribute to serialize + * + * @return the required buffer size + */ +size_t +GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr); + + + +/** + * Serialize an attribute + * + * @param attr the attribute to serialize + * @param result the serialized attribute + * + * @return length of serialized data + */ +size_t +GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr, + char *result); + +/** + * Deserialize an attribute + * + * @param data the serialized attribute + * @param data_size the length of the serialized data + * + * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller + */ +struct GNUNET_RECLAIM_ATTRIBUTE_Claim * +GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data, + size_t data_size); + +struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList* +GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs); + +/** + * Convert a type name to the corresponding number + * + * @param typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +uint32_t +GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename); + +/** + * Convert human-readable version of a 'claim' of an attribute to the binary + * representation + * + * @param type type of the claim + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +int +GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type, + const char *s, + void **data, + size_t *data_size); + +/** + * Convert the 'claim' of an attribute to a string + * + * @param type the type of attribute + * @param data claim in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the claim + */ +char * +GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type, + const void* data, + size_t data_size); + +/** + * Convert a type number to the corresponding type string + * + * @param type number of a type + * @return corresponding typestring, NULL on error + */ +const char* +GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type); + + +#if 0 /* keep Emacsens' auto-indent happy */ +{ +#endif +#ifdef __cplusplus +} +#endif + + +/* ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H */ +#endif + +/** @} */ /* end of group identity */ + +/* end of gnunet_reclaim_attribute_lib.h */ diff --git a/src/include/gnunet_reclaim_attribute_plugin.h b/src/include/gnunet_reclaim_attribute_plugin.h new file mode 100644 index 000000000..cf0bb141a --- /dev/null +++ b/src/include/gnunet_reclaim_attribute_plugin.h @@ -0,0 +1,147 @@ +/* + This file is part of GNUnet + Copyright (C) 2012, 2013 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @author Martin Schanzenbach + * + * @file + * Plugin API for the idp database backend + * + * @defgroup identity-provider-plugin IdP service plugin API + * Plugin API for the idp database backend + * @{ + */ +#ifndef GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H +#define GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H + +#include "gnunet_util_lib.h" +#include "gnunet_reclaim_attribute_lib.h" + +#ifdef __cplusplus +extern "C" +{ +#if 0 /* keep Emacsens' auto-indent happy */ +} +#endif +#endif + + +/** + * Function called to convert the binary value @a data of an attribute of + * type @a type to a human-readable string. + * + * @param cls closure + * @param type type of the attribute + * @param data value in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the value + */ +typedef char * (*GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction) (void *cls, + uint32_t type, + const void *data, + size_t data_size); + + +/** + * Function called to convert human-readable version of the value @a s + * of an attribute of type @a type to the respective binary + * representation. + * + * @param cls closure + * @param type type of the attribute + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +typedef int (*GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction) (void *cls, + uint32_t type, + const char *s, + void **data, + size_t *data_size); + + +/** + * Function called to convert a type name to the + * corresponding number. + * + * @param cls closure + * @param typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +typedef uint32_t (*GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction) (void *cls, + const char *typename); + + +/** + * Function called to convert a type number (i.e. 1) to the + * corresponding type string + * + * @param cls closure + * @param type number of a type to convert + * @return corresponding typestring, NULL on error + */ +typedef const char * (*GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction) (void *cls, + uint32_t type); + + +/** + * Each plugin is required to return a pointer to a struct of this + * type as the return value from its entry point. + */ +struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions +{ + + /** + * Closure for all of the callbacks. + */ + void *cls; + + /** + * Conversion to string. + */ + GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction value_to_string; + + /** + * Conversion to binary. + */ + GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction string_to_value; + + /** + * Typename to number. + */ + GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction typename_to_number; + + /** + * Number to typename. + */ + GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction number_to_typename; + +}; + + +#if 0 /* keep Emacsens' auto-indent happy */ +{ +#endif +#ifdef __cplusplus +} +#endif + +#endif + +/** @} */ /* end of group */ diff --git a/src/include/gnunet_reclaim_plugin.h b/src/include/gnunet_reclaim_plugin.h new file mode 100644 index 000000000..c400af64c --- /dev/null +++ b/src/include/gnunet_reclaim_plugin.h @@ -0,0 +1,121 @@ +/* + This file is part of GNUnet + Copyright (C) 2012, 2013 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @author Martin Schanzenbach + * + * @file + * Plugin API for the idp database backend + * + * @defgroup reclaim-plugin IdP service plugin API + * Plugin API for the idp database backend + * @{ + */ +#ifndef GNUNET_RECLAIM_PLUGIN_H +#define GNUNET_RECLAIM_PLUGIN_H + +#include "gnunet_util_lib.h" +#include "gnunet_reclaim_service.h" + +#ifdef __cplusplus +extern "C" +{ +#if 0 /* keep Emacsens' auto-indent happy */ +} +#endif +#endif + + +/** + * Function called by for each matching ticket. + * + * @param cls closure + * @param ticket the ticket + */ +typedef void (*GNUNET_RECLAIM_TicketIterator) (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs); + + +/** + * @brief struct returned by the initialization function of the plugin + */ +struct GNUNET_RECLAIM_PluginFunctions +{ + + /** + * Closure to pass to all plugin functions. + */ + void *cls; + + /** + * Store a ticket in the database. + * + * @param cls closure (internal context for the plugin) + * @param ticket the ticket to store + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ + int (*store_ticket) (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs); + + /** + * Delete a ticket from the database. + * + * @param cls closure (internal context for the plugin) + * @param ticket the ticket to store + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ + int (*delete_ticket) (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket); + + + + /** + * Iterate over all tickets + * + * @param cls closure (internal context for the plugin) + * @param identity the identity + * @param audience GNUNET_YES if the identity is the audience of the ticket + * else it is considered the issuer + * @param iter function to call with the result + * @param iter_cls closure for @a iter + * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error + */ + int (*iterate_tickets) (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + int audience, + uint64_t offset, + GNUNET_RECLAIM_TicketIterator iter, void *iter_cls); + + int (*get_ticket_attributes) (void* cls, + const struct GNUNET_RECLAIM_Ticket *ticket, + GNUNET_RECLAIM_TicketIterator iter, + void *iter_cls); +}; + +#if 0 /* keep Emacsens' auto-indent happy */ +{ +#endif +#ifdef __cplusplus +} +#endif + +#endif + +/** @} */ /* end of group */ diff --git a/src/include/gnunet_reclaim_service.h b/src/include/gnunet_reclaim_service.h new file mode 100644 index 000000000..7e668cd62 --- /dev/null +++ b/src/include/gnunet_reclaim_service.h @@ -0,0 +1,378 @@ +/* + This file is part of GNUnet. + Copyright (C) 2016 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @author Martin Schanzenbach + * + * @file + * Identity provider service; implements identity provider for GNUnet + * + * @defgroup reclaim Identity Provider service + * @{ + */ +#ifndef GNUNET_RECLAIM_SERVICE_H +#define GNUNET_RECLAIM_SERVICE_H + +#ifdef __cplusplus +extern "C" +{ +#if 0 /* keep Emacsens' auto-indent happy */ +} +#endif +#endif + +#include "gnunet_util_lib.h" +#include "gnunet_reclaim_attribute_lib.h" + +/** + * Version number of GNUnet Identity Provider API. + */ +#define GNUNET_RECLAIM_VERSION 0x00000000 + +/** + * Handle to access the identity service. + */ +struct GNUNET_RECLAIM_Handle; + +/** + * Handle for a token. + */ +struct GNUNET_RECLAIM_Token; + +/** + * The ticket + */ +struct GNUNET_RECLAIM_Ticket +{ + /** + * The ticket issuer + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity; + + /** + * The ticket audience + */ + struct GNUNET_CRYPTO_EcdsaPublicKey audience; + + /** + * The ticket random (NBO) + */ + uint64_t rnd; +}; + +/** + * Handle for an operation with the identity provider service. + */ +struct GNUNET_RECLAIM_Operation; + + +/** + * Connect to the identity provider service. + * + * @param cfg Configuration to contact the identity provider service. + * @return handle to communicate with identity provider service + */ +struct GNUNET_RECLAIM_Handle * +GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); + +/** + * Continuation called to notify client about result of the + * operation. + * + * @param cls closure + * @param success #GNUNET_SYSERR on failure (including timeout/queue drop/failure to validate) + * #GNUNET_NO if content was already there or not found + * #GNUNET_YES (or other positive value) on success + * @param emsg NULL on success, otherwise an error message + */ +typedef void +(*GNUNET_RECLAIM_ContinuationWithStatus) (void *cls, + int32_t success, + const char *emsg); + + +/** + * Store an attribute. If the attribute is already present, + * it is replaced with the new attribute. + * + * @param h handle to the identity provider + * @param pkey private key of the identity + * @param attr the attribute + * @param exp_interval the relative expiration interval for the attribute + * @param cont continuation to call when done + * @param cont_cls closure for @a cont + * @return handle to abort the request + */ +struct GNUNET_RECLAIM_Operation * +GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, + const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr, + const struct GNUNET_TIME_Relative *exp_interval, + GNUNET_RECLAIM_ContinuationWithStatus cont, + void *cont_cls); + + +/** + * Process an attribute that was stored in the idp. + * + * @param cls closure + * @param identity the identity + * @param attr the attribute + */ +typedef void +(*GNUNET_RECLAIM_AttributeResult) (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr); + + + +/** + * List all attributes for a local identity. + * This MUST lock the `struct GNUNET_RECLAIM_Handle` + * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and + * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once + * immediately, and then again after + * #GNUNET_RECLAIM_get_attributes_next() is invoked. + * + * On error (disconnect), @a error_cb will be invoked. + * On normal completion, @a finish_cb proc will be + * invoked. + * + * @param h handle to the idp + * @param identity identity to access + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each attribute; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_RECLAIM_AttributeIterator * +GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_RECLAIM_AttributeResult proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls); + + +/** + * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start + * for the next record. + * + * @param it the iterator + */ +void +GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it); + + +/** + * Stops iteration and releases the idp handle for further calls. Must + * be called on any iteration that has not yet completed prior to calling + * #GNUNET_RECLAIM_disconnect. + * + * @param it the iterator + */ +void +GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it); + + +/** + * Method called when a token has been issued. + * On success returns a ticket that can be given to the audience to retrive the + * token + * + * @param cls closure + * @param ticket the ticket + */ +typedef void +(*GNUNET_RECLAIM_TicketCallback)(void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket); + +/** + * Issues a ticket to another identity. The identity may use + * GNUNET_RECLAIM_ticket_consume to consume the ticket + * and retrieve the attributes specified in the AttributeList. + * + * @param h the identity provider to use + * @param iss the issuing identity + * @param rp the subject of the ticket (the relying party) + * @param attrs the attributes that the relying party is given access to + * @param cb the callback + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_RECLAIM_Operation * +GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, + const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + GNUNET_RECLAIM_TicketCallback cb, + void *cb_cls); + +/** + * Revoked an issued ticket. The relying party will be unable to retrieve + * updated attributes. + * + * @param h the identity provider to use + * @param identity the issuing identity + * @param ticket the ticket to revoke + * @param cb the callback + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_RECLAIM_Operation * +GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_RECLAIM_Ticket *ticket, + GNUNET_RECLAIM_ContinuationWithStatus cb, + void *cb_cls); + + + +/** + * Consumes an issued ticket. The ticket is persisted + * and used to retrieve identity information from the issuer + * + * @param h the identity provider to use + * @param identity the identity that is the subject of the issued ticket (the audience) + * @param ticket the issued ticket to consume + * @param cb the callback to call + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_RECLAIM_Operation * +GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_RECLAIM_Ticket *ticket, + GNUNET_RECLAIM_AttributeResult cb, + void *cb_cls); + +/** + * Lists all tickets that have been issued to remote + * identites (relying parties) + * + * @param h the identity provider to use + * @param identity the issuing identity + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each ticket; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_RECLAIM_TicketIterator * +GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_RECLAIM_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls); + +/** + * Lists all tickets that have been issued to remote + * identites (relying parties) + * + * @param h the identity provider to use + * @param identity the issuing identity + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each ticket; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_RECLAIM_TicketIterator * +GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_RECLAIM_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls); + +/** + * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start + * for the next record. + * + * @param it the iterator + */ +void +GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it); + +/** + * Stops iteration and releases the idp handle for further calls. Must + * be called on any iteration that has not yet completed prior to calling + * #GNUNET_RECLAIM_disconnect. + * + * @param it the iterator + */ +void +GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it); + +/** + * Disconnect from identity provider service. + * + * @param h identity provider service to disconnect + */ +void +GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h); + + +/** + * Cancel an identity provider operation. Note that the operation MAY still + * be executed; this merely cancels the continuation; if the request + * was already transmitted, the service may still choose to complete + * the operation. + * + * @param op operation to cancel + */ +void +GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op); + +#if 0 /* keep Emacsens' auto-indent happy */ +{ +#endif +#ifdef __cplusplus +} +#endif + + +/* ifndef GNUNET_RECLAIM_SERVICE_H */ +#endif + +/** @} */ /* end of group identity */ + +/* end of gnunet_reclaim_service.h */ diff --git a/src/reclaim-attribute/Makefile.am b/src/reclaim-attribute/Makefile.am new file mode 100644 index 000000000..7db2925b1 --- /dev/null +++ b/src/reclaim-attribute/Makefile.am @@ -0,0 +1,44 @@ +# This Makefile.am is in the public domain +AM_CPPFLAGS = -I$(top_srcdir)/src/include + +plugindir = $(libdir)/gnunet + +pkgcfgdir= $(pkgdatadir)/config.d/ + +libexecdir= $(pkglibdir)/libexec/ + +if MINGW + WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols +endif + +if USE_COVERAGE + AM_CFLAGS = --coverage -O0 + XLIBS = -lgcov +endif + +lib_LTLIBRARIES = \ + libgnunetreclaimattribute.la + +libgnunetreclaimattribute_la_SOURCES = \ + reclaim_attribute.c +libgnunetreclaimattribute_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(GN_LIBINTL) +libgnunetreclaimattribute_la_LDFLAGS = \ + $(GN_LIB_LDFLAGS) $(WINFLAGS) \ + -version-info 0:0:0 + + +plugin_LTLIBRARIES = \ + libgnunet_plugin_reclaim_attribute_gnuid.la + + +libgnunet_plugin_reclaim_attribute_gnuid_la_SOURCES = \ + plugin_reclaim_attribute_gnuid.c +libgnunet_plugin_reclaim_attribute_gnuid_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(LTLIBINTL) +libgnunet_plugin_reclaim_attribute_gnuid_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + + diff --git a/src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c b/src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c new file mode 100644 index 000000000..48afc0732 --- /dev/null +++ b/src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c @@ -0,0 +1,182 @@ +/* + This file is part of GNUnet + Copyright (C) 2013, 2014, 2016 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @file reclaim-attribute/plugin_reclaim_attribute_gnuid.c + * @brief identity attribute plugin to provide the API for fundamental + * attribute types. + * + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_reclaim_attribute_plugin.h" +#include + + +/** + * Convert the 'value' of an attribute to a string. + * + * @param cls closure, unused + * @param type type of the attribute + * @param data value in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the value + */ +static char * +gnuid_value_to_string (void *cls, + uint32_t type, + const void *data, + size_t data_size) +{ + + switch (type) + { + case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING: + return GNUNET_strndup (data, data_size); + default: + return NULL; + } +} + + +/** + * Convert human-readable version of a 'value' of an attribute to the binary + * representation. + * + * @param cls closure, unused + * @param type type of the attribute + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +static int +gnuid_string_to_value (void *cls, + uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + if (NULL == s) + return GNUNET_SYSERR; + switch (type) + { + + case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING: + *data = GNUNET_strdup (s); + *data_size = strlen (s); + return GNUNET_OK; + default: + return GNUNET_SYSERR; + } +} + + +/** + * Mapping of attribute type numbers to human-readable + * attribute type names. + */ +static struct { + const char *name; + uint32_t number; +} gnuid_name_map[] = { + { "STRING", GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING }, + { NULL, UINT32_MAX } +}; + + +/** + * Convert a type name to the corresponding number. + * + * @param cls closure, unused + * @param gnuid_typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +static uint32_t +gnuid_typename_to_number (void *cls, + const char *gnuid_typename) +{ + unsigned int i; + + i=0; + while ( (NULL != gnuid_name_map[i].name) && + (0 != strcasecmp (gnuid_typename, + gnuid_name_map[i].name)) ) + i++; + return gnuid_name_map[i].number; +} + + +/** + * Convert a type number (i.e. 1) to the corresponding type string + * + * @param cls closure, unused + * @param type number of a type to convert + * @return corresponding typestring, NULL on error + */ +static const char * +gnuid_number_to_typename (void *cls, + uint32_t type) +{ + unsigned int i; + + i=0; + while ( (NULL != gnuid_name_map[i].name) && + (type != gnuid_name_map[i].number) ) + i++; + return gnuid_name_map[i].name; +} + + +/** + * Entry point for the plugin. + * + * @param cls NULL + * @return the exported block API + */ +void * +libgnunet_plugin_reclaim_attribute_gnuid_init (void *cls) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api; + + api = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions); + api->value_to_string = &gnuid_value_to_string; + api->string_to_value = &gnuid_string_to_value; + api->typename_to_number = &gnuid_typename_to_number; + api->number_to_typename = &gnuid_number_to_typename; + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the return value from #libgnunet_plugin_block_test_init() + * @return NULL + */ +void * +libgnunet_plugin_reclaim_attribute_gnuid_done (void *cls) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = cls; + + GNUNET_free (api); + return NULL; +} + +/* end of plugin_reclaim_attribute_type_gnuid.c */ diff --git a/src/reclaim-attribute/reclaim_attribute.c b/src/reclaim-attribute/reclaim_attribute.c new file mode 100644 index 000000000..74d668ea8 --- /dev/null +++ b/src/reclaim-attribute/reclaim_attribute.c @@ -0,0 +1,444 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ + +/** + * @file reclaim-attribute/reclaim_attribute.c + * @brief helper library to manage identity attributes + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "reclaim_attribute.h" +#include "gnunet_reclaim_attribute_plugin.h" + +/** + * Handle for a plugin + */ +struct Plugin +{ + /** + * Name of the plugin + */ + char *library_name; + + /** + * Plugin API + */ + struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api; +}; + +/** + * Plugins + */ +static struct Plugin **attr_plugins; + +/** + * Number of plugins + */ +static unsigned int num_plugins; + +/** + * Init canary + */ +static int initialized; + +/** + * Add a plugin + */ +static void +add_plugin (void* cls, + const char *library_name, + void *lib_ret) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = lib_ret; + struct Plugin *plugin; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Loading attribute plugin `%s'\n", + library_name); + plugin = GNUNET_new (struct Plugin); + plugin->api = api; + plugin->library_name = GNUNET_strdup (library_name); + GNUNET_array_append (attr_plugins, num_plugins, plugin); +} + +/** + * Load plugins + */ +static void +init() +{ + if (GNUNET_YES == initialized) + return; + initialized = GNUNET_YES; + GNUNET_PLUGIN_load_all ("libgnunet_plugin_reclaim_attribute_", NULL, + &add_plugin, NULL); +} + +/** + * Convert a type name to the corresponding number + * + * @param typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +uint32_t +GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename) +{ + unsigned int i; + struct Plugin *plugin; + uint32_t ret; + + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = attr_plugins[i]; + if (UINT32_MAX != (ret = plugin->api->typename_to_number (plugin->api->cls, + typename))) + return ret; + } + return UINT32_MAX; +} + +/** + * Convert a type number to the corresponding type string + * + * @param type number of a type + * @return corresponding typestring, NULL on error + */ +const char* +GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type) +{ + unsigned int i; + struct Plugin *plugin; + const char *ret; + + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = attr_plugins[i]; + if (NULL != (ret = plugin->api->number_to_typename (plugin->api->cls, + type))) + return ret; + } + return NULL; +} + +/** + * Convert human-readable version of a 'claim' of an attribute to the binary + * representation + * + * @param type type of the claim + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +int +GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + unsigned int i; + struct Plugin *plugin; + + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = attr_plugins[i]; + if (GNUNET_OK == plugin->api->string_to_value (plugin->api->cls, + type, + s, + data, + data_size)) + return GNUNET_OK; + } + return GNUNET_SYSERR; +} + +/** + * Convert the 'claim' of an attribute to a string + * + * @param type the type of attribute + * @param data claim in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the claim + */ +char * +GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type, + const void* data, + size_t data_size) +{ + unsigned int i; + struct Plugin *plugin; + char *ret; + + init(); + for (i = 0; i < num_plugins; i++) + { + plugin = attr_plugins[i]; + if (NULL != (ret = plugin->api->value_to_string (plugin->api->cls, + type, + data, + data_size))) + return ret; + } + return NULL; +} + +/** + * Create a new attribute. + * + * @param attr_name the attribute name + * @param type the attribute type + * @param data the attribute value + * @param data_size the attribute value size + * @return the new attribute + */ +struct GNUNET_RECLAIM_ATTRIBUTE_Claim * +GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name, + uint32_t type, + const void* data, + size_t data_size) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr; + char *write_ptr; + + attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim) + + strlen (attr_name) + 1 + + data_size); + attr->type = type; + attr->data_size = data_size; + attr->version = 0; + write_ptr = (char*)&attr[1]; + GNUNET_memcpy (write_ptr, + attr_name, + strlen (attr_name) + 1); + attr->name = write_ptr; + write_ptr += strlen (attr->name) + 1; + GNUNET_memcpy (write_ptr, + data, + data_size); + attr->data = write_ptr; + return attr; +} + +/** + * Add a new claim list entry. + * + * @param claim_list the attribute name + * @param attr_name the attribute name + * @param type the attribute type + * @param data the attribute value + * @param data_size the attribute value size + * @return + */ +void +GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *claim_list, + const char* attr_name, + uint32_t type, + const void* data, + size_t data_size) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); + le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name, + type, + data, + data_size); + GNUNET_CONTAINER_DLL_insert (claim_list->list_head, + claim_list->list_tail, + le); +} + +size_t +GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + size_t len = 0; + for (le = attrs->list_head; NULL != le; le = le->next) + len += GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim); + return len; +} + +size_t +GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + char *result) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + size_t len; + size_t total_len; + char* write_ptr; + + write_ptr = result; + total_len = 0; + for (le = attrs->list_head; NULL != le; le = le->next) + { + len = GNUNET_RECLAIM_ATTRIBUTE_serialize (le->claim, + write_ptr); + total_len += len; + write_ptr += len; + } + return total_len; +} + +struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList * +GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data, + size_t data_size) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + size_t attr_len; + const char* read_ptr; + + if (data_size < sizeof (struct Attribute)) + return NULL; + + attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); + read_ptr = data; + while (((data + data_size) - read_ptr) >= sizeof (struct Attribute)) + { + + le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); + le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (read_ptr, + data_size - (read_ptr - data)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Deserialized attribute %s\n", le->claim->name); + GNUNET_CONTAINER_DLL_insert (attrs->list_head, + attrs->list_tail, + le); + attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim); + read_ptr += attr_len; + } + return attrs; +} + +struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList* +GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *result_le; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *result; + + result = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); + for (le = attrs->list_head; NULL != le; le = le->next) + { + result_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); + result_le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (le->claim->name, + le->claim->type, + le->claim->data, + le->claim->data_size); + GNUNET_CONTAINER_DLL_insert (result->list_head, + result->list_tail, + result_le); + } + return result; +} + + +void +GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *tmp_le; + + for (le = attrs->list_head; NULL != le;) + { + GNUNET_free (le->claim); + tmp_le = le; + le = le->next; + GNUNET_free (tmp_le); + } + GNUNET_free (attrs); + +} + +size_t +GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) +{ + return sizeof (struct Attribute) + + strlen (attr->name) + + attr->data_size; +} + +size_t +GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr, + char *result) +{ + size_t data_len_ser; + size_t name_len; + struct Attribute *attr_ser; + char* write_ptr; + + attr_ser = (struct Attribute*)result; + attr_ser->attribute_type = htons (attr->type); + attr_ser->attribute_version = htonl (attr->version); + name_len = strlen (attr->name); + attr_ser->name_len = htons (name_len); + write_ptr = (char*)&attr_ser[1]; + GNUNET_memcpy (write_ptr, attr->name, name_len); + write_ptr += name_len; + //TODO plugin-ize + //data_len_ser = plugin->serialize_attribute_value (attr, + // &attr_ser[1]); + data_len_ser = attr->data_size; + GNUNET_memcpy (write_ptr, attr->data, attr->data_size); + attr_ser->data_size = htons (data_len_ser); + + return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size; +} + +struct GNUNET_RECLAIM_ATTRIBUTE_Claim * +GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data, + size_t data_size) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr; + struct Attribute *attr_ser; + size_t data_len; + size_t name_len; + char* write_ptr; + + if (data_size < sizeof (struct Attribute)) + return NULL; + + attr_ser = (struct Attribute*)data; + data_len = ntohs (attr_ser->data_size); + name_len = ntohs (attr_ser->name_len); + attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim) + + data_len + name_len + 1); + attr->type = ntohs (attr_ser->attribute_type); + attr->version = ntohl (attr_ser->attribute_version); + attr->data_size = ntohs (attr_ser->data_size); + + write_ptr = (char*)&attr[1]; + GNUNET_memcpy (write_ptr, + &attr_ser[1], + name_len); + write_ptr[name_len] = '\0'; + attr->name = write_ptr; + + write_ptr += name_len + 1; + GNUNET_memcpy (write_ptr, + (char*)&attr_ser[1] + name_len, + attr->data_size); + attr->data = write_ptr; + return attr; + +} + +/* end of reclaim_attribute.c */ diff --git a/src/reclaim-attribute/reclaim_attribute.h b/src/reclaim-attribute/reclaim_attribute.h new file mode 100644 index 000000000..746d32980 --- /dev/null +++ b/src/reclaim-attribute/reclaim_attribute.h @@ -0,0 +1,54 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ +/** + * @author Martin Schanzenbach + * @file reclaim-attribute/reclaim_attribute.h + * @brief GNUnet reclaim identity attributes + * + */ +#ifndef RECLAIM_ATTRIBUTE_H +#define RECLAIM_ATTRIBUTE_H + +#include "gnunet_reclaim_service.h" + +struct Attribute +{ + /** + * Attribute type + */ + uint32_t attribute_type; + + /** + * Attribute version + */ + uint32_t attribute_version; + + /** + * Name length + */ + uint32_t name_len; + + /** + * Data size + */ + uint32_t data_size; + + //followed by data_size Attribute value data +}; + +#endif diff --git a/src/reclaim/.gitignore b/src/reclaim/.gitignore new file mode 100644 index 000000000..ef77fccdc --- /dev/null +++ b/src/reclaim/.gitignore @@ -0,0 +1,2 @@ +gnunet-service-identity-provider +gnunet-identity-token diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am new file mode 100644 index 000000000..c13c68763 --- /dev/null +++ b/src/reclaim/Makefile.am @@ -0,0 +1,140 @@ +# This Makefile.am is in the public domain +AM_CPPFLAGS = -I$(top_srcdir)/src/include + + plugindir = $(libdir)/gnunet + +if MINGW + WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols +endif + +if USE_COVERAGE + AM_CFLAGS = --coverage -O0 + XLIB = -lgcov +endif + +if HAVE_SQLITE +SQLITE_PLUGIN = libgnunet_plugin_reclaim_sqlite.la +endif + +EXTRA_DIST = \ + test_reclaim_defaults.conf \ + test_reclaim.conf \ + $(check_SCRIPTS) + +pkgcfgdir= $(pkgdatadir)/config.d/ + +libexecdir= $(pkglibdir)/libexec/ + +pkgcfg_DATA = \ + reclaim.conf + +lib_LTLIBRARIES = \ + libgnunetidentityprovider.la +plugin_LTLIBRARIES = \ + libgnunet_plugin_rest_reclaim.la \ + libgnunet_plugin_rest_openid_connect.la \ + libgnunet_plugin_gnsrecord_reclaim.la \ + $(SQLITE_PLUGIN) + +bin_PROGRAMS = \ + gnunet-reclaim + +libexec_PROGRAMS = \ + gnunet-service-reclaim + +libgnunet_plugin_gnsrecord_reclaim_la_SOURCES = \ + plugin_gnsrecord_reclaim.c +libgnunet_plugin_gnsrecord_reclaim_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(LTLIBINTL) +libgnunet_plugin_gnsrecord_reclaim_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + +libgnunet_plugin_reclaim_sqlite_la_SOURCES = \ + plugin_reclaim_sqlite.c +libgnunet_plugin_reclaim_sqlite_la_LIBADD = \ + libgnunetidentityprovider.la \ + $(top_builddir)/src/sq/libgnunetsq.la \ + $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \ + $(LTLIBINTL) +libgnunet_plugin_reclaim_sqlite_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + + + +gnunet_service_reclaim_SOURCES = \ + gnunet-service-reclaim.c +gnunet_service_reclaim_LDADD = \ + $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/namestore/libgnunetnamestore.la \ + $(top_builddir)/src/identity/libgnunetidentity.la \ + $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/abe/libgnunetabe.la \ + $(top_builddir)/src/credential/libgnunetcredential.la \ + $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \ + libgnunetidentityprovider.la \ + $(top_builddir)/src/gns/libgnunetgns.la \ + $(GN_LIBINTL) + +libgnunetidentityprovider_la_SOURCES = \ + reclaim_api.c \ + reclaim.h +libgnunetidentityprovider_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(GN_LIBINTL) $(XLIB) +libgnunetidentityprovider_la_LDFLAGS = \ + $(GN_LIB_LDFLAGS) $(WINFLAGS) \ + -version-info 0:0:0 + +libgnunet_plugin_rest_reclaim_la_SOURCES = \ + plugin_rest_reclaim.c \ + jwt.c +libgnunet_plugin_rest_reclaim_la_LIBADD = \ + $(top_builddir)/src/identity/libgnunetidentity.la \ + libgnunetidentityprovider.la \ + $(top_builddir)/src/rest/libgnunetrest.la \ + $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ + $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \ + $(top_builddir)/src/namestore/libgnunetnamestore.la \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ + $(LTLIBINTL) -ljansson -lmicrohttpd +libgnunet_plugin_rest_reclaim_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + +libgnunet_plugin_rest_openid_connect_la_SOURCES = \ + plugin_rest_openid_connect.c \ + jwt.c +libgnunet_plugin_rest_openid_connect_la_LIBADD = \ + $(top_builddir)/src/identity/libgnunetidentity.la \ + libgnunetidentityprovider.la \ + $(top_builddir)/src/rest/libgnunetrest.la \ + $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ + $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \ + $(top_builddir)/src/namestore/libgnunetnamestore.la \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ + $(LTLIBINTL) -ljansson -lmicrohttpd +libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + +gnunet_reclaim_SOURCES = \ + gnunet-reclaim.c +gnunet_reclaim_LDADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/namestore/libgnunetnamestore.la \ + libgnunetidentityprovider.la \ + $(top_builddir)/src/identity/libgnunetidentity.la \ + $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \ + $(GN_LIBINTL) + +check_SCRIPTS = \ + test_reclaim_attribute.sh \ + test_reclaim_issue.sh \ + test_reclaim_consume.sh \ + test_reclaim_revoke.sh + +if ENABLE_TEST_RUN + AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME; + TESTS = $(check_SCRIPTS) +endif diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c new file mode 100644 index 000000000..9947eac6d --- /dev/null +++ b/src/reclaim/gnunet-reclaim.c @@ -0,0 +1,517 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ +/** + * @author Martin Schanzenbach + * @file src/reclaim/gnunet-reclaim.c + * @brief Identity Provider utility + * + */ + +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_namestore_service.h" +#include "gnunet_reclaim_service.h" +#include "gnunet_identity_service.h" +#include "gnunet_signatures.h" + +/** + * return value + */ +static int ret; + +/** + * List attribute flag + */ +static int list; + +/** + * Relying party + */ +static char* rp; + +/** + * The attribute + */ +static char* attr_name; + +/** + * Attribute value + */ +static char* attr_value; + +/** + * Attributes to issue + */ +static char* issue_attrs; + +/** + * Ticket to consume + */ +static char* consume_ticket; + +/** + * Attribute type + */ +static char* type_str; + +/** + * Ticket to revoke + */ +static char* revoke_ticket; + +/** + * Ego name + */ +static char* ego_name; + +/** + * Identity handle + */ +static struct GNUNET_IDENTITY_Handle *identity_handle; + +/** + * reclaim handle + */ +static struct GNUNET_RECLAIM_Handle *reclaim_handle; + +/** + * reclaim operation + */ +static struct GNUNET_RECLAIM_Operation *reclaim_op; + +/** + * Attribute iterator + */ +static struct GNUNET_RECLAIM_AttributeIterator *attr_iterator; + +/** + * Master ABE key + */ +static struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + +/** + * ego private key + */ +static const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey; + +/** + * rp public key + */ +static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key; + +/** + * Ticket to consume + */ +static struct GNUNET_RECLAIM_Ticket ticket; + +/** + * Attribute list + */ +static struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list; + +/** + * Attribute expiration interval + */ +static struct GNUNET_TIME_Relative exp_interval; + +/** + * Timeout task + */ +static struct GNUNET_SCHEDULER_Task *timeout; + +static void +do_cleanup(void *cls) +{ + if (NULL != timeout) + GNUNET_SCHEDULER_cancel (timeout); + if (NULL != reclaim_op) + GNUNET_RECLAIM_cancel (reclaim_op); + if (NULL != attr_iterator) + GNUNET_RECLAIM_get_attributes_stop (attr_iterator); + if (NULL != reclaim_handle) + GNUNET_RECLAIM_disconnect (reclaim_handle); + if (NULL != identity_handle) + GNUNET_IDENTITY_disconnect (identity_handle); + if (NULL != abe_key) + GNUNET_free (abe_key); + if (NULL != attr_list) + GNUNET_free (attr_list); +} + +static void +ticket_issue_cb (void* cls, + const struct GNUNET_RECLAIM_Ticket *ticket) +{ + char* ticket_str; + reclaim_op = NULL; + if (NULL != ticket) { + ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + printf("%s\n", + ticket_str); + GNUNET_free (ticket_str); + } + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +store_attr_cont (void *cls, + int32_t success, + const char*emsg) +{ + reclaim_op = NULL; + if (GNUNET_SYSERR == success) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "%s\n", emsg); + } + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +process_attrs (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) +{ + char *value_str; + if (NULL == identity) + { + reclaim_op = NULL; + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + return; + } + if (NULL == attr) + { + ret = 1; + return; + } + value_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, + attr->data, + attr->data_size); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "%s: %s\n", attr->name, value_str); +} + + +static void +iter_error (void *cls) +{ + attr_iterator = NULL; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to iterate over attributes\n"); + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +timeout_task (void *cls) +{ + timeout = NULL; + ret = 1; + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Timeout\n"); + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +process_rvk (void *cls, int success, const char* msg) +{ + reclaim_op = NULL; + if (GNUNET_OK != success) + { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Revocation failed.\n"); + ret = 1; + } + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +iter_finished (void *cls) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim; + char *data; + size_t data_size; + int type; + + attr_iterator = NULL; + if (list) + { + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + return; + } + + if (issue_attrs) + { + reclaim_op = GNUNET_RECLAIM_ticket_issue (reclaim_handle, + pkey, + &rp_key, + attr_list, + &ticket_issue_cb, + NULL); + return; + } + if (consume_ticket) + { + reclaim_op = GNUNET_RECLAIM_ticket_consume (reclaim_handle, + pkey, + &ticket, + &process_attrs, + NULL); + timeout = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10), + &timeout_task, + NULL); + return; + } + if (revoke_ticket) + { + reclaim_op = GNUNET_RECLAIM_ticket_revoke (reclaim_handle, + pkey, + &ticket, + &process_rvk, + NULL); + return; + } + if (attr_name) + { + if (NULL == type_str) + type = GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING; + else + type = GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (type_str); + + GNUNET_assert (GNUNET_SYSERR != GNUNET_RECLAIM_ATTRIBUTE_string_to_value (type, + attr_value, + (void**)&data, + &data_size)); + claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name, + type, + data, + data_size); + reclaim_op = GNUNET_RECLAIM_attribute_store (reclaim_handle, + pkey, + claim, + &exp_interval, + &store_attr_cont, + NULL); + return; + } + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +iter_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + char *attrs_tmp; + char *attr_str; + + if (issue_attrs) + { + attrs_tmp = GNUNET_strdup (issue_attrs); + attr_str = strtok (attrs_tmp, ","); + while (NULL != attr_str) { + if (0 != strcmp (attr_str, attr->name)) { + attr_str = strtok (NULL, ","); + continue; + } + le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); + le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, + attr->type, + attr->data, + attr->data_size); + GNUNET_CONTAINER_DLL_insert (attr_list->list_head, + attr_list->list_tail, + le); + break; + } + GNUNET_free (attrs_tmp); + } else if (list) { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "%s: %s\n", attr->name, (char*)attr->data); + } + GNUNET_RECLAIM_get_attributes_next (attr_iterator); +} + +static void +ego_iter_finished (void *cls) +{ + if (NULL == pkey) + { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Ego %s not found\n", ego_name); + return; + } + + if (NULL != rp) + GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, + strlen (rp), + &rp_key); + if (NULL != consume_ticket) + GNUNET_STRINGS_string_to_data (consume_ticket, + strlen (consume_ticket), + &ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + if (NULL != revoke_ticket) + GNUNET_STRINGS_string_to_data (revoke_ticket, + strlen (revoke_ticket), + &ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + + + attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); + + attr_iterator = GNUNET_RECLAIM_get_attributes_start (reclaim_handle, + pkey, + &iter_error, + NULL, + &iter_cb, + NULL, + &iter_finished, + NULL); + + +} + +static int init = GNUNET_YES; + +static void +ego_cb (void *cls, + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *name) +{ + if (NULL == name) { + if (GNUNET_YES == init) { + init = GNUNET_NO; + GNUNET_SCHEDULER_add_now (&ego_iter_finished, NULL); + } + return; + } + if (0 != strcmp (name, ego_name)) + return; + pkey = GNUNET_IDENTITY_ego_get_private_key (ego); +} + + +static void +run (void *cls, + char *const *args, + const char *cfgfile, + const struct GNUNET_CONFIGURATION_Handle *c) +{ + ret = 0; + if (NULL == ego_name) + { + ret = 1; + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + _("Ego is required\n")); + return; + } + + if ( (NULL == attr_value) && (NULL != attr_name) ) + { + ret = 1; + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + _("Attribute value missing!\n")); + return; + } + + if ( (NULL == rp) && (NULL != issue_attrs) ) + { + ret = 1; + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + _("Requesting party key is required!\n")); + return; + } + + reclaim_handle = GNUNET_RECLAIM_connect (c); + //Get Ego + identity_handle = GNUNET_IDENTITY_connect (c, + &ego_cb, + NULL); + + +} + + +int +main(int argc, char *const argv[]) +{ + exp_interval = GNUNET_TIME_UNIT_HOURS; + struct GNUNET_GETOPT_CommandLineOption options[] = { + + GNUNET_GETOPT_option_string ('a', + "add", + NULL, + gettext_noop ("Add attribute"), + &attr_name), + + GNUNET_GETOPT_option_string ('V', + "value", + NULL, + gettext_noop ("Attribute value"), + &attr_value), + GNUNET_GETOPT_option_string ('e', + "ego", + NULL, + gettext_noop ("Ego"), + &ego_name), + GNUNET_GETOPT_option_string ('r', + "rp", + NULL, + gettext_noop ("Audience (relying party)"), + &rp), + GNUNET_GETOPT_option_flag ('D', + "dump", + gettext_noop ("List attributes for Ego"), + &list), + GNUNET_GETOPT_option_string ('i', + "issue", + NULL, + gettext_noop ("Issue a ticket"), + &issue_attrs), + GNUNET_GETOPT_option_string ('C', + "consume", + NULL, + gettext_noop ("Consume a ticket"), + &consume_ticket), + GNUNET_GETOPT_option_string ('R', + "revoke", + NULL, + gettext_noop ("Revoke a ticket"), + &revoke_ticket), + GNUNET_GETOPT_option_string ('t', + "type", + NULL, + gettext_noop ("Type of attribute"), + &type_str), + GNUNET_GETOPT_option_relative_time ('E', + "expiration", + NULL, + gettext_noop ("Expiration interval of the attribute"), + &exp_interval), + + GNUNET_GETOPT_OPTION_END + }; + if (GNUNET_OK != GNUNET_PROGRAM_run (argc, argv, "ct", + "ct", options, + &run, NULL)) + return 1; + else + return ret; +} diff --git a/src/reclaim/gnunet-service-reclaim.c b/src/reclaim/gnunet-service-reclaim.c new file mode 100644 index 000000000..bf8780a92 --- /dev/null +++ b/src/reclaim/gnunet-service-reclaim.c @@ -0,0 +1,2786 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ +/** + * @author Martin Schanzenbach + * @file src/reclaim/gnunet-service-reclaim.c + * @brief reclaim Service + * + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_constants.h" +#include "gnunet_protocols.h" +#include "gnunet_identity_service.h" +#include "gnunet_gnsrecord_lib.h" +#include "gnunet_namestore_service.h" +#include "gnunet_abe_lib.h" +#include "gnunet_credential_service.h" +#include "gnunet_statistics_service.h" +#include "gnunet_gns_service.h" +#include "gnunet_reclaim_plugin.h" +#include "gnunet_reclaim_attribute_lib.h" +#include "gnunet_signatures.h" +#include "reclaim.h" + +/** + * First pass state + */ +#define STATE_INIT 0 + +/** + * Normal operation state + */ +#define STATE_POST_INIT 1 + +/** + * Minimum interval between updates + */ +#define MIN_WAIT_TIME GNUNET_TIME_UNIT_MINUTES + +/** + * Standard token expiration time + */ +#define DEFAULT_TOKEN_EXPIRATION_INTERVAL GNUNET_TIME_UNIT_HOURS + +/** + * Identity handle + */ +static struct GNUNET_IDENTITY_Handle *identity_handle; + +/** + * Database handle + */ +static struct GNUNET_RECLAIM_PluginFunctions *TKT_database; + +/** + * Name of DB plugin + */ +static char *db_lib_name; + +/** + * Token expiration interval + */ +static struct GNUNET_TIME_Relative token_expiration_interval; + +/** + * Namestore handle + */ +static struct GNUNET_NAMESTORE_Handle *ns_handle; + +/** + * GNS handle + */ +static struct GNUNET_GNS_Handle *gns_handle; + +/** + * Credential handle + */ +static struct GNUNET_CREDENTIAL_Handle *credential_handle; + +/** + * Namestore qe + */ +static struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + +/** + * Namestore iterator + */ +static struct GNUNET_NAMESTORE_ZoneIterator *ns_it; + +/** + * Timeout task + */ +static struct GNUNET_SCHEDULER_Task *timeout_task; + +/** + * Update task + */ +static struct GNUNET_SCHEDULER_Task *update_task; + + +/** + * Currently processed token + */ +static struct IdentityToken *token; + +/** + * Label for currently processed token + */ +static char* label; + +/** + * Scopes for processed token + */ +static char* scopes; + +/** + * Handle to the statistics service. + */ +static struct GNUNET_STATISTICS_Handle *stats; + +/** + * Our configuration. + */ +static const struct GNUNET_CONFIGURATION_Handle *cfg; + +/** + * An idp client + */ +struct IdpClient; + +/** + * A ticket iteration operation. + */ +struct TicketIteration +{ + /** + * DLL + */ + struct TicketIteration *next; + + /** + * DLL + */ + struct TicketIteration *prev; + + /** + * Client which intiated this zone iteration + */ + struct IdpClient *client; + + /** + * Key of the identity we are iterating over. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity; + + /** + * Identity is audience + */ + uint32_t is_audience; + + /** + * The operation id fot the iteration in the response for the client + */ + uint32_t r_id; + + /** + * Offset of the iteration used to address next result of the + * iteration in the store + * + * Initialy set to 0 in handle_iteration_start + * Incremented with by every call to handle_iteration_next + */ + uint32_t offset; + +}; + + + +/** + * Callback after an ABE bootstrap + * + * @param cls closure + * @param abe_key the ABE key that exists or was created + */ +typedef void +(*AbeBootstrapResult) (void *cls, + struct GNUNET_ABE_AbeMasterKey *abe_key); + + +struct AbeBootstrapHandle +{ + /** + * Function to call when finished + */ + AbeBootstrapResult proc; + + /** + * Callback closure + */ + char *proc_cls; + + /** + * Key of the zone we are iterating over. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Namestore Queue Entry + */ + struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + + /** + * The issuer egos ABE master key + */ + struct GNUNET_ABE_AbeMasterKey *abe_key; +}; + +/** + * An attribute iteration operation. + */ +struct AttributeIterator +{ + /** + * Next element in the DLL + */ + struct AttributeIterator *next; + + /** + * Previous element in the DLL + */ + struct AttributeIterator *prev; + + /** + * IDP client which intiated this zone iteration + */ + struct IdpClient *client; + + /** + * Key of the zone we are iterating over. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * The issuer egos ABE master key + */ + struct GNUNET_ABE_AbeMasterKey *abe_key; + + /** + * Namestore iterator + */ + struct GNUNET_NAMESTORE_ZoneIterator *ns_it; + + /** + * The operation id fot the zone iteration in the response for the client + */ + uint32_t request_id; + +}; + + + +/** + * An idp client + */ +struct IdpClient +{ + + /** + * The client + */ + struct GNUNET_SERVICE_Client *client; + + /** + * Message queue for transmission to @e client + */ + struct GNUNET_MQ_Handle *mq; + + /** + * Head of the DLL of + * Attribute iteration operations in + * progress initiated by this client + */ + struct AttributeIterator *attr_iter_head; + + /** + * Tail of the DLL of + * Attribute iteration operations + * in progress initiated by this client + */ + struct AttributeIterator *attr_iter_tail; + + /** + * Head of DLL of ticket iteration ops + */ + struct TicketIteration *ticket_iter_head; + + /** + * Tail of DLL of ticket iteration ops + */ + struct TicketIteration *ticket_iter_tail; + + /** + * Head of DLL of ticket revocation ops + */ + struct TicketRevocationHandle *revoke_op_head; + + /** + * Tail of DLL of ticket revocation ops + */ + struct TicketRevocationHandle *revoke_op_tail; + + /** + * Head of DLL of ticket issue ops + */ + struct TicketIssueHandle *issue_op_head; + + /** + * Tail of DLL of ticket issue ops + */ + struct TicketIssueHandle *issue_op_tail; + + /** + * Head of DLL of ticket consume ops + */ + struct ConsumeTicketHandle *consume_op_head; + + /** + * Tail of DLL of ticket consume ops + */ + struct ConsumeTicketHandle *consume_op_tail; + + /** + * Head of DLL of attribute store ops + */ + struct AttributeStoreHandle *store_op_head; + + /** + * Tail of DLL of attribute store ops + */ + struct AttributeStoreHandle *store_op_tail; + +}; + +struct AttributeStoreHandle +{ + /** + * DLL + */ + struct AttributeStoreHandle *next; + + /** + * DLL + */ + struct AttributeStoreHandle *prev; + + /** + * Client connection + */ + struct IdpClient *client; + + /** + * Identity + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Identity pubkey + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity_pkey; + + /** + * The issuer egos ABE master key + */ + struct GNUNET_ABE_AbeMasterKey *abe_key; + + /** + * QueueEntry + */ + struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + + /** + * The attribute to store + */ + struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim; + + /** + * The attribute expiration interval + */ + struct GNUNET_TIME_Relative exp; + + /** + * request id + */ + uint32_t r_id; +}; + + +/* Prototype */ +struct ParallelLookup; + +struct ConsumeTicketHandle +{ + /** + * DLL + */ + struct ConsumeTicketHandle *next; + + /** + * DLL + */ + struct ConsumeTicketHandle *prev; + + /** + * Client connection + */ + struct IdpClient *client; + + /** + * Ticket + */ + struct GNUNET_RECLAIM_Ticket ticket; + + /** + * LookupRequest + */ + struct GNUNET_GNS_LookupRequest *lookup_request; + + /** + * Audience Key + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Audience Key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub; + + /** + * Lookup DLL + */ + struct ParallelLookup *parallel_lookups_head; + + /** + * Lookup DLL + */ + struct ParallelLookup *parallel_lookups_tail; + + /** + * Kill task + */ + struct GNUNET_SCHEDULER_Task *kill_task; + + /** + * The ABE key + */ + struct GNUNET_ABE_AbeKey *key; + + /** + * Attributes + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs; + + /** + * Lookup time + */ + struct GNUNET_TIME_Absolute lookup_start_time; + + /** + * request id + */ + uint32_t r_id; +}; + +/** + * Handle for a parallel GNS lookup job + */ +struct ParallelLookup +{ + /* DLL */ + struct ParallelLookup *next; + + /* DLL */ + struct ParallelLookup *prev; + + /* The GNS request */ + struct GNUNET_GNS_LookupRequest *lookup_request; + + /* The handle the return to */ + struct ConsumeTicketHandle *handle; + + /** + * Lookup time + */ + struct GNUNET_TIME_Absolute lookup_start_time; + + /* The label to look up */ + char *label; +}; + +/** + * Ticket revocation request handle + */ +struct TicketRevocationHandle +{ + /** + * DLL + */ + struct TicketRevocationHandle *prev; + + /** + * DLL + */ + struct TicketRevocationHandle *next; + + /** + * Client connection + */ + struct IdpClient *client; + + /** + * Attributes to reissue + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs; + + /** + * Attributes to revoke + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *rvk_attrs; + + /** + * Issuer Key + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Ticket to issue + */ + struct GNUNET_RECLAIM_Ticket ticket; + + /** + * QueueEntry + */ + struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + + /** + * Namestore iterator + */ + struct GNUNET_NAMESTORE_ZoneIterator *ns_it; + + /** + * The ABE master key + */ + struct GNUNET_ABE_AbeMasterKey *abe_key; + + /** + * Offset + */ + uint32_t offset; + + /** + * request id + */ + uint32_t r_id; +}; + + + +/** + * Ticket issue request handle + */ +struct TicketIssueHandle +{ + /** + * DLL + */ + struct TicketIssueHandle *prev; + + /** + * DLL + */ + struct TicketIssueHandle *next; + + /** + * Client connection + */ + struct IdpClient *client; + + /** + * Attributes to issue + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs; + + /** + * Issuer Key + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Ticket to issue + */ + struct GNUNET_RECLAIM_Ticket ticket; + + /** + * QueueEntry + */ + struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + + /** + * request id + */ + uint32_t r_id; +}; + + +/** + * DLL for ego handles to egos containing the ID_ATTRS in a map in json_t format + * + */ +struct EgoEntry +{ + /** + * DLL + */ + struct EgoEntry *next; + + /** + * DLL + */ + struct EgoEntry *prev; + + /** + * Ego handle + */ + struct GNUNET_IDENTITY_Ego *ego; + + /** + * Attribute map. Contains the attributes as json_t + */ + struct GNUNET_CONTAINER_MultiHashMap *attr_map; + +}; + +/** + * Cleanup task + */ +static void +cleanup() +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cleaning up\n"); + + if (NULL != stats) + { + GNUNET_STATISTICS_destroy (stats, GNUNET_NO); + stats = NULL; + } + GNUNET_break (NULL == GNUNET_PLUGIN_unload (db_lib_name, + TKT_database)); + GNUNET_free (db_lib_name); + db_lib_name = NULL; + if (NULL != timeout_task) + GNUNET_SCHEDULER_cancel (timeout_task); + if (NULL != update_task) + GNUNET_SCHEDULER_cancel (update_task); + if (NULL != identity_handle) + GNUNET_IDENTITY_disconnect (identity_handle); + if (NULL != gns_handle) + GNUNET_GNS_disconnect (gns_handle); + if (NULL != credential_handle) + GNUNET_CREDENTIAL_disconnect (credential_handle); + if (NULL != ns_it) + GNUNET_NAMESTORE_zone_iteration_stop (ns_it); + if (NULL != ns_qe) + GNUNET_NAMESTORE_cancel (ns_qe); + if (NULL != ns_handle) + GNUNET_NAMESTORE_disconnect (ns_handle); + GNUNET_free_non_null (token); + GNUNET_free_non_null (label); + +} + +/** + * Shutdown task + * + * @param cls NULL + */ +static void +do_shutdown (void *cls) +{ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Shutting down...\n"); + cleanup(); +} + +/** + * Finished storing newly bootstrapped ABE key + */ +static void +bootstrap_store_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct AbeBootstrapHandle *abh = cls; + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to bootstrap ABE master %s\n", + emsg); + abh->proc (abh->proc_cls, NULL); + GNUNET_free (abh->abe_key); + GNUNET_free (abh); + return; + } + abh->proc (abh->proc_cls, abh->abe_key); + GNUNET_free (abh); +} + +/** + * Generates and stores a new ABE key + */ +static void +bootstrap_store_task (void *cls) +{ + struct AbeBootstrapHandle *abh = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + char *key; + + rd[0].data_size = GNUNET_ABE_cpabe_serialize_master_key (abh->abe_key, + (void**)&key); + rd[0].data = key; + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; + rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION | GNUNET_GNSRECORD_RF_PRIVATE; + rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? + abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &abh->identity, + "+", + 1, + rd, + &bootstrap_store_cont, + abh); + GNUNET_free (key); +} + +/** + * Error checking for ABE master + */ +static void +bootstrap_abe_error (void *cls) +{ + struct AbeBootstrapHandle *abh = cls; + abh->proc (abh->proc_cls, NULL); + GNUNET_free (abh); +} + + +/** + * Handle ABE lookup in namestore + */ +static void +bootstrap_abe_result (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct AbeBootstrapHandle *abh = cls; + struct GNUNET_ABE_AbeMasterKey *abe_key; + + for (uint32_t i=0;iproc (abh->proc_cls, abe_key); + GNUNET_free (abh); + return; + } + + //No ABE master found, bootstrapping... + abh->abe_key = GNUNET_ABE_cpabe_create_master_key (); + GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); +} + +/** + * Bootstrap ABE master if it does not yet exists. + * Will call the AbeBootstrapResult processor when done. + * will always recreate the ABE key of GNUNET_YES == recreate + */ +static void +bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + AbeBootstrapResult proc, + void* cls, + int recreate) +{ + struct AbeBootstrapHandle *abh; + + abh = GNUNET_new (struct AbeBootstrapHandle); + abh->proc = proc; + abh->proc_cls = cls; + abh->identity = *identity; + if (GNUNET_YES == recreate) + { + abh->abe_key = GNUNET_ABE_cpabe_create_master_key (); + GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); + } else { + abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, + identity, + "+", + &bootstrap_abe_error, + abh, + &bootstrap_abe_result, + abh); + } +} + + + +static int +create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, + struct GNUNET_CRYPTO_SymmetricSessionKey *skey, + struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) +{ + struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str; + + GNUNET_CRYPTO_hash_to_enc (new_key_hash, + &new_key_hash_str); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str); + static const char ctx_key[] = "gnuid-aes-ctx-key"; + GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), + new_key_hash, sizeof (struct GNUNET_HashCode), + ctx_key, strlen (ctx_key), + NULL, 0); + static const char ctx_iv[] = "gnuid-aes-ctx-iv"; + GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), + new_key_hash, sizeof (struct GNUNET_HashCode), + ctx_iv, strlen (ctx_iv), + NULL, 0); + return GNUNET_OK; +} + +/** + * Cleanup ticket consume handle + * @param handle the handle to clean up + */ +static void +cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) +{ + if (NULL != handle->attrs) + GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs); + if (NULL != handle->ns_qe) + GNUNET_NAMESTORE_cancel (handle->ns_qe); + GNUNET_free (handle); +} + + +static void +send_ticket_result (struct IdpClient *client, + uint32_t r_id, + const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs) +{ + struct TicketResultMessage *irm; + struct GNUNET_MQ_Envelope *env; + struct GNUNET_RECLAIM_Ticket *ticket_buf; + + /* store ticket in DB */ + if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, + ticket, + attrs)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to store ticket after issue\n"); + GNUNET_break (0); + } + + env = GNUNET_MQ_msg_extra (irm, + sizeof (struct GNUNET_RECLAIM_Ticket), + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT); + ticket_buf = (struct GNUNET_RECLAIM_Ticket *)&irm[1]; + *ticket_buf = *ticket; + irm->id = htonl (r_id); + GNUNET_MQ_send (client->mq, + env); +} + +static void +store_ticket_issue_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct TicketIssueHandle *handle = cls; + + handle->ns_qe = NULL; + GNUNET_CONTAINER_DLL_remove (handle->client->issue_op_head, + handle->client->issue_op_tail, + handle); + if (GNUNET_SYSERR == success) + { + cleanup_ticket_issue_handle (handle); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", + "Unknown Error\n"); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + send_ticket_result (handle->client, + handle->r_id, + &handle->ticket, + handle->attrs); + cleanup_ticket_issue_handle (handle); +} + + + +int +serialize_abe_keyinfo2 (const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_ABE_AbeKey *rp_key, + struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, + char **result) +{ + struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + char *enc_keyinfo; + char *serialized_key; + char *buf; + char *write_ptr; + char attrs_str_len; + ssize_t size; + + struct GNUNET_CRYPTO_SymmetricSessionKey skey; + struct GNUNET_CRYPTO_SymmetricInitializationVector iv; + struct GNUNET_HashCode new_key_hash; + ssize_t enc_size; + + size = GNUNET_ABE_cpabe_serialize_key (rp_key, + (void**)&serialized_key); + attrs_str_len = 0; + for (le = attrs->list_head; NULL != le; le = le->next) { + attrs_str_len += strlen (le->claim->name) + 1; + } + buf = GNUNET_malloc (attrs_str_len + size); + write_ptr = buf; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Writing attributes\n"); + for (le = attrs->list_head; NULL != le; le = le->next) { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "%s\n", le->claim->name); + + + GNUNET_memcpy (write_ptr, + le->claim->name, + strlen (le->claim->name)); + write_ptr[strlen (le->claim->name)] = ','; + write_ptr += strlen (le->claim->name) + 1; + } + write_ptr--; + write_ptr[0] = '\0'; //replace last , with a 0-terminator + write_ptr++; + GNUNET_memcpy (write_ptr, + serialized_key, + size); + GNUNET_free (serialized_key); + // ECDH keypair E = eG + *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); + GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, + &ecdh_pubkey); + enc_keyinfo = GNUNET_malloc (size + attrs_str_len); + // Derived key K = H(eB) + GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, + &ticket->audience, + &new_key_hash)); + create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); + enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf, + size + attrs_str_len, + &skey, &iv, + enc_keyinfo); + *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+ + enc_size); + GNUNET_memcpy (*result, + &ecdh_pubkey, + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), + enc_keyinfo, + enc_size); + GNUNET_free (enc_keyinfo); + GNUNET_free (buf); + return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; +} + + + +static void +issue_ticket_after_abe_bootstrap (void *cls, + struct GNUNET_ABE_AbeMasterKey *abe_key) +{ + struct TicketIssueHandle *ih = cls; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; + struct GNUNET_GNSRECORD_Data code_record[1]; + struct GNUNET_ABE_AbeKey *rp_key; + char *code_record_data; + char **attrs; + char *label; + char *policy; + int attrs_len; + uint32_t i; + size_t code_record_len; + + //Create new ABE key for RP + attrs_len = 0; + for (le = ih->attrs->list_head; NULL != le; le = le->next) + attrs_len++; + attrs = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); + i = 0; + for (le = ih->attrs->list_head; NULL != le; le = le->next) { + GNUNET_asprintf (&policy, "%s_%lu", + le->claim->name, + le->claim->version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Adding attribute to key: %s\n", + policy); + attrs[i] = policy; + i++; + } + attrs[i] = NULL; + rp_key = GNUNET_ABE_cpabe_create_key (abe_key, + attrs); + + //TODO review this wireformat + code_record_len = serialize_abe_keyinfo2 (&ih->ticket, + ih->attrs, + rp_key, + &ecdhe_privkey, + &code_record_data); + code_record[0].data = code_record_data; + code_record[0].data_size = code_record_len; + code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us; + code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; + code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + + label = GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd, + sizeof (uint64_t)); + //Publish record + ih->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &ih->identity, + label, + 1, + code_record, + &store_ticket_issue_cont, + ih); + //for (; i > 0; i--) + // GNUNET_free (attrs[i-1]); + GNUNET_free (ecdhe_privkey); + GNUNET_free (label); + GNUNET_free (attrs); + GNUNET_free (code_record_data); + GNUNET_ABE_cpabe_delete_key (rp_key, + GNUNET_YES); + GNUNET_ABE_cpabe_delete_master_key (abe_key); +} + + +static int +check_issue_ticket_message(void *cls, + const struct IssueTicketMessage *im) +{ + uint16_t size; + + size = ntohs (im->header.size); + if (size <= sizeof (struct IssueTicketMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +static void +handle_issue_ticket_message (void *cls, + const struct IssueTicketMessage *im) +{ + struct TicketIssueHandle *ih; + struct IdpClient *idp = cls; + size_t attrs_len; + + ih = GNUNET_new (struct TicketIssueHandle); + attrs_len = ntohs (im->attr_len); + ih->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len); + ih->r_id = ntohl (im->id); + ih->client = idp; + ih->identity = im->identity; + GNUNET_CRYPTO_ecdsa_key_get_public (&ih->identity, + &ih->ticket.identity); + ih->ticket.audience = im->rp; + ih->ticket.rnd = + GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, + UINT64_MAX); + GNUNET_CONTAINER_DLL_insert (idp->issue_op_head, + idp->issue_op_tail, + ih); + bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih, GNUNET_NO); + GNUNET_SERVICE_client_continue (idp->client); + +} + +/********************************************************** + * Revocation + **********************************************************/ + +/** + * Cleanup revoke handle + * + * @param rh the ticket revocation handle + */ +static void +cleanup_revoke_ticket_handle (struct TicketRevocationHandle *rh) +{ + if (NULL != rh->attrs) + GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->attrs); + if (NULL != rh->rvk_attrs) + GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->rvk_attrs); + if (NULL != rh->abe_key) + GNUNET_ABE_cpabe_delete_master_key (rh->abe_key); + if (NULL != rh->ns_qe) + GNUNET_NAMESTORE_cancel (rh->ns_qe); + if (NULL != rh->ns_it) + GNUNET_NAMESTORE_zone_iteration_stop (rh->ns_it); + GNUNET_free (rh); +} + + +/** + * Send revocation result + * + * @param rh ticket revocation handle + * @param success GNUNET_OK if successful result + */ +static void +send_revocation_finished (struct TicketRevocationHandle *rh, + uint32_t success) +{ + struct GNUNET_MQ_Envelope *env; + struct RevokeTicketResultMessage *trm; + + GNUNET_break(TKT_database->delete_ticket (TKT_database->cls, + &rh->ticket)); + + env = GNUNET_MQ_msg (trm, + GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT); + trm->id = htonl (rh->r_id); + trm->success = htonl (success); + GNUNET_MQ_send (rh->client->mq, + env); + GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head, + rh->client->revoke_op_tail, + rh); +} + + +/** + * Process ticket from database + * + * @param cls struct TicketIterationProcResult + * @param ticket the ticket + * @param attrs the attributes + */ +static void +ticket_reissue_proc (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs); + +static void +revocation_reissue_tickets (struct TicketRevocationHandle *rh); + + +static void reissue_next (void *cls) +{ + struct TicketRevocationHandle *rh = cls; + revocation_reissue_tickets (rh); +} + + +static void +reissue_ticket_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct TicketRevocationHandle *rh = cls; + + rh->ns_qe = NULL; + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", + "Unknown Error\n"); + send_revocation_finished (rh, GNUNET_SYSERR); + cleanup_revoke_ticket_handle (rh); + return; + } + rh->offset++; + GNUNET_SCHEDULER_add_now (&reissue_next, rh); +} + + +/** + * Process ticket from database + * + * @param cls struct TicketIterationProcResult + * @param ticket the ticket + * @param attrs the attributes + */ +static void +ticket_reissue_proc (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs) +{ + struct TicketRevocationHandle *rh = cls; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le_rollover; + struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; + struct GNUNET_GNSRECORD_Data code_record[1]; + struct GNUNET_ABE_AbeKey *rp_key; + char *code_record_data; + char **attr_arr; + char *label; + char *policy; + int attrs_len; + uint32_t i; + int reissue_ticket; + size_t code_record_len; + + + if (NULL == ticket) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Iteration done\n"); + return; + } + + if (0 == memcmp (&ticket->audience, + &rh->ticket.audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Do not reissue for this identity.!\n"); + label = GNUNET_STRINGS_data_to_string_alloc (&rh->ticket.rnd, + sizeof (uint64_t)); + //Delete record + rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &rh->identity, + label, + 0, + NULL, + &reissue_ticket_cont, + rh); + + GNUNET_free (label); + return; + } + + /* + * Check if any attribute of this ticket intersects with a rollover attribute + */ + reissue_ticket = GNUNET_NO; + for (le = attrs->list_head; NULL != le; le = le->next) + { + for (le_rollover = rh->rvk_attrs->list_head; + NULL != le_rollover; + le_rollover = le_rollover->next) + { + if (0 == strcmp (le_rollover->claim->name, + le->claim->name)) + { + reissue_ticket = GNUNET_YES; + le->claim->version = le_rollover->claim->version; + } + } + } + + if (GNUNET_NO == reissue_ticket) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Skipping ticket.\n"); + + rh->offset++; + GNUNET_SCHEDULER_add_now (&reissue_next, rh); + + + return; + } + + //Create new ABE key for RP + attrs_len = 0; + + /* If this is the RP we want to revoke attributes of, the do so */ + + for (le = attrs->list_head; NULL != le; le = le->next) + attrs_len++; + attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); + i = 0; + for (le = attrs->list_head; NULL != le; le = le->next) { + GNUNET_asprintf (&policy, "%s_%lu", + le->claim->name, + le->claim->version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Recreating key with %s\n", policy); + attr_arr[i] = policy; + i++; + } + attr_arr[i] = NULL; + rp_key = GNUNET_ABE_cpabe_create_key (rh->abe_key, + attr_arr); + + //TODO review this wireformat + code_record_len = serialize_abe_keyinfo2 (ticket, + attrs, + rp_key, + &ecdhe_privkey, + &code_record_data); + code_record[0].data = code_record_data; + code_record[0].data_size = code_record_len; + code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us; + code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; + code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + + label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, + sizeof (uint64_t)); + //Publish record + rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &rh->identity, + label, + 1, + code_record, + &reissue_ticket_cont, + rh); + //for (; i > 0; i--) + // GNUNET_free (attr_arr[i-1]); + GNUNET_free (ecdhe_privkey); + GNUNET_free (label); + GNUNET_free (attr_arr); + GNUNET_free (code_record_data); + GNUNET_ABE_cpabe_delete_key (rp_key, GNUNET_YES); +} + + +/* Prototype for below function */ +static void +attr_reenc_cont (void *cls, + int32_t success, + const char *emsg); + +static void +revocation_reissue_tickets (struct TicketRevocationHandle *rh) +{ + int ret; + /* Done, issue new keys */ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Revocation Phase III: Reissuing Tickets\n"); + if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls, + &rh->ticket.identity, + GNUNET_NO, + rh->offset, + &ticket_reissue_proc, + rh))) + { + GNUNET_break (0); + } + if (GNUNET_NO == ret) + { + send_revocation_finished (rh, GNUNET_OK); + cleanup_revoke_ticket_handle (rh); + return; + } +} + +/** + * Failed to check for attribute + */ +static void +check_attr_error (void *cls) +{ + struct TicketRevocationHandle *rh = cls; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to check for existing attribute\n"); + rh->ns_qe = NULL; + send_revocation_finished (rh, GNUNET_SYSERR); + cleanup_revoke_ticket_handle (rh); +} + + +/** + * Revoke next attribte by reencryption with + * new ABE master + */ +static void +reenc_next_attribute (void *cls); + +/** + * Check for existing attribute and overwrite + */ +static void +check_attr_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd_old) +{ + struct TicketRevocationHandle *rh = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + char* buf; + char* enc_buf; + size_t enc_size; + char* rd_buf; + size_t buf_size; + char* policy; + uint32_t attr_ver; + + rh->ns_qe = NULL; + if (1 != rd_count) { + GNUNET_SCHEDULER_add_now (&reenc_next_attribute, + rh); + return; + } + + buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim); + buf = GNUNET_malloc (buf_size); + GNUNET_RECLAIM_ATTRIBUTE_serialize (rh->attrs->list_head->claim, + buf); + rh->attrs->list_head->claim->version++; + GNUNET_asprintf (&policy, "%s_%lu", + rh->attrs->list_head->claim->name, + rh->attrs->list_head->claim->version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Encrypting with policy %s\n", policy); + /** + * Encrypt the attribute value and store in namestore + */ + enc_size = GNUNET_ABE_cpabe_encrypt (buf, + buf_size, + policy, //Policy + rh->abe_key, + (void**)&enc_buf); + GNUNET_free (buf); + if (GNUNET_SYSERR == enc_size) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to re-encrypt with policy %s\n", + policy); + GNUNET_free (policy); + send_revocation_finished (rh, GNUNET_SYSERR); + cleanup_revoke_ticket_handle (rh); + return; + } + GNUNET_free (policy); + + rd[0].data_size = enc_size + sizeof (uint32_t); + rd_buf = GNUNET_malloc (rd[0].data_size); + attr_ver = htonl (rh->attrs->list_head->claim->version); + GNUNET_memcpy (rd_buf, + &attr_ver, + sizeof (uint32_t)); + GNUNET_memcpy (rd_buf+sizeof (uint32_t), + enc_buf, + enc_size); + rd[0].data = rd_buf; + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; + rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + rd[0].expiration_time = rd_old[0].expiration_time; + rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &rh->identity, + rh->attrs->list_head->claim->name, + 1, + rd, + &attr_reenc_cont, + rh); + GNUNET_free (enc_buf); + GNUNET_free (rd_buf); +} + + +/** + * Revoke next attribte by reencryption with + * new ABE master + */ +static void +reenc_next_attribute (void *cls) +{ + struct TicketRevocationHandle *rh = cls; + if (NULL == rh->attrs->list_head) + { + revocation_reissue_tickets (rh); + return; + } + /* First check if attribute still exists */ + rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, + &rh->identity, + rh->attrs->list_head->claim->name, + &check_attr_error, + rh, + &check_attr_cb, + rh); +} + + +/** + * Namestore callback after revoked attribute + * is stored + */ +static void +attr_reenc_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct TicketRevocationHandle *rh = cls; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + + rh->ns_qe = NULL; + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to reencrypt attribute %s\n", + emsg); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + if (NULL == rh->attrs->list_head) + { + revocation_reissue_tickets (rh); + return; + } + le = rh->attrs->list_head; + GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, + rh->attrs->list_tail, + le); + GNUNET_assert (NULL != rh->rvk_attrs); + GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head, + rh->rvk_attrs->list_tail, + le); + + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Re-encrypting next attribute\n"); + reenc_next_attribute (rh); +} + + +static void +process_attributes_to_update (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs) +{ + struct TicketRevocationHandle *rh = cls; + + rh->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_dup (attrs); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Revocation Phase I: Collecting attributes\n"); + /* Reencrypt all attributes with new key */ + if (NULL == rh->attrs->list_head) + { + /* No attributes to reencrypt */ + send_revocation_finished (rh, GNUNET_OK); + cleanup_revoke_ticket_handle (rh); + return; + } else { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Revocation Phase II: Re-encrypting attributes\n"); + reenc_next_attribute (rh); + } + +} + + + +static void +get_ticket_after_abe_bootstrap (void *cls, + struct GNUNET_ABE_AbeMasterKey *abe_key) +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Finished ABE bootstrap\n"); + struct TicketRevocationHandle *rh = cls; + rh->abe_key = abe_key; + TKT_database->get_ticket_attributes (TKT_database->cls, + &rh->ticket, + &process_attributes_to_update, + rh); +} + +static int +check_revoke_ticket_message(void *cls, + const struct RevokeTicketMessage *im) +{ + uint16_t size; + + size = ntohs (im->header.size); + if (size <= sizeof (struct RevokeTicketMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + +static void +handle_revoke_ticket_message (void *cls, + const struct RevokeTicketMessage *rm) +{ + struct TicketRevocationHandle *rh; + struct IdpClient *idp = cls; + struct GNUNET_RECLAIM_Ticket *ticket; + + rh = GNUNET_new (struct TicketRevocationHandle); + ticket = (struct GNUNET_RECLAIM_Ticket*)&rm[1]; + rh->rvk_attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); + rh->ticket = *ticket; + rh->r_id = ntohl (rm->id); + rh->client = idp; + rh->identity = rm->identity; + GNUNET_CRYPTO_ecdsa_key_get_public (&rh->identity, + &rh->ticket.identity); + GNUNET_CONTAINER_DLL_insert (idp->revoke_op_head, + idp->revoke_op_tail, + rh); + bootstrap_abe (&rh->identity, &get_ticket_after_abe_bootstrap, rh, GNUNET_NO); + GNUNET_SERVICE_client_continue (idp->client); + +} + +/** + * Cleanup ticket consume handle + * @param handle the handle to clean up + */ +static void +cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) +{ + struct ParallelLookup *lu; + struct ParallelLookup *tmp; + if (NULL != handle->lookup_request) + GNUNET_GNS_lookup_cancel (handle->lookup_request); + for (lu = handle->parallel_lookups_head; + NULL != lu;) { + GNUNET_GNS_lookup_cancel (lu->lookup_request); + GNUNET_free (lu->label); + tmp = lu->next; + GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + lu); + GNUNET_free (lu); + lu = tmp; + } + + if (NULL != handle->key) + GNUNET_ABE_cpabe_delete_key (handle->key, + GNUNET_YES); + if (NULL != handle->attrs) + GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs); + GNUNET_free (handle); +} + + + +static int +check_consume_ticket_message(void *cls, + const struct ConsumeTicketMessage *cm) +{ + uint16_t size; + + size = ntohs (cm->header.size); + if (size <= sizeof (struct ConsumeTicketMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + +static void +process_parallel_lookup2 (void *cls, uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Parallel lookup finished (count=%u)\n", rd_count); + struct ParallelLookup *parallel_lookup = cls; + struct ConsumeTicketHandle *handle = parallel_lookup->handle; + struct ConsumeTicketResultMessage *crm; + struct GNUNET_MQ_Envelope *env; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *attr_le; + struct GNUNET_TIME_Absolute decrypt_duration; + char *data; + char *data_tmp; + ssize_t attr_len; + size_t attrs_len; + + GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + parallel_lookup); + GNUNET_free (parallel_lookup->label); + + GNUNET_STATISTICS_update (stats, + "attribute_lookup_time_total", + GNUNET_TIME_absolute_get_duration (parallel_lookup->lookup_start_time).rel_value_us, + GNUNET_YES); + GNUNET_STATISTICS_update (stats, + "attribute_lookups_count", + 1, + GNUNET_YES); + + + GNUNET_free (parallel_lookup); + if (1 != rd_count) + GNUNET_break(0);//TODO + if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) + { + decrypt_duration = GNUNET_TIME_absolute_get (); + attr_len = GNUNET_ABE_cpabe_decrypt (rd->data + sizeof (uint32_t), + rd->data_size - sizeof (uint32_t), + handle->key, + (void**)&data); + if (GNUNET_SYSERR != attr_len) + { + GNUNET_STATISTICS_update (stats, + "abe_decrypt_time_total", + GNUNET_TIME_absolute_get_duration (decrypt_duration).rel_value_us, + GNUNET_YES); + GNUNET_STATISTICS_update (stats, + "abe_decrypt_count", + 1, + GNUNET_YES); + + attr_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); + attr_le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (data, + attr_len); + attr_le->claim->version = ntohl(*(uint32_t*)rd->data); + GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, + handle->attrs->list_tail, + attr_le); + GNUNET_free (data); + } + } + if (NULL != handle->parallel_lookups_head) + return; //Wait for more + /* Else we are done */ + + /* Store ticket in DB */ + if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, + &handle->ticket, + handle->attrs)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to store ticket after consume\n"); + GNUNET_break (0); + } + + GNUNET_SCHEDULER_cancel (handle->kill_task); + attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (handle->attrs); + env = GNUNET_MQ_msg_extra (crm, + attrs_len, + GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT); + crm->id = htonl (handle->r_id); + crm->attrs_len = htons (attrs_len); + crm->identity = handle->ticket.identity; + data_tmp = (char *) &crm[1]; + GNUNET_RECLAIM_ATTRIBUTE_list_serialize (handle->attrs, + data_tmp); + GNUNET_MQ_send (handle->client->mq, env); + GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head, + handle->client->consume_op_tail, + handle); + cleanup_consume_ticket_handle (handle); +} + +void +abort_parallel_lookups2 (void *cls) +{ + struct ConsumeTicketHandle *handle = cls; + struct ParallelLookup *lu; + struct ParallelLookup *tmp; + struct AttributeResultMessage *arm; + struct GNUNET_MQ_Envelope *env; + + handle->kill_task = NULL; + for (lu = handle->parallel_lookups_head; + NULL != lu;) { + GNUNET_GNS_lookup_cancel (lu->lookup_request); + GNUNET_free (lu->label); + tmp = lu->next; + GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + lu); + GNUNET_free (lu); + lu = tmp; + } + env = GNUNET_MQ_msg (arm, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT); + arm->id = htonl (handle->r_id); + arm->attr_len = htons (0); + GNUNET_MQ_send (handle->client->mq, env); + +} + + +static void +process_consume_abe_key (void *cls, uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct ConsumeTicketHandle *handle = cls; + struct GNUNET_HashCode new_key_hash; + struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; + struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; + struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; + struct ParallelLookup *parallel_lookup; + size_t size; + char *buf; + char *scope; + + handle->lookup_request = NULL; + if (1 != rd_count) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Number of keys %d != 1.", + rd_count); + cleanup_consume_ticket_handle (handle); + GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head, + handle->client->consume_op_tail, + handle); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + + //Decrypt + ecdh_key = (struct GNUNET_CRYPTO_EcdhePublicKey *)rd->data; + + buf = GNUNET_malloc (rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + + //Calculate symmetric key from ecdh parameters + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecdsa_ecdh (&handle->identity, + ecdh_key, + &new_key_hash)); + create_sym_key_from_ecdh (&new_key_hash, + &enc_key, + &enc_iv); + size = GNUNET_CRYPTO_symmetric_decrypt (rd->data + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), + rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), + &enc_key, + &enc_iv, + buf); + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Decrypted bytes: %zd Expected bytes: %zd\n", + size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + GNUNET_STATISTICS_update (stats, + "abe_key_lookup_time_total", + GNUNET_TIME_absolute_get_duration (handle->lookup_start_time).rel_value_us, + GNUNET_YES); + GNUNET_STATISTICS_update (stats, + "abe_key_lookups_count", + 1, + GNUNET_YES); + scopes = GNUNET_strdup (buf); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Scopes %s\n", scopes); + handle->key = GNUNET_ABE_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), + rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + - strlen (scopes) - 1); + + for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Looking up %s\n", scope); + parallel_lookup = GNUNET_new (struct ParallelLookup); + parallel_lookup->handle = handle; + parallel_lookup->label = GNUNET_strdup (scope); + parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get(); + parallel_lookup->lookup_request + = GNUNET_GNS_lookup (gns_handle, + scope, + &handle->ticket.identity, + GNUNET_GNSRECORD_TYPE_ID_ATTR, + GNUNET_GNS_LO_DEFAULT, + &process_parallel_lookup2, + parallel_lookup); + GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + parallel_lookup); + } + GNUNET_free (scopes); + GNUNET_free (buf); + handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3), + &abort_parallel_lookups2, + handle); +} + + +static void +handle_consume_ticket_message (void *cls, + const struct ConsumeTicketMessage *cm) +{ + struct ConsumeTicketHandle *ch; + struct IdpClient *idp = cls; + char* rnd_label; + + ch = GNUNET_new (struct ConsumeTicketHandle); + ch->r_id = ntohl (cm->id); + ch->client = idp; + ch->identity = cm->identity; + ch->attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); + GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity, + &ch->identity_pub); + ch->ticket = *((struct GNUNET_RECLAIM_Ticket*)&cm[1]); + rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd, + sizeof (uint64_t)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Looking for ABE key under %s\n", rnd_label); + ch->lookup_start_time = GNUNET_TIME_absolute_get (); + ch->lookup_request + = GNUNET_GNS_lookup (gns_handle, + rnd_label, + &ch->ticket.identity, + GNUNET_GNSRECORD_TYPE_ABE_KEY, + GNUNET_GNS_LO_DEFAULT, + &process_consume_abe_key, + ch); + GNUNET_CONTAINER_DLL_insert (idp->consume_op_head, + idp->consume_op_tail, + ch); + GNUNET_free (rnd_label); + GNUNET_SERVICE_client_continue (idp->client); +} + +/** + * Cleanup attribute store handle + * + * @param handle handle to clean up + */ +static void +cleanup_as_handle (struct AttributeStoreHandle *handle) +{ + if (NULL != handle->ns_qe) + GNUNET_NAMESTORE_cancel (handle->ns_qe); + if (NULL != handle->claim) + GNUNET_free (handle->claim); + if (NULL != handle->abe_key) + GNUNET_ABE_cpabe_delete_master_key (handle->abe_key); + GNUNET_free (handle); +} + +static void +attr_store_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct AttributeStoreHandle *as_handle = cls; + struct GNUNET_MQ_Envelope *env; + struct AttributeStoreResultMessage *acr_msg; + + as_handle->ns_qe = NULL; + GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head, + as_handle->client->store_op_tail, + as_handle); + + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to store attribute %s\n", + emsg); + cleanup_as_handle (as_handle); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Sending ATTRIBUTE_STORE_RESPONSE message\n"); + env = GNUNET_MQ_msg (acr_msg, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE); + acr_msg->id = htonl (as_handle->r_id); + acr_msg->op_result = htonl (GNUNET_OK); + GNUNET_MQ_send (as_handle->client->mq, + env); + cleanup_as_handle (as_handle); +} + +static void +attr_store_task (void *cls) +{ + struct AttributeStoreHandle *as_handle = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + char* buf; + char* policy; + char* enc_buf; + char* rd_buf; + size_t enc_size; + size_t buf_size; + uint32_t attr_ver; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Storing attribute\n"); + buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (as_handle->claim); + buf = GNUNET_malloc (buf_size); + + GNUNET_RECLAIM_ATTRIBUTE_serialize (as_handle->claim, + buf); + + GNUNET_asprintf (&policy, + "%s_%lu", + as_handle->claim->name, + as_handle->claim->version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Encrypting with policy %s\n", policy); + /** + * Encrypt the attribute value and store in namestore + */ + enc_size = GNUNET_ABE_cpabe_encrypt (buf, + buf_size, + policy, //Policy + as_handle->abe_key, + (void**)&enc_buf); + if (GNUNET_SYSERR == enc_size) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to encrypt with policy %s\n", + policy); + GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head, + as_handle->client->store_op_tail, + as_handle); + + cleanup_as_handle (as_handle); + GNUNET_free (buf); + GNUNET_free (policy); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + GNUNET_free (buf); + GNUNET_free (policy); + rd[0].data_size = enc_size + sizeof (uint32_t); + rd_buf = GNUNET_malloc (rd[0].data_size); + attr_ver = htonl (as_handle->claim->version); + GNUNET_memcpy (rd_buf, + &attr_ver, + sizeof (uint32_t)); + GNUNET_memcpy (rd_buf+sizeof (uint32_t), + enc_buf, + enc_size); + rd[0].data = rd_buf; + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; + rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + rd[0].expiration_time = as_handle->exp.rel_value_us; + as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &as_handle->identity, + as_handle->claim->name, + 1, + rd, + &attr_store_cont, + as_handle); + GNUNET_free (enc_buf); + GNUNET_free (rd_buf); +} + + +static void +store_after_abe_bootstrap (void *cls, + struct GNUNET_ABE_AbeMasterKey *abe_key) +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Finished ABE bootstrap\n"); + struct AttributeStoreHandle *ash = cls; + ash->abe_key = abe_key; + GNUNET_SCHEDULER_add_now (&attr_store_task, ash); +} + +static int +check_attribute_store_message(void *cls, + const struct AttributeStoreMessage *sam) +{ + uint16_t size; + + size = ntohs (sam->header.size); + if (size <= sizeof (struct AttributeStoreMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +static void +handle_attribute_store_message (void *cls, + const struct AttributeStoreMessage *sam) +{ + struct AttributeStoreHandle *as_handle; + struct IdpClient *idp = cls; + size_t data_len; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received ATTRIBUTE_STORE message\n"); + + data_len = ntohs (sam->attr_len); + + as_handle = GNUNET_new (struct AttributeStoreHandle); + as_handle->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&sam[1], + data_len); + + as_handle->r_id = ntohl (sam->id); + as_handle->identity = sam->identity; + as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp); + GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, + &as_handle->identity_pkey); + + GNUNET_SERVICE_client_continue (idp->client); + as_handle->client = idp; + GNUNET_CONTAINER_DLL_insert (idp->store_op_head, + idp->store_op_tail, + as_handle); + bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle, GNUNET_NO); +} + +static void +cleanup_attribute_iter_handle (struct AttributeIterator *ai) +{ + if (NULL != ai->abe_key) + GNUNET_ABE_cpabe_delete_master_key (ai->abe_key); + GNUNET_free (ai); +} + +static void +attr_iter_error (void *cls) +{ + struct AttributeIterator *ai = cls; + //TODO + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to iterate over attributes\n"); + GNUNET_CONTAINER_DLL_remove (ai->client->attr_iter_head, + ai->client->attr_iter_tail, + ai); + cleanup_attribute_iter_handle (ai); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); +} + +static void +attr_iter_finished (void *cls) +{ + struct AttributeIterator *ai = cls; + struct GNUNET_MQ_Envelope *env; + struct AttributeResultMessage *arm; + + env = GNUNET_MQ_msg (arm, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT); + arm->id = htonl (ai->request_id); + arm->attr_len = htons (0); + GNUNET_MQ_send (ai->client->mq, env); + GNUNET_CONTAINER_DLL_remove (ai->client->attr_iter_head, + ai->client->attr_iter_tail, + ai); + cleanup_attribute_iter_handle (ai); +} + +static void +attr_iter_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct AttributeIterator *ai = cls; + struct AttributeResultMessage *arm; + struct GNUNET_ABE_AbeKey *key; + struct GNUNET_MQ_Envelope *env; + ssize_t msg_extra_len; + char* attr_ser; + char* attrs[2]; + char* data_tmp; + char* policy; + uint32_t attr_ver; + + if (rd_count != 1) + { + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, + 1); + return; + } + + if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type) + { + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, + 1); + return; + } + attr_ver = ntohl(*((uint32_t*)rd->data)); + GNUNET_asprintf (&policy, "%s_%lu", + label, attr_ver); + attrs[0] = policy; + attrs[1] = 0; + key = GNUNET_ABE_cpabe_create_key (ai->abe_key, + attrs); + msg_extra_len = GNUNET_ABE_cpabe_decrypt (rd->data+sizeof (uint32_t), + rd->data_size-sizeof (uint32_t), + key, + (void**)&attr_ser); + if (GNUNET_SYSERR == msg_extra_len) + { + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, + 1); + return; + } + + GNUNET_ABE_cpabe_delete_key (key, + GNUNET_YES); + //GNUNET_free (policy); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Found attribute: %s\n", label); + env = GNUNET_MQ_msg_extra (arm, + msg_extra_len, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT); + arm->id = htonl (ai->request_id); + arm->attr_len = htons (msg_extra_len); + GNUNET_CRYPTO_ecdsa_key_get_public (zone, + &arm->identity); + data_tmp = (char *) &arm[1]; + GNUNET_memcpy (data_tmp, + attr_ser, + msg_extra_len); + GNUNET_MQ_send (ai->client->mq, env); + GNUNET_free (attr_ser); + GNUNET_ABE_cpabe_delete_master_key (ai->abe_key); + ai->abe_key = NULL; +} + + +void +iterate_after_abe_bootstrap (void *cls, + struct GNUNET_ABE_AbeMasterKey *abe_key) +{ + struct AttributeIterator *ai = cls; + ai->abe_key = abe_key; + ai->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, + &ai->identity, + &attr_iter_error, + ai, + &attr_iter_cb, + ai, + &attr_iter_finished, + ai); +} + + +static void +iterate_next_after_abe_bootstrap (void *cls, + struct GNUNET_ABE_AbeMasterKey *abe_key) +{ + struct AttributeIterator *ai = cls; + ai->abe_key = abe_key; + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, + 1); +} + + + +static void +handle_iteration_start (void *cls, + const struct AttributeIterationStartMessage *ais_msg) +{ + struct IdpClient *idp = cls; + struct AttributeIterator *ai; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received ATTRIBUTE_ITERATION_START message\n"); + ai = GNUNET_new (struct AttributeIterator); + ai->request_id = ntohl (ais_msg->id); + ai->client = idp; + ai->identity = ais_msg->identity; + + GNUNET_CONTAINER_DLL_insert (idp->attr_iter_head, + idp->attr_iter_tail, + ai); + bootstrap_abe (&ai->identity, &iterate_after_abe_bootstrap, ai, GNUNET_NO); + GNUNET_SERVICE_client_continue (idp->client); +} + + +static void +handle_iteration_stop (void *cls, + const struct AttributeIterationStopMessage *ais_msg) +{ + struct IdpClient *idp = cls; + struct AttributeIterator *ai; + uint32_t rid; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received `%s' message\n", + "ATTRIBUTE_ITERATION_STOP"); + rid = ntohl (ais_msg->id); + for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next) + if (ai->request_id == rid) + break; + if (NULL == ai) + { + GNUNET_break (0); + GNUNET_SERVICE_client_drop (idp->client); + return; + } + GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head, + idp->attr_iter_tail, + ai); + GNUNET_free (ai); + GNUNET_SERVICE_client_continue (idp->client); +} + + +static void +handle_iteration_next (void *cls, + const struct AttributeIterationNextMessage *ais_msg) +{ + struct IdpClient *idp = cls; + struct AttributeIterator *ai; + uint32_t rid; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received ATTRIBUTE_ITERATION_NEXT message\n"); + rid = ntohl (ais_msg->id); + for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next) + if (ai->request_id == rid) + break; + if (NULL == ai) + { + GNUNET_break (0); + GNUNET_SERVICE_client_drop (idp->client); + return; + } + bootstrap_abe (&ai->identity, + &iterate_next_after_abe_bootstrap, + ai, + GNUNET_NO); + GNUNET_SERVICE_client_continue (idp->client); +} + +/** + * Ticket iteration processor result + */ +enum ZoneIterationResult +{ + /** + * Iteration start. + */ + IT_START = 0, + + /** + * Found tickets, + * Continue to iterate with next iteration_next call + */ + IT_SUCCESS_MORE_AVAILABLE = 1, + + /** + * Iteration complete + */ + IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE = 2 +}; + + +/** + * Context for ticket iteration + */ +struct TicketIterationProcResult +{ + /** + * The ticket iteration handle + */ + struct TicketIteration *ti; + + /** + * Iteration result: iteration done? + * #IT_SUCCESS_MORE_AVAILABLE: if there may be more results overall but + * we got one for now and have sent it to the client + * #IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE: if there are no further results, + * #IT_START: if we are still trying to find a result. + */ + int res_iteration_finished; + +}; + +static void +cleanup_ticket_iter_handle (struct TicketIteration *ti) +{ + GNUNET_free (ti); +} + +/** + * Process ticket from database + * + * @param cls struct TicketIterationProcResult + * @param ticket the ticket + * @param attrs the attributes + */ +static void +ticket_iterate_proc (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs) +{ + struct TicketIterationProcResult *proc = cls; + + if (NULL == ticket) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Iteration done\n"); + proc->res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE; + return; + } + proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE; + send_ticket_result (proc->ti->client, + proc->ti->r_id, + ticket, + attrs); + +} + +/** + * Perform ticket iteration step + * + * @param ti ticket iterator to process + */ +static void +run_ticket_iteration_round (struct TicketIteration *ti) +{ + struct TicketIterationProcResult proc; + struct GNUNET_MQ_Envelope *env; + struct TicketResultMessage *trm; + int ret; + + memset (&proc, 0, sizeof (proc)); + proc.ti = ti; + proc.res_iteration_finished = IT_START; + while (IT_START == proc.res_iteration_finished) + { + if (GNUNET_SYSERR == + (ret = TKT_database->iterate_tickets (TKT_database->cls, + &ti->identity, + ti->is_audience, + ti->offset, + &ticket_iterate_proc, + &proc))) + { + GNUNET_break (0); + break; + } + if (GNUNET_NO == ret) + proc.res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE; + ti->offset++; + } + if (IT_SUCCESS_MORE_AVAILABLE == proc.res_iteration_finished) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "More results available\n"); + return; /* more later */ + } + /* send empty response to indicate end of list */ + env = GNUNET_MQ_msg (trm, + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT); + trm->id = htonl (ti->r_id); + GNUNET_MQ_send (ti->client->mq, + env); + GNUNET_CONTAINER_DLL_remove (ti->client->ticket_iter_head, + ti->client->ticket_iter_tail, + ti); + cleanup_ticket_iter_handle (ti); +} + +static void +handle_ticket_iteration_start (void *cls, + const struct TicketIterationStartMessage *tis_msg) +{ + struct IdpClient *client = cls; + struct TicketIteration *ti; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received TICKET_ITERATION_START message\n"); + ti = GNUNET_new (struct TicketIteration); + ti->r_id = ntohl (tis_msg->id); + ti->offset = 0; + ti->client = client; + ti->identity = tis_msg->identity; + ti->is_audience = ntohl (tis_msg->is_audience); + + GNUNET_CONTAINER_DLL_insert (client->ticket_iter_head, + client->ticket_iter_tail, + ti); + run_ticket_iteration_round (ti); + GNUNET_SERVICE_client_continue (client->client); +} + + +static void +handle_ticket_iteration_stop (void *cls, + const struct TicketIterationStopMessage *tis_msg) +{ + struct IdpClient *client = cls; + struct TicketIteration *ti; + uint32_t rid; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received `%s' message\n", + "TICKET_ITERATION_STOP"); + rid = ntohl (tis_msg->id); + for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next) + if (ti->r_id == rid) + break; + if (NULL == ti) + { + GNUNET_break (0); + GNUNET_SERVICE_client_drop (client->client); + return; + } + GNUNET_CONTAINER_DLL_remove (client->ticket_iter_head, + client->ticket_iter_tail, + ti); + cleanup_ticket_iter_handle (ti); + GNUNET_SERVICE_client_continue (client->client); +} + + +static void +handle_ticket_iteration_next (void *cls, + const struct TicketIterationNextMessage *tis_msg) +{ + struct IdpClient *client = cls; + struct TicketIteration *ti; + uint32_t rid; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received TICKET_ITERATION_NEXT message\n"); + rid = ntohl (tis_msg->id); + for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next) + if (ti->r_id == rid) + break; + if (NULL == ti) + { + GNUNET_break (0); + GNUNET_SERVICE_client_drop (client->client); + return; + } + run_ticket_iteration_round (ti); + GNUNET_SERVICE_client_continue (client->client); +} + + + + +/** + * Main function that will be run + * + * @param cls closure + * @param c the configuration used + * @param server the service handle + */ +static void +run (void *cls, + const struct GNUNET_CONFIGURATION_Handle *c, + struct GNUNET_SERVICE_Handle *server) +{ + char *database; + cfg = c; + + stats = GNUNET_STATISTICS_create ("reclaim", cfg); + + //Connect to identity and namestore services + ns_handle = GNUNET_NAMESTORE_connect (cfg); + if (NULL == ns_handle) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to namestore"); + } + + gns_handle = GNUNET_GNS_connect (cfg); + if (NULL == gns_handle) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to gns"); + } + credential_handle = GNUNET_CREDENTIAL_connect (cfg); + if (NULL == credential_handle) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to credential"); + } + identity_handle = GNUNET_IDENTITY_connect (cfg, + NULL, + NULL); + /* Loading DB plugin */ + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (cfg, + "reclaim", + "database", + &database)) + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "No database backend configured\n"); + GNUNET_asprintf (&db_lib_name, + "libgnunet_plugin_reclaim_%s", + database); + TKT_database = GNUNET_PLUGIN_load (db_lib_name, + (void *) cfg); + GNUNET_free (database); + if (NULL == TKT_database) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Could not load database backend `%s'\n", + db_lib_name); + GNUNET_SCHEDULER_shutdown (); + return; + } + + if (GNUNET_OK == + GNUNET_CONFIGURATION_get_value_time (cfg, + "reclaim", + "TOKEN_EXPIRATION_INTERVAL", + &token_expiration_interval)) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Time window for zone iteration: %s\n", + GNUNET_STRINGS_relative_time_to_string (token_expiration_interval, + GNUNET_YES)); + } else { + token_expiration_interval = DEFAULT_TOKEN_EXPIRATION_INTERVAL; + } + + GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); +} + +/** + * Called whenever a client is disconnected. + * + * @param cls closure + * @param client identification of the client + * @param app_ctx @a client + */ +static void +client_disconnect_cb (void *cls, + struct GNUNET_SERVICE_Client *client, + void *app_ctx) +{ + struct IdpClient *idp = app_ctx; + struct AttributeIterator *ai; + struct TicketIteration *ti; + struct TicketRevocationHandle *rh; + struct TicketIssueHandle *iss; + struct ConsumeTicketHandle *ct; + struct AttributeStoreHandle *as; + + //TODO other operations + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Client %p disconnected\n", + client); + + while (NULL != (iss = idp->issue_op_head)) + { + GNUNET_CONTAINER_DLL_remove (idp->issue_op_head, + idp->issue_op_tail, + iss); + cleanup_ticket_issue_handle (iss); + } + while (NULL != (ct = idp->consume_op_head)) + { + GNUNET_CONTAINER_DLL_remove (idp->consume_op_head, + idp->consume_op_tail, + ct); + cleanup_consume_ticket_handle (ct); + } + while (NULL != (as = idp->store_op_head)) + { + GNUNET_CONTAINER_DLL_remove (idp->store_op_head, + idp->store_op_tail, + as); + cleanup_as_handle (as); + } + + while (NULL != (ai = idp->attr_iter_head)) + { + GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head, + idp->attr_iter_tail, + ai); + cleanup_attribute_iter_handle (ai); + } + while (NULL != (rh = idp->revoke_op_head)) + { + GNUNET_CONTAINER_DLL_remove (idp->revoke_op_head, + idp->revoke_op_tail, + rh); + cleanup_revoke_ticket_handle (rh); + } + while (NULL != (ti = idp->ticket_iter_head)) + { + GNUNET_CONTAINER_DLL_remove (idp->ticket_iter_head, + idp->ticket_iter_tail, + ti); + cleanup_ticket_iter_handle (ti); + } + GNUNET_free (idp); +} + + +/** + * Add a client to our list of active clients. + * + * @param cls NULL + * @param client client to add + * @param mq message queue for @a client + * @return internal namestore client structure for this client + */ +static void * +client_connect_cb (void *cls, + struct GNUNET_SERVICE_Client *client, + struct GNUNET_MQ_Handle *mq) +{ + struct IdpClient *idp; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Client %p connected\n", + client); + idp = GNUNET_new (struct IdpClient); + idp->client = client; + idp->mq = mq; + return idp; +} + + + +/** + * Define "main" method using service macro. + */ +GNUNET_SERVICE_MAIN +("reclaim", + GNUNET_SERVICE_OPTION_NONE, + &run, + &client_connect_cb, + &client_disconnect_cb, + NULL, + GNUNET_MQ_hd_var_size (attribute_store_message, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE, + struct AttributeStoreMessage, + NULL), + GNUNET_MQ_hd_fixed_size (iteration_start, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START, + struct AttributeIterationStartMessage, + NULL), + GNUNET_MQ_hd_fixed_size (iteration_next, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT, + struct AttributeIterationNextMessage, + NULL), + GNUNET_MQ_hd_fixed_size (iteration_stop, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP, + struct AttributeIterationStopMessage, + NULL), + GNUNET_MQ_hd_var_size (issue_ticket_message, + GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET, + struct IssueTicketMessage, + NULL), + GNUNET_MQ_hd_var_size (consume_ticket_message, + GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET, + struct ConsumeTicketMessage, + NULL), + GNUNET_MQ_hd_fixed_size (ticket_iteration_start, + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START, + struct TicketIterationStartMessage, + NULL), + GNUNET_MQ_hd_fixed_size (ticket_iteration_next, + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT, + struct TicketIterationNextMessage, + NULL), + GNUNET_MQ_hd_fixed_size (ticket_iteration_stop, + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP, + struct TicketIterationStopMessage, + NULL), + GNUNET_MQ_hd_var_size (revoke_ticket_message, + GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET, + struct RevokeTicketMessage, + NULL), + GNUNET_MQ_handler_end()); +/* end of gnunet-service-reclaim.c */ diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c new file mode 100644 index 000000000..45b5d73f6 --- /dev/null +++ b/src/reclaim/jwt.c @@ -0,0 +1,160 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ + +/** + * @file reclaim/jwt.c + * @brief helper library for JSON-Web-Tokens + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_signatures.h" +#include "gnunet_reclaim_attribute_lib.h" +#include + + +#define JWT_ALG "alg" + +/* Use 512bit HMAC */ +#define JWT_ALG_VALUE "HS512" + +#define JWT_TYP "typ" + +#define JWT_TYP_VALUE "jwt" + +#define SERVER_ADDRESS "https://reclaim.id/api/openid/userinfo" + +static char* +create_jwt_header(void) +{ + json_t *root; + char *json_str; + + root = json_object (); + json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); + json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); + + json_str = json_dumps (root, JSON_INDENT(1)); + json_decref (root); + return json_str; +} + +/** + * Create a JWT from attributes + * + * @param aud_key the public of the subject + * @param attrs the attribute list + * @param priv_key the key used to sign the JWT + * @return a new base64-encoded JWT string. + */ +char* +jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_CRYPTO_AuthKey *priv_key) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_HashCode signature; + char* audience; + char* subject; + char* header; + char* padding; + char* body_str; + char* result; + char* header_base64; + char* body_base64; + char* signature_target; + char* signature_base64; + char* attr_val_str; + json_t* body; + + //exp REQUIRED time expired from config + //iat REQUIRED time now + //auth_time only if max_age + //nonce only if nonce + // OPTIONAL acr,amr,azp + subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + header = create_jwt_header (); + body = json_object (); + + //iss REQUIRED case sensitive server uri with https + //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) + json_object_set_new (body, + "iss", json_string (SERVER_ADDRESS)); + //sub REQUIRED public key identity, not exceed 255 ASCII length + json_object_set_new (body, + "sub", json_string (subject)); + //aud REQUIRED public key client_id must be there + json_object_set_new (body, + "aud", json_string (audience)); + for (le = attrs->list_head; NULL != le; le = le->next) + { + attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, + le->claim->data, + le->claim->data_size); + json_object_set_new (body, + le->claim->name, + json_string (attr_val_str)); + GNUNET_free (attr_val_str); + } + body_str = json_dumps (body, JSON_INDENT(0)); + json_decref (body); + + GNUNET_STRINGS_base64_encode (header, + strlen (header), + &header_base64); + //Remove GNUNET padding of base64 + padding = strtok(header_base64, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + GNUNET_STRINGS_base64_encode (body_str, + strlen (body_str), + &body_base64); + + //Remove GNUNET padding of base64 + padding = strtok(body_base64, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + GNUNET_free (subject); + GNUNET_free (audience); + + /** + * Creating the JWT signature. This might not be + * standards compliant, check. + */ + GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); + GNUNET_CRYPTO_hmac (priv_key, signature_target, strlen (signature_target), &signature); + GNUNET_STRINGS_base64_encode ((const char*)&signature, + sizeof (struct GNUNET_HashCode), + &signature_base64); + GNUNET_asprintf (&result, "%s.%s.%s", + header_base64, body_base64, signature_base64); + + GNUNET_free (signature_target); + GNUNET_free (header); + GNUNET_free (body_str); + GNUNET_free (signature_base64); + GNUNET_free (body_base64); + GNUNET_free (header_base64); + return result; +} diff --git a/src/reclaim/jwt.h b/src/reclaim/jwt.h new file mode 100644 index 000000000..4b0b01be3 --- /dev/null +++ b/src/reclaim/jwt.h @@ -0,0 +1,10 @@ +#ifndef JWT_H +#define JWT_H + +char* +jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_CRYPTO_AuthKey *priv_key); + +#endif diff --git a/src/reclaim/plugin_gnsrecord_reclaim.c b/src/reclaim/plugin_gnsrecord_reclaim.c new file mode 100644 index 000000000..0322df752 --- /dev/null +++ b/src/reclaim/plugin_gnsrecord_reclaim.c @@ -0,0 +1,265 @@ +/* + This file is part of GNUnet + Copyright (C) 2013, 2014 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @file reclaim/plugin_gnsrecord_reclaim.c + * @brief gnsrecord plugin to provide the API for identity records + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_gnsrecord_lib.h" +#include "gnunet_gnsrecord_plugin.h" + + +/** + * Convert the 'value' of a record to a string. + * + * @param cls closure, unused + * @param type type of the record + * @param data value in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the value + */ +static char * +value_to_string (void *cls, + uint32_t type, + const void *data, + size_t data_size) +{ + const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; + const struct GNUNET_CRYPTO_EcdsaPublicKey *audience_pubkey; + const char *scopes; + char *ecdhe_str; + char *aud_str; + char *result; + + switch (type) + { + case GNUNET_GNSRECORD_TYPE_ID_ATTR: + return GNUNET_STRINGS_data_to_string_alloc (data, data_size); + case GNUNET_GNSRECORD_TYPE_ID_TOKEN: //DEPRECATED + return GNUNET_strndup (data, data_size); + case GNUNET_GNSRECORD_TYPE_ABE_KEY: + case GNUNET_GNSRECORD_TYPE_ABE_MASTER: + return GNUNET_STRINGS_data_to_string_alloc (data, data_size); + case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: //DEPRECATED + ecdhe_privkey = data; + audience_pubkey = data+sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); + scopes = (char*) audience_pubkey+(sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + ecdhe_str = GNUNET_STRINGS_data_to_string_alloc (ecdhe_privkey, + sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); + aud_str = GNUNET_STRINGS_data_to_string_alloc (audience_pubkey, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + GNUNET_asprintf (&result, + "%s;%s;%s", + ecdhe_str, aud_str, scopes); + GNUNET_free (aud_str); + GNUNET_free (ecdhe_str); + return result; + + default: + return NULL; + } +} + + +/** + * Convert human-readable version of a 'value' of a record to the binary + * representation. + * + * @param cls closure, unused + * @param type type of the record + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +static int +string_to_value (void *cls, + uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + char* ecdhe_str; + char* aud_keystr; + char* write_ptr; + char* tmp_tok; + char* str; + + if (NULL == s) + return GNUNET_SYSERR; + switch (type) + { + case GNUNET_GNSRECORD_TYPE_ID_ATTR: + return GNUNET_STRINGS_string_to_data (s, + strlen (s), + *data, + *data_size); + case GNUNET_GNSRECORD_TYPE_ID_TOKEN: + *data = GNUNET_strdup (s); + *data_size = strlen (s); + return GNUNET_OK; + case GNUNET_GNSRECORD_TYPE_ABE_KEY: + case GNUNET_GNSRECORD_TYPE_ABE_MASTER: + return GNUNET_STRINGS_string_to_data (s, + strlen (s), + *data, + *data_size); + case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: + tmp_tok = GNUNET_strdup (s); + ecdhe_str = strtok (tmp_tok, ";"); + if (NULL == ecdhe_str) + { + GNUNET_free (tmp_tok); + return GNUNET_SYSERR; + } + aud_keystr = strtok (NULL, ";"); + if (NULL == aud_keystr) + { + GNUNET_free (tmp_tok); + return GNUNET_SYSERR; + } + str = strtok (NULL, ";"); + if (NULL == str) + { + GNUNET_free (tmp_tok); + return GNUNET_SYSERR; + } + *data_size = strlen (str) + 1 + +sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey) + +sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); + *data = GNUNET_malloc (*data_size); + + write_ptr = *data; + GNUNET_STRINGS_string_to_data (ecdhe_str, + strlen (ecdhe_str), + write_ptr, + sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); + write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); + GNUNET_STRINGS_string_to_data (aud_keystr, + strlen (aud_keystr), + write_ptr, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); + GNUNET_memcpy (write_ptr, str, strlen (str) + 1); //with 0-Terminator + GNUNET_free (tmp_tok); + return GNUNET_OK; + + default: + return GNUNET_SYSERR; + } +} + + +/** + * Mapping of record type numbers to human-readable + * record type names. + */ +static struct { + const char *name; + uint32_t number; +} name_map[] = { + { "ID_ATTR", GNUNET_GNSRECORD_TYPE_ID_ATTR }, + { "ID_TOKEN", GNUNET_GNSRECORD_TYPE_ID_TOKEN }, + { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY }, + { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER }, + { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA }, + { NULL, UINT32_MAX } +}; + + +/** + * Convert a type name (i.e. "AAAA") to the corresponding number. + * + * @param cls closure, unused + * @param dns_typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +static uint32_t +typename_to_number (void *cls, + const char *dns_typename) +{ + unsigned int i; + + i=0; + while ( (NULL != name_map[i].name) && + (0 != strcasecmp (dns_typename, name_map[i].name)) ) + i++; + return name_map[i].number; +} + + +/** + * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A") + * + * @param cls closure, unused + * @param type number of a type to convert + * @return corresponding typestring, NULL on error + */ +static const char * +number_to_typename (void *cls, + uint32_t type) +{ + unsigned int i; + + i=0; + while ( (NULL != name_map[i].name) && + (type != name_map[i].number) ) + i++; + return name_map[i].name; +} + + +/** + * Entry point for the plugin. + * + * @param cls NULL + * @return the exported block API + */ +void * +libgnunet_plugin_gnsrecord_reclaim_init (void *cls) +{ + struct GNUNET_GNSRECORD_PluginFunctions *api; + + api = GNUNET_new (struct GNUNET_GNSRECORD_PluginFunctions); + api->value_to_string = &value_to_string; + api->string_to_value = &string_to_value; + api->typename_to_number = &typename_to_number; + api->number_to_typename = &number_to_typename; + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the return value from #libgnunet_plugin_block_test_init + * @return NULL + */ +void * +libgnunet_plugin_gnsrecord_reclaim_done (void *cls) +{ + struct GNUNET_GNSRECORD_PluginFunctions *api = cls; + + GNUNET_free (api); + return NULL; +} + +/* end of plugin_gnsrecord_dns.c */ diff --git a/src/reclaim/plugin_reclaim_sqlite.c b/src/reclaim/plugin_reclaim_sqlite.c new file mode 100644 index 000000000..b545a94e8 --- /dev/null +++ b/src/reclaim/plugin_reclaim_sqlite.c @@ -0,0 +1,734 @@ + /* + * This file is part of GNUnet + * Copyright (C) 2009-2017 GNUnet e.V. + * + * GNUnet is free software: you can redistribute it and/or modify it + * under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, + * or (at your option) any later version. + * + * GNUnet is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +/** + * @file reclaim/plugin_reclaim_sqlite.c + * @brief sqlite-based idp backend + * @author Martin Schanzenbach + */ + +#include "platform.h" +#include "gnunet_reclaim_service.h" +#include "gnunet_reclaim_plugin.h" +#include "gnunet_reclaim_attribute_lib.h" +#include "gnunet_sq_lib.h" +#include + +/** + * After how many ms "busy" should a DB operation fail for good? A + * low value makes sure that we are more responsive to requests + * (especially PUTs). A high value guarantees a higher success rate + * (SELECTs in iterate can take several seconds despite LIMIT=1). + * + * The default value of 1s should ensure that users do not experience + * huge latencies while at the same time allowing operations to + * succeed with reasonable probability. + */ +#define BUSY_TIMEOUT_MS 1000 + + +/** + * Log an error message at log-level 'level' that indicates + * a failure of the command 'cmd' on file 'filename' + * with the message given by strerror(errno). + */ +#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "reclaim", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0) + +#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-sqlite", __VA_ARGS__) + + +/** + * Context for all functions in this plugin. + */ +struct Plugin +{ + + const struct GNUNET_CONFIGURATION_Handle *cfg; + + /** + * Database filename. + */ + char *fn; + + /** + * Native SQLite database handle. + */ + sqlite3 *dbh; + + /** + * Precompiled SQL to store ticket. + */ + sqlite3_stmt *store_ticket; + + /** + * Precompiled SQL to delete existing ticket. + */ + sqlite3_stmt *delete_ticket; + + /** + * Precompiled SQL to iterate tickets. + */ + sqlite3_stmt *iterate_tickets; + + /** + * Precompiled SQL to get ticket attributes. + */ + sqlite3_stmt *get_ticket_attrs; + + /** + * Precompiled SQL to iterate tickets by audience. + */ + sqlite3_stmt *iterate_tickets_by_audience; +}; + + +/** + * @brief Prepare a SQL statement + * + * @param dbh handle to the database + * @param zSql SQL statement, UTF-8 encoded + * @param ppStmt set to the prepared statement + * @return 0 on success + */ +static int +sq_prepare (sqlite3 *dbh, + const char *zSql, + sqlite3_stmt **ppStmt) +{ + char *dummy; + int result; + + result = + sqlite3_prepare_v2 (dbh, + zSql, + strlen (zSql), + ppStmt, + (const char **) &dummy); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Prepared `%s' / %p: %d\n", + zSql, + *ppStmt, + result); + return result; +} + +/** + * Create our database indices. + * + * @param dbh handle to the database + */ +static void +create_indices (sqlite3 * dbh) +{ + /* create indices */ + if ( (SQLITE_OK != + sqlite3_exec (dbh, + "CREATE INDEX IF NOT EXISTS identity_reverse ON identity001tickets (identity,audience)", + NULL, NULL, NULL)) || + (SQLITE_OK != + sqlite3_exec (dbh, + "CREATE INDEX IF NOT EXISTS it_iter ON identity001tickets (rnd)", + NULL, NULL, NULL)) ) + LOG (GNUNET_ERROR_TYPE_ERROR, + "Failed to create indices: %s\n", + sqlite3_errmsg (dbh)); +} + + + +#if 0 +#define CHECK(a) GNUNET_break(a) +#define ENULL NULL +#else +#define ENULL &e +#define ENULL_DEFINED 1 +#define CHECK(a) if (! (a)) { GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s\n", e); sqlite3_free(e); } +#endif + + +/** + * Initialize the database connections and associated + * data structures (create tables and indices + * as needed as well). + * + * @param plugin the plugin context (state for this module) + * @return #GNUNET_OK on success + */ +static int +database_setup (struct Plugin *plugin) +{ + sqlite3_stmt *stmt; + char *afsdir; +#if ENULL_DEFINED + char *e; +#endif + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_filename (plugin->cfg, + "reclaim-sqlite", + "FILENAME", + &afsdir)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "reclaim-sqlite", + "FILENAME"); + return GNUNET_SYSERR; + } + if (GNUNET_OK != + GNUNET_DISK_file_test (afsdir)) + { + if (GNUNET_OK != + GNUNET_DISK_directory_create_for_file (afsdir)) + { + GNUNET_break (0); + GNUNET_free (afsdir); + return GNUNET_SYSERR; + } + } + /* afsdir should be UTF-8-encoded. If it isn't, it's a bug */ + plugin->fn = afsdir; + + /* Open database and precompile statements */ + if (sqlite3_open (plugin->fn, &plugin->dbh) != SQLITE_OK) + { + LOG (GNUNET_ERROR_TYPE_ERROR, + _("Unable to initialize SQLite: %s.\n"), + sqlite3_errmsg (plugin->dbh)); + return GNUNET_SYSERR; + } + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA temp_store=MEMORY", NULL, NULL, + ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA synchronous=NORMAL", NULL, NULL, + ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA legacy_file_format=OFF", NULL, NULL, + ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA auto_vacuum=INCREMENTAL", NULL, + NULL, ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA encoding=\"UTF-8\"", NULL, + NULL, ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA locking_mode=EXCLUSIVE", NULL, NULL, + ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA page_size=4092", NULL, NULL, + ENULL)); + + CHECK (SQLITE_OK == + sqlite3_busy_timeout (plugin->dbh, + BUSY_TIMEOUT_MS)); + + + /* Create table */ + CHECK (SQLITE_OK == + sq_prepare (plugin->dbh, + "SELECT 1 FROM sqlite_master WHERE tbl_name = 'identity001tickets'", + &stmt)); + if ((sqlite3_step (stmt) == SQLITE_DONE) && + (sqlite3_exec + (plugin->dbh, + "CREATE TABLE identity001tickets (" + " identity BLOB NOT NULL DEFAULT ''," + " audience BLOB NOT NULL DEFAULT ''," + " rnd INT8 NOT NULL DEFAULT ''," + " attributes BLOB NOT NULL DEFAULT ''" + ")", + NULL, NULL, NULL) != SQLITE_OK)) + { + LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR, + "sqlite3_exec"); + sqlite3_finalize (stmt); + return GNUNET_SYSERR; + } + sqlite3_finalize (stmt); + + create_indices (plugin->dbh); + + if ( (SQLITE_OK != + sq_prepare (plugin->dbh, + "INSERT INTO identity001tickets (identity, audience, rnd, attributes)" + " VALUES (?, ?, ?, ?)", + &plugin->store_ticket)) || + (SQLITE_OK != + sq_prepare (plugin->dbh, + "DELETE FROM identity001tickets WHERE identity=? AND rnd=?", + &plugin->delete_ticket)) || + (SQLITE_OK != + sq_prepare (plugin->dbh, + "SELECT identity,audience,rnd,attributes" + " FROM identity001tickets WHERE identity=? AND rnd=?", + &plugin->get_ticket_attrs)) || + (SQLITE_OK != + sq_prepare (plugin->dbh, + "SELECT identity,audience,rnd,attributes" + " FROM identity001tickets WHERE identity=?" + " ORDER BY rnd LIMIT 1 OFFSET ?", + &plugin->iterate_tickets)) || + (SQLITE_OK != + sq_prepare (plugin->dbh, + "SELECT identity,audience,rnd,attributes" + " FROM identity001tickets WHERE audience=?" + " ORDER BY rnd LIMIT 1 OFFSET ?", + &plugin->iterate_tickets_by_audience)) ) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR, + "precompiling"); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/** + * Shutdown database connection and associate data + * structures. + * @param plugin the plugin context (state for this module) + */ +static void +database_shutdown (struct Plugin *plugin) +{ + int result; + sqlite3_stmt *stmt; + + if (NULL != plugin->store_ticket) + sqlite3_finalize (plugin->store_ticket); + if (NULL != plugin->delete_ticket) + sqlite3_finalize (plugin->delete_ticket); + if (NULL != plugin->iterate_tickets) + sqlite3_finalize (plugin->iterate_tickets); + if (NULL != plugin->iterate_tickets_by_audience) + sqlite3_finalize (plugin->iterate_tickets_by_audience); + if (NULL != plugin->get_ticket_attrs) + sqlite3_finalize (plugin->get_ticket_attrs); + result = sqlite3_close (plugin->dbh); + if (result == SQLITE_BUSY) + { + LOG (GNUNET_ERROR_TYPE_WARNING, + _("Tried to close sqlite without finalizing all prepared statements.\n")); + stmt = sqlite3_next_stmt (plugin->dbh, + NULL); + while (NULL != stmt) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, + "sqlite", + "Closing statement %p\n", + stmt); + result = sqlite3_finalize (stmt); + if (result != SQLITE_OK) + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "sqlite", + "Failed to close statement %p: %d\n", + stmt, + result); + stmt = sqlite3_next_stmt (plugin->dbh, + NULL); + } + result = sqlite3_close (plugin->dbh); + } + if (SQLITE_OK != result) + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR, + "sqlite3_close"); + + GNUNET_free_non_null (plugin->fn); +} + + +/** + * Store a ticket in the database. + * + * @param cls closure (internal context for the plugin) + * @param ticket the ticket to persist + * @param attrs the attributes associated with the ticket + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ +static int +reclaim_sqlite_store_ticket (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs) +{ + struct Plugin *plugin = cls; + size_t attrs_len; + char *attrs_ser; + int n; + + { + /* First delete duplicates */ + struct GNUNET_SQ_QueryParam dparams[] = { + GNUNET_SQ_query_param_auto_from_type (&ticket->identity), + GNUNET_SQ_query_param_uint64 (&ticket->rnd), + GNUNET_SQ_query_param_end + }; + if (GNUNET_OK != + GNUNET_SQ_bind (plugin->delete_ticket, + dparams)) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + plugin->delete_ticket); + return GNUNET_SYSERR; + } + n = sqlite3_step (plugin->delete_ticket); + GNUNET_SQ_reset (plugin->dbh, + plugin->delete_ticket); + + attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs); + attrs_ser = GNUNET_malloc (attrs_len); + GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs, + attrs_ser); + struct GNUNET_SQ_QueryParam sparams[] = { + GNUNET_SQ_query_param_auto_from_type (&ticket->identity), + GNUNET_SQ_query_param_auto_from_type (&ticket->audience), + GNUNET_SQ_query_param_uint64 (&ticket->rnd), + GNUNET_SQ_query_param_fixed_size (attrs_ser, attrs_len), + GNUNET_SQ_query_param_end + }; + + if (GNUNET_OK != + GNUNET_SQ_bind (plugin->store_ticket, + sparams)) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + plugin->store_ticket); + return GNUNET_SYSERR; + } + n = sqlite3_step (plugin->store_ticket); + GNUNET_SQ_reset (plugin->dbh, + plugin->store_ticket); + GNUNET_free (attrs_ser); + } + switch (n) + { + case SQLITE_DONE: + GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, + "sqlite", + "Ticket stored\n"); + return GNUNET_OK; + case SQLITE_BUSY: + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK, + "sqlite3_step"); + return GNUNET_NO; + default: + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_step"); + return GNUNET_SYSERR; + } +} + + +/** + * Store a ticket in the database. + * + * @param cls closure (internal context for the plugin) + * @param ticket the ticket to delete + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ +static int +reclaim_sqlite_delete_ticket (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket) +{ + struct Plugin *plugin = cls; + int n; + + { + struct GNUNET_SQ_QueryParam sparams[] = { + GNUNET_SQ_query_param_auto_from_type (&ticket->identity), + GNUNET_SQ_query_param_uint64 (&ticket->rnd), + GNUNET_SQ_query_param_end + }; + + if (GNUNET_OK != + GNUNET_SQ_bind (plugin->delete_ticket, + sparams)) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + plugin->store_ticket); + return GNUNET_SYSERR; + } + n = sqlite3_step (plugin->delete_ticket); + GNUNET_SQ_reset (plugin->dbh, + plugin->delete_ticket); + } + switch (n) + { + case SQLITE_DONE: + GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, + "sqlite", + "Ticket deleted\n"); + return GNUNET_OK; + case SQLITE_BUSY: + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK, + "sqlite3_step"); + return GNUNET_NO; + default: + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_step"); + return GNUNET_SYSERR; + } +} + + +/** + * The given 'sqlite' statement has been prepared to be run. + * It will return a record which should be given to the iterator. + * Runs the statement and parses the returned record. + * + * @param plugin plugin context + * @param stmt to run (and then clean up) + * @param iter iterator to call with the result + * @param iter_cls closure for @a iter + * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error + */ +static int +get_ticket_and_call_iterator (struct Plugin *plugin, + sqlite3_stmt *stmt, + GNUNET_RECLAIM_TicketIterator iter, + void *iter_cls) +{ + struct GNUNET_RECLAIM_Ticket ticket; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs; + int ret; + int sret; + size_t attrs_len; + char *attrs_ser; + + ret = GNUNET_NO; + if (SQLITE_ROW == (sret = sqlite3_step (stmt))) + { + struct GNUNET_SQ_ResultSpec rs[] = { + GNUNET_SQ_result_spec_auto_from_type (&ticket.identity), + GNUNET_SQ_result_spec_auto_from_type (&ticket.audience), + GNUNET_SQ_result_spec_uint64 (&ticket.rnd), + GNUNET_SQ_result_spec_variable_size ((void**)&attrs_ser, + &attrs_len), + GNUNET_SQ_result_spec_end + + }; + ret = GNUNET_SQ_extract_result (stmt, + rs); + if (GNUNET_OK != ret) + { + GNUNET_break (0); + ret = GNUNET_SYSERR; + } + else + { + attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser, + attrs_len); + if (NULL != iter) + iter (iter_cls, + &ticket, + attrs); + GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs); + ret = GNUNET_YES; + } + GNUNET_SQ_cleanup_result (rs); + } + else + { + if (SQLITE_DONE != sret) + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR, + "sqlite_step"); + } + GNUNET_SQ_reset (plugin->dbh, + stmt); + return ret; +} + + +/** + * Lookup tickets in the datastore. + * + * @param cls closure (internal context for the plugin) + * @param ticket the ticket to retrieve attributes for + * @param iter function to call with the result + * @param iter_cls closure for @a iter + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ +static int +reclaim_sqlite_ticket_get_attrs (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket, + GNUNET_RECLAIM_TicketIterator iter, + void *iter_cls) +{ + struct Plugin *plugin = cls; + struct GNUNET_SQ_QueryParam params[] = { + GNUNET_SQ_query_param_auto_from_type (&ticket->identity), + GNUNET_SQ_query_param_uint64 (&ticket->rnd), + GNUNET_SQ_query_param_end + }; + + if (GNUNET_OK != + GNUNET_SQ_bind (plugin->get_ticket_attrs, + params)) + { + LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + plugin->get_ticket_attrs); + return GNUNET_SYSERR; + } + return get_ticket_and_call_iterator (plugin, + plugin->get_ticket_attrs, + iter, + iter_cls); +} + + +/** + * Iterate over the results for a particular key and zone in the + * datastore. Will return at most one result to the iterator. + * + * @param cls closure (internal context for the plugin) + * @param identity the issuing identity or audience (depending on audience switch) + * @param audience GNUNET_YES if identity is audience + * @param offset offset in the list of all matching records + * @param iter function to call with the result + * @param iter_cls closure for @a iter + * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error + */ +static int +reclaim_sqlite_iterate_tickets (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + int audience, + uint64_t offset, + GNUNET_RECLAIM_TicketIterator iter, + void *iter_cls) +{ + struct Plugin *plugin = cls; + sqlite3_stmt *stmt; + int err; + + if (NULL == identity) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + struct GNUNET_SQ_QueryParam params[] = { + GNUNET_SQ_query_param_auto_from_type (identity), + GNUNET_SQ_query_param_uint64 (&offset), + GNUNET_SQ_query_param_end + }; + if (GNUNET_YES == audience) + { + stmt = plugin->iterate_tickets_by_audience; + err = GNUNET_SQ_bind (stmt, + params); + } + else + { + stmt = plugin->iterate_tickets; + err = GNUNET_SQ_bind (stmt, + params); + } + if (GNUNET_OK != err) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + stmt); + return GNUNET_SYSERR; + } + return get_ticket_and_call_iterator (plugin, + stmt, + iter, + iter_cls); +} + + +/** + * Entry point for the plugin. + * + * @param cls the "struct GNUNET_RECLAIM_PluginEnvironment*" + * @return NULL on error, otherwise the plugin context + */ +void * +libgnunet_plugin_reclaim_sqlite_init (void *cls) +{ + static struct Plugin plugin; + const struct GNUNET_CONFIGURATION_Handle *cfg = cls; + struct GNUNET_RECLAIM_PluginFunctions *api; + + if (NULL != plugin.cfg) + return NULL; /* can only initialize once! */ + memset (&plugin, 0, sizeof (struct Plugin)); + plugin.cfg = cfg; + if (GNUNET_OK != database_setup (&plugin)) + { + database_shutdown (&plugin); + return NULL; + } + api = GNUNET_new (struct GNUNET_RECLAIM_PluginFunctions); + api->cls = &plugin; + api->store_ticket = &reclaim_sqlite_store_ticket; + api->delete_ticket = &reclaim_sqlite_delete_ticket; + api->iterate_tickets = &reclaim_sqlite_iterate_tickets; + api->get_ticket_attributes = &reclaim_sqlite_ticket_get_attrs; + LOG (GNUNET_ERROR_TYPE_INFO, + _("Sqlite database running\n")); + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the plugin context (as returned by "init") + * @return always NULL + */ +void * +libgnunet_plugin_reclaim_sqlite_done (void *cls) +{ + struct GNUNET_RECLAIM_PluginFunctions *api = cls; + struct Plugin *plugin = api->cls; + + database_shutdown (plugin); + plugin->cfg = NULL; + GNUNET_free (api); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "sqlite plugin is finished\n"); + return NULL; +} + +/* end of plugin_reclaim_sqlite.c */ diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c new file mode 100644 index 000000000..abb3f59f5 --- /dev/null +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -0,0 +1,2227 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ +/** + * @author Martin Schanzenbach + * @author Philippe Buschmann + * @file identity/plugin_rest_openid_connect.c + * @brief GNUnet Namestore REST plugin + * + */ + +#include "platform.h" +#include "gnunet_rest_plugin.h" +#include "gnunet_identity_service.h" +#include "gnunet_gns_service.h" +#include "gnunet_gnsrecord_lib.h" +#include "gnunet_namestore_service.h" +#include "gnunet_rest_lib.h" +#include "gnunet_jsonapi_lib.h" +#include "gnunet_jsonapi_util.h" +#include "microhttpd.h" +#include +#include +#include "gnunet_signatures.h" +#include "gnunet_reclaim_attribute_lib.h" +#include "gnunet_reclaim_service.h" +#include "jwt.h" + +/** + * REST root namespace + */ +#define GNUNET_REST_API_NS_OIDC "/openid" + +/** + * Authorize endpoint + */ +#define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" + +/** + * Token endpoint + */ +#define GNUNET_REST_API_NS_TOKEN "/openid/token" + +/** + * UserInfo endpoint + */ +#define GNUNET_REST_API_NS_USERINFO "/openid/userinfo" + +/** + * Login namespace + */ +#define GNUNET_REST_API_NS_LOGIN "/openid/login" + +/** + * Attribute key + */ +#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute" + +/** + * Ticket key + */ +#define GNUNET_REST_JSONAPI_IDENTITY_TICKET "ticket" + + +/** + * Value key + */ +#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value" + +/** + * State while collecting all egos + */ +#define ID_REST_STATE_INIT 0 + +/** + * Done collecting egos + */ +#define ID_REST_STATE_POST_INIT 1 + +/** + * OIDC grant_type key + */ +#define OIDC_GRANT_TYPE_KEY "grant_type" + +/** + * OIDC grant_type key + */ +#define OIDC_GRANT_TYPE_VALUE "authorization_code" + +/** + * OIDC code key + */ +#define OIDC_CODE_KEY "code" + +/** + * OIDC response_type key + */ +#define OIDC_RESPONSE_TYPE_KEY "response_type" + +/** + * OIDC client_id key + */ +#define OIDC_CLIENT_ID_KEY "client_id" + +/** + * OIDC scope key + */ +#define OIDC_SCOPE_KEY "scope" + +/** + * OIDC redirect_uri key + */ +#define OIDC_REDIRECT_URI_KEY "redirect_uri" + +/** + * OIDC state key + */ +#define OIDC_STATE_KEY "state" + +/** + * OIDC nonce key + */ +#define OIDC_NONCE_KEY "nonce" + +/** + * OIDC cookie header key + */ +#define OIDC_COOKIE_HEADER_KEY "cookie" + +/** + * OIDC cookie header information key + */ +#define OIDC_AUTHORIZATION_HEADER_KEY "authorization" + +/** + * OIDC cookie header information key + */ +#define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" + +/** + * OIDC expected response_type while authorizing + */ +#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" + +/** + * OIDC expected scope part while authorizing + */ +#define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" + +/** + * OIDC ignored parameter array + */ +static char* OIDC_ignored_parameter_array [] = +{ + "display", + "prompt", + "max_age", + "ui_locales", + "response_mode", + "id_token_hint", + "login_hint", + "acr_values" +}; + +/** + * OIDC authorized identities and times hashmap + */ +struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_login_time; + +/** + * OIDC authorized identities and times hashmap + */ +struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants; + +/** + * OIDC ticket/code use only once + */ +struct GNUNET_CONTAINER_MultiHashMap *OIDC_ticket_once; + +/** + * OIDC access_token to ticket and ego + */ +struct GNUNET_CONTAINER_MultiHashMap *OIDC_interpret_access_token; + +/** + * The configuration handle + */ +const struct GNUNET_CONFIGURATION_Handle *cfg; + +/** + * HTTP methods allows for this plugin + */ +static char* allow_methods; + +/** + * @brief struct returned by the initialization function of the plugin + */ +struct Plugin +{ + const struct GNUNET_CONFIGURATION_Handle *cfg; +}; + +/** + * OIDC needed variables + */ +struct OIDC_Variables +{ + /** + * The RP client public key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey; + + /** + * The OIDC client id of the RP + */ + char *client_id; + + /** + * GNUNET_YES if there is a delegation to + * this RP or if it is a local identity + */ + int is_client_trusted; + + /** + * The OIDC redirect uri + */ + char *redirect_uri; + + /** + * The list of oidc scopes + */ + char *scope; + + /** + * The OIDC state + */ + char *state; + + /** + * The OIDC nonce + */ + char *nonce; + + /** + * The OIDC response type + */ + char *response_type; + + /** + * The identity chosen by the user to login + */ + char *login_identity; + + /** + * The response JSON + */ + json_t *response; + +}; + +/** + * The ego list + */ +struct EgoEntry +{ + /** + * DLL + */ + struct EgoEntry *next; + + /** + * DLL + */ + struct EgoEntry *prev; + + /** + * Ego Identifier + */ + char *identifier; + + /** + * Public key string + */ + char *keystring; + + /** + * The Ego + */ + struct GNUNET_IDENTITY_Ego *ego; +}; + + +struct RequestHandle +{ + /** + * Ego list + */ + struct EgoEntry *ego_head; + + /** + * Ego list + */ + struct EgoEntry *ego_tail; + + /** + * Selected ego + */ + struct EgoEntry *ego_entry; + + /** + * Pointer to ego private key + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key; + + /** + * OIDC variables + */ + struct OIDC_Variables *oidc; + + /** + * The processing state + */ + int state; + + /** + * Handle to Identity service. + */ + struct GNUNET_IDENTITY_Handle *identity_handle; + + /** + * Rest connection + */ + struct GNUNET_REST_RequestHandle *rest_handle; + + /** + * Handle to NAMESTORE + */ + struct GNUNET_NAMESTORE_Handle *namestore_handle; + + /** + * Iterator for NAMESTORE + */ + struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it; + + /** + * Attribute claim list + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list; + + /** + * IDENTITY Operation + */ + struct GNUNET_IDENTITY_Operation *op; + + /** + * Identity Provider + */ + struct GNUNET_RECLAIM_Handle *idp; + + /** + * Idp Operation + */ + struct GNUNET_RECLAIM_Operation *idp_op; + + /** + * Attribute iterator + */ + struct GNUNET_RECLAIM_AttributeIterator *attr_it; + + /** + * Ticket iterator + */ + struct GNUNET_RECLAIM_TicketIterator *ticket_it; + + /** + * A ticket + */ + struct GNUNET_RECLAIM_Ticket ticket; + + /** + * Desired timeout for the lookup (default is no timeout). + */ + struct GNUNET_TIME_Relative timeout; + + /** + * ID of a task associated with the resolution process. + */ + struct GNUNET_SCHEDULER_Task *timeout_task; + + /** + * The plugin result processor + */ + GNUNET_REST_ResultProcessor proc; + + /** + * The closure of the result processor + */ + void *proc_cls; + + /** + * The url + */ + char *url; + + /** + * The tld for redirect + */ + char *tld; + + /** + * Error response message + */ + char *emsg; + + /** + * Error response description + */ + char *edesc; + + /** + * Reponse code + */ + int response_code; + + /** + * Response object + */ + struct GNUNET_JSONAPI_Document *resp_object; + +}; + +/** + * Cleanup lookup handle + * @param handle Handle to clean up + */ +static void +cleanup_handle (struct RequestHandle *handle) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; + struct EgoEntry *ego_entry; + struct EgoEntry *ego_tmp; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cleaning up\n"); + if (NULL != handle->resp_object) + GNUNET_JSONAPI_document_delete (handle->resp_object); + if (NULL != handle->timeout_task) + GNUNET_SCHEDULER_cancel (handle->timeout_task); + if (NULL != handle->identity_handle) + GNUNET_IDENTITY_disconnect (handle->identity_handle); + if (NULL != handle->attr_it) + GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); + if (NULL != handle->ticket_it) + GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); + if (NULL != handle->idp) + GNUNET_RECLAIM_disconnect (handle->idp); + if (NULL != handle->url) + GNUNET_free (handle->url); + if (NULL != handle->tld) + GNUNET_free (handle->tld); + if (NULL != handle->emsg) + GNUNET_free (handle->emsg); + if (NULL != handle->edesc) + GNUNET_free (handle->edesc); + if (NULL != handle->namestore_handle) + GNUNET_NAMESTORE_disconnect (handle->namestore_handle); + if (NULL != handle->oidc) + { + if (NULL != handle->oidc->client_id) + GNUNET_free(handle->oidc->client_id); + if (NULL != handle->oidc->login_identity) + GNUNET_free(handle->oidc->login_identity); + if (NULL != handle->oidc->nonce) + GNUNET_free(handle->oidc->nonce); + if (NULL != handle->oidc->redirect_uri) + GNUNET_free(handle->oidc->redirect_uri); + if (NULL != handle->oidc->response_type) + GNUNET_free(handle->oidc->response_type); + if (NULL != handle->oidc->scope) + GNUNET_free(handle->oidc->scope); + if (NULL != handle->oidc->state) + GNUNET_free(handle->oidc->state); + if (NULL != handle->oidc->response) + json_decref(handle->oidc->response); + GNUNET_free(handle->oidc); + } + if ( NULL != handle->attr_list ) + { + for (claim_entry = handle->attr_list->list_head; + NULL != claim_entry;) + { + claim_tmp = claim_entry; + claim_entry = claim_entry->next; + GNUNET_free(claim_tmp->claim); + GNUNET_free(claim_tmp); + } + GNUNET_free (handle->attr_list); + } + for (ego_entry = handle->ego_head; + NULL != ego_entry;) + { + ego_tmp = ego_entry; + ego_entry = ego_entry->next; + GNUNET_free (ego_tmp->identifier); + GNUNET_free (ego_tmp->keystring); + GNUNET_free (ego_tmp); + } + if (NULL != handle->attr_it) + { + GNUNET_free(handle->attr_it); + } + GNUNET_free (handle); +} + +static void +cleanup_handle_delayed (void *cls) +{ + cleanup_handle (cls); +} + + +/** + * Task run on error, sends error message. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_error (void *cls) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + char *json_error; + + GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", + handle->emsg, + (NULL != handle->edesc) ? handle->edesc : "", + (NULL != handle->oidc->state) ? ", \"state\":\"" : "", + (NULL != handle->oidc->state) ? handle->oidc->state : "", + (NULL != handle->oidc->state) ? "\"" : ""); + if ( 0 == handle->response_code ) + { + handle->response_code = MHD_HTTP_BAD_REQUEST; + } + resp = GNUNET_REST_create_response (json_error); + if (MHD_HTTP_UNAUTHORIZED == handle->response_code) + { + MHD_add_response_header(resp, "WWW-Authenticate", "Basic"); + } + MHD_add_response_header (resp, "Content-Type", "application/json"); + handle->proc (handle->proc_cls, resp, handle->response_code); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); + GNUNET_free (json_error); +} + + +/** + * Task run on error in userinfo endpoint, sends error header. Cleans up + * everything + * + * @param cls the `struct RequestHandle` + */ +static void +do_userinfo_error (void *cls) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + char *error; + + GNUNET_asprintf (&error, "error=\"%s\", error_description=\"%s\"", + handle->emsg, + (NULL != handle->edesc) ? handle->edesc : ""); + resp = GNUNET_REST_create_response (""); + MHD_add_response_header(resp, "WWW-Authenticate", error); + handle->proc (handle->proc_cls, resp, handle->response_code); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); + GNUNET_free (error); +} + + +/** + * Task run on error, sends error message and redirects. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_redirect_error (void *cls) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + char* redirect; + GNUNET_asprintf (&redirect, + "%s?error=%s&error_description=%s%s%s", + handle->oidc->redirect_uri, handle->emsg, handle->edesc, + (NULL != handle->oidc->state) ? "&state=" : "", + (NULL != handle->oidc->state) ? handle->oidc->state : ""); + resp = GNUNET_REST_create_response (""); + MHD_add_response_header (resp, "Location", redirect); + handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); + GNUNET_free (redirect); +} + +/** + * Task run on timeout, sends error message. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_timeout (void *cls) +{ + struct RequestHandle *handle = cls; + + handle->timeout_task = NULL; + do_error (handle); +} + +/** + * Return attributes for claim + * + * @param cls the request handle + */ +static void +return_userinfo_response (void *cls) +{ + char* result_str; + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + + result_str = json_dumps (handle->oidc->response, 0); + + resp = GNUNET_REST_create_response (result_str); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_free (result_str); + cleanup_handle (handle); +} + +/** + * Returns base64 encoded string without padding + * + * @param string the string to encode + * @return base64 encoded string + */ +static char* +base_64_encode(const char *s) +{ + char *enc; + char *tmp; + + GNUNET_STRINGS_base64_encode(s, strlen(s), &enc); + tmp = strrchr (enc, '='); + *tmp = '\0'; + return enc; +} + +/** + * Respond to OPTIONS request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +options_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + struct MHD_Response *resp; + struct RequestHandle *handle = cls; + + //For now, independent of path return all options + resp = GNUNET_REST_create_response (NULL); + MHD_add_response_header (resp, + "Access-Control-Allow-Methods", + allow_methods); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + cleanup_handle (handle); + return; +} + +/** + * Interprets cookie header and pass its identity keystring to handle + */ +static void +cookie_identity_interpretation (struct RequestHandle *handle) +{ + struct GNUNET_HashCode cache_key; + char *cookies; + struct GNUNET_TIME_Absolute current_time, *relog_time; + char delimiter[] = "; "; + + //gets identity of login try with cookie + GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), + &cache_key); + if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, + &cache_key) ) + { + //splits cookies and find 'Identity' cookie + cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); + handle->oidc->login_identity = strtok(cookies, delimiter); + + while ( NULL != handle->oidc->login_identity ) + { + if ( NULL != strstr (handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY) ) + { + break; + } + handle->oidc->login_identity = strtok (NULL, delimiter); + } + GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity), + &cache_key); + if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, &cache_key) ) + { + relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, + &cache_key); + current_time = GNUNET_TIME_absolute_get (); + // 30 min after old login -> redirect to login + if ( current_time.abs_value_us <= relog_time->abs_value_us ) + { + handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY); + handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity); + } else { + handle->oidc->login_identity = NULL; + } + } + else + { + handle->oidc->login_identity = NULL; + } + } +} + +/** + * Redirects to login page stored in configuration file + */ +static void +login_redirection(void *cls) +{ + char *login_base_url; + char *new_redirect; + struct MHD_Response *resp; + struct RequestHandle *handle = cls; + + if ( GNUNET_OK + == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", + "address", &login_base_url) ) + { + GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", + login_base_url, + OIDC_RESPONSE_TYPE_KEY, + handle->oidc->response_type, + OIDC_CLIENT_ID_KEY, + handle->oidc->client_id, + OIDC_REDIRECT_URI_KEY, + handle->oidc->redirect_uri, + OIDC_SCOPE_KEY, + handle->oidc->scope, + OIDC_STATE_KEY, + (NULL != handle->oidc->state) ? handle->oidc->state : "", + OIDC_NONCE_KEY, + (NULL != handle->oidc->nonce) ? handle->oidc->nonce : ""); + resp = GNUNET_REST_create_response (""); + MHD_add_response_header (resp, "Location", new_redirect); + GNUNET_free(login_base_url); + } + else + { + handle->emsg = GNUNET_strdup("server_error"); + handle->edesc = GNUNET_strdup ("gnunet configuration failed"); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); + GNUNET_free(new_redirect); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); +} + +/** + * Does internal server error when iteration failed. + */ +static void +oidc_iteration_error (void *cls) +{ + struct RequestHandle *handle = cls; + handle->emsg = GNUNET_strdup("INTERNAL_SERVER_ERROR"); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); +} + +static void get_client_name_result (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + char *ticket_str; + char *redirect_uri; + char *code_json_string; + char *code_base64_final_string; + char *redirect_path; + char *tmp; + char *tmp_prefix; + char *prefix; + ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + //TODO change if more attributes are needed (see max_age) + GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}", + ticket_str, + (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "", + (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "", + (NULL != handle->oidc->nonce) ? "\"" : ""); + code_base64_final_string = base_64_encode(code_json_string); + tmp = GNUNET_strdup (handle->oidc->redirect_uri); + redirect_path = strtok (tmp, "/"); + redirect_path = strtok (NULL, "/"); + redirect_path = strtok (NULL, "/"); + tmp_prefix = GNUNET_strdup (handle->oidc->redirect_uri); + prefix = strrchr (tmp_prefix, + (unsigned char) '.'); + *prefix = '\0'; + GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", + tmp_prefix, + handle->tld, + redirect_path, + handle->oidc->response_type, + code_base64_final_string, handle->oidc->state); + resp = GNUNET_REST_create_response (""); + MHD_add_response_header (resp, "Location", redirect_uri); + handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); + GNUNET_free (tmp); + GNUNET_free (tmp_prefix); + GNUNET_free (redirect_uri); + GNUNET_free (ticket_str); + GNUNET_free (code_json_string); + GNUNET_free (code_base64_final_string); + return; +} + +static void +get_client_name_error (void *cls) +{ + struct RequestHandle *handle = cls; + + handle->emsg = GNUNET_strdup("server_error"); + handle->edesc = GNUNET_strdup("Server cannot generate ticket, no name found for client."); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); +} + +/** + * Issues ticket and redirects to relying party with the authorization code as + * parameter. Otherwise redirects with error + */ +static void +oidc_ticket_issue_cb (void* cls, + const struct GNUNET_RECLAIM_Ticket *ticket) +{ + struct RequestHandle *handle = cls; + handle->idp_op = NULL; + handle->ticket = *ticket; + if (NULL != ticket) { + GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, + &handle->priv_key, + &handle->oidc->client_pkey, + &get_client_name_error, + handle, + &get_client_name_result, + handle); + return; + } + handle->emsg = GNUNET_strdup("server_error"); + handle->edesc = GNUNET_strdup("Server cannot generate ticket."); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); +} + +static void +oidc_collect_finished_cb (void *cls) +{ + struct RequestHandle *handle = cls; + handle->attr_it = NULL; + handle->ticket_it = NULL; + if (NULL == handle->attr_list->list_head) + { + handle->emsg = GNUNET_strdup("invalid_scope"); + handle->edesc = GNUNET_strdup("The requested scope is not available."); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + return; + } + handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp, + &handle->priv_key, + &handle->oidc->client_pkey, + handle->attr_list, + &oidc_ticket_issue_cb, + handle); +} + + +/** + * Collects all attributes for an ego if in scope parameter + */ +static void +oidc_attr_collect (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) +{ + struct RequestHandle *handle = cls; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + char* scope_variables; + char* scope_variable; + char delimiter[]=" "; + + if ( (NULL == attr->name) || (NULL == attr->data) ) + { + GNUNET_RECLAIM_get_attributes_next (handle->attr_it); + return; + } + + scope_variables = GNUNET_strdup(handle->oidc->scope); + scope_variable = strtok (scope_variables, delimiter); + while (NULL != scope_variable) + { + if ( 0 == strcmp (attr->name, scope_variable) ) + { + break; + } + scope_variable = strtok (NULL, delimiter); + } + if ( NULL == scope_variable ) + { + GNUNET_RECLAIM_get_attributes_next (handle->attr_it); + GNUNET_free(scope_variables); + return; + } + GNUNET_free(scope_variables); + + le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); + le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type, + attr->data, attr->data_size); + GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, + handle->attr_list->list_tail, le); + GNUNET_RECLAIM_get_attributes_next (handle->attr_it); +} + + +/** + * Checks time and cookie and redirects accordingly + */ +static void +login_check (void *cls) +{ + struct RequestHandle *handle = cls; + struct GNUNET_TIME_Absolute current_time, *relog_time; + struct GNUNET_CRYPTO_EcdsaPublicKey pubkey, ego_pkey; + struct GNUNET_HashCode cache_key; + char *identity_cookie; + + GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity); + GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); + GNUNET_free(identity_cookie); + //No login time for identity -> redirect to login + if ( GNUNET_YES + == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, + &cache_key) ) + { + relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, + &cache_key); + current_time = GNUNET_TIME_absolute_get (); + // 30 min after old login -> redirect to login + if ( current_time.abs_value_us <= relog_time->abs_value_us ) + { + if ( GNUNET_OK + != GNUNET_CRYPTO_ecdsa_public_key_from_string ( + handle->oidc->login_identity, + strlen (handle->oidc->login_identity), &pubkey) ) + { + handle->emsg = GNUNET_strdup("invalid_cookie"); + handle->edesc = GNUNET_strdup( + "The cookie of a login identity is not valid"); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + return; + } + // iterate over egos and compare their public key + for (handle->ego_entry = handle->ego_head; + NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) + { + GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); + if ( 0 + == memcmp (&ego_pkey, &pubkey, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) + { + handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key ( + handle->ego_entry->ego); + handle->resp_object = GNUNET_JSONAPI_document_new (); + handle->idp = GNUNET_RECLAIM_connect (cfg); + handle->attr_list = GNUNET_new( + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); + handle->attr_it = GNUNET_RECLAIM_get_attributes_start ( + handle->idp, &handle->priv_key, &oidc_iteration_error, handle, + &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle); + return; + } + } + //handle->emsg = GNUNET_strdup("invalid_cookie"); + //handle->edesc = GNUNET_strdup( + // "The cookie of the login identity is not valid"); + //GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + GNUNET_SCHEDULER_add_now (&login_redirection,handle); + return; + } + } +} + +/** + * Searches for client_id in namestore. If found trust status stored in handle + * Else continues to search + * + * @param handle the RequestHandle + */ +static void +namestore_iteration_callback ( + void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, + const char *rname, unsigned int rd_len, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct RequestHandle *handle = cls; + struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey; + struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey; + int i; + + for (i = 0; i < rd_len; i++) + { + if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type ) + continue; + + if ( NULL != handle->oidc->login_identity ) + { + GNUNET_CRYPTO_ecdsa_public_key_from_string ( + handle->oidc->login_identity, + strlen (handle->oidc->login_identity), + &login_identity_pkey); + GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, + ¤t_zone_pkey); + + if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) + { + if ( 0 == memcmp (&login_identity_pkey, ¤t_zone_pkey, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) + { + handle->oidc->is_client_trusted = GNUNET_YES; + } + } + } + else + { + if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) + { + handle->oidc->is_client_trusted = GNUNET_YES; + } + } + } + + GNUNET_NAMESTORE_zone_iterator_next (handle->namestore_handle_it, + 1); +} + + +/** + * Iteration over all results finished, build final + * response. + * + * @param cls the `struct RequestHandle` + */ +static void +namestore_iteration_finished (void *cls) +{ + struct RequestHandle *handle = cls; + struct GNUNET_HashCode cache_key; + + char *expected_scope; + char delimiter[]=" "; + int number_of_ignored_parameter, iterator; + + + handle->ego_entry = handle->ego_entry->next; + + if(NULL != handle->ego_entry) + { + handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); + handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key, + &oidc_iteration_error, handle, &namestore_iteration_callback, handle, + &namestore_iteration_finished, handle); + return; + } + if (GNUNET_NO == handle->oidc->is_client_trusted) + { + handle->emsg = GNUNET_strdup("unauthorized_client"); + handle->edesc = GNUNET_strdup("The client is not authorized to request an " + "authorization code using this method."); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + // REQUIRED value: redirect_uri + GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), + &cache_key); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &cache_key)) + { + handle->emsg=GNUNET_strdup("invalid_request"); + handle->edesc=GNUNET_strdup("missing parameter redirect_uri"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->oidc->redirect_uri = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, + &cache_key)); + + // REQUIRED value: response_type + GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), + &cache_key); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &cache_key)) + { + handle->emsg=GNUNET_strdup("invalid_request"); + handle->edesc=GNUNET_strdup("missing parameter response_type"); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + return; + } + handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, + &cache_key); + handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type); + + // REQUIRED value: scope + GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &cache_key)) + { + handle->emsg=GNUNET_strdup("invalid_request"); + handle->edesc=GNUNET_strdup("missing parameter scope"); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + return; + } + handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, + &cache_key); + handle->oidc->scope = GNUNET_strdup(handle->oidc->scope); + + //OPTIONAL value: nonce + GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); + if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &cache_key)) + { + handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, + &cache_key); + handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce); + } + + //TODO check other values if needed + number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); + for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) + { + GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], + strlen(OIDC_ignored_parameter_array[iterator]), + &cache_key); + if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, + &cache_key)) + { + handle->emsg=GNUNET_strdup("access_denied"); + GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s", + OIDC_ignored_parameter_array[iterator]); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + return; + } + } + + // Checks if response_type is 'code' + if( 0 != strcmp( handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) ) + { + handle->emsg=GNUNET_strdup("unsupported_response_type"); + handle->edesc=GNUNET_strdup("The authorization server does not support " + "obtaining this authorization code."); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + return; + } + + // Checks if scope contains 'openid' + expected_scope = GNUNET_strdup(handle->oidc->scope); + char* test; + test = strtok (expected_scope, delimiter); + while (NULL != test) + { + if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) + { + break; + } + test = strtok (NULL, delimiter); + } + if (NULL == test) + { + handle->emsg = GNUNET_strdup("invalid_scope"); + handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " + "malformed."); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + GNUNET_free(expected_scope); + return; + } + + GNUNET_free(expected_scope); + + if( NULL != handle->oidc->login_identity ) + { + GNUNET_SCHEDULER_add_now(&login_check,handle); + return; + } + + GNUNET_SCHEDULER_add_now(&login_redirection,handle); +} + +/** + * Responds to authorization GET and url-encoded POST request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + struct RequestHandle *handle = cls; + struct GNUNET_HashCode cache_key; + struct EgoEntry *tmp_ego; + struct GNUNET_CRYPTO_EcdsaPublicKey pkey; + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; + + cookie_identity_interpretation(handle); + + //RECOMMENDED value: state - REQUIRED for answers + GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); + if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &cache_key)) + { + handle->oidc->state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, + &cache_key); + handle->oidc->state = GNUNET_strdup (handle->oidc->state); + } + + // REQUIRED value: client_id + GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), + &cache_key); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &cache_key)) + { + handle->emsg=GNUNET_strdup("invalid_request"); + handle->edesc=GNUNET_strdup("missing parameter client_id"); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, + &cache_key)); + + if ( GNUNET_OK + != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, + strlen (handle->oidc->client_id), + &handle->oidc->client_pkey) ) + { + handle->emsg = GNUNET_strdup("unauthorized_client"); + handle->edesc = GNUNET_strdup("The client is not authorized to request an " + "authorization code using this method."); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + + if ( NULL == handle->ego_head ) + { + handle->emsg = GNUNET_strdup("server_error"); + handle->edesc = GNUNET_strdup ("Egos are missing"); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + handle->ego_entry = handle->ego_head; + handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); + handle->oidc->is_client_trusted = GNUNET_NO; + + //First check if client_id is one of our egos; TODO: handle other TLD cases: Delegation, from config + for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) + { + priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); + GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, + &pkey); + if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) + { + handle->tld = GNUNET_strdup (tmp_ego->identifier); + handle->oidc->is_client_trusted = GNUNET_YES; + handle->ego_entry = handle->ego_tail; + } + } + + + // Checks if client_id is valid: + handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( + handle->namestore_handle, &handle->priv_key, &oidc_iteration_error, + handle, &namestore_iteration_callback, handle, + &namestore_iteration_finished, handle); +} + +/** + * Combines an identity with a login time and responds OK to login request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +login_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + struct MHD_Response *resp = GNUNET_REST_create_response (""); + struct RequestHandle *handle = cls; + struct GNUNET_HashCode cache_key; + struct GNUNET_TIME_Absolute *current_time; + struct GNUNET_TIME_Absolute *last_time; + char* cookie; + json_t *root; + json_error_t error; + json_t *identity; + char term_data[handle->rest_handle->data_size+1]; + term_data[handle->rest_handle->data_size] = '\0'; + GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); + root = json_loads (term_data, JSON_DECODE_ANY, &error); + identity = json_object_get (root, "identity"); + if ( json_is_string(identity) ) + { + GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); + MHD_add_response_header (resp, "Set-Cookie", cookie); + MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); + GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); + + current_time = GNUNET_new(struct GNUNET_TIME_Absolute); + *current_time = GNUNET_TIME_relative_to_absolute ( + GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), + 5)); + last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); + if (NULL != last_time) + { + GNUNET_free(last_time); + } + GNUNET_CONTAINER_multihashmap_put ( + OIDC_identity_login_time, &cache_key, current_time, + GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); + + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_free(cookie); + } + else + { + handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); + } + json_decref (root); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); + return; +} + +/** + * Responds to token url-encoded POST request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + //TODO static strings + struct RequestHandle *handle = cls; + struct GNUNET_HashCode cache_key; + char *authorization, *credentials; + char delimiter[]=" "; + char delimiter_user_psw[]=":"; + char *grant_type, *code; + char *user_psw = NULL, *client_id, *psw; + char *expected_psw; + int client_exists = GNUNET_NO; + struct MHD_Response *resp; + char* code_output; + json_t *root, *ticket_string, *nonce, *max_age; + json_error_t error; + char *json_response; + char *jwt_secret; + + /* + * Check Authorization + */ + GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, + strlen (OIDC_AUTHORIZATION_HEADER_KEY), + &cache_key); + if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, + &cache_key) ) + { + handle->emsg=GNUNET_strdup("invalid_client"); + handle->edesc=GNUNET_strdup("missing authorization"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); + + //split header in "Basic" and [content] + credentials = strtok (authorization, delimiter); + if (0 != strcmp ("Basic",credentials)) + { + handle->emsg=GNUNET_strdup("invalid_client"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + credentials = strtok(NULL, delimiter); + if (NULL == credentials) + { + handle->emsg=GNUNET_strdup("invalid_client"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), (void**)&user_psw); + + if ( NULL == user_psw ) + { + handle->emsg=GNUNET_strdup("invalid_client"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + client_id = strtok (user_psw, delimiter_user_psw); + if ( NULL == client_id ) + { + GNUNET_free_non_null(user_psw); + handle->emsg=GNUNET_strdup("invalid_client"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + psw = strtok (NULL, delimiter_user_psw); + if (NULL == psw) + { + GNUNET_free_non_null(user_psw); + handle->emsg=GNUNET_strdup("invalid_client"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + //check client password + if ( GNUNET_OK + == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", + "psw", &expected_psw) ) + { + if (0 != strcmp (expected_psw, psw)) + { + GNUNET_free_non_null(user_psw); + GNUNET_free(expected_psw); + handle->emsg=GNUNET_strdup("invalid_client"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + GNUNET_free(expected_psw); + } + else + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("server_error"); + handle->edesc = GNUNET_strdup ("gnunet configuration failed"); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + //check client_id + for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; ) + { + if ( 0 == strcmp(handle->ego_entry->keystring, client_id)) + { + client_exists = GNUNET_YES; + break; + } + handle->ego_entry = handle->ego_entry->next; + } + if (GNUNET_NO == client_exists) + { + GNUNET_free_non_null(user_psw); + handle->emsg=GNUNET_strdup("invalid_client"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + /* + * Check parameter + */ + + //TODO Do not allow multiple equal parameter names + //REQUIRED grant_type + GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key); + if ( GNUNET_NO + == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key) ) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("missing parameter grant_type"); + handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + grant_type = GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->url_param_map, &cache_key); + + //REQUIRED code + GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); + if ( GNUNET_NO + == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key) ) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("missing parameter code"); + handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, + &cache_key); + + //REQUIRED redirect_uri + GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), + &cache_key); + if ( GNUNET_NO + == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->url_param_map, &cache_key) ) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); + handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + //Check parameter grant_type == "authorization_code" + if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) + { + GNUNET_free_non_null(user_psw); + handle->emsg=GNUNET_strdup("unsupported_grant_type"); + handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); + int i = 1; + if ( GNUNET_SYSERR + == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, + &cache_key, + &i, + GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("Cannot use the same code more than once"); + handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + //decode code + GNUNET_STRINGS_base64_decode(code,strlen(code), (void**)&code_output); + root = json_loads (code_output, 0, &error); + GNUNET_free(code_output); + ticket_string = json_object_get (root, "ticket"); + nonce = json_object_get (root, "nonce"); + max_age = json_object_get (root, "max_age"); + + if(ticket_string == NULL && !json_is_string(ticket_string)) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("invalid code"); + handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + struct GNUNET_RECLAIM_Ticket *ticket = GNUNET_new(struct GNUNET_RECLAIM_Ticket); + if ( GNUNET_OK + != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string), + strlen (json_string_value(ticket_string)), + ticket, + sizeof(struct GNUNET_RECLAIM_Ticket))) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("invalid code"); + handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_SCHEDULER_add_now (&do_error, handle); + GNUNET_free(ticket); + return; + } + // this is the current client (relying party) + struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; + GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); + if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("invalid code"); + handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_SCHEDULER_add_now (&do_error, handle); + GNUNET_free(ticket); + return; + } + + //create jwt + unsigned long long int expiration_time; + if ( GNUNET_OK + != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin", + "expiration_time", &expiration_time) ) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("server_error"); + handle->edesc = GNUNET_strdup ("gnunet configuration failed"); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); + GNUNET_free(ticket); + return; + } + + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); + //aud REQUIRED public key client_id must be there + GNUNET_RECLAIM_ATTRIBUTE_list_add(cl, + "aud", + GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, + client_id, + strlen(client_id)); + //exp REQUIRED time expired from config + struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( + GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), + expiration_time)); + const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time); + GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, + "exp", + GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, + exp_time_string, + strlen(exp_time_string)); + //iat REQUIRED time now + struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); + const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); + GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, + "iat", + GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, + time_now_string, + strlen(time_now_string)); + //nonce only if nonce is provided + if ( NULL != nonce && json_is_string(nonce) ) + { + GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, + "nonce", + GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, + json_string_value(nonce), + strlen(json_string_value(nonce))); + } + //auth_time only if max_age is provided + if ( NULL != max_age && json_is_string(max_age) ) + { + GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, + "auth_time", + GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, + json_string_value(max_age), + strlen(json_string_value(max_age))); + } + //TODO OPTIONAL acr,amr,azp + + struct EgoEntry *ego_entry; + for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) + { + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); + if (0 == memcmp (&pub_key, &ticket->audience, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) + { + break; + } + } + if ( NULL == ego_entry ) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("invalid code..."); + handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_SCHEDULER_add_now (&do_error, handle); + GNUNET_free(ticket); + return; + } + if ( GNUNET_OK + != GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", + "jwt_secret", &jwt_secret) ) + { + GNUNET_free_non_null(user_psw); + handle->emsg = GNUNET_strdup("invalid_request"); + handle->edesc = GNUNET_strdup("No signing secret configured!"); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, handle); + GNUNET_free(ticket); + return; + } + struct GNUNET_CRYPTO_AuthKey jwt_sign_key; + struct GNUNET_CRYPTO_EcdsaPublicKey pk; + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk); + GNUNET_CRYPTO_hash (jwt_secret, strlen (jwt_secret), (struct GNUNET_HashCode*)jwt_sign_key.key); + char *id_token = jwt_create_from_list(&ticket->audience, + &pk, + cl, + &jwt_sign_key); + + //Create random access_token + char* access_token_number; + char* access_token; + uint64_t random_number; + random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX); + GNUNET_asprintf(&access_token_number, "%" PRIu64, random_number); + GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token); + + + + //TODO OPTIONAL add refresh_token and scope + GNUNET_asprintf (&json_response, + "{ \"access_token\" : \"%s\", " + "\"token_type\" : \"Bearer\", " + "\"expires_in\" : %d, " + "\"id_token\" : \"%s\"}", + access_token, + expiration_time, + id_token); + GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key); + char *id_ticket_combination; + GNUNET_asprintf(&id_ticket_combination, + "%s;%s", + client_id, + json_string_value(ticket_string)); + GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token, + &cache_key, + id_ticket_combination, + GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); + + resp = GNUNET_REST_create_response (json_response); + MHD_add_response_header (resp, "Cache-Control", "no-store"); + MHD_add_response_header (resp, "Pragma", "no-cache"); + MHD_add_response_header (resp, "Content-Type", "application/json"); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + + GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl); + GNUNET_free(access_token_number); + GNUNET_free(access_token); + GNUNET_free(user_psw); + GNUNET_free(json_response); + GNUNET_free(ticket); + GNUNET_free(id_token); + json_decref (root); + GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); +} + +/** + * Collects claims and stores them in handle + */ +static void +consume_ticket (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) +{ + struct RequestHandle *handle = cls; + char *tmp_value; + json_t *value; + + if (NULL == identity) + { + GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle); + return; + } + + tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, + attr->data, + attr->data_size); + + value = json_string (tmp_value); + + + json_object_set_new (handle->oidc->response, + attr->name, + value); + GNUNET_free (tmp_value); +} + +/** + * Responds to userinfo GET and url-encoded POST request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, void *cls) +{ + //TODO expiration time + struct RequestHandle *handle = cls; + char delimiter[] = " "; + char delimiter_db[] = ";"; + struct GNUNET_HashCode cache_key; + char *authorization, *authorization_type, *authorization_access_token; + char *client_ticket, *client, *ticket_str; + struct GNUNET_RECLAIM_Ticket *ticket; + + GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, + strlen (OIDC_AUTHORIZATION_HEADER_KEY), + &cache_key); + if ( GNUNET_NO + == GNUNET_CONTAINER_multihashmap_contains ( + handle->rest_handle->header_param_map, &cache_key) ) + { + handle->emsg = GNUNET_strdup("invalid_token"); + handle->edesc = GNUNET_strdup("No Access Token"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); + return; + } + authorization = GNUNET_CONTAINER_multihashmap_get ( + handle->rest_handle->header_param_map, &cache_key); + + //split header in "Bearer" and access_token + authorization = GNUNET_strdup(authorization); + authorization_type = strtok (authorization, delimiter); + if ( 0 != strcmp ("Bearer", authorization_type) ) + { + handle->emsg = GNUNET_strdup("invalid_token"); + handle->edesc = GNUNET_strdup("No Access Token"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); + GNUNET_free(authorization); + return; + } + authorization_access_token = strtok (NULL, delimiter); + if ( NULL == authorization_access_token ) + { + handle->emsg = GNUNET_strdup("invalid_token"); + handle->edesc = GNUNET_strdup("No Access Token"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); + GNUNET_free(authorization); + return; + } + + GNUNET_CRYPTO_hash (authorization_access_token, + strlen (authorization_access_token), + &cache_key); + if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_interpret_access_token, + &cache_key) ) + { + handle->emsg = GNUNET_strdup("invalid_token"); + handle->edesc = GNUNET_strdup("The Access Token expired"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); + GNUNET_free(authorization); + return; + } + + client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token, + &cache_key); + client_ticket = GNUNET_strdup(client_ticket); + client = strtok(client_ticket,delimiter_db); + if (NULL == client) + { + handle->emsg = GNUNET_strdup("invalid_token"); + handle->edesc = GNUNET_strdup("The Access Token expired"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); + GNUNET_free(authorization); + GNUNET_free(client_ticket); + return; + } + handle->ego_entry = handle->ego_head; + for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) + { + if (0 == strcmp(handle->ego_entry->keystring,client)) + { + break; + } + } + if (NULL == handle->ego_entry) + { + handle->emsg = GNUNET_strdup("invalid_token"); + handle->edesc = GNUNET_strdup("The Access Token expired"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); + GNUNET_free(authorization); + GNUNET_free(client_ticket); + return; + } + ticket_str = strtok(NULL, delimiter_db); + if (NULL == ticket_str) + { + handle->emsg = GNUNET_strdup("invalid_token"); + handle->edesc = GNUNET_strdup("The Access Token expired"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); + GNUNET_free(authorization); + GNUNET_free(client_ticket); + return; + } + ticket = GNUNET_new(struct GNUNET_RECLAIM_Ticket); + if ( GNUNET_OK + != GNUNET_STRINGS_string_to_data (ticket_str, + strlen (ticket_str), + ticket, + sizeof(struct GNUNET_RECLAIM_Ticket))) + { + handle->emsg = GNUNET_strdup("invalid_token"); + handle->edesc = GNUNET_strdup("The Access Token expired"); + handle->response_code = MHD_HTTP_UNAUTHORIZED; + GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); + GNUNET_free(ticket); + GNUNET_free(authorization); + GNUNET_free(client_ticket); + return; + } + + handle->idp = GNUNET_RECLAIM_connect (cfg); + handle->oidc->response = json_object(); + json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring)); + handle->idp_op = GNUNET_RECLAIM_ticket_consume ( + handle->idp, + GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), + ticket, + consume_ticket, + handle); + GNUNET_free(ticket); + GNUNET_free(authorization); + GNUNET_free(client_ticket); + +} + + +/** + * Handle rest request + * + * @param handle the request handle + */ +static void +init_cont (struct RequestHandle *handle) +{ + struct GNUNET_REST_RequestHandlerError err; + static const struct GNUNET_REST_RequestHandler handlers[] = { + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, //url-encoded + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, + {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, + &options_cont}, + GNUNET_REST_HANDLER_END + }; + + if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, + handlers, + &err, + handle)) + { + handle->response_code = err.error_code; + GNUNET_SCHEDULER_add_now (&do_error, handle); + } +} + +/** + * If listing is enabled, prints information about the egos. + * + * This function is initially called for all egos and then again + * whenever a ego's identifier changes or if it is deleted. At the + * end of the initial pass over all egos, the function is once called + * with 'NULL' for 'ego'. That does NOT mean that the callback won't + * be invoked in the future or that there was an error. + * + * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', + * this function is only called ONCE, and 'NULL' being passed in + * 'ego' does indicate an error (i.e. name is taken or no default + * value is known). If 'ego' is non-NULL and if '*ctx' + * is set in those callbacks, the value WILL be passed to a subsequent + * call to the identity callback of 'GNUNET_IDENTITY_connect' (if + * that one was not NULL). + * + * When an identity is renamed, this function is called with the + * (known) ego but the NEW identifier. + * + * When an identity is deleted, this function is called with the + * (known) ego and "NULL" for the 'identifier'. In this case, + * the 'ego' is henceforth invalid (and the 'ctx' should also be + * cleaned up). + * + * @param cls closure + * @param ego ego handle + * @param ctx context for application to store data for this ego + * (during the lifetime of this process, initially NULL) + * @param identifier identifier assigned by the user for this ego, + * NULL if the user just deleted the ego and it + * must thus no longer be used + */ +static void +list_ego (void *cls, + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *identifier) +{ + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + struct GNUNET_CRYPTO_EcdsaPublicKey pk; + + if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) + { + handle->state = ID_REST_STATE_POST_INIT; + init_cont (handle); + return; + } + if (ID_REST_STATE_INIT == handle->state) { + ego_entry = GNUNET_new (struct EgoEntry); + GNUNET_IDENTITY_ego_get_public_key (ego, &pk); + ego_entry->keystring = + GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); + ego_entry->ego = ego; + ego_entry->identifier = GNUNET_strdup (identifier); + GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); + return; + } + /* Ego renamed or added */ + if (identifier != NULL) { + for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { + if (ego_entry->ego == ego) { + /* Rename */ + GNUNET_free (ego_entry->identifier); + ego_entry->identifier = GNUNET_strdup (identifier); + break; + } + } + if (NULL == ego_entry) { + /* Add */ + ego_entry = GNUNET_new (struct EgoEntry); + GNUNET_IDENTITY_ego_get_public_key (ego, &pk); + ego_entry->keystring = + GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); + ego_entry->ego = ego; + ego_entry->identifier = GNUNET_strdup (identifier); + GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); + } + } else { + /* Delete */ + for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) { + if (ego_entry->ego == ego) + break; + } + if (NULL != ego_entry) + GNUNET_CONTAINER_DLL_remove(handle->ego_head,handle->ego_tail, ego_entry); + } + +} + +static void +rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, + GNUNET_REST_ResultProcessor proc, + void *proc_cls) +{ + struct RequestHandle *handle = GNUNET_new (struct RequestHandle); + handle->oidc = GNUNET_new (struct OIDC_Variables); + if ( NULL == OIDC_identity_login_time ) + OIDC_identity_login_time = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); + if ( NULL == OIDC_identity_grants ) + OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); + if ( NULL == OIDC_ticket_once ) + OIDC_ticket_once = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); + if ( NULL == OIDC_interpret_access_token ) + OIDC_interpret_access_token = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO); + handle->response_code = 0; + handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; + handle->proc_cls = proc_cls; + handle->proc = proc; + handle->state = ID_REST_STATE_INIT; + handle->rest_handle = rest_handle; + + handle->url = GNUNET_strdup (rest_handle->url); + if (handle->url[strlen (handle->url)-1] == '/') + handle->url[strlen (handle->url)-1] = '\0'; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connecting...\n"); + handle->identity_handle = GNUNET_IDENTITY_connect (cfg, + &list_ego, + handle); + handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); + handle->timeout_task = + GNUNET_SCHEDULER_add_delayed (handle->timeout, + &do_timeout, + handle); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connected\n"); +} + +/** + * Entry point for the plugin. + * + * @param cls Config info + * @return NULL on error, otherwise the plugin context + */ +void * +libgnunet_plugin_rest_openid_connect_init (void *cls) +{ + static struct Plugin plugin; + struct GNUNET_REST_Plugin *api; + + cfg = cls; + if (NULL != plugin.cfg) + return NULL; /* can only initialize once! */ + memset (&plugin, 0, sizeof (struct Plugin)); + plugin.cfg = cfg; + api = GNUNET_new (struct GNUNET_REST_Plugin); + api->cls = &plugin; + api->name = GNUNET_REST_API_NS_OIDC; + api->process_request = &rest_identity_process_request; + GNUNET_asprintf (&allow_methods, + "%s, %s, %s, %s, %s", + MHD_HTTP_METHOD_GET, + MHD_HTTP_METHOD_POST, + MHD_HTTP_METHOD_PUT, + MHD_HTTP_METHOD_DELETE, + MHD_HTTP_METHOD_OPTIONS); + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + _("Identity Provider REST API initialized\n")); + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the plugin context (as returned by "init") + * @return always NULL + */ +void * +libgnunet_plugin_rest_openid_connect_done (void *cls) +{ + struct GNUNET_REST_Plugin *api = cls; + struct Plugin *plugin = api->cls; + plugin->cfg = NULL; + + struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it; + void *value = NULL; + hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create ( + OIDC_identity_login_time); + while (GNUNET_YES == + GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) + { + if (NULL != value) + GNUNET_free(value); + } + GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_login_time); + hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants); + while (GNUNET_YES == + GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) + { + if (NULL != value) + GNUNET_free(value); + } + GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants); + hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_ticket_once); + while (GNUNET_YES == + GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) + { + if (NULL != value) + GNUNET_free(value); + } + GNUNET_CONTAINER_multihashmap_destroy(OIDC_ticket_once); + hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_interpret_access_token); + while (GNUNET_YES == + GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value)) + { + if (NULL != value) + GNUNET_free(value); + } + GNUNET_CONTAINER_multihashmap_destroy(OIDC_interpret_access_token); + GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it); + GNUNET_free_non_null (allow_methods); + GNUNET_free (api); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Identity Provider REST plugin is finished\n"); + return NULL; +} + +/* end of plugin_rest_identity_provider.c */ diff --git a/src/reclaim/plugin_rest_reclaim.c b/src/reclaim/plugin_rest_reclaim.c new file mode 100644 index 000000000..b54aed5f3 --- /dev/null +++ b/src/reclaim/plugin_rest_reclaim.c @@ -0,0 +1,1253 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ +/** + * @author Martin Schanzenbach + * @author Philippe Buschmann + * @file reclaim/plugin_rest_reclaim.c + * @brief GNUnet reclaim REST plugin + * + */ + +#include "platform.h" +#include "gnunet_rest_plugin.h" +#include "gnunet_identity_service.h" +#include "gnunet_gns_service.h" +#include "gnunet_gnsrecord_lib.h" +#include "gnunet_namestore_service.h" +#include "gnunet_rest_lib.h" +#include "gnunet_jsonapi_lib.h" +#include "gnunet_jsonapi_util.h" +#include "microhttpd.h" +#include +#include +#include "gnunet_signatures.h" +#include "gnunet_reclaim_attribute_lib.h" +#include "gnunet_reclaim_service.h" + +/** + * REST root namespace + */ +#define GNUNET_REST_API_NS_RECLAIM "/idp" + +/** + * Attribute namespace + */ +#define GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES "/idp/attributes" + +/** + * Ticket namespace + */ +#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets" + +/** + * Revoke namespace + */ +#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke" + +/** + * Revoke namespace + */ +#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume" + +/** + * Attribute key + */ +#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute" + +/** + * Ticket key + */ +#define GNUNET_REST_JSONAPI_IDENTITY_TICKET "ticket" + + +/** + * Value key + */ +#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value" + +/** + * State while collecting all egos + */ +#define ID_REST_STATE_INIT 0 + +/** + * Done collecting egos + */ +#define ID_REST_STATE_POST_INIT 1 + +/** + * The configuration handle + */ +const struct GNUNET_CONFIGURATION_Handle *cfg; + +/** + * HTTP methods allows for this plugin + */ +static char* allow_methods; + +/** + * @brief struct returned by the initialization function of the plugin + */ +struct Plugin +{ + const struct GNUNET_CONFIGURATION_Handle *cfg; +}; + +/** + * The ego list + */ +struct EgoEntry +{ + /** + * DLL + */ + struct EgoEntry *next; + + /** + * DLL + */ + struct EgoEntry *prev; + + /** + * Ego Identifier + */ + char *identifier; + + /** + * Public key string + */ + char *keystring; + + /** + * The Ego + */ + struct GNUNET_IDENTITY_Ego *ego; +}; + + +struct RequestHandle +{ + /** + * Ego list + */ + struct EgoEntry *ego_head; + + /** + * Ego list + */ + struct EgoEntry *ego_tail; + + /** + * Selected ego + */ + struct EgoEntry *ego_entry; + + /** + * Pointer to ego private key + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key; + + /** + * The processing state + */ + int state; + + /** + * Handle to Identity service. + */ + struct GNUNET_IDENTITY_Handle *identity_handle; + + /** + * Rest connection + */ + struct GNUNET_REST_RequestHandle *rest_handle; + + /** + * Handle to NAMESTORE + */ + struct GNUNET_NAMESTORE_Handle *namestore_handle; + + /** + * Iterator for NAMESTORE + */ + struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it; + + /** + * Attribute claim list + */ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list; + + /** + * IDENTITY Operation + */ + struct GNUNET_IDENTITY_Operation *op; + + /** + * Identity Provider + */ + struct GNUNET_RECLAIM_Handle *idp; + + /** + * Idp Operation + */ + struct GNUNET_RECLAIM_Operation *idp_op; + + /** + * Attribute iterator + */ + struct GNUNET_RECLAIM_AttributeIterator *attr_it; + + /** + * Ticket iterator + */ + struct GNUNET_RECLAIM_TicketIterator *ticket_it; + + /** + * A ticket + */ + struct GNUNET_RECLAIM_Ticket ticket; + + /** + * Desired timeout for the lookup (default is no timeout). + */ + struct GNUNET_TIME_Relative timeout; + + /** + * ID of a task associated with the resolution process. + */ + struct GNUNET_SCHEDULER_Task *timeout_task; + + /** + * The plugin result processor + */ + GNUNET_REST_ResultProcessor proc; + + /** + * The closure of the result processor + */ + void *proc_cls; + + /** + * The url + */ + char *url; + + /** + * Error response message + */ + char *emsg; + + /** + * Reponse code + */ + int response_code; + + /** + * Response object + */ + struct GNUNET_JSONAPI_Document *resp_object; + +}; + +/** + * Cleanup lookup handle + * @param handle Handle to clean up + */ +static void +cleanup_handle (struct RequestHandle *handle) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp; + struct EgoEntry *ego_entry; + struct EgoEntry *ego_tmp; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cleaning up\n"); + if (NULL != handle->resp_object) + GNUNET_JSONAPI_document_delete (handle->resp_object); + if (NULL != handle->timeout_task) + GNUNET_SCHEDULER_cancel (handle->timeout_task); + if (NULL != handle->identity_handle) + GNUNET_IDENTITY_disconnect (handle->identity_handle); + if (NULL != handle->attr_it) + GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); + if (NULL != handle->ticket_it) + GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); + if (NULL != handle->idp) + GNUNET_RECLAIM_disconnect (handle->idp); + if (NULL != handle->url) + GNUNET_free (handle->url); + if (NULL != handle->emsg) + GNUNET_free (handle->emsg); + if (NULL != handle->namestore_handle) + GNUNET_NAMESTORE_disconnect (handle->namestore_handle); + if ( NULL != handle->attr_list ) + { + for (claim_entry = handle->attr_list->list_head; + NULL != claim_entry;) + { + claim_tmp = claim_entry; + claim_entry = claim_entry->next; + GNUNET_free(claim_tmp->claim); + GNUNET_free(claim_tmp); + } + GNUNET_free (handle->attr_list); + } + for (ego_entry = handle->ego_head; + NULL != ego_entry;) + { + ego_tmp = ego_entry; + ego_entry = ego_entry->next; + GNUNET_free (ego_tmp->identifier); + GNUNET_free (ego_tmp->keystring); + GNUNET_free (ego_tmp); + } + if (NULL != handle->attr_it) + { + GNUNET_free(handle->attr_it); + } + GNUNET_free (handle); +} + +static void +cleanup_handle_delayed (void *cls) +{ + cleanup_handle (cls); +} + + +/** + * Task run on error, sends error message. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_error (void *cls) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + char *json_error; + + GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\" }", + handle->emsg); + if ( 0 == handle->response_code ) + { + handle->response_code = MHD_HTTP_BAD_REQUEST; + } + resp = GNUNET_REST_create_response (json_error); + MHD_add_response_header (resp, "Content-Type", "application/json"); + handle->proc (handle->proc_cls, resp, handle->response_code); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); + GNUNET_free (json_error); +} + + +/** + * Task run on timeout, sends error message. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_timeout (void *cls) +{ + struct RequestHandle *handle = cls; + + handle->timeout_task = NULL; + do_error (handle); +} + + +static void +collect_error_cb (void *cls) +{ + struct RequestHandle *handle = cls; + + do_error (handle); +} + +static void +finished_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + + resp = GNUNET_REST_create_response (emsg); + if (GNUNET_OK != success) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); +} + + +/** + * Return attributes for identity + * + * @param cls the request handle + */ +static void +return_response (void *cls) +{ + char* result_str; + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + + GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); + resp = GNUNET_REST_create_response (result_str); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_free (result_str); + cleanup_handle (handle); +} + +static void +collect_finished_cb (void *cls) +{ + struct RequestHandle *handle = cls; + //Done + handle->attr_it = NULL; + handle->ticket_it = NULL; + GNUNET_SCHEDULER_add_now (&return_response, handle); +} + + +/** + * Collect all attributes for an ego + * + */ +static void +ticket_collect (void *cls, + const struct GNUNET_RECLAIM_Ticket *ticket) +{ + struct GNUNET_JSONAPI_Resource *json_resource; + struct RequestHandle *handle = cls; + json_t *value; + char* tmp; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding ticket\n"); + tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, + sizeof (uint64_t)); + json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TICKET, + tmp); + GNUNET_free (tmp); + GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); + + tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->identity, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + value = json_string (tmp); + GNUNET_JSONAPI_resource_add_attr (json_resource, + "issuer", + value); + GNUNET_free (tmp); + json_decref (value); + tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + value = json_string (tmp); + GNUNET_JSONAPI_resource_add_attr (json_resource, + "audience", + value); + GNUNET_free (tmp); + json_decref (value); + tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, + sizeof (uint64_t)); + value = json_string (tmp); + GNUNET_JSONAPI_resource_add_attr (json_resource, + "rnd", + value); + GNUNET_free (tmp); + json_decref (value); + GNUNET_RECLAIM_ticket_iteration_next (handle->ticket_it); +} + + + +/** + * List tickets for identity request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + char *identity; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting tickets for %s.\n", + handle->url); + if ( strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) >= + strlen (handle->url)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) + 1; + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + if (0 == strcmp (identity, ego_entry->identifier)) + break; + handle->resp_object = GNUNET_JSONAPI_document_new (); + + if (NULL == ego_entry) + { + //Done + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", + identity); + GNUNET_SCHEDULER_add_now (&return_response, handle); + return; + } + priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + handle->idp = GNUNET_RECLAIM_connect (cfg); + handle->ticket_it = GNUNET_RECLAIM_ticket_iteration_start (handle->idp, + priv_key, + &collect_error_cb, + handle, + &ticket_collect, + handle, + &collect_finished_cb, + handle); +} + + +static void +add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; + const char* identity; + const char* name_str; + const char* value_str; + const char* exp_str; + + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + struct MHD_Response *resp; + struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attribute; + struct GNUNET_JSONAPI_Document *json_obj; + struct GNUNET_JSONAPI_Resource *json_res; + struct GNUNET_TIME_Relative exp; + char term_data[handle->rest_handle->data_size+1]; + json_t *value_json; + json_t *data_json; + json_t *exp_json; + json_error_t err; + struct GNUNET_JSON_Specification docspec[] = { + GNUNET_JSON_spec_jsonapi_document (&json_obj), + GNUNET_JSON_spec_end() + }; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding an attribute for %s.\n", + handle->url); + if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= + strlen (handle->url)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1; + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + if (0 == strcmp (identity, ego_entry->identifier)) + break; + + if (NULL == ego_entry) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Identity unknown (%s)\n", identity); + GNUNET_JSONAPI_document_delete (json_obj); + return; + } + identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + + if (0 >= handle->rest_handle->data_size) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + term_data[handle->rest_handle->data_size] = '\0'; + GNUNET_memcpy (term_data, + handle->rest_handle->data, + handle->rest_handle->data_size); + data_json = json_loads (term_data, + JSON_DECODE_ANY, + &err); + GNUNET_assert (GNUNET_OK == + GNUNET_JSON_parse (data_json, docspec, + NULL, NULL)); + json_decref (data_json); + if (NULL == json_obj) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse JSONAPI Object from %s\n", + term_data); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot create more than 1 resource! (Got %d)\n", + GNUNET_JSONAPI_document_resource_count (json_obj)); + GNUNET_JSONAPI_document_delete (json_obj); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); + if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, + GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unsupported JSON data type\n"); + GNUNET_JSONAPI_document_delete (json_obj); + resp = GNUNET_REST_create_response (NULL); + handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); + cleanup_handle (handle); + return; + } + name_str = GNUNET_JSONAPI_resource_get_id (json_res); + exp_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "exp"); + exp_str = json_string_value (exp_json); + if (NULL == exp_str) { + exp = GNUNET_TIME_UNIT_HOURS; + } else { + if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_relative (exp_str, + &exp)) { + exp = GNUNET_TIME_UNIT_HOURS; + } + } + + value_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "value"); + value_str = json_string_value (value_json); + attribute = GNUNET_RECLAIM_ATTRIBUTE_claim_new (name_str, + GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, + value_str, + strlen (value_str) + 1); + handle->idp = GNUNET_RECLAIM_connect (cfg); + handle->idp_op = GNUNET_RECLAIM_attribute_store (handle->idp, + identity_priv, + attribute, + &exp, + &finished_cont, + handle); + GNUNET_free (attribute); + GNUNET_JSONAPI_document_delete (json_obj); +} + + + +/** + * Collect all attributes for an ego + * + */ +static void +attr_collect (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) +{ + struct GNUNET_JSONAPI_Resource *json_resource; + struct RequestHandle *handle = cls; + json_t *value; + char* tmp_value; + + if ((NULL == attr->name) || (NULL == attr->data)) + { + GNUNET_RECLAIM_get_attributes_next (handle->attr_it); + return; + } + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", + attr->name); + json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE, + attr->name); + GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); + + tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, + attr->data, + attr->data_size); + + value = json_string (tmp_value); + + GNUNET_JSONAPI_resource_add_attr (json_resource, + "value", + value); + json_decref (value); + GNUNET_free(tmp_value); + GNUNET_RECLAIM_get_attributes_next (handle->attr_it); +} + + + +/** + * List attributes for identity request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + char *identity; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting attributes for %s.\n", + handle->url); + if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= + strlen (handle->url)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1; + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + if (0 == strcmp (identity, ego_entry->identifier)) + break; + handle->resp_object = GNUNET_JSONAPI_document_new (); + + + if (NULL == ego_entry) + { + //Done + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", + identity); + GNUNET_SCHEDULER_add_now (&return_response, handle); + return; + } + priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + handle->idp = GNUNET_RECLAIM_connect (cfg); + handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp, + priv_key, + &collect_error_cb, + handle, + &attr_collect, + handle, + &collect_finished_cb, + handle); +} + + +static void +revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; + const char* identity_str; + const char* audience_str; + const char* rnd_str; + + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + struct MHD_Response *resp; + struct GNUNET_RECLAIM_Ticket ticket; + struct GNUNET_JSONAPI_Document *json_obj; + struct GNUNET_JSONAPI_Resource *json_res; + struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk; + char term_data[handle->rest_handle->data_size+1]; + json_t *rnd_json; + json_t *identity_json; + json_t *audience_json; + json_t *data_json; + json_error_t err; + struct GNUNET_JSON_Specification docspec[] = { + GNUNET_JSON_spec_jsonapi_document (&json_obj), + GNUNET_JSON_spec_end() + }; + + if (0 >= handle->rest_handle->data_size) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + term_data[handle->rest_handle->data_size] = '\0'; + GNUNET_memcpy (term_data, + handle->rest_handle->data, + handle->rest_handle->data_size); + data_json = json_loads (term_data, + JSON_DECODE_ANY, + &err); + GNUNET_assert (GNUNET_OK == + GNUNET_JSON_parse (data_json, docspec, + NULL, NULL)); + json_decref (data_json); + if (NULL == json_obj) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse JSONAPI Object from %s\n", + term_data); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot create more than 1 resource! (Got %d)\n", + GNUNET_JSONAPI_document_resource_count (json_obj)); + GNUNET_JSONAPI_document_delete (json_obj); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); + if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, + GNUNET_REST_JSONAPI_IDENTITY_TICKET)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unsupported JSON data type\n"); + GNUNET_JSONAPI_document_delete (json_obj); + resp = GNUNET_REST_create_response (NULL); + handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); + cleanup_handle (handle); + return; + } + rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "rnd"); + identity_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "issuer"); + audience_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "audience"); + rnd_str = json_string_value (rnd_json); + identity_str = json_string_value (identity_json); + audience_str = json_string_value (audience_json); + + GNUNET_STRINGS_string_to_data (rnd_str, + strlen (rnd_str), + &ticket.rnd, + sizeof (uint64_t)); + GNUNET_STRINGS_string_to_data (identity_str, + strlen (identity_str), + &ticket.identity, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + GNUNET_STRINGS_string_to_data (audience_str, + strlen (audience_str), + &ticket.audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + { + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, + &tmp_pk); + if (0 == memcmp (&ticket.identity, + &tmp_pk, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + break; + } + if (NULL == ego_entry) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Identity unknown (%s)\n", identity_str); + GNUNET_JSONAPI_document_delete (json_obj); + return; + } + identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + + handle->idp = GNUNET_RECLAIM_connect (cfg); + handle->idp_op = GNUNET_RECLAIM_ticket_revoke (handle->idp, + identity_priv, + &ticket, + &finished_cont, + handle); + GNUNET_JSONAPI_document_delete (json_obj); +} + +static void +consume_cont (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) +{ + struct RequestHandle *handle = cls; + struct GNUNET_JSONAPI_Resource *json_resource; + json_t *value; + + if (NULL == identity) + { + GNUNET_SCHEDULER_add_now (&return_response, handle); + return; + } + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", + attr->name); + json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE, + attr->name); + GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); + + value = json_string (attr->data); + GNUNET_JSONAPI_resource_add_attr (json_resource, + "value", + value); + json_decref (value); +} + +static void +consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; + const char* identity_str; + const char* audience_str; + const char* rnd_str; + + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + struct MHD_Response *resp; + struct GNUNET_RECLAIM_Ticket ticket; + struct GNUNET_JSONAPI_Document *json_obj; + struct GNUNET_JSONAPI_Resource *json_res; + struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk; + char term_data[handle->rest_handle->data_size+1]; + json_t *rnd_json; + json_t *identity_json; + json_t *audience_json; + json_t *data_json; + json_error_t err; + struct GNUNET_JSON_Specification docspec[] = { + GNUNET_JSON_spec_jsonapi_document (&json_obj), + GNUNET_JSON_spec_end() + }; + + if (0 >= handle->rest_handle->data_size) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + term_data[handle->rest_handle->data_size] = '\0'; + GNUNET_memcpy (term_data, + handle->rest_handle->data, + handle->rest_handle->data_size); + data_json = json_loads (term_data, + JSON_DECODE_ANY, + &err); + GNUNET_assert (GNUNET_OK == + GNUNET_JSON_parse (data_json, docspec, + NULL, NULL)); + json_decref (data_json); + if (NULL == json_obj) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse JSONAPI Object from %s\n", + term_data); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot create more than 1 resource! (Got %d)\n", + GNUNET_JSONAPI_document_resource_count (json_obj)); + GNUNET_JSONAPI_document_delete (json_obj); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); + if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, + GNUNET_REST_JSONAPI_IDENTITY_TICKET)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unsupported JSON data type\n"); + GNUNET_JSONAPI_document_delete (json_obj); + resp = GNUNET_REST_create_response (NULL); + handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); + cleanup_handle (handle); + return; + } + rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "rnd"); + identity_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "identity"); + audience_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "audience"); + rnd_str = json_string_value (rnd_json); + identity_str = json_string_value (identity_json); + audience_str = json_string_value (audience_json); + + GNUNET_STRINGS_string_to_data (rnd_str, + strlen (rnd_str), + &ticket.rnd, + sizeof (uint64_t)); + GNUNET_STRINGS_string_to_data (identity_str, + strlen (identity_str), + &ticket.identity, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + GNUNET_STRINGS_string_to_data (audience_str, + strlen (audience_str), + &ticket.audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + { + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, + &tmp_pk); + if (0 == memcmp (&ticket.audience, + &tmp_pk, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + break; + } + if (NULL == ego_entry) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Identity unknown (%s)\n", identity_str); + GNUNET_JSONAPI_document_delete (json_obj); + return; + } + identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + handle->resp_object = GNUNET_JSONAPI_document_new (); + handle->idp = GNUNET_RECLAIM_connect (cfg); + handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp, + identity_priv, + &ticket, + &consume_cont, + handle); + GNUNET_JSONAPI_document_delete (json_obj); +} + + + +/** + * Respond to OPTIONS request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +options_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + struct MHD_Response *resp; + struct RequestHandle *handle = cls; + + //For now, independent of path return all options + resp = GNUNET_REST_create_response (NULL); + MHD_add_response_header (resp, + "Access-Control-Allow-Methods", + allow_methods); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + cleanup_handle (handle); + return; +} + +/** + * Handle rest request + * + * @param handle the request handle + */ +static void +init_cont (struct RequestHandle *handle) +{ + struct GNUNET_REST_RequestHandlerError err; + static const struct GNUNET_REST_RequestHandler handlers[] = { + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &list_attribute_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &add_attribute_cont}, + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont}, + {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_RECLAIM, + &options_cont}, + GNUNET_REST_HANDLER_END + }; + + if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, + handlers, + &err, + handle)) + { + handle->response_code = err.error_code; + GNUNET_SCHEDULER_add_now (&do_error, handle); + } +} + +/** + * If listing is enabled, prints information about the egos. + * + * This function is initially called for all egos and then again + * whenever a ego's identifier changes or if it is deleted. At the + * end of the initial pass over all egos, the function is once called + * with 'NULL' for 'ego'. That does NOT mean that the callback won't + * be invoked in the future or that there was an error. + * + * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', + * this function is only called ONCE, and 'NULL' being passed in + * 'ego' does indicate an error (i.e. name is taken or no default + * value is known). If 'ego' is non-NULL and if '*ctx' + * is set in those callbacks, the value WILL be passed to a subsequent + * call to the identity callback of 'GNUNET_IDENTITY_connect' (if + * that one was not NULL). + * + * When an identity is renamed, this function is called with the + * (known) ego but the NEW identifier. + * + * When an identity is deleted, this function is called with the + * (known) ego and "NULL" for the 'identifier'. In this case, + * the 'ego' is henceforth invalid (and the 'ctx' should also be + * cleaned up). + * + * @param cls closure + * @param ego ego handle + * @param ctx context for application to store data for this ego + * (during the lifetime of this process, initially NULL) + * @param identifier identifier assigned by the user for this ego, + * NULL if the user just deleted the ego and it + * must thus no longer be used + */ +static void +list_ego (void *cls, + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *identifier) +{ + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + struct GNUNET_CRYPTO_EcdsaPublicKey pk; + + if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) + { + handle->state = ID_REST_STATE_POST_INIT; + init_cont (handle); + return; + } + if (ID_REST_STATE_INIT == handle->state) { + ego_entry = GNUNET_new (struct EgoEntry); + GNUNET_IDENTITY_ego_get_public_key (ego, &pk); + ego_entry->keystring = + GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); + ego_entry->ego = ego; + ego_entry->identifier = GNUNET_strdup (identifier); + GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); + } + +} + +static void +rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, + GNUNET_REST_ResultProcessor proc, + void *proc_cls) +{ + struct RequestHandle *handle = GNUNET_new (struct RequestHandle); + handle->response_code = 0; + handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; + handle->proc_cls = proc_cls; + handle->proc = proc; + handle->state = ID_REST_STATE_INIT; + handle->rest_handle = rest_handle; + + handle->url = GNUNET_strdup (rest_handle->url); + if (handle->url[strlen (handle->url)-1] == '/') + handle->url[strlen (handle->url)-1] = '\0'; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connecting...\n"); + handle->identity_handle = GNUNET_IDENTITY_connect (cfg, + &list_ego, + handle); + handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); + handle->timeout_task = + GNUNET_SCHEDULER_add_delayed (handle->timeout, + &do_timeout, + handle); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connected\n"); +} + +/** + * Entry point for the plugin. + * + * @param cls Config info + * @return NULL on error, otherwise the plugin context + */ +void * +libgnunet_plugin_rest_reclaim_init (void *cls) +{ + static struct Plugin plugin; + struct GNUNET_REST_Plugin *api; + + cfg = cls; + if (NULL != plugin.cfg) + return NULL; /* can only initialize once! */ + memset (&plugin, 0, sizeof (struct Plugin)); + plugin.cfg = cfg; + api = GNUNET_new (struct GNUNET_REST_Plugin); + api->cls = &plugin; + api->name = GNUNET_REST_API_NS_RECLAIM; + api->process_request = &rest_identity_process_request; + GNUNET_asprintf (&allow_methods, + "%s, %s, %s, %s, %s", + MHD_HTTP_METHOD_GET, + MHD_HTTP_METHOD_POST, + MHD_HTTP_METHOD_PUT, + MHD_HTTP_METHOD_DELETE, + MHD_HTTP_METHOD_OPTIONS); + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + _("Identity Provider REST API initialized\n")); + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the plugin context (as returned by "init") + * @return always NULL + */ +void * +libgnunet_plugin_rest_reclaim_done (void *cls) +{ + struct GNUNET_REST_Plugin *api = cls; + struct Plugin *plugin = api->cls; + plugin->cfg = NULL; + + GNUNET_free_non_null (allow_methods); + GNUNET_free (api); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Identity Provider REST plugin is finished\n"); + return NULL; +} + +/* end of plugin_rest_reclaim.c */ diff --git a/src/reclaim/reclaim.conf b/src/reclaim/reclaim.conf new file mode 100644 index 000000000..e93899e05 --- /dev/null +++ b/src/reclaim/reclaim.conf @@ -0,0 +1,23 @@ +[reclaim] +START_ON_DEMAND = NO +RUN_PER_USER = YES +#PORT = 2108 +HOSTNAME = localhost +BINARY = gnunet-service-reclaim +ACCEPT_FROM = 127.0.0.1; +ACCEPT_FROM6 = ::1; +UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-reclaim.sock +UNIX_MATCH_UID = NO +UNIX_MATCH_GID = YES +TOKEN_EXPIRATION_INTERVAL = 30 m +DATABASE = sqlite + +[reclaim-rest-plugin] +#ADDRESS = https://identity.gnu:8000#/login +ADDRESS = https://reclaim.ui/#/login +PSW = secret +JWT_SECRET = secret +EXPIRATION_TIME = 3600 + +[reclaim-sqlite] +FILENAME = $GNUNET_DATA_HOME/reclaim/sqlite.db diff --git a/src/reclaim/reclaim.h b/src/reclaim/reclaim.h new file mode 100644 index 000000000..d2c84686d --- /dev/null +++ b/src/reclaim/reclaim.h @@ -0,0 +1,410 @@ +/* + This file is part of GNUnet. + Copyright (C) 2016 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @author Martin Schanzenbach + * @file reclaim/reclaim.h + * + * @brief Common type definitions for the identity provider + * service and API. + */ +#ifndef RECLAIM_H +#define RECLAIM_H + +#include "gnunet_common.h" + + +GNUNET_NETWORK_STRUCT_BEGIN + +/** + * Use to store an identity attribute + */ +struct AttributeStoreMessage +{ + /** + * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * The length of the attribute + */ + uint32_t attr_len GNUNET_PACKED; + + /** + * The expiration interval of the attribute + */ + uint64_t exp GNUNET_PACKED; + + /** + * Identity + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /* followed by the serialized attribute */ + +}; + +/** + * Attribute store response message + */ +struct AttributeStoreResultMessage +{ + /** + * Message header + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * #GNUNET_SYSERR on failure, #GNUNET_OK on success + */ + int32_t op_result GNUNET_PACKED; + +}; + +/** + * Attribute is returned from the idp. + */ +struct AttributeResultMessage +{ + /** + * Message header + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Length of serialized attribute data + */ + uint16_t attr_len GNUNET_PACKED; + + /** + * always zero (for alignment) + */ + uint16_t reserved GNUNET_PACKED; + + /** + * The public key of the identity. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity; + + /* followed by: + * serialized attribute data + */ +}; + + +/** + * Start a attribute iteration for the given identity + */ +struct AttributeIterationStartMessage +{ + /** + * Message + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + +}; + + +/** + * Ask for next result of attribute iteration for the given operation + */ +struct AttributeIterationNextMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; + + +/** + * Stop attribute iteration for the given operation + */ +struct AttributeIterationStopMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; + +/** + * Start a ticket iteration for the given identity + */ +struct TicketIterationStartMessage +{ + /** + * Message + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity; + + /** + * Identity is audience or issuer + */ + uint32_t is_audience GNUNET_PACKED; +}; + + +/** + * Ask for next result of ticket iteration for the given operation + */ +struct TicketIterationNextMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; + + +/** + * Stop ticket iteration for the given operation + */ +struct TicketIterationStopMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; + + + +/** + * Ticket issue message + */ +struct IssueTicketMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Requesting party. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey rp; + + /** + * length of serialized attribute list + */ + uint32_t attr_len GNUNET_PACKED; + + //Followed by a serialized attribute list +}; + +/** + * Ticket revoke message + */ +struct RevokeTicketMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * length of serialized attribute list + */ + uint32_t attrs_len GNUNET_PACKED; + + //Followed by a ticket and serialized attribute list +}; + +/** + * Ticket revoke message + */ +struct RevokeTicketResultMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Revocation result + */ + uint32_t success GNUNET_PACKED; +}; + + +/** + * Ticket result message + */ +struct TicketResultMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; + +/** + * Ticket consume message + */ +struct ConsumeTicketMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + //Followed by a serialized ticket +}; + +/** + * Attribute list is returned from the idp. + */ +struct ConsumeTicketResultMessage +{ + /** + * Message header + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Length of serialized attribute data + */ + uint16_t attrs_len GNUNET_PACKED; + + /** + * always zero (for alignment) + */ + uint16_t reserved GNUNET_PACKED; + + /** + * The public key of the identity. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity; + + /* followed by: + * serialized attributes data + */ +}; + + + +GNUNET_NETWORK_STRUCT_END + +#endif diff --git a/src/reclaim/reclaim_api.c b/src/reclaim/reclaim_api.c new file mode 100644 index 000000000..3f1584ccd --- /dev/null +++ b/src/reclaim/reclaim_api.c @@ -0,0 +1,1383 @@ +/* + This file is part of GNUnet. + Copyright (C) 2016 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +/** + * @file reclaim/reclaim_api.c + * @brief api to interact with the reclaim service + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_constants.h" +#include "gnunet_protocols.h" +#include "gnunet_mq_lib.h" +#include "gnunet_reclaim_service.h" +#include "gnunet_reclaim_attribute_lib.h" +#include "reclaim.h" + +#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-api",__VA_ARGS__) + + +/** + * Handle for an operation with the service. + */ +struct GNUNET_RECLAIM_Operation +{ + + /** + * Main handle. + */ + struct GNUNET_RECLAIM_Handle *h; + + /** + * We keep operations in a DLL. + */ + struct GNUNET_RECLAIM_Operation *next; + + /** + * We keep operations in a DLL. + */ + struct GNUNET_RECLAIM_Operation *prev; + + /** + * Message to send to the service. + * Allocated at the end of this struct. + */ + const struct GNUNET_MessageHeader *msg; + + /** + * Continuation to invoke after attribute store call + */ + GNUNET_RECLAIM_ContinuationWithStatus as_cb; + + /** + * Attribute result callback + */ + GNUNET_RECLAIM_AttributeResult ar_cb; + + /** + * Revocation result callback + */ + GNUNET_RECLAIM_ContinuationWithStatus rvk_cb; + + /** + * Ticket result callback + */ + GNUNET_RECLAIM_TicketCallback tr_cb; + + /** + * Envelope with the message for this queue entry. + */ + struct GNUNET_MQ_Envelope *env; + + /** + * request id + */ + uint32_t r_id; + + /** + * Closure for @e cont or @e cb. + */ + void *cls; + +}; + +/** + * Handle for a ticket iterator operation + */ +struct GNUNET_RECLAIM_TicketIterator +{ + + /** + * Kept in a DLL. + */ + struct GNUNET_RECLAIM_TicketIterator *next; + + /** + * Kept in a DLL. + */ + struct GNUNET_RECLAIM_TicketIterator *prev; + + /** + * Main handle to access the idp. + */ + struct GNUNET_RECLAIM_Handle *h; + + /** + * Function to call on completion. + */ + GNUNET_SCHEDULER_TaskCallback finish_cb; + + /** + * Closure for @e error_cb. + */ + void *finish_cb_cls; + + /** + * The continuation to call with the results + */ + GNUNET_RECLAIM_TicketCallback tr_cb; + + /** + * Closure for @e tr_cb. + */ + void *cls; + + /** + * Function to call on errors. + */ + GNUNET_SCHEDULER_TaskCallback error_cb; + + /** + * Closure for @e error_cb. + */ + void *error_cb_cls; + + /** + * Envelope of the message to send to the service, if not yet + * sent. + */ + struct GNUNET_MQ_Envelope *env; + + /** + * The operation id this zone iteration operation has + */ + uint32_t r_id; + +}; + + +/** + * Handle for a attribute iterator operation + */ +struct GNUNET_RECLAIM_AttributeIterator +{ + + /** + * Kept in a DLL. + */ + struct GNUNET_RECLAIM_AttributeIterator *next; + + /** + * Kept in a DLL. + */ + struct GNUNET_RECLAIM_AttributeIterator *prev; + + /** + * Main handle to access the idp. + */ + struct GNUNET_RECLAIM_Handle *h; + + /** + * Function to call on completion. + */ + GNUNET_SCHEDULER_TaskCallback finish_cb; + + /** + * Closure for @e error_cb. + */ + void *finish_cb_cls; + + /** + * The continuation to call with the results + */ + GNUNET_RECLAIM_AttributeResult proc; + + /** + * Closure for @e proc. + */ + void *proc_cls; + + /** + * Function to call on errors. + */ + GNUNET_SCHEDULER_TaskCallback error_cb; + + /** + * Closure for @e error_cb. + */ + void *error_cb_cls; + + /** + * Envelope of the message to send to the service, if not yet + * sent. + */ + struct GNUNET_MQ_Envelope *env; + + /** + * Private key of the zone. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * The operation id this zone iteration operation has + */ + uint32_t r_id; + +}; + + +/** + * Handle for the service. + */ +struct GNUNET_RECLAIM_Handle +{ + /** + * Configuration to use. + */ + const struct GNUNET_CONFIGURATION_Handle *cfg; + + /** + * Socket (if available). + */ + struct GNUNET_CLIENT_Connection *client; + + /** + * Closure for 'cb'. + */ + void *cb_cls; + + /** + * Head of active operations. + */ + struct GNUNET_RECLAIM_Operation *op_head; + + /** + * Tail of active operations. + */ + struct GNUNET_RECLAIM_Operation *op_tail; + + /** + * Head of active iterations + */ + struct GNUNET_RECLAIM_AttributeIterator *it_head; + + /** + * Tail of active iterations + */ + struct GNUNET_RECLAIM_AttributeIterator *it_tail; + + /** + * Head of active iterations + */ + struct GNUNET_RECLAIM_TicketIterator *ticket_it_head; + + /** + * Tail of active iterations + */ + struct GNUNET_RECLAIM_TicketIterator *ticket_it_tail; + + + /** + * Currently pending transmission request, or NULL for none. + */ + struct GNUNET_CLIENT_TransmitHandle *th; + + /** + * Task doing exponential back-off trying to reconnect. + */ + struct GNUNET_SCHEDULER_Task * reconnect_task; + + /** + * Time for next connect retry. + */ + struct GNUNET_TIME_Relative reconnect_backoff; + + /** + * Connection to service (if available). + */ + struct GNUNET_MQ_Handle *mq; + + /** + * Request Id generator. Incremented by one for each request. + */ + uint32_t r_id_gen; + + /** + * Are we polling for incoming messages right now? + */ + int in_receive; + +}; + +/** + * Try again to connect to the service. + * + * @param h handle to the reclaim service. + */ +static void +reconnect (struct GNUNET_RECLAIM_Handle *h); + +/** + * Reconnect + * + * @param cls the handle + */ +static void +reconnect_task (void *cls) +{ + struct GNUNET_RECLAIM_Handle *handle = cls; + + handle->reconnect_task = NULL; + reconnect (handle); +} + + +/** + * Disconnect from service and then reconnect. + * + * @param handle our service + */ +static void +force_reconnect (struct GNUNET_RECLAIM_Handle *handle) +{ + GNUNET_MQ_destroy (handle->mq); + handle->mq = NULL; + handle->reconnect_backoff + = GNUNET_TIME_STD_BACKOFF (handle->reconnect_backoff); + handle->reconnect_task + = GNUNET_SCHEDULER_add_delayed (handle->reconnect_backoff, + &reconnect_task, + handle); +} + +/** + * Free @a it. + * + * @param it entry to free + */ +static void +free_it (struct GNUNET_RECLAIM_AttributeIterator *it) +{ + struct GNUNET_RECLAIM_Handle *h = it->h; + + GNUNET_CONTAINER_DLL_remove (h->it_head, + h->it_tail, + it); + if (NULL != it->env) + GNUNET_MQ_discard (it->env); + GNUNET_free (it); +} + +static void +free_op (struct GNUNET_RECLAIM_Operation* op) +{ + if (NULL == op) + return; + if (NULL != op->env) + GNUNET_MQ_discard (op->env); + GNUNET_free(op); +} + + +/** + * Generic error handler, called with the appropriate error code and + * the same closure specified at the creation of the message queue. + * Not every message queue implementation supports an error handler. + * + * @param cls closure with the `struct GNUNET_GNS_Handle *` + * @param error error code + */ +static void +mq_error_handler (void *cls, + enum GNUNET_MQ_Error error) +{ + struct GNUNET_RECLAIM_Handle *handle = cls; + force_reconnect (handle); +} + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE + * + * @param cls + * @param msg the message we received + */ +static void +handle_attribute_store_response (void *cls, + const struct AttributeStoreResultMessage *msg) +{ + struct GNUNET_RECLAIM_Handle *h = cls; + struct GNUNET_RECLAIM_Operation *op; + uint32_t r_id = ntohl (msg->id); + int res; + const char *emsg; + + for (op = h->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + if (NULL == op) + return; + + res = ntohl (msg->op_result); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Received ATTRIBUTE_STORE_RESPONSE with result %d\n", + res); + + /* TODO: add actual error message to response... */ + if (GNUNET_SYSERR == res) + emsg = _("failed to store record\n"); + else + emsg = NULL; + if (NULL != op->as_cb) + op->as_cb (op->cls, + res, + emsg); + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + free_op (op); + +} + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT + * + * @param cls + * @param msg the message we received + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +static int +check_consume_ticket_result (void *cls, + const struct ConsumeTicketResultMessage *msg) +{ + size_t msg_len; + size_t attrs_len; + + msg_len = ntohs (msg->header.size); + attrs_len = ntohs (msg->attrs_len); + if (msg_len != sizeof (struct ConsumeTicketResultMessage) + attrs_len) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT + * + * @param cls + * @param msg the message we received + */ +static void +handle_consume_ticket_result (void *cls, + const struct ConsumeTicketResultMessage *msg) +{ + struct GNUNET_RECLAIM_Handle *h = cls; + struct GNUNET_RECLAIM_Operation *op; + size_t attrs_len; + uint32_t r_id = ntohl (msg->id); + + attrs_len = ntohs (msg->attrs_len); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Processing attribute result.\n"); + + + for (op = h->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + if (NULL == op) + return; + + { + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&msg[1], + attrs_len); + if (NULL != op->ar_cb) + { + if (NULL == attrs) + { + op->ar_cb (op->cls, + &msg->identity, + NULL); + } + else + { + for (le = attrs->list_head; NULL != le; le = le->next) + op->ar_cb (op->cls, + &msg->identity, + le->claim); + GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs); + } + } + if (NULL != op) + { + op->ar_cb (op->cls, + NULL, + NULL); + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + free_op (op); + } + return; + } + GNUNET_assert (0); +} + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT + * + * @param cls + * @param msg the message we received + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +static int +check_attribute_result (void *cls, + const struct AttributeResultMessage *msg) +{ + size_t msg_len; + size_t attr_len; + + msg_len = ntohs (msg->header.size); + attr_len = ntohs (msg->attr_len); + if (msg_len != sizeof (struct AttributeResultMessage) + attr_len) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT + * + * @param cls + * @param msg the message we received + */ +static void +handle_attribute_result (void *cls, + const struct AttributeResultMessage *msg) +{ + static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy; + struct GNUNET_RECLAIM_Handle *h = cls; + struct GNUNET_RECLAIM_AttributeIterator *it; + struct GNUNET_RECLAIM_Operation *op; + size_t attr_len; + uint32_t r_id = ntohl (msg->id); + + attr_len = ntohs (msg->attr_len); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Processing attribute result.\n"); + + + for (it = h->it_head; NULL != it; it = it->next) + if (it->r_id == r_id) + break; + for (op = h->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + if ((NULL == it) && (NULL == op)) + return; + + if ( (0 == (memcmp (&msg->identity, + &identity_dummy, + sizeof (identity_dummy)))) ) + { + if ((NULL == it) && (NULL == op)) + { + GNUNET_break (0); + force_reconnect (h); + return; + } + if (NULL != it) + { + if (NULL != it->finish_cb) + it->finish_cb (it->finish_cb_cls); + free_it (it); + } + if (NULL != op) + { + if (NULL != op->ar_cb) + op->ar_cb (op->cls, + NULL, + NULL); + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + free_op (op); + + } + return; + } + + { + struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr; + attr = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&msg[1], + attr_len); + if (NULL != it) + { + if (NULL != it->proc) + it->proc (it->proc_cls, + &msg->identity, + attr); + } else if (NULL != op) + { + if (NULL != op->ar_cb) + op->ar_cb (op->cls, + &msg->identity, + attr); + + } + GNUNET_free (attr); + return; + } + GNUNET_assert (0); +} + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT + * + * @param cls + * @param msg the message we received + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +static int +check_ticket_result (void *cls, + const struct TicketResultMessage *msg) +{ + size_t msg_len; + + msg_len = ntohs (msg->header.size); + if (msg_len < sizeof (struct TicketResultMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT + * + * @param cls + * @param msg the message we received + */ +static void +handle_ticket_result (void *cls, + const struct TicketResultMessage *msg) +{ + struct GNUNET_RECLAIM_Handle *handle = cls; + struct GNUNET_RECLAIM_Operation *op; + struct GNUNET_RECLAIM_TicketIterator *it; + const struct GNUNET_RECLAIM_Ticket *ticket; + uint32_t r_id = ntohl (msg->id); + size_t msg_len; + + for (op = handle->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + for (it = handle->ticket_it_head; NULL != it; it = it->next) + if (it->r_id == r_id) + break; + if ((NULL == op) && (NULL == it)) + return; + msg_len = ntohs (msg->header.size); + if (NULL != op) + { + GNUNET_CONTAINER_DLL_remove (handle->op_head, + handle->op_tail, + op); + if (msg_len == sizeof (struct TicketResultMessage)) + { + if (NULL != op->tr_cb) + op->tr_cb (op->cls, NULL); + } else { + ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1]; + if (NULL != op->tr_cb) + op->tr_cb (op->cls, ticket); + } + free_op (op); + return; + } else if (NULL != it) { + if (msg_len == sizeof (struct TicketResultMessage)) + { + if (NULL != it->tr_cb) + GNUNET_CONTAINER_DLL_remove (handle->ticket_it_head, + handle->ticket_it_tail, + it); + it->finish_cb (it->finish_cb_cls); + GNUNET_free (it); + } else { + ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1]; + if (NULL != it->tr_cb) + it->tr_cb (it->cls, ticket); + } + return; + } + GNUNET_break (0); +} + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT + * + * @param cls + * @param msg the message we received + */ +static void +handle_revoke_ticket_result (void *cls, + const struct RevokeTicketResultMessage *msg) +{ + struct GNUNET_RECLAIM_Handle *h = cls; + struct GNUNET_RECLAIM_Operation *op; + uint32_t r_id = ntohl (msg->id); + int32_t success; + + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Processing revocation result.\n"); + + + for (op = h->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + if (NULL == op) + return; + success = ntohl (msg->success); + { + if (NULL != op->rvk_cb) + { + op->rvk_cb (op->cls, + success, + NULL); + } + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + free_op (op); + return; + } + GNUNET_assert (0); +} + + + +/** + * Try again to connect to the service. + * + * @param h handle to the reclaim service. + */ +static void +reconnect (struct GNUNET_RECLAIM_Handle *h) +{ + struct GNUNET_MQ_MessageHandler handlers[] = { + GNUNET_MQ_hd_fixed_size (attribute_store_response, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE, + struct AttributeStoreResultMessage, + h), + GNUNET_MQ_hd_var_size (attribute_result, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT, + struct AttributeResultMessage, + h), + GNUNET_MQ_hd_var_size (ticket_result, + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT, + struct TicketResultMessage, + h), + GNUNET_MQ_hd_var_size (consume_ticket_result, + GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT, + struct ConsumeTicketResultMessage, + h), + GNUNET_MQ_hd_fixed_size (revoke_ticket_result, + GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT, + struct RevokeTicketResultMessage, + h), + GNUNET_MQ_handler_end () + }; + struct GNUNET_RECLAIM_Operation *op; + + GNUNET_assert (NULL == h->mq); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Connecting to reclaim service.\n"); + + h->mq = GNUNET_CLIENT_connect (h->cfg, + "reclaim", + handlers, + &mq_error_handler, + h); + if (NULL == h->mq) + return; + for (op = h->op_head; NULL != op; op = op->next) + GNUNET_MQ_send_copy (h->mq, + op->env); +} + + +/** + * Connect to the reclaim service. + * + * @param cfg the configuration to use + * @return handle to use + */ +struct GNUNET_RECLAIM_Handle * +GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg) +{ + struct GNUNET_RECLAIM_Handle *h; + + h = GNUNET_new (struct GNUNET_RECLAIM_Handle); + h->cfg = cfg; + reconnect (h); + if (NULL == h->mq) + { + GNUNET_free (h); + return NULL; + } + return h; +} + + +/** + * Cancel an operation. Note that the operation MAY still + * be executed; this merely cancels the continuation; if the request + * was already transmitted, the service may still choose to complete + * the operation. + * + * @param op operation to cancel + */ +void +GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op) +{ + struct GNUNET_RECLAIM_Handle *h = op->h; + + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + free_op (op); +} + + +/** + * Disconnect from service + * + * @param h handle to destroy + */ +void +GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h) +{ + GNUNET_assert (NULL != h); + if (NULL != h->mq) + { + GNUNET_MQ_destroy (h->mq); + h->mq = NULL; + } + if (NULL != h->reconnect_task) + { + GNUNET_SCHEDULER_cancel (h->reconnect_task); + h->reconnect_task = NULL; + } + GNUNET_assert (NULL == h->op_head); + GNUNET_free (h); +} + +/** + * Store an attribute. If the attribute is already present, + * it is replaced with the new attribute. + * + * @param h handle to the reclaim + * @param pkey private key of the identity + * @param attr the attribute value + * @param exp_interval the relative expiration interval for the attribute + * @param cont continuation to call when done + * @param cont_cls closure for @a cont + * @return handle to abort the request + */ +struct GNUNET_RECLAIM_Operation * +GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, + const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr, + const struct GNUNET_TIME_Relative *exp_interval, + GNUNET_RECLAIM_ContinuationWithStatus cont, + void *cont_cls) +{ + struct GNUNET_RECLAIM_Operation *op; + struct AttributeStoreMessage *sam; + size_t attr_len; + + op = GNUNET_new (struct GNUNET_RECLAIM_Operation); + op->h = h; + op->as_cb = cont; + op->cls = cont_cls; + op->r_id = h->r_id_gen++; + GNUNET_CONTAINER_DLL_insert_tail (h->op_head, + h->op_tail, + op); + attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (attr); + op->env = GNUNET_MQ_msg_extra (sam, + attr_len, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE); + sam->identity = *pkey; + sam->id = htonl (op->r_id); + sam->exp = GNUNET_htonll (exp_interval->rel_value_us); + + GNUNET_RECLAIM_ATTRIBUTE_serialize (attr, + (char*)&sam[1]); + + sam->attr_len = htons (attr_len); + if (NULL != h->mq) + GNUNET_MQ_send_copy (h->mq, + op->env); + return op; + +} + + +/** + * List all attributes for a local identity. + * This MUST lock the `struct GNUNET_RECLAIM_Handle` + * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and + * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once + * immediately, and then again after + * #GNUNET_RECLAIM_get_attributes_next() is invoked. + * + * On error (disconnect), @a error_cb will be invoked. + * On normal completion, @a finish_cb proc will be + * invoked. + * + * @param h handle to the idp + * @param identity identity to access + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each attribute; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_RECLAIM_AttributeIterator * +GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_RECLAIM_AttributeResult proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls) +{ + struct GNUNET_RECLAIM_AttributeIterator *it; + struct GNUNET_MQ_Envelope *env; + struct AttributeIterationStartMessage *msg; + uint32_t rid; + + rid = h->r_id_gen++; + it = GNUNET_new (struct GNUNET_RECLAIM_AttributeIterator); + it->h = h; + it->error_cb = error_cb; + it->error_cb_cls = error_cb_cls; + it->finish_cb = finish_cb; + it->finish_cb_cls = finish_cb_cls; + it->proc = proc; + it->proc_cls = proc_cls; + it->r_id = rid; + it->identity = *identity; + GNUNET_CONTAINER_DLL_insert_tail (h->it_head, + h->it_tail, + it); + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START); + msg->id = htonl (rid); + msg->identity = *identity; + if (NULL == h->mq) + it->env = env; + else + GNUNET_MQ_send (h->mq, + env); + return it; +} + + +/** + * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start + * for the next record. + * + * @param it the iterator + */ +void +GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it) +{ + struct GNUNET_RECLAIM_Handle *h = it->h; + struct AttributeIterationNextMessage *msg; + struct GNUNET_MQ_Envelope *env; + + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT); + msg->id = htonl (it->r_id); + GNUNET_MQ_send (h->mq, + env); +} + + +/** + * Stops iteration and releases the idp handle for further calls. Must + * be called on any iteration that has not yet completed prior to calling + * #GNUNET_RECLAIM_disconnect. + * + * @param it the iterator + */ +void +GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it) +{ + struct GNUNET_RECLAIM_Handle *h = it->h; + struct GNUNET_MQ_Envelope *env; + struct AttributeIterationStopMessage *msg; + + if (NULL != h->mq) + { + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP); + msg->id = htonl (it->r_id); + GNUNET_MQ_send (h->mq, + env); + } + free_it (it); +} + + +/** TODO + * Issues a ticket to another identity. The identity may use + * @GNUNET_RECLAIM_authorization_ticket_consume to consume the ticket + * and retrieve the attributes specified in the AttributeList. + * + * @param h the reclaim to use + * @param iss the issuing identity + * @param rp the subject of the ticket (the relying party) + * @param attrs the attributes that the relying party is given access to + * @param cb the callback + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_RECLAIM_Operation * +GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, + const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + GNUNET_RECLAIM_TicketCallback cb, + void *cb_cls) +{ + struct GNUNET_RECLAIM_Operation *op; + struct IssueTicketMessage *tim; + size_t attr_len; + + op = GNUNET_new (struct GNUNET_RECLAIM_Operation); + op->h = h; + op->tr_cb = cb; + op->cls = cb_cls; + op->r_id = h->r_id_gen++; + GNUNET_CONTAINER_DLL_insert_tail (h->op_head, + h->op_tail, + op); + attr_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs); + op->env = GNUNET_MQ_msg_extra (tim, + attr_len, + GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET); + tim->identity = *iss; + tim->rp = *rp; + tim->id = htonl (op->r_id); + + GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs, + (char*)&tim[1]); + + tim->attr_len = htons (attr_len); + if (NULL != h->mq) + GNUNET_MQ_send_copy (h->mq, + op->env); + return op; +} + +/** + * Consumes an issued ticket. The ticket is persisted + * and used to retrieve identity information from the issuer + * + * @param h the reclaim to use + * @param identity the identity that is the subject of the issued ticket (the relying party) + * @param ticket the issued ticket to consume + * @param cb the callback to call + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_RECLAIM_Operation * +GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_RECLAIM_Ticket *ticket, + GNUNET_RECLAIM_AttributeResult cb, + void *cb_cls) +{ + struct GNUNET_RECLAIM_Operation *op; + struct ConsumeTicketMessage *ctm; + + op = GNUNET_new (struct GNUNET_RECLAIM_Operation); + op->h = h; + op->ar_cb = cb; + op->cls = cb_cls; + op->r_id = h->r_id_gen++; + GNUNET_CONTAINER_DLL_insert_tail (h->op_head, + h->op_tail, + op); + op->env = GNUNET_MQ_msg_extra (ctm, + sizeof (const struct GNUNET_RECLAIM_Ticket), + GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET); + ctm->identity = *identity; + ctm->id = htonl (op->r_id); + + GNUNET_memcpy ((char*)&ctm[1], + ticket, + sizeof (const struct GNUNET_RECLAIM_Ticket)); + + if (NULL != h->mq) + GNUNET_MQ_send_copy (h->mq, + op->env); + return op; + +} + + +/** + * Lists all tickets that have been issued to remote + * identites (relying parties) + * + * @param h the reclaim to use + * @param identity the issuing identity + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each ticket; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_RECLAIM_TicketIterator * +GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_RECLAIM_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls) +{ + struct GNUNET_RECLAIM_TicketIterator *it; + struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub; + struct GNUNET_MQ_Envelope *env; + struct TicketIterationStartMessage *msg; + uint32_t rid; + + GNUNET_CRYPTO_ecdsa_key_get_public (identity, + &identity_pub); + rid = h->r_id_gen++; + it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator); + it->h = h; + it->error_cb = error_cb; + it->error_cb_cls = error_cb_cls; + it->finish_cb = finish_cb; + it->finish_cb_cls = finish_cb_cls; + it->tr_cb = proc; + it->cls = proc_cls; + it->r_id = rid; + GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head, + h->ticket_it_tail, + it); + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START); + msg->id = htonl (rid); + msg->identity = identity_pub; + msg->is_audience = htonl (GNUNET_NO); + if (NULL == h->mq) + it->env = env; + else + GNUNET_MQ_send (h->mq, + env); + return it; + +} + + +/** + * Lists all tickets that have been issued to remote + * identites (relying parties) + * + * @param h the reclaim to use + * @param identity the issuing identity + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each ticket; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_RECLAIM_TicketIterator * +GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_RECLAIM_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls) +{ + struct GNUNET_RECLAIM_TicketIterator *it; + struct GNUNET_MQ_Envelope *env; + struct TicketIterationStartMessage *msg; + uint32_t rid; + + rid = h->r_id_gen++; + it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator); + it->h = h; + it->error_cb = error_cb; + it->error_cb_cls = error_cb_cls; + it->finish_cb = finish_cb; + it->finish_cb_cls = finish_cb_cls; + it->tr_cb = proc; + it->cls = proc_cls; + it->r_id = rid; + GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head, + h->ticket_it_tail, + it); + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START); + msg->id = htonl (rid); + msg->identity = *identity; + msg->is_audience = htonl (GNUNET_YES); + if (NULL == h->mq) + it->env = env; + else + GNUNET_MQ_send (h->mq, + env); + return it; + + +} + +/** + * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start + * for the next record. + * + * @param it the iterator + */ +void +GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it) +{ + struct GNUNET_RECLAIM_Handle *h = it->h; + struct TicketIterationNextMessage *msg; + struct GNUNET_MQ_Envelope *env; + + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT); + msg->id = htonl (it->r_id); + GNUNET_MQ_send (h->mq, + env); +} + + +/** + * Stops iteration and releases the idp handle for further calls. Must + * be called on any iteration that has not yet completed prior to calling + * #GNUNET_RECLAIM_disconnect. + * + * @param it the iterator + */ +void +GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it) +{ + struct GNUNET_RECLAIM_Handle *h = it->h; + struct GNUNET_MQ_Envelope *env; + struct TicketIterationStopMessage *msg; + + if (NULL != h->mq) + { + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP); + msg->id = htonl (it->r_id); + GNUNET_MQ_send (h->mq, + env); + } + GNUNET_free (it); +} + +/** + * Revoked an issued ticket. The relying party will be unable to retrieve + * updated attributes. + * + * @param h the reclaim to use + * @param identity the issuing identity + * @param ticket the ticket to revoke + * @param cb the callback + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_RECLAIM_Operation * +GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_RECLAIM_Ticket *ticket, + GNUNET_RECLAIM_ContinuationWithStatus cb, + void *cb_cls) +{ + struct GNUNET_RECLAIM_Operation *op; + struct RevokeTicketMessage *msg; + uint32_t rid; + + rid = h->r_id_gen++; + op = GNUNET_new (struct GNUNET_RECLAIM_Operation); + op->h = h; + op->rvk_cb = cb; + op->cls = cb_cls; + op->r_id = rid; + GNUNET_CONTAINER_DLL_insert_tail (h->op_head, + h->op_tail, + op); + op->env = GNUNET_MQ_msg_extra (msg, + sizeof (struct GNUNET_RECLAIM_Ticket), + GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET); + msg->id = htonl (rid); + msg->identity = *identity; + GNUNET_memcpy (&msg[1], + ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + if (NULL != h->mq) { + GNUNET_MQ_send (h->mq, + op->env); + op->env = NULL; + } + return op; +} + + + +/* end of reclaim_api.c */ diff --git a/src/reclaim/test_reclaim.sh b/src/reclaim/test_reclaim.sh new file mode 100755 index 000000000..311f5382a --- /dev/null +++ b/src/reclaim/test_reclaim.sh @@ -0,0 +1,31 @@ +#!/bin/bash +#trap "gnunet-arm -e -c test_reclaim_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_reclaim.conf +gnunet-identity -C testego -c test_reclaim.conf +valgrind gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf +gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf +gnunet-reclaim -e testego -D -c test_reclaim.conf +gnunet-arm -e -c test_reclaim.conf diff --git a/src/reclaim/test_reclaim_attribute.sh b/src/reclaim/test_reclaim_attribute.sh new file mode 100755 index 000000000..39bd715b7 --- /dev/null +++ b/src/reclaim/test_reclaim_attribute.sh @@ -0,0 +1,40 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_reclaim.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_reclaim.conf +#gnunet-arm -i rest -c test_reclaim.conf +gnunet-identity -C testego -c test_reclaim.conf +gnunet-identity -C rpego -c test_reclaim.conf +TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}') +gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf +gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1 +if test $? != 0 +then + echo "Failed." + exit 1 +fi + +#curl localhost:7776/reclaim/attributes/testego +gnunet-arm -e -c test_reclaim.conf diff --git a/src/reclaim/test_reclaim_consume.sh b/src/reclaim/test_reclaim_consume.sh new file mode 100755 index 000000000..36c8052d0 --- /dev/null +++ b/src/reclaim/test_reclaim_consume.sh @@ -0,0 +1,43 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_reclaim.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_reclaim.conf +#gnunet-arm -i rest -c test_reclaim.conf +gnunet-identity -C testego -c test_reclaim.conf +gnunet-identity -C rpego -c test_reclaim.conf +SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}') +TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}') +gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf +gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf +TICKET=$(gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf | awk '{print $1}') +gnunet-reclaim -e rpego -C $TICKET -c test_reclaim.conf > /dev/null 2>&1 + +if test $? != 0 +then + "Failed." + exit 1 +fi +#curl http://localhost:7776/reclaim/tickets/testego +gnunet-arm -e -c test_reclaim.conf diff --git a/src/reclaim/test_reclaim_defaults.conf b/src/reclaim/test_reclaim_defaults.conf new file mode 100644 index 000000000..a9a197dea --- /dev/null +++ b/src/reclaim/test_reclaim_defaults.conf @@ -0,0 +1,24 @@ +@INLINE@ ../../contrib/conf/gnunet/no_forcestart.conf + +[PATHS] +GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-testing/ + +[namestore-sqlite] +FILENAME = $GNUNET_TEST_HOME/namestore/sqlite_test.db + +[namecache-sqlite] +FILENAME=$GNUNET_TEST_HOME/namecache/namecache.db + +[identity] +# Directory where we store information about our egos +EGODIR = $GNUNET_TEST_HOME/identity/egos/ + +[dhtcache] +DATABASE = heap + +[transport] +PLUGINS = tcp + +[transport-tcp] +BINDTO = 127.0.0.1 + diff --git a/src/reclaim/test_reclaim_issue.sh b/src/reclaim/test_reclaim_issue.sh new file mode 100755 index 000000000..6a71470e1 --- /dev/null +++ b/src/reclaim/test_reclaim_issue.sh @@ -0,0 +1,42 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_reclaim.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_reclaim.conf +#gnunet-arm -i rest -c test_reclaim.conf +gnunet-identity -C testego -c test_reclaim.conf +gnunet-identity -C rpego -c test_reclaim.conf +SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}') +TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}') +gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf > /dev/null 2>&1 +gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1 +#gnunet-reclaim -e testego -D -c test_reclaim.conf +gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf > /dev/null 2>&1 +if test $? != 0 +then + echo "Failed." + exit 1 +fi +#curl http://localhost:7776/reclaim/attributes/testego +gnunet-arm -e -c test_reclaim.conf diff --git a/src/reclaim/test_reclaim_revoke.sh b/src/reclaim/test_reclaim_revoke.sh new file mode 100755 index 000000000..595752fd8 --- /dev/null +++ b/src/reclaim/test_reclaim_revoke.sh @@ -0,0 +1,65 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_reclaim.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null +gnunet-identity -C alice -c test_reclaim.conf +gnunet-identity -C bob -c test_reclaim.conf +gnunet-identity -C eve -c test_reclaim.conf +ALICE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep alice | awk '{print $3}') +BOB_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep bob | awk '{print $3}') +EVE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep eve | awk '{print $3}') + +gnunet-reclaim -e alice -E 15s -a email -V john@doe.gnu -c test_reclaim.conf +gnunet-reclaim -e alice -E 15s -a name -V John -c test_reclaim.conf +TICKET_BOB=$(gnunet-reclaim -e alice -i "email,name" -r $BOB_KEY -c test_reclaim.conf | awk '{print $1}') +#gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf +TICKET_EVE=$(gnunet-reclaim -e alice -i "email" -r $EVE_KEY -c test_reclaim.conf | awk '{print $1}') + +#echo "Consuming $TICKET" +#gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf +gnunet-reclaim -e alice -R $TICKET_EVE -c test_reclaim.conf + +#sleep 6 + +gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf 2&>1 >/dev/null +if test $? == 0 +then + echo "Eve can still resolve attributes..." + gnunet-arm -e -c test_reclaim.conf + exit 1 +fi + +gnunet-arm -e -c test_reclaim.conf +gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null + +gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf 2&>1 >/dev/null +if test $? != 0 +then + echo "Bob cannot resolve attributes..." + gnunet-arm -e -c test_reclaim.conf + exit 1 +fi + +gnunet-arm -e -c test_reclaim.conf -- cgit v1.2.3 From f89b96d1a0ffe8359fbbda6ea3276a030a701e91 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 20 Jul 2018 08:39:06 +0200 Subject: remove trust check; we don't need (and thus implicity may slighly deviate from rfc) --- src/reclaim/plugin_rest_openid_connect.c | 111 +------------------------------ 1 file changed, 3 insertions(+), 108 deletions(-) diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index abb3f59f5..9b7cf0205 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -229,12 +229,6 @@ struct OIDC_Variables */ char *client_id; - /** - * GNUNET_YES if there is a delegation to - * this RP or if it is a local identity - */ - int is_client_trusted; - /** * The OIDC redirect uri */ @@ -1026,62 +1020,6 @@ login_check (void *cls) } } -/** - * Searches for client_id in namestore. If found trust status stored in handle - * Else continues to search - * - * @param handle the RequestHandle - */ -static void -namestore_iteration_callback ( - void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key, - const char *rname, unsigned int rd_len, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct RequestHandle *handle = cls; - struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey; - struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey; - int i; - - for (i = 0; i < rd_len; i++) - { - if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type ) - continue; - - if ( NULL != handle->oidc->login_identity ) - { - GNUNET_CRYPTO_ecdsa_public_key_from_string ( - handle->oidc->login_identity, - strlen (handle->oidc->login_identity), - &login_identity_pkey); - GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, - ¤t_zone_pkey); - - if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - if ( 0 == memcmp (&login_identity_pkey, ¤t_zone_pkey, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - handle->oidc->is_client_trusted = GNUNET_YES; - } - } - } - else - { - if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - handle->oidc->is_client_trusted = GNUNET_YES; - } - } - } - - GNUNET_NAMESTORE_zone_iterator_next (handle->namestore_handle_it, - 1); -} - - /** * Iteration over all results finished, build final * response. @@ -1089,7 +1027,7 @@ namestore_iteration_callback ( * @param cls the `struct RequestHandle` */ static void -namestore_iteration_finished (void *cls) +build_authz_response (void *cls) { struct RequestHandle *handle = cls; struct GNUNET_HashCode cache_key; @@ -1099,25 +1037,6 @@ namestore_iteration_finished (void *cls) int number_of_ignored_parameter, iterator; - handle->ego_entry = handle->ego_entry->next; - - if(NULL != handle->ego_entry) - { - handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); - handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key, - &oidc_iteration_error, handle, &namestore_iteration_callback, handle, - &namestore_iteration_finished, handle); - return; - } - if (GNUNET_NO == handle->oidc->is_client_trusted) - { - handle->emsg = GNUNET_strdup("unauthorized_client"); - handle->edesc = GNUNET_strdup("The client is not authorized to request an " - "authorization code using this method."); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - // REQUIRED value: redirect_uri GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), &cache_key); @@ -1246,9 +1165,6 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, { struct RequestHandle *handle = cls; struct GNUNET_HashCode cache_key; - struct EgoEntry *tmp_ego; - struct GNUNET_CRYPTO_EcdsaPublicKey pkey; - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; cookie_identity_interpretation(handle); @@ -1302,29 +1218,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, handle->ego_entry = handle->ego_head; handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); - handle->oidc->is_client_trusted = GNUNET_NO; - - //First check if client_id is one of our egos; TODO: handle other TLD cases: Delegation, from config - for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) - { - priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); - GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, - &pkey); - if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) - { - handle->tld = GNUNET_strdup (tmp_ego->identifier); - handle->oidc->is_client_trusted = GNUNET_YES; - handle->ego_entry = handle->ego_tail; - } - } - - - // Checks if client_id is valid: - handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( - handle->namestore_handle, &handle->priv_key, &oidc_iteration_error, - handle, &namestore_iteration_callback, handle, - &namestore_iteration_finished, handle); + + GNUNET_SCHEDULER_add_now (&build_authz_response, handle); } /** -- cgit v1.2.3 From f28f0dc7316ead8735b7e68cd1bd61f3959fa759 Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Fri, 20 Jul 2018 07:11:55 +0000 Subject: include/gnunet_abe_lib.h: typo fix in comment Signed-off-by: Nils Gillmann --- src/include/gnunet_abe_lib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/include/gnunet_abe_lib.h b/src/include/gnunet_abe_lib.h index d380c9b03..554d4488b 100644 --- a/src/include/gnunet_abe_lib.h +++ b/src/include/gnunet_abe_lib.h @@ -87,7 +87,7 @@ GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key, * Delete a CP-ABE key. * * @param key the key to delete - * @param delete_pub GNUNE_YES if the public key should also be freed (bug in gabe) + * @param delete_pub GNUNET_YES if the public key should also be freed (bug in gabe) * @return fresh private key; free using #GNUNET_free */ void -- cgit v1.2.3 From e96a82d77b22f18196d9ae549a259be8575006bf Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 20 Jul 2018 15:13:29 +0200 Subject: update --- src/reclaim/plugin_rest_reclaim.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/reclaim/plugin_rest_reclaim.c b/src/reclaim/plugin_rest_reclaim.c index b54aed5f3..38ffc4ddb 100644 --- a/src/reclaim/plugin_rest_reclaim.c +++ b/src/reclaim/plugin_rest_reclaim.c @@ -42,27 +42,27 @@ /** * REST root namespace */ -#define GNUNET_REST_API_NS_RECLAIM "/idp" +#define GNUNET_REST_API_NS_RECLAIM "/reclaim" /** * Attribute namespace */ -#define GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES "/idp/attributes" +#define GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES "/reclaim/attributes" /** * Ticket namespace */ -#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets" +#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/reclaim/tickets" /** * Revoke namespace */ -#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke" +#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/reclaim/revoke" /** * Revoke namespace */ -#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume" +#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/reclaim/consume" /** * Attribute key -- cgit v1.2.3 From 74a80d549aef8452b1040ea69d7c1274679f7338 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 20 Jul 2018 16:08:08 +0200 Subject: fix --- src/reclaim/plugin_rest_openid_connect.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 9b7cf0205..3e53a2836 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -749,7 +749,7 @@ login_redirection(void *cls) struct RequestHandle *handle = cls; if ( GNUNET_OK - == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", + == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", "address", &login_base_url) ) { GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", @@ -1373,7 +1373,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, //check client password if ( GNUNET_OK - == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", + == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", "psw", &expected_psw) ) { if (0 != strcmp (expected_psw, psw)) @@ -1543,7 +1543,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, //create jwt unsigned long long int expiration_time; if ( GNUNET_OK - != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin", + != GNUNET_CONFIGURATION_get_value_number(cfg, "reclaim-rest-plugin", "expiration_time", &expiration_time) ) { GNUNET_free_non_null(user_psw); @@ -1620,7 +1620,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } if ( GNUNET_OK - != GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", + != GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", "jwt_secret", &jwt_secret) ) { GNUNET_free_non_null(user_psw); -- cgit v1.2.3 From 1914b435ce08b95c02d9c630acc292f4a7548a47 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 20 Jul 2018 21:42:37 +0200 Subject: revert simple TLD mapping --- src/reclaim/plugin_rest_openid_connect.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 3e53a2836..6aa2cd907 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -1165,6 +1165,9 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, { struct RequestHandle *handle = cls; struct GNUNET_HashCode cache_key; + struct EgoEntry *tmp_ego; + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; + struct GNUNET_CRYPTO_EcdsaPublicKey pkey; cookie_identity_interpretation(handle); @@ -1218,7 +1221,20 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, handle->ego_entry = handle->ego_head; handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); - + //If we know this identity, translated the corresponding TLD + //TODO: We might want to have a reverse lookup functionality for TLDs? + for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) + { + priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); + GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, + &pkey); + if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) + { + handle->tld = GNUNET_strdup (tmp_ego->identifier); + handle->ego_entry = handle->ego_tail; + } + } GNUNET_SCHEDULER_add_now (&build_authz_response, handle); } -- cgit v1.2.3 From ee4adf9768a740c3d79b854453eb8bc0f5c14d30 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 21 Jul 2018 08:00:49 +0200 Subject: add more general HMAC function for JWTs --- src/include/gnunet_crypto_lib.h | 17 +++++++++++++++++ src/reclaim/jwt.c | 16 ++++++++-------- src/reclaim/jwt.h | 2 +- src/reclaim/plugin_rest_openid_connect.c | 4 +--- src/util/crypto_hash.c | 26 ++++++++++++++++++++++++-- 5 files changed, 51 insertions(+), 14 deletions(-) diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 7b69c157f..8a591fa09 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -725,6 +725,23 @@ void GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc); +/** + * Calculate HMAC of a message (RFC 2104) + * TODO: Shouldn' this be the standard hmac function and + * the above be renamed? + * + * @param key secret key + * @param key_len secret key length + * @param plaintext input plaintext + * @param plaintext_len length of @a plaintext + * @param hmac where to store the hmac + */ +void +GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len, + const void *plaintext, size_t plaintext_len, + struct GNUNET_HashCode *hmac); + + /** * @ingroup hash * Calculate HMAC of a message (RFC 2104) diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index 45b5d73f6..ec1e6d098 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c @@ -65,8 +65,8 @@ create_jwt_header(void) char* jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, - const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_AuthKey *priv_key) + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + const char *secret_key) { struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; struct GNUNET_HashCode signature; @@ -89,12 +89,12 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, //nonce only if nonce // OPTIONAL acr,amr,azp subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); header = create_jwt_header (); body = json_object (); - + //iss REQUIRED case sensitive server uri with https //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) json_object_set_new (body, @@ -108,8 +108,8 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, for (le = attrs->list_head; NULL != le; le = le->next) { attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, - le->claim->data, - le->claim->data_size); + le->claim->data, + le->claim->data_size); json_object_set_new (body, le->claim->name, json_string (attr_val_str)); @@ -142,8 +142,8 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, * Creating the JWT signature. This might not be * standards compliant, check. */ - GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); - GNUNET_CRYPTO_hmac (priv_key, signature_target, strlen (signature_target), &signature); + GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64); + GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature); GNUNET_STRINGS_base64_encode ((const char*)&signature, sizeof (struct GNUNET_HashCode), &signature_base64); diff --git a/src/reclaim/jwt.h b/src/reclaim/jwt.h index 4b0b01be3..39b4e2f3c 100644 --- a/src/reclaim/jwt.h +++ b/src/reclaim/jwt.h @@ -5,6 +5,6 @@ char* jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_AuthKey *priv_key); + const char* secret_key); #endif diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 6aa2cd907..5a34e5b72 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -1647,14 +1647,12 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, GNUNET_free(ticket); return; } - struct GNUNET_CRYPTO_AuthKey jwt_sign_key; struct GNUNET_CRYPTO_EcdsaPublicKey pk; GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk); - GNUNET_CRYPTO_hash (jwt_secret, strlen (jwt_secret), (struct GNUNET_HashCode*)jwt_sign_key.key); char *id_token = jwt_create_from_list(&ticket->audience, &pk, cl, - &jwt_sign_key); + jwt_secret); //Create random access_token char* access_token_number; diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c index 8410b7835..fe1f58df7 100644 --- a/src/util/crypto_hash.c +++ b/src/util/crypto_hash.c @@ -365,14 +365,17 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key, /** * Calculate HMAC of a message (RFC 2104) + * TODO: Shouldn' this be the standard hmac function and + * the above be renamed? * * @param key secret key + * @param key_len secret key length * @param plaintext input plaintext * @param plaintext_len length of @a plaintext * @param hmac where to store the hmac */ void -GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, +GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac) { @@ -390,7 +393,7 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, { gcry_md_reset (md); } - gcry_md_setkey (md, key->key, sizeof (key->key)); + gcry_md_setkey (md, key, key_len); gcry_md_write (md, plaintext, plaintext_len); mc = gcry_md_read (md, GCRY_MD_SHA512); GNUNET_assert (NULL != mc); @@ -398,6 +401,25 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, } +/** + * Calculate HMAC of a message (RFC 2104) + * + * @param key secret key + * @param plaintext input plaintext + * @param plaintext_len length of @a plaintext + * @param hmac where to store the hmac + */ +void +GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, + const void *plaintext, size_t plaintext_len, + struct GNUNET_HashCode *hmac) +{ + GNUNET_CRYPTO_hmac_raw ((void*) key->key, sizeof (key->key), + plaintext, plaintext_len, + hmac); +} + + /** * Context for cummulative hashing. */ -- cgit v1.2.3 From 2371a7547d958c640b97ed6016160a5d7dde0326 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 21 Jul 2018 08:40:45 +0200 Subject: fix JWT format --- src/reclaim/jwt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index ec1e6d098..d23c6a2a9 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c @@ -49,7 +49,7 @@ create_jwt_header(void) json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); - json_str = json_dumps (root, JSON_INDENT(1)); + json_str = json_dumps (root, JSON_INDENT(0)); json_decref (root); return json_str; } -- cgit v1.2.3 From 8b5994b08ab970ba291b1d39847d0284cd9b323e Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 21 Jul 2018 09:21:01 +0200 Subject: compact JWT serialization --- src/reclaim/jwt.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index d23c6a2a9..d9c2447bc 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c @@ -49,7 +49,7 @@ create_jwt_header(void) json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); - json_str = json_dumps (root, JSON_INDENT(0)); + json_str = json_dumps (root, JSON_INDENT(0) | JSON_COMPACT); json_decref (root); return json_str; } @@ -115,7 +115,7 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, json_string (attr_val_str)); GNUNET_free (attr_val_str); } - body_str = json_dumps (body, JSON_INDENT(0)); + body_str = json_dumps (body, JSON_INDENT(0) | JSON_COMPACT); json_decref (body); GNUNET_STRINGS_base64_encode (header, @@ -147,6 +147,12 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, GNUNET_STRINGS_base64_encode ((const char*)&signature, sizeof (struct GNUNET_HashCode), &signature_base64); + + //Remove GNUNET padding of base64 + padding = strtok(signature_base64, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + GNUNET_asprintf (&result, "%s.%s.%s", header_base64, body_base64, signature_base64); -- cgit v1.2.3 From 51ace4c06634efe9fd7edbb39f91f754befccd5e Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 21 Jul 2018 10:10:22 +0200 Subject: fix base64urlencode for JWT to adhere to RFC4648 --- src/reclaim/jwt.c | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index d9c2447bc..9885bf467 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c @@ -54,6 +54,32 @@ create_jwt_header(void) return json_str; } +static void +replace_char(char* str, char find, char replace){ + char *current_pos = strchr(str,find); + while (current_pos){ + *current_pos = replace; + current_pos = strchr(current_pos,find); + } +} + +//RFC4648 +static void +fix_base64(char* str) { + char *padding; + //First, remove trailing padding '=' + padding = strtok(str, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + //Replace + with - + replace_char (str, '+', '-'); + + //Replace / with _ + replace_char (str, '/', '_'); + +} + /** * Create a JWT from attributes * @@ -73,7 +99,6 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, char* audience; char* subject; char* header; - char* padding; char* body_str; char* result; char* header_base64; @@ -121,19 +146,12 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, GNUNET_STRINGS_base64_encode (header, strlen (header), &header_base64); - //Remove GNUNET padding of base64 - padding = strtok(header_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); + fix_base64(header_base64); GNUNET_STRINGS_base64_encode (body_str, strlen (body_str), &body_base64); - - //Remove GNUNET padding of base64 - padding = strtok(body_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); + fix_base64(body_base64); GNUNET_free (subject); GNUNET_free (audience); @@ -147,11 +165,7 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, GNUNET_STRINGS_base64_encode ((const char*)&signature, sizeof (struct GNUNET_HashCode), &signature_base64); - - //Remove GNUNET padding of base64 - padding = strtok(signature_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); + fix_base64(signature_base64); GNUNET_asprintf (&result, "%s.%s.%s", header_base64, body_base64, signature_base64); -- cgit v1.2.3 From d81369afa8c051383727fa4c54479decc4071b9e Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 21 Jul 2018 12:02:24 +0200 Subject: fixes for JWT creation --- src/reclaim/jwt.c | 30 ++++++++++++++--- src/reclaim/jwt.h | 17 ++++++++-- src/reclaim/plugin_rest_openid_connect.c | 55 +++++--------------------------- src/reclaim/reclaim.conf | 2 +- 4 files changed, 50 insertions(+), 54 deletions(-) diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index 9885bf467..41a3747ed 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c @@ -83,19 +83,25 @@ fix_base64(char* str) { /** * Create a JWT from attributes * - * @param aud_key the public of the subject + * @param aud_key the public of the audience + * @param sub_key the public key of the subject * @param attrs the attribute list - * @param priv_key the key used to sign the JWT + * @param expiration_time the validity of the token + * @param secret_key the key used to sign the JWT * @return a new base64-encoded JWT string. */ char* jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_TIME_Relative *expiration_time, + const char *nonce, const char *secret_key) { struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; struct GNUNET_HashCode signature; + struct GNUNET_TIME_Absolute exp_time; + struct GNUNET_TIME_Absolute time_now; char* audience; char* subject; char* header; @@ -107,9 +113,11 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, char* signature_base64; char* attr_val_str; json_t* body; - - //exp REQUIRED time expired from config + //iat REQUIRED time now + time_now = GNUNET_TIME_absolute_get(); + //exp REQUIRED time expired from config + exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time); //auth_time only if max_age //nonce only if nonce // OPTIONAL acr,amr,azp @@ -130,6 +138,20 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, //aud REQUIRED public key client_id must be there json_object_set_new (body, "aud", json_string (audience)); + //iat + json_object_set_new (body, + "iat", json_integer (time_now.abs_value_us)); + //exp + json_object_set_new (body, + "exp", json_integer (exp_time.abs_value_us)); + //nbf + json_object_set_new (body, + "nbf", json_integer (time_now.abs_value_us)); + //nonce + if (NULL != nonce) + json_object_set_new (body, + "nonce", json_string (nonce)); + for (le = attrs->list_head; NULL != le; le = le->next) { attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, diff --git a/src/reclaim/jwt.h b/src/reclaim/jwt.h index 39b4e2f3c..12ff85b01 100644 --- a/src/reclaim/jwt.h +++ b/src/reclaim/jwt.h @@ -1,10 +1,23 @@ #ifndef JWT_H #define JWT_H +/** + * Create a JWT from attributes + * + * @param aud_key the public of the audience + * @param sub_key the public key of the subject + * @param attrs the attribute list + * @param expiration_time the validity of the token + * @param nonce the nonce, may be NULL + * @param secret_key the key used to sign the JWT + * @return a new base64-encoded JWT string. + */ char* jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, - const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, - const char* secret_key); + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_TIME_Relative *expiration_time, + const char *nonce, + const char *secret_key); #endif diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 5a34e5b72..d1c5b31b6 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -168,7 +168,6 @@ static char* OIDC_ignored_parameter_array [] = { "display", "prompt", - "max_age", "ui_locales", "response_mode", "id_token_hint", @@ -1320,7 +1319,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, int client_exists = GNUNET_NO; struct MHD_Response *resp; char* code_output; - json_t *root, *ticket_string, *nonce, *max_age; + json_t *root; + json_t *ticket_string; + json_t *nonce; json_error_t error; char *json_response; char *jwt_secret; @@ -1515,7 +1516,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, GNUNET_free(code_output); ticket_string = json_object_get (root, "ticket"); nonce = json_object_get (root, "nonce"); - max_age = json_object_get (root, "max_age"); if(ticket_string == NULL && !json_is_string(ticket_string)) { @@ -1557,9 +1557,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } //create jwt - unsigned long long int expiration_time; + struct GNUNET_TIME_Relative expiration_time; if ( GNUNET_OK - != GNUNET_CONFIGURATION_get_value_number(cfg, "reclaim-rest-plugin", + != GNUNET_CONFIGURATION_get_value_time(cfg, "reclaim-rest-plugin", "expiration_time", &expiration_time) ) { GNUNET_free_non_null(user_psw); @@ -1572,48 +1572,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); - //aud REQUIRED public key client_id must be there - GNUNET_RECLAIM_ATTRIBUTE_list_add(cl, - "aud", - GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, - client_id, - strlen(client_id)); - //exp REQUIRED time expired from config - struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( - GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), - expiration_time)); - const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time); - GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, - "exp", - GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, - exp_time_string, - strlen(exp_time_string)); - //iat REQUIRED time now - struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); - const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); - GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, - "iat", - GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, - time_now_string, - strlen(time_now_string)); - //nonce only if nonce is provided - if ( NULL != nonce && json_is_string(nonce) ) - { - GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, - "nonce", - GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, - json_string_value(nonce), - strlen(json_string_value(nonce))); - } - //auth_time only if max_age is provided - if ( NULL != max_age && json_is_string(max_age) ) - { - GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, - "auth_time", - GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, - json_string_value(max_age), - strlen(json_string_value(max_age))); - } + //TODO OPTIONAL acr,amr,azp struct EgoEntry *ego_entry; @@ -1652,6 +1611,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, char *id_token = jwt_create_from_list(&ticket->audience, &pk, cl, + &expiration_time, + (NULL != nonce && json_is_string(nonce)) ? json_string_value (nonce) : NULL, jwt_secret); //Create random access_token diff --git a/src/reclaim/reclaim.conf b/src/reclaim/reclaim.conf index e93899e05..cf0a0dc5e 100644 --- a/src/reclaim/reclaim.conf +++ b/src/reclaim/reclaim.conf @@ -17,7 +17,7 @@ DATABASE = sqlite ADDRESS = https://reclaim.ui/#/login PSW = secret JWT_SECRET = secret -EXPIRATION_TIME = 3600 +EXPIRATION_TIME = 1d [reclaim-sqlite] FILENAME = $GNUNET_DATA_HOME/reclaim/sqlite.db -- cgit v1.2.3 From 8b3dd615a1c7501e19e6d6733c6ada71eb2eadb4 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 21 Jul 2018 12:50:50 +0200 Subject: fix timestamps --- src/reclaim/jwt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index 41a3747ed..cb1213dad 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c @@ -140,13 +140,13 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, "aud", json_string (audience)); //iat json_object_set_new (body, - "iat", json_integer (time_now.abs_value_us)); + "iat", json_integer (time_now.abs_value_us / (1000*1000))); //exp json_object_set_new (body, - "exp", json_integer (exp_time.abs_value_us)); + "exp", json_integer (exp_time.abs_value_us / (1000*1000))); //nbf json_object_set_new (body, - "nbf", json_integer (time_now.abs_value_us)); + "nbf", json_integer (time_now.abs_value_us / (1000*1000))); //nonce if (NULL != nonce) json_object_set_new (body, -- cgit v1.2.3 From 7726b15977bacfc05a7f9321d3b595b04762d30a Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 21 Jul 2018 13:02:18 +0200 Subject: fix --- src/reclaim/jwt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index cb1213dad..041498fb2 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c @@ -37,7 +37,7 @@ #define JWT_TYP_VALUE "jwt" -#define SERVER_ADDRESS "https://reclaim.id/api/openid/userinfo" +#define SERVER_ADDRESS "https://reclaim.id" static char* create_jwt_header(void) @@ -123,7 +123,7 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, // OPTIONAL acr,amr,azp subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, + audience = GNUNET_STRINGS_data_to_string_alloc (&aud_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); header = create_jwt_header (); body = json_object (); -- cgit v1.2.3 From 735e699708247813ae3e9926190dff35a9c8eba1 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 21 Jul 2018 13:04:17 +0200 Subject: actually fix --- src/reclaim/jwt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index 041498fb2..94db19b14 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c @@ -121,9 +121,9 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, //auth_time only if max_age //nonce only if nonce // OPTIONAL acr,amr,azp - subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, + subject = GNUNET_STRINGS_data_to_string_alloc (sub_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - audience = GNUNET_STRINGS_data_to_string_alloc (&aud_key, + audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); header = create_jwt_header (); body = json_object (); -- cgit v1.2.3 From 33d45d039f618ec2892c8db3961f4f76a0e63652 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 21 Jul 2018 13:34:50 +0200 Subject: fix subject in JWT --- src/reclaim/plugin_rest_openid_connect.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index d1c5b31b6..bd11b2de7 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -1606,10 +1606,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, GNUNET_free(ticket); return; } - struct GNUNET_CRYPTO_EcdsaPublicKey pk; - GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk); char *id_token = jwt_create_from_list(&ticket->audience, - &pk, + &ticket->identity, cl, &expiration_time, (NULL != nonce && json_is_string(nonce)) ? json_string_value (nonce) : NULL, -- cgit v1.2.3 From 214f2e90aff373771838d4504d77444c43194e49 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 22 Jul 2018 15:50:52 +0200 Subject: fix code signing --- src/include/gnunet_signatures.h | 2 +- src/reclaim/plugin_rest_openid_connect.c | 116 ++++++++++++++++++++++++------- 2 files changed, 93 insertions(+), 25 deletions(-) diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index 280fefa83..829f8be7e 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h @@ -181,7 +181,7 @@ extern "C" /** * Signature for a GNUid Ticket */ -#define GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET 27 +#define GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN 27 /** * Signature for a GNUnet credential diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index bd11b2de7..0a6dd2b61 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -794,11 +794,75 @@ oidc_iteration_error (void *cls) GNUNET_SCHEDULER_add_now (&do_error, handle); } -static void get_client_name_result (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) + +static char* +build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, + const struct GNUNET_RECLAIM_Ticket *ticket, + const char* nonce) +{ + char *ticket_str; + json_t *code_json; + char *signature_payload; + char *signature_str; + char *authz_code; + size_t signature_payload_len; + struct GNUNET_CRYPTO_EcdsaSignature signature; + struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; + + signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket); + if (NULL != nonce) + signature_payload_len += strlen (nonce); + + signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); + purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload; + purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); + purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); + memcpy (&purpose[1], + ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + if (NULL != nonce) + memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), + nonce, + strlen (nonce)); + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer, + purpose, + &signature)) + { + GNUNET_free (signature_payload); + return NULL; + } + signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature, + sizeof (signature)); + ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + + code_json = json_object (); + json_object_set_new (code_json, + "ticket", + json_string (ticket_str)); + if (NULL != nonce) + json_object_set_new (code_json, + "nonce", + json_string (nonce)); + json_object_set_new (code_json, + "signature", + json_string (signature_str)); + authz_code = json_dumps (code_json, + JSON_INDENT(0) | JSON_COMPACT); + GNUNET_free (signature_payload); + GNUNET_free (signature_str); + GNUNET_free (ticket_str); + json_decref (code_json); + return authz_code; +} + + +static void +get_client_name_result (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { struct RequestHandle *handle = cls; struct MHD_Response *resp; @@ -812,12 +876,16 @@ static void get_client_name_result (void *cls, char *prefix; ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); + //TODO add signature to code payload over nonce and ticket _and_ use jansson here! //TODO change if more attributes are needed (see max_age) - GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}", + code_json_string = build_authz_code (&handle->priv_key, + &handle->ticket, + handle->oidc->nonce); + /*GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}", ticket_str, (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "", (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "", - (NULL != handle->oidc->nonce) ? "\"" : ""); + (NULL != handle->oidc->nonce) ? "\"" : "");*/ code_base64_final_string = base_64_encode(code_json_string); tmp = GNUNET_strdup (handle->oidc->redirect_uri); redirect_path = strtok (tmp, "/"); @@ -896,11 +964,11 @@ oidc_collect_finished_cb (void *cls) return; } handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp, - &handle->priv_key, - &handle->oidc->client_pkey, - handle->attr_list, - &oidc_ticket_issue_cb, - handle); + &handle->priv_key, + &handle->oidc->client_pkey, + handle->attr_list, + &oidc_ticket_issue_cb, + handle); } @@ -944,7 +1012,7 @@ oidc_attr_collect (void *cls, le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type, - attr->data, attr->data_size); + attr->data, attr->data_size); GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head, handle->attr_list->list_tail, le); GNUNET_RECLAIM_get_attributes_next (handle->attr_it); @@ -1004,8 +1072,8 @@ login_check (void *cls) handle->attr_list = GNUNET_new( struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); handle->attr_it = GNUNET_RECLAIM_get_attributes_start ( - handle->idp, &handle->priv_key, &oidc_iteration_error, handle, - &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle); + handle->idp, &handle->priv_key, &oidc_iteration_error, handle, + &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle); return; } } @@ -1560,7 +1628,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, struct GNUNET_TIME_Relative expiration_time; if ( GNUNET_OK != GNUNET_CONFIGURATION_get_value_time(cfg, "reclaim-rest-plugin", - "expiration_time", &expiration_time) ) + "expiration_time", &expiration_time) ) { GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("server_error"); @@ -1572,7 +1640,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); - + //TODO OPTIONAL acr,amr,azp struct EgoEntry *ego_entry; @@ -1679,8 +1747,8 @@ consume_ticket (void *cls, } tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, - attr->data, - attr->data_size); + attr->data, + attr->data_size); value = json_string (tmp_value); @@ -1828,11 +1896,11 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, handle->oidc->response = json_object(); json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring)); handle->idp_op = GNUNET_RECLAIM_ticket_consume ( - handle->idp, - GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), - ticket, - consume_ticket, - handle); + handle->idp, + GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego), + ticket, + consume_ticket, + handle); GNUNET_free(ticket); GNUNET_free(authorization); GNUNET_free(client_ticket); -- cgit v1.2.3 From b68e69365b355f3ef5104f3b682457b0844a70df Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 22 Jul 2018 16:37:49 +0200 Subject: add signature check to token endpoint --- src/reclaim/plugin_rest_openid_connect.c | 250 ++++++++++++++++++++----------- 1 file changed, 162 insertions(+), 88 deletions(-) diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 0a6dd2b61..a2d32e126 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -794,66 +794,160 @@ oidc_iteration_error (void *cls) GNUNET_SCHEDULER_add_now (&do_error, handle); } +static int +parse_authz_code (const char* code, + struct GNUNET_RECLAIM_Ticket **ticket, + char **nonce) +{ + json_error_t error; + json_t *code_json; + json_t *ticket_json; + json_t *nonce_json; + json_t *signature_json; + const char *ticket_str; + const char *signature_str; + const char *nonce_str; + char *code_output; + struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; + struct GNUNET_CRYPTO_EcdsaSignature signature; + size_t signature_payload_len; + + code_output = NULL; + GNUNET_STRINGS_base64_decode (code, + strlen(code), + (void**)&code_output); + code_json = json_loads (code_output, 0 , &error); + GNUNET_free (code_output); + ticket_json = json_object_get (code_json, "ticket"); + nonce_json = json_object_get (code_json, "nonce"); + signature_json = json_object_get (code_json, "signature"); + *ticket = NULL; + *nonce = NULL; + + if ((NULL == ticket_json || !json_is_string (ticket_json)) || + (NULL == signature_json || !json_is_string (signature_json))) + { + json_decref (code_json); + return GNUNET_SYSERR; + } + ticket_str = json_string_value (ticket_json); + signature_str = json_string_value (signature_json); + nonce_str = NULL; + if (NULL != nonce_json) + nonce_str = json_string_value (nonce_json); + signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket); + if (NULL != nonce_str) + signature_payload_len += strlen (nonce_str); + purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + signature_payload_len); + purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); + purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); + if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ticket_str, + strlen (ticket_str), + &purpose[1], + sizeof (struct GNUNET_RECLAIM_Ticket))) + { + GNUNET_free (purpose); + json_decref (code_json); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot parse ticket!\n"); + return GNUNET_SYSERR; + } + if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_str, + strlen (signature_str), + &signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature))) + { + GNUNET_free (purpose); + json_decref (code_json); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot parse signature!\n"); + return GNUNET_SYSERR; + } + *ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); + memcpy (*ticket, + &purpose[1], + sizeof (struct GNUNET_RECLAIM_Ticket)); + if (NULL != nonce_str) + memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), + nonce_str, + strlen (nonce_str)); + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, + purpose, + &signature, + &(*ticket)->identity)) + { + GNUNET_free (purpose); + GNUNET_free (*ticket); + json_decref (code_json); + *ticket = NULL; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Signature of authZ code invalid!\n"); + return GNUNET_SYSERR; + } + *nonce = GNUNET_strdup (nonce_str); + return GNUNET_OK; +} static char* build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, const char* nonce) { - char *ticket_str; - json_t *code_json; - char *signature_payload; - char *signature_str; - char *authz_code; - size_t signature_payload_len; - struct GNUNET_CRYPTO_EcdsaSignature signature; - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - - signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket); - if (NULL != nonce) - signature_payload_len += strlen (nonce); - - signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); - purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload; - purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); - purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); - memcpy (&purpose[1], - ticket, - sizeof (struct GNUNET_RECLAIM_Ticket)); - if (NULL != nonce) - memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), - nonce, - strlen (nonce)); - if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer, - purpose, - &signature)) - { - GNUNET_free (signature_payload); - return NULL; - } - signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature, - sizeof (signature)); - ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, - sizeof (struct GNUNET_RECLAIM_Ticket)); - - code_json = json_object (); - json_object_set_new (code_json, - "ticket", - json_string (ticket_str)); - if (NULL != nonce) - json_object_set_new (code_json, - "nonce", - json_string (nonce)); - json_object_set_new (code_json, - "signature", - json_string (signature_str)); - authz_code = json_dumps (code_json, - JSON_INDENT(0) | JSON_COMPACT); - GNUNET_free (signature_payload); - GNUNET_free (signature_str); - GNUNET_free (ticket_str); - json_decref (code_json); - return authz_code; + char *ticket_str; + json_t *code_json; + char *signature_payload; + char *signature_str; + char *authz_code; + size_t signature_payload_len; + struct GNUNET_CRYPTO_EcdsaSignature signature; + struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; + + signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket); + if (NULL != nonce) + signature_payload_len += strlen (nonce); + + signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); + purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload; + purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); + purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); + memcpy (&purpose[1], + ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + if (NULL != nonce) + memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), + nonce, + strlen (nonce)); + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer, + purpose, + &signature)) + { + GNUNET_free (signature_payload); + return NULL; + } + signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature, + sizeof (signature)); + ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + + code_json = json_object (); + json_object_set_new (code_json, + "ticket", + json_string (ticket_str)); + if (NULL != nonce) + json_object_set_new (code_json, + "nonce", + json_string (nonce)); + json_object_set_new (code_json, + "signature", + json_string (signature_str)); + authz_code = json_dumps (code_json, + JSON_INDENT(0) | JSON_COMPACT); + GNUNET_free (signature_payload); + GNUNET_free (signature_str); + GNUNET_free (ticket_str); + json_decref (code_json); + return authz_code; } @@ -882,10 +976,10 @@ get_client_name_result (void *cls, &handle->ticket, handle->oidc->nonce); /*GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}", - ticket_str, - (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "", - (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "", - (NULL != handle->oidc->nonce) ? "\"" : "");*/ + ticket_str, + (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "", + (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "", + (NULL != handle->oidc->nonce) ? "\"" : "");*/ code_base64_final_string = base_64_encode(code_json_string); tmp = GNUNET_strdup (handle->oidc->redirect_uri); redirect_path = strtok (tmp, "/"); @@ -1386,13 +1480,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, char *expected_psw; int client_exists = GNUNET_NO; struct MHD_Response *resp; - char* code_output; - json_t *root; - json_t *ticket_string; - json_t *nonce; - json_error_t error; char *json_response; char *jwt_secret; + char *nonce; /* * Check Authorization @@ -1579,13 +1669,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } //decode code - GNUNET_STRINGS_base64_decode(code,strlen(code), (void**)&code_output); - root = json_loads (code_output, 0, &error); - GNUNET_free(code_output); - ticket_string = json_object_get (root, "ticket"); - nonce = json_object_get (root, "nonce"); - - if(ticket_string == NULL && !json_is_string(ticket_string)) + struct GNUNET_RECLAIM_Ticket *ticket; + if(GNUNET_OK != parse_authz_code (code, + &ticket, + &nonce)) { GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("invalid_request"); @@ -1595,21 +1682,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } - struct GNUNET_RECLAIM_Ticket *ticket = GNUNET_new(struct GNUNET_RECLAIM_Ticket); - if ( GNUNET_OK - != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string), - strlen (json_string_value(ticket_string)), - ticket, - sizeof(struct GNUNET_RECLAIM_Ticket))) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("invalid code"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - GNUNET_free(ticket); - return; - } // this is the current client (relying party) struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); @@ -1678,7 +1750,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, &ticket->identity, cl, &expiration_time, - (NULL != nonce && json_is_string(nonce)) ? json_string_value (nonce) : NULL, + (NULL != nonce) ? nonce : NULL, jwt_secret); //Create random access_token @@ -1702,10 +1774,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, id_token); GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key); char *id_ticket_combination; + char *ticket_string; + ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); GNUNET_asprintf(&id_ticket_combination, "%s;%s", client_id, - json_string_value(ticket_string)); + ticket_string); GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token, &cache_key, id_ticket_combination, @@ -1724,7 +1799,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, GNUNET_free(json_response); GNUNET_free(ticket); GNUNET_free(id_token); - json_decref (root); GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); } -- cgit v1.2.3 From 8b67e9b5f905ff80ee73300bbb278c00e36b9bca Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 22 Jul 2018 18:01:50 +0200 Subject: ensure ticket contains client id --- src/reclaim/plugin_rest_openid_connect.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index a2d32e126..876e221b5 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -795,7 +795,8 @@ oidc_iteration_error (void *cls) } static int -parse_authz_code (const char* code, +parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, + const char* code, struct GNUNET_RECLAIM_Ticket **ticket, char **nonce) { @@ -868,6 +869,19 @@ parse_authz_code (const char* code, memcpy (*ticket, &purpose[1], sizeof (struct GNUNET_RECLAIM_Ticket)); + if (0 != memcmp (audience, + &(*ticket)->audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + { + GNUNET_free (purpose); + GNUNET_free (*ticket); + json_decref (code_json); + *ticket = NULL; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Audience in ticket does not match client!\n"); + return GNUNET_SYSERR; + + } if (NULL != nonce_str) memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), nonce_str, @@ -1669,8 +1683,14 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } //decode code + struct GNUNET_CRYPTO_EcdsaPublicKey cid; + GNUNET_STRINGS_string_to_data (client_id, + strlen(client_id), + &cid, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); struct GNUNET_RECLAIM_Ticket *ticket; - if(GNUNET_OK != parse_authz_code (code, + if(GNUNET_OK != parse_authz_code (&cid, + code, &ticket, &nonce)) { -- cgit v1.2.3 From 96fdc9cacc176d6269e51dbd490de568c2254bb4 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 22 Jul 2018 18:02:48 +0200 Subject: cleanup --- src/reclaim/plugin_rest_openid_connect.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 876e221b5..679d8f7d9 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -984,16 +984,10 @@ get_client_name_result (void *cls, char *prefix; ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); - //TODO add signature to code payload over nonce and ticket _and_ use jansson here! //TODO change if more attributes are needed (see max_age) code_json_string = build_authz_code (&handle->priv_key, &handle->ticket, handle->oidc->nonce); - /*GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}", - ticket_str, - (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "", - (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "", - (NULL != handle->oidc->nonce) ? "\"" : "");*/ code_base64_final_string = base_64_encode(code_json_string); tmp = GNUNET_strdup (handle->oidc->redirect_uri); redirect_path = strtok (tmp, "/"); -- cgit v1.2.3 From 0e3d3b63bf18148828e722fa1a29fc196f6f441d Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 22 Jul 2018 21:26:47 +0200 Subject: towards secure redirects --- src/reclaim/plugin_rest_openid_connect.c | 124 ++++++++++++++++++++++++------- 1 file changed, 96 insertions(+), 28 deletions(-) diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 679d8f7d9..0f746f988 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -339,6 +339,16 @@ struct RequestHandle */ struct GNUNET_REST_RequestHandle *rest_handle; + /** + * GNS handle + */ + struct GNUNET_GNS_Handle *gns_handle; + + /** + * GNS lookup op + */ + struct GNUNET_GNS_LookupRequest *gns_op; + /** * Handle to NAMESTORE */ @@ -414,6 +424,16 @@ struct RequestHandle */ char *tld; + /** + * The redirect prefix + */ + char *redirect_prefix; + + /** + * The redirect suffix + */ + char *redirect_suffix; + /** * Error response message */ @@ -465,10 +485,19 @@ cleanup_handle (struct RequestHandle *handle) GNUNET_free (handle->url); if (NULL != handle->tld) GNUNET_free (handle->tld); + if (NULL != handle->redirect_prefix) + GNUNET_free (handle->redirect_prefix); + if (NULL != handle->redirect_suffix) + GNUNET_free (handle->redirect_suffix); if (NULL != handle->emsg) GNUNET_free (handle->emsg); if (NULL != handle->edesc) GNUNET_free (handle->edesc); + if (NULL != handle->gns_op) + GNUNET_GNS_lookup_cancel (handle->gns_op); + if (NULL != handle->gns_handle) + GNUNET_GNS_disconnect (handle->gns_handle); + if (NULL != handle->namestore_handle) GNUNET_NAMESTORE_disconnect (handle->namestore_handle); if (NULL != handle->oidc) @@ -812,7 +841,7 @@ parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; struct GNUNET_CRYPTO_EcdsaSignature signature; size_t signature_payload_len; - + code_output = NULL; GNUNET_STRINGS_base64_decode (code, strlen(code), @@ -978,10 +1007,7 @@ get_client_name_result (void *cls, char *redirect_uri; char *code_json_string; char *code_base64_final_string; - char *redirect_path; - char *tmp; - char *tmp_prefix; - char *prefix; + ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); //TODO change if more attributes are needed (see max_age) @@ -989,33 +1015,25 @@ get_client_name_result (void *cls, &handle->ticket, handle->oidc->nonce); code_base64_final_string = base_64_encode(code_json_string); - tmp = GNUNET_strdup (handle->oidc->redirect_uri); - redirect_path = strtok (tmp, "/"); - redirect_path = strtok (NULL, "/"); - redirect_path = strtok (NULL, "/"); - tmp_prefix = GNUNET_strdup (handle->oidc->redirect_uri); - prefix = strrchr (tmp_prefix, - (unsigned char) '.'); - *prefix = '\0'; GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", - tmp_prefix, + handle->redirect_prefix, handle->tld, - redirect_path, + handle->redirect_suffix, handle->oidc->response_type, code_base64_final_string, handle->oidc->state); resp = GNUNET_REST_create_response (""); MHD_add_response_header (resp, "Location", redirect_uri); handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); - GNUNET_free (tmp); - GNUNET_free (tmp_prefix); GNUNET_free (redirect_uri); GNUNET_free (ticket_str); GNUNET_free (code_json_string); GNUNET_free (code_base64_final_string); return; + } + static void get_client_name_error (void *cls) { @@ -1026,6 +1044,52 @@ get_client_name_error (void *cls) GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); } + +static void +lookup_redirect_uri_result (void *cls, + uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct RequestHandle *handle = cls; + char *tmp; + char *tmp_key_str; + char *pos; + struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone; + + handle->gns_op = NULL; + if (1 != rd_count) + { + handle->emsg = GNUNET_strdup("server_error"); + handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + return; + } + tmp = GNUNET_strdup (rd->data); + pos = strrchr (tmp, + (unsigned char) '.'); + *pos = '\0'; + handle->redirect_prefix = GNUNET_strdup (tmp); + tmp_key_str = pos + 1; + pos = strchr (tmp_key_str, + (unsigned char) '/'); + *pos = '\0'; + handle->redirect_suffix = GNUNET_strdup (pos + 1); + GNUNET_free (tmp); + + GNUNET_STRINGS_string_to_data (tmp_key_str, + strlen (tmp_key_str), + &redirect_zone, + sizeof (redirect_zone)); + + GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, + &handle->priv_key, + &redirect_zone, + &get_client_name_error, + handle, + &get_client_name_result, + handle); +} + /** * Issues ticket and redirects to relying party with the authorization code as * parameter. Otherwise redirects with error @@ -1035,21 +1099,24 @@ oidc_ticket_issue_cb (void* cls, const struct GNUNET_RECLAIM_Ticket *ticket) { struct RequestHandle *handle = cls; + handle->idp_op = NULL; handle->ticket = *ticket; - if (NULL != ticket) { - GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, - &handle->priv_key, - &handle->oidc->client_pkey, - &get_client_name_error, - handle, - &get_client_name_result, - handle); + if (NULL == ticket) + { + handle->emsg = GNUNET_strdup("server_error"); + handle->edesc = GNUNET_strdup("Server cannot generate ticket."); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } - handle->emsg = GNUNET_strdup("server_error"); - handle->edesc = GNUNET_strdup("Server cannot generate ticket."); - GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); + handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle, + handle->oidc->redirect_uri, + &handle->oidc->client_pkey, + GNUNET_DNSPARSER_TYPE_TXT, + GNUNET_GNS_LO_DEFAULT, + &lookup_redirect_uri_result, + handle); + } static void @@ -2148,6 +2215,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, handle->identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, handle); + handle->gns_handle = GNUNET_GNS_connect (cfg); handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg); handle->timeout_task = GNUNET_SCHEDULER_add_delayed (handle->timeout, -- cgit v1.2.3 From 98defb69b11bc6ca89cd1b5419de5036004626c4 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 22 Jul 2018 21:49:38 +0200 Subject: fix build --- src/reclaim/Makefile.am | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am index c13c68763..91a041f91 100644 --- a/src/reclaim/Makefile.am +++ b/src/reclaim/Makefile.am @@ -29,7 +29,7 @@ pkgcfg_DATA = \ reclaim.conf lib_LTLIBRARIES = \ - libgnunetidentityprovider.la + libgnunetreclaim.la plugin_LTLIBRARIES = \ libgnunet_plugin_rest_reclaim.la \ libgnunet_plugin_rest_openid_connect.la \ @@ -53,7 +53,7 @@ libgnunet_plugin_gnsrecord_reclaim_la_LDFLAGS = \ libgnunet_plugin_reclaim_sqlite_la_SOURCES = \ plugin_reclaim_sqlite.c libgnunet_plugin_reclaim_sqlite_la_LIBADD = \ - libgnunetidentityprovider.la \ + libgnunetreclaim.la \ $(top_builddir)/src/sq/libgnunetsq.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \ @@ -74,17 +74,17 @@ gnunet_service_reclaim_LDADD = \ $(top_builddir)/src/abe/libgnunetabe.la \ $(top_builddir)/src/credential/libgnunetcredential.la \ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \ - libgnunetidentityprovider.la \ + libgnunetreclaim.la \ $(top_builddir)/src/gns/libgnunetgns.la \ $(GN_LIBINTL) -libgnunetidentityprovider_la_SOURCES = \ +libgnunetreclaim_la_SOURCES = \ reclaim_api.c \ reclaim.h -libgnunetidentityprovider_la_LIBADD = \ +libgnunetreclaim_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(GN_LIBINTL) $(XLIB) -libgnunetidentityprovider_la_LDFLAGS = \ +libgnunetreclaim_la_LDFLAGS = \ $(GN_LIB_LDFLAGS) $(WINFLAGS) \ -version-info 0:0:0 @@ -93,7 +93,7 @@ libgnunet_plugin_rest_reclaim_la_SOURCES = \ jwt.c libgnunet_plugin_rest_reclaim_la_LIBADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ - libgnunetidentityprovider.la \ + libgnunetreclaim.la \ $(top_builddir)/src/rest/libgnunetrest.la \ $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \ @@ -108,11 +108,13 @@ libgnunet_plugin_rest_openid_connect_la_SOURCES = \ jwt.c libgnunet_plugin_rest_openid_connect_la_LIBADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ - libgnunetidentityprovider.la \ + libgnunetreclaim.la \ $(top_builddir)/src/rest/libgnunetrest.la \ $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ + $(top_builddir)/src/gns/libgnunetgns.la \ + $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ $(LTLIBINTL) -ljansson -lmicrohttpd libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \ @@ -123,7 +125,7 @@ gnunet_reclaim_SOURCES = \ gnunet_reclaim_LDADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ - libgnunetidentityprovider.la \ + libgnunetreclaim.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \ $(GN_LIBINTL) -- cgit v1.2.3 From 97b5905aac2954fd0ce618b86ae80d11671fa1ba Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 23 Jul 2018 12:42:18 +0200 Subject: refactoring of OIDC plugin --- src/reclaim/Makefile.am | 5 +- src/reclaim/jwt.c | 201 ------------ src/reclaim/jwt.h | 23 -- src/reclaim/oidc_helper.c | 440 +++++++++++++++++++++++++ src/reclaim/oidc_helper.h | 109 +++++++ src/reclaim/plugin_rest_openid_connect.c | 531 +++++++++++-------------------- 6 files changed, 737 insertions(+), 572 deletions(-) delete mode 100644 src/reclaim/jwt.h create mode 100644 src/reclaim/oidc_helper.c create mode 100644 src/reclaim/oidc_helper.h diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am index 91a041f91..2ee43d21a 100644 --- a/src/reclaim/Makefile.am +++ b/src/reclaim/Makefile.am @@ -89,8 +89,7 @@ libgnunetreclaim_la_LDFLAGS = \ -version-info 0:0:0 libgnunet_plugin_rest_reclaim_la_SOURCES = \ - plugin_rest_reclaim.c \ - jwt.c + plugin_rest_reclaim.c libgnunet_plugin_rest_reclaim_la_LIBADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ libgnunetreclaim.la \ @@ -105,7 +104,7 @@ libgnunet_plugin_rest_reclaim_la_LDFLAGS = \ libgnunet_plugin_rest_openid_connect_la_SOURCES = \ plugin_rest_openid_connect.c \ - jwt.c + oidc_helper.c libgnunet_plugin_rest_openid_connect_la_LIBADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ libgnunetreclaim.la \ diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index 94db19b14..8b1378917 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c @@ -1,202 +1 @@ -/* - This file is part of GNUnet - Copyright (C) 2010-2015 GNUnet e.V. - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - */ - -/** - * @file reclaim/jwt.c - * @brief helper library for JSON-Web-Tokens - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_signatures.h" -#include "gnunet_reclaim_attribute_lib.h" -#include - - -#define JWT_ALG "alg" - -/* Use 512bit HMAC */ -#define JWT_ALG_VALUE "HS512" - -#define JWT_TYP "typ" - -#define JWT_TYP_VALUE "jwt" - -#define SERVER_ADDRESS "https://reclaim.id" - -static char* -create_jwt_header(void) -{ - json_t *root; - char *json_str; - - root = json_object (); - json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); - json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); - - json_str = json_dumps (root, JSON_INDENT(0) | JSON_COMPACT); - json_decref (root); - return json_str; -} - -static void -replace_char(char* str, char find, char replace){ - char *current_pos = strchr(str,find); - while (current_pos){ - *current_pos = replace; - current_pos = strchr(current_pos,find); - } -} - -//RFC4648 -static void -fix_base64(char* str) { - char *padding; - //First, remove trailing padding '=' - padding = strtok(str, "="); - while (NULL != padding) - padding = strtok(NULL, "="); - - //Replace + with - - replace_char (str, '+', '-'); - - //Replace / with _ - replace_char (str, '/', '_'); - -} - -/** - * Create a JWT from attributes - * - * @param aud_key the public of the audience - * @param sub_key the public key of the subject - * @param attrs the attribute list - * @param expiration_time the validity of the token - * @param secret_key the key used to sign the JWT - * @return a new base64-encoded JWT string. - */ -char* -jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, - const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_TIME_Relative *expiration_time, - const char *nonce, - const char *secret_key) -{ - struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; - struct GNUNET_HashCode signature; - struct GNUNET_TIME_Absolute exp_time; - struct GNUNET_TIME_Absolute time_now; - char* audience; - char* subject; - char* header; - char* body_str; - char* result; - char* header_base64; - char* body_base64; - char* signature_target; - char* signature_base64; - char* attr_val_str; - json_t* body; - - //iat REQUIRED time now - time_now = GNUNET_TIME_absolute_get(); - //exp REQUIRED time expired from config - exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time); - //auth_time only if max_age - //nonce only if nonce - // OPTIONAL acr,amr,azp - subject = GNUNET_STRINGS_data_to_string_alloc (sub_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - header = create_jwt_header (); - body = json_object (); - - //iss REQUIRED case sensitive server uri with https - //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) - json_object_set_new (body, - "iss", json_string (SERVER_ADDRESS)); - //sub REQUIRED public key identity, not exceed 255 ASCII length - json_object_set_new (body, - "sub", json_string (subject)); - //aud REQUIRED public key client_id must be there - json_object_set_new (body, - "aud", json_string (audience)); - //iat - json_object_set_new (body, - "iat", json_integer (time_now.abs_value_us / (1000*1000))); - //exp - json_object_set_new (body, - "exp", json_integer (exp_time.abs_value_us / (1000*1000))); - //nbf - json_object_set_new (body, - "nbf", json_integer (time_now.abs_value_us / (1000*1000))); - //nonce - if (NULL != nonce) - json_object_set_new (body, - "nonce", json_string (nonce)); - - for (le = attrs->list_head; NULL != le; le = le->next) - { - attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, - le->claim->data, - le->claim->data_size); - json_object_set_new (body, - le->claim->name, - json_string (attr_val_str)); - GNUNET_free (attr_val_str); - } - body_str = json_dumps (body, JSON_INDENT(0) | JSON_COMPACT); - json_decref (body); - - GNUNET_STRINGS_base64_encode (header, - strlen (header), - &header_base64); - fix_base64(header_base64); - - GNUNET_STRINGS_base64_encode (body_str, - strlen (body_str), - &body_base64); - fix_base64(body_base64); - - GNUNET_free (subject); - GNUNET_free (audience); - - /** - * Creating the JWT signature. This might not be - * standards compliant, check. - */ - GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64); - GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature); - GNUNET_STRINGS_base64_encode ((const char*)&signature, - sizeof (struct GNUNET_HashCode), - &signature_base64); - fix_base64(signature_base64); - - GNUNET_asprintf (&result, "%s.%s.%s", - header_base64, body_base64, signature_base64); - - GNUNET_free (signature_target); - GNUNET_free (header); - GNUNET_free (body_str); - GNUNET_free (signature_base64); - GNUNET_free (body_base64); - GNUNET_free (header_base64); - return result; -} diff --git a/src/reclaim/jwt.h b/src/reclaim/jwt.h deleted file mode 100644 index 12ff85b01..000000000 --- a/src/reclaim/jwt.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef JWT_H -#define JWT_H - -/** - * Create a JWT from attributes - * - * @param aud_key the public of the audience - * @param sub_key the public key of the subject - * @param attrs the attribute list - * @param expiration_time the validity of the token - * @param nonce the nonce, may be NULL - * @param secret_key the key used to sign the JWT - * @return a new base64-encoded JWT string. - */ -char* -jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, - const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_TIME_Relative *expiration_time, - const char *nonce, - const char *secret_key); - -#endif diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c new file mode 100644 index 000000000..9a99c5668 --- /dev/null +++ b/src/reclaim/oidc_helper.c @@ -0,0 +1,440 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ + +/** + * @file reclaim/oidc_helper.c + * @brief helper library for OIDC related functions + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_signatures.h" +#include "gnunet_reclaim_service.h" +#include "gnunet_reclaim_attribute_lib.h" +#include +#include +#include "oidc_helper.h" + +static char* +create_jwt_header(void) +{ + json_t *root; + char *json_str; + + root = json_object (); + json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); + json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); + + json_str = json_dumps (root, JSON_INDENT(0) | JSON_COMPACT); + json_decref (root); + return json_str; +} + +static void +replace_char(char* str, char find, char replace){ + char *current_pos = strchr(str,find); + while (current_pos){ + *current_pos = replace; + current_pos = strchr(current_pos,find); + } +} + +//RFC4648 +static void +fix_base64(char* str) { + char *padding; + //First, remove trailing padding '=' + padding = strtok(str, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + //Replace + with - + replace_char (str, '+', '-'); + + //Replace / with _ + replace_char (str, '/', '_'); + +} + +/** + * Create a JWT from attributes + * + * @param aud_key the public of the audience + * @param sub_key the public key of the subject + * @param attrs the attribute list + * @param expiration_time the validity of the token + * @param secret_key the key used to sign the JWT + * @return a new base64-encoded JWT string. + */ +char* +OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_TIME_Relative *expiration_time, + const char *nonce, + const char *secret_key) +{ + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_HashCode signature; + struct GNUNET_TIME_Absolute exp_time; + struct GNUNET_TIME_Absolute time_now; + char* audience; + char* subject; + char* header; + char* body_str; + char* result; + char* header_base64; + char* body_base64; + char* signature_target; + char* signature_base64; + char* attr_val_str; + json_t* body; + + //iat REQUIRED time now + time_now = GNUNET_TIME_absolute_get(); + //exp REQUIRED time expired from config + exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time); + //auth_time only if max_age + //nonce only if nonce + // OPTIONAL acr,amr,azp + subject = GNUNET_STRINGS_data_to_string_alloc (sub_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + header = create_jwt_header (); + body = json_object (); + + //iss REQUIRED case sensitive server uri with https + //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) + json_object_set_new (body, + "iss", json_string (SERVER_ADDRESS)); + //sub REQUIRED public key identity, not exceed 255 ASCII length + json_object_set_new (body, + "sub", json_string (subject)); + //aud REQUIRED public key client_id must be there + json_object_set_new (body, + "aud", json_string (audience)); + //iat + json_object_set_new (body, + "iat", json_integer (time_now.abs_value_us / (1000*1000))); + //exp + json_object_set_new (body, + "exp", json_integer (exp_time.abs_value_us / (1000*1000))); + //nbf + json_object_set_new (body, + "nbf", json_integer (time_now.abs_value_us / (1000*1000))); + //nonce + if (NULL != nonce) + json_object_set_new (body, + "nonce", json_string (nonce)); + + for (le = attrs->list_head; NULL != le; le = le->next) + { + attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, + le->claim->data, + le->claim->data_size); + json_object_set_new (body, + le->claim->name, + json_string (attr_val_str)); + GNUNET_free (attr_val_str); + } + body_str = json_dumps (body, JSON_INDENT(0) | JSON_COMPACT); + json_decref (body); + + GNUNET_STRINGS_base64_encode (header, + strlen (header), + &header_base64); + fix_base64(header_base64); + + GNUNET_STRINGS_base64_encode (body_str, + strlen (body_str), + &body_base64); + fix_base64(body_base64); + + GNUNET_free (subject); + GNUNET_free (audience); + + /** + * Creating the JWT signature. This might not be + * standards compliant, check. + */ + GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64); + GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature); + GNUNET_STRINGS_base64_encode ((const char*)&signature, + sizeof (struct GNUNET_HashCode), + &signature_base64); + fix_base64(signature_base64); + + GNUNET_asprintf (&result, "%s.%s.%s", + header_base64, body_base64, signature_base64); + + GNUNET_free (signature_target); + GNUNET_free (header); + GNUNET_free (body_str); + GNUNET_free (signature_base64); + GNUNET_free (body_base64); + GNUNET_free (header_base64); + return result; +} +/** + * Builds an OIDC authorization code including + * a reclaim ticket and nonce + * + * @param issuer the issuer of the ticket, used to sign the ticket and nonce + * @param ticket the ticket to include in the code + * @param nonce the nonce to include in the code + * @return a new authorization code (caller must free) + */ +char* +OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, + const struct GNUNET_RECLAIM_Ticket *ticket, + const char* nonce) +{ + char *ticket_str; + json_t *code_json; + char *signature_payload; + char *signature_str; + char *authz_code; + size_t signature_payload_len; + struct GNUNET_CRYPTO_EcdsaSignature signature; + struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; + + signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket); + if (NULL != nonce) + signature_payload_len += strlen (nonce); + + signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); + purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload; + purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); + purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); + memcpy (&purpose[1], + ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + if (NULL != nonce) + memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), + nonce, + strlen (nonce)); + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer, + purpose, + &signature)) + { + GNUNET_free (signature_payload); + return NULL; + } + signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature, + sizeof (signature)); + ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + + code_json = json_object (); + json_object_set_new (code_json, + "ticket", + json_string (ticket_str)); + if (NULL != nonce) + json_object_set_new (code_json, + "nonce", + json_string (nonce)); + json_object_set_new (code_json, + "signature", + json_string (signature_str)); + authz_code = json_dumps (code_json, + JSON_INDENT(0) | JSON_COMPACT); + GNUNET_free (signature_payload); + GNUNET_free (signature_str); + GNUNET_free (ticket_str); + json_decref (code_json); + return authz_code; +} + + + + +/** + * Parse reclaim ticket and nonce from + * authorization code. + * This also verifies the signature in the code. + * + * @param audience the expected audience of the code + * @param code the string representation of the code + * @param ticket where to store the ticket + * @param nonce where to store the nonce + * @return GNUNET_OK if successful, else GNUNET_SYSERR + */ +int +OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, + const char* code, + struct GNUNET_RECLAIM_Ticket **ticket, + char **nonce) +{ + json_error_t error; + json_t *code_json; + json_t *ticket_json; + json_t *nonce_json; + json_t *signature_json; + const char *ticket_str; + const char *signature_str; + const char *nonce_str; + char *code_output; + struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; + struct GNUNET_CRYPTO_EcdsaSignature signature; + size_t signature_payload_len; + + code_output = NULL; + GNUNET_STRINGS_base64_decode (code, + strlen(code), + (void**)&code_output); + code_json = json_loads (code_output, 0 , &error); + GNUNET_free (code_output); + ticket_json = json_object_get (code_json, "ticket"); + nonce_json = json_object_get (code_json, "nonce"); + signature_json = json_object_get (code_json, "signature"); + *ticket = NULL; + *nonce = NULL; + + if ((NULL == ticket_json || !json_is_string (ticket_json)) || + (NULL == signature_json || !json_is_string (signature_json))) + { + json_decref (code_json); + return GNUNET_SYSERR; + } + ticket_str = json_string_value (ticket_json); + signature_str = json_string_value (signature_json); + nonce_str = NULL; + if (NULL != nonce_json) + nonce_str = json_string_value (nonce_json); + signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket); + if (NULL != nonce_str) + signature_payload_len += strlen (nonce_str); + purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + signature_payload_len); + purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); + purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); + if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ticket_str, + strlen (ticket_str), + &purpose[1], + sizeof (struct GNUNET_RECLAIM_Ticket))) + { + GNUNET_free (purpose); + json_decref (code_json); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot parse ticket!\n"); + return GNUNET_SYSERR; + } + if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_str, + strlen (signature_str), + &signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature))) + { + GNUNET_free (purpose); + json_decref (code_json); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot parse signature!\n"); + return GNUNET_SYSERR; + } + *ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); + memcpy (*ticket, + &purpose[1], + sizeof (struct GNUNET_RECLAIM_Ticket)); + if (0 != memcmp (audience, + &(*ticket)->audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + { + GNUNET_free (purpose); + GNUNET_free (*ticket); + json_decref (code_json); + *ticket = NULL; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Audience in ticket does not match client!\n"); + return GNUNET_SYSERR; + + } + if (NULL != nonce_str) + memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), + nonce_str, + strlen (nonce_str)); + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, + purpose, + &signature, + &(*ticket)->identity)) + { + GNUNET_free (purpose); + GNUNET_free (*ticket); + json_decref (code_json); + *ticket = NULL; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Signature of authZ code invalid!\n"); + return GNUNET_SYSERR; + } + *nonce = GNUNET_strdup (nonce_str); + return GNUNET_OK; +} + +/** + * Build a token response for a token request + * TODO: Maybe we should add the scope here? + * + * @param access_token the access token to include + * @param id_token the id_token to include + * @param expiration_time the expiration time of the token(s) + * @param token_response where to store the response + */ +void +OIDC_build_token_response (const char *access_token, + const char *id_token, + const struct GNUNET_TIME_Relative *expiration_time, + char **token_response) +{ + json_t *root_json; + + root_json = json_object (); + + GNUNET_assert (NULL != access_token); + GNUNET_assert (NULL != id_token); + GNUNET_assert (NULL != expiration_time); + json_object_set_new (root_json, + "access_token", + json_string (access_token)); + json_object_set_new (root_json, + "token_type", + json_string ("Bearer")); + json_object_set_new (root_json, + "expires_in", + json_integer (expiration_time->rel_value_us / (1000 * 1000))); + json_object_set_new (root_json, + "id_token", + json_string (id_token)); + *token_response = json_dumps (root_json, + JSON_INDENT(0) | JSON_COMPACT); + json_decref (root_json); +} + +/** + * Generate a new access token + */ +char* +OIDC_access_token_new () +{ + char* access_token_number; + char* access_token; + uint64_t random_number; + + random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX); + GNUNET_asprintf (&access_token_number, "%" PRIu64, random_number); + GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token); + return access_token; +} diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h new file mode 100644 index 000000000..7a0f45bf9 --- /dev/null +++ b/src/reclaim/oidc_helper.h @@ -0,0 +1,109 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ + +/** + * @file reclaim/oidc_helper.h + * @brief helper library for OIDC related functions + * @author Martin Schanzenbach + */ + +#ifndef JWT_H +#define JWT_H + +#define JWT_ALG "alg" + +/* Use 512bit HMAC */ +#define JWT_ALG_VALUE "HS512" + +#define JWT_TYP "typ" + +#define JWT_TYP_VALUE "jwt" + +#define SERVER_ADDRESS "https://reclaim.id" + +/** + * Create a JWT from attributes + * + * @param aud_key the public of the audience + * @param sub_key the public key of the subject + * @param attrs the attribute list + * @param expiration_time the validity of the token + * @param secret_key the key used to sign the JWT + * @return a new base64-encoded JWT string. + */ +char* +OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, + const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_TIME_Relative *expiration_time, + const char *nonce, + const char *secret_key); + +/** + * Builds an OIDC authorization code including + * a reclaim ticket and nonce + * + * @param issuer the issuer of the ticket, used to sign the ticket and nonce + * @param ticket the ticket to include in the code + * @param nonce the nonce to include in the code + * @return a new authorization code (caller must free) + */ +char* +OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, + const struct GNUNET_RECLAIM_Ticket *ticket, + const char* nonce); + +/** + * Parse reclaim ticket and nonce from + * authorization code. + * This also verifies the signature in the code. + * + * @param audience the expected audience of the code + * @param code the string representation of the code + * @param ticket where to store the ticket + * @param nonce where to store the nonce + * @return GNUNET_OK if successful, else GNUNET_SYSERR + */ +int +OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, + const char* code, + struct GNUNET_RECLAIM_Ticket **ticket, + char **nonce); + +/** + * Build a token response for a token request + * TODO: Maybe we should add the scope here? + * + * @param access_token the access token to include + * @param id_token the id_token to include + * @param expiration_time the expiration time of the token(s) + * @param token_response where to store the response + */ +void +OIDC_build_token_response (const char *access_token, + const char *id_token, + const struct GNUNET_TIME_Relative *expiration_time, + char **token_response); +/** + * Generate a new access token + */ +char* +OIDC_access_token_new (); + + +#endif diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 0f746f988..06815d9d1 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -38,7 +38,7 @@ #include "gnunet_signatures.h" #include "gnunet_reclaim_attribute_lib.h" #include "gnunet_reclaim_service.h" -#include "jwt.h" +#include "oidc_helper.h" /** * REST root namespace @@ -823,177 +823,6 @@ oidc_iteration_error (void *cls) GNUNET_SCHEDULER_add_now (&do_error, handle); } -static int -parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, - const char* code, - struct GNUNET_RECLAIM_Ticket **ticket, - char **nonce) -{ - json_error_t error; - json_t *code_json; - json_t *ticket_json; - json_t *nonce_json; - json_t *signature_json; - const char *ticket_str; - const char *signature_str; - const char *nonce_str; - char *code_output; - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - struct GNUNET_CRYPTO_EcdsaSignature signature; - size_t signature_payload_len; - - code_output = NULL; - GNUNET_STRINGS_base64_decode (code, - strlen(code), - (void**)&code_output); - code_json = json_loads (code_output, 0 , &error); - GNUNET_free (code_output); - ticket_json = json_object_get (code_json, "ticket"); - nonce_json = json_object_get (code_json, "nonce"); - signature_json = json_object_get (code_json, "signature"); - *ticket = NULL; - *nonce = NULL; - - if ((NULL == ticket_json || !json_is_string (ticket_json)) || - (NULL == signature_json || !json_is_string (signature_json))) - { - json_decref (code_json); - return GNUNET_SYSERR; - } - ticket_str = json_string_value (ticket_json); - signature_str = json_string_value (signature_json); - nonce_str = NULL; - if (NULL != nonce_json) - nonce_str = json_string_value (nonce_json); - signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket); - if (NULL != nonce_str) - signature_payload_len += strlen (nonce_str); - purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - signature_payload_len); - purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); - purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); - if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ticket_str, - strlen (ticket_str), - &purpose[1], - sizeof (struct GNUNET_RECLAIM_Ticket))) - { - GNUNET_free (purpose); - json_decref (code_json); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Cannot parse ticket!\n"); - return GNUNET_SYSERR; - } - if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_str, - strlen (signature_str), - &signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature))) - { - GNUNET_free (purpose); - json_decref (code_json); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Cannot parse signature!\n"); - return GNUNET_SYSERR; - } - *ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); - memcpy (*ticket, - &purpose[1], - sizeof (struct GNUNET_RECLAIM_Ticket)); - if (0 != memcmp (audience, - &(*ticket)->audience, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - { - GNUNET_free (purpose); - GNUNET_free (*ticket); - json_decref (code_json); - *ticket = NULL; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Audience in ticket does not match client!\n"); - return GNUNET_SYSERR; - - } - if (NULL != nonce_str) - memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), - nonce_str, - strlen (nonce_str)); - if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, - purpose, - &signature, - &(*ticket)->identity)) - { - GNUNET_free (purpose); - GNUNET_free (*ticket); - json_decref (code_json); - *ticket = NULL; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Signature of authZ code invalid!\n"); - return GNUNET_SYSERR; - } - *nonce = GNUNET_strdup (nonce_str); - return GNUNET_OK; -} - -static char* -build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, - const struct GNUNET_RECLAIM_Ticket *ticket, - const char* nonce) -{ - char *ticket_str; - json_t *code_json; - char *signature_payload; - char *signature_str; - char *authz_code; - size_t signature_payload_len; - struct GNUNET_CRYPTO_EcdsaSignature signature; - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - - signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket); - if (NULL != nonce) - signature_payload_len += strlen (nonce); - - signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); - purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload; - purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len); - purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); - memcpy (&purpose[1], - ticket, - sizeof (struct GNUNET_RECLAIM_Ticket)); - if (NULL != nonce) - memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), - nonce, - strlen (nonce)); - if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer, - purpose, - &signature)) - { - GNUNET_free (signature_payload); - return NULL; - } - signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature, - sizeof (signature)); - ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, - sizeof (struct GNUNET_RECLAIM_Ticket)); - - code_json = json_object (); - json_object_set_new (code_json, - "ticket", - json_string (ticket_str)); - if (NULL != nonce) - json_object_set_new (code_json, - "nonce", - json_string (nonce)); - json_object_set_new (code_json, - "signature", - json_string (signature_str)); - authz_code = json_dumps (code_json, - JSON_INDENT(0) | JSON_COMPACT); - GNUNET_free (signature_payload); - GNUNET_free (signature_str); - GNUNET_free (ticket_str); - json_decref (code_json); - return authz_code; -} - - static void get_client_name_result (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, @@ -1011,9 +840,9 @@ get_client_name_result (void *cls, ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); //TODO change if more attributes are needed (see max_age) - code_json_string = build_authz_code (&handle->priv_key, - &handle->ticket, - handle->oidc->nonce); + code_json_string = OIDC_build_authz_code (&handle->priv_key, + &handle->ticket, + handle->oidc->nonce); code_base64_final_string = base_64_encode(code_json_string); GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", handle->redirect_prefix, @@ -1532,36 +1361,19 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, return; } -/** - * Responds to token url-encoded POST request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) +static int +check_authorization (struct RequestHandle *handle, + struct GNUNET_CRYPTO_EcdsaPublicKey *cid) { - //TODO static strings - struct RequestHandle *handle = cls; struct GNUNET_HashCode cache_key; - char *authorization, *credentials; - char delimiter[]=" "; - char delimiter_user_psw[]=":"; - char *grant_type, *code; - char *user_psw = NULL, *client_id, *psw; - char *expected_psw; + char *authorization; + char *credentials; + char *basic_authorization; + char *client_id; + char *pass; + char *expected_pass; int client_exists = GNUNET_NO; - struct MHD_Response *resp; - char *json_response; - char *jwt_secret; - char *nonce; - /* - * Check Authorization - */ GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, strlen (OIDC_AUTHORIZATION_HEADER_KEY), &cache_key); @@ -1571,80 +1383,75 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, handle->emsg=GNUNET_strdup("invalid_client"); handle->edesc=GNUNET_strdup("missing authorization"); handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; + return GNUNET_SYSERR; } - authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); + authorization = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, + &cache_key); //split header in "Basic" and [content] - credentials = strtok (authorization, delimiter); - if (0 != strcmp ("Basic",credentials)) + credentials = strtok (authorization, " "); + if (0 != strcmp ("Basic", credentials)) { handle->emsg=GNUNET_strdup("invalid_client"); handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; + return GNUNET_SYSERR; } - credentials = strtok(NULL, delimiter); + credentials = strtok(NULL, " "); if (NULL == credentials) { handle->emsg=GNUNET_strdup("invalid_client"); handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; + return GNUNET_SYSERR; } - GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), (void**)&user_psw); + GNUNET_STRINGS_base64_decode (credentials, + strlen (credentials), + (void**)&basic_authorization); - if ( NULL == user_psw ) + if ( NULL == basic_authorization ) { handle->emsg=GNUNET_strdup("invalid_client"); handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; + return GNUNET_SYSERR; } - client_id = strtok (user_psw, delimiter_user_psw); + client_id = strtok (basic_authorization, ":"); if ( NULL == client_id ) { - GNUNET_free_non_null(user_psw); + GNUNET_free_non_null(basic_authorization); handle->emsg=GNUNET_strdup("invalid_client"); handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; + return GNUNET_SYSERR; } - psw = strtok (NULL, delimiter_user_psw); - if (NULL == psw) + pass = strtok (NULL, ":"); + if (NULL == pass) { - GNUNET_free_non_null(user_psw); + GNUNET_free_non_null(basic_authorization); handle->emsg=GNUNET_strdup("invalid_client"); handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; + return GNUNET_SYSERR; } //check client password if ( GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", - "psw", &expected_psw) ) + "psw", &expected_pass) ) { - if (0 != strcmp (expected_psw, psw)) + if (0 != strcmp (expected_pass, pass)) { - GNUNET_free_non_null(user_psw); - GNUNET_free(expected_psw); + GNUNET_free_non_null(basic_authorization); + GNUNET_free(expected_pass); handle->emsg=GNUNET_strdup("invalid_client"); handle->response_code = MHD_HTTP_UNAUTHORIZED; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; + return GNUNET_SYSERR; } - GNUNET_free(expected_psw); + GNUNET_free(expected_pass); } else { - GNUNET_free_non_null(user_psw); + GNUNET_free_non_null(basic_authorization); handle->emsg = GNUNET_strdup("server_error"); handle->edesc = GNUNET_strdup ("gnunet configuration failed"); handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; + return GNUNET_SYSERR; } //check client_id @@ -1659,9 +1466,108 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } if (GNUNET_NO == client_exists) { - GNUNET_free_non_null(user_psw); + GNUNET_free_non_null(basic_authorization); handle->emsg=GNUNET_strdup("invalid_client"); handle->response_code = MHD_HTTP_UNAUTHORIZED; + return GNUNET_SYSERR; + } + GNUNET_STRINGS_string_to_data (client_id, + strlen(client_id), + cid, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + + GNUNET_free (client_id); + GNUNET_free (basic_authorization); + return GNUNET_OK; +} + +static int +ego_exists (struct RequestHandle *handle, + struct GNUNET_CRYPTO_EcdsaPublicKey *test_key) +{ + struct EgoEntry *ego_entry; + struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; + + for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) + { + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); + if (0 == memcmp (&pub_key, + test_key, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) + { + break; + } + } + if (NULL == ego_entry) + return GNUNET_NO; + return GNUNET_YES; +} + +static void +store_ticket_reference (const struct RequestHandle *handle, + const char* access_token, + const struct GNUNET_RECLAIM_Ticket *ticket, + const struct GNUNET_CRYPTO_EcdsaPublicKey *cid) +{ + struct GNUNET_HashCode cache_key; + char *id_ticket_combination; + char *ticket_string; + char *client_id; + + GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key); + client_id = GNUNET_STRINGS_data_to_string_alloc (cid, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket, + sizeof (struct GNUNET_RECLAIM_Ticket)); + GNUNET_asprintf(&id_ticket_combination, + "%s;%s", + client_id, + ticket_string); + GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token, + &cache_key, + id_ticket_combination, + GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); + + GNUNET_free (client_id); + GNUNET_free (ticket_string); +} + +/** + * Responds to token url-encoded POST request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + struct RequestHandle *handle = cls; + struct GNUNET_TIME_Relative expiration_time; + struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl; + struct GNUNET_RECLAIM_Ticket *ticket; + struct GNUNET_CRYPTO_EcdsaPublicKey cid; + struct GNUNET_HashCode cache_key; + struct MHD_Response *resp; + char *grant_type; + char *code; + char *json_response; + char *id_token; + char *access_token; + char *jwt_secret; + char *nonce; + int i = 1; + + /* + * Check Authorization + */ + if (GNUNET_SYSERR == check_authorization (handle, + &cid)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "OIDC authorization for token endpoint failed\n"); GNUNET_SCHEDULER_add_now (&do_error, handle); return; } @@ -1673,27 +1579,25 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, //TODO Do not allow multiple equal parameter names //REQUIRED grant_type GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key); - if ( GNUNET_NO - == GNUNET_CONTAINER_multihashmap_contains ( - handle->rest_handle->url_param_map, &cache_key) ) + if (GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &cache_key)) { - GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("invalid_request"); handle->edesc = GNUNET_strdup("missing parameter grant_type"); handle->response_code = MHD_HTTP_BAD_REQUEST; GNUNET_SCHEDULER_add_now (&do_error, handle); return; } - grant_type = GNUNET_CONTAINER_multihashmap_get ( - handle->rest_handle->url_param_map, &cache_key); + grant_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, + &cache_key); //REQUIRED code GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key); - if ( GNUNET_NO - == GNUNET_CONTAINER_multihashmap_contains ( - handle->rest_handle->url_param_map, &cache_key) ) + if (GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &cache_key)) { - GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("invalid_request"); handle->edesc = GNUNET_strdup("missing parameter code"); handle->response_code = MHD_HTTP_BAD_REQUEST; @@ -1706,11 +1610,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, //REQUIRED redirect_uri GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), &cache_key); - if ( GNUNET_NO - == GNUNET_CONTAINER_multihashmap_contains ( - handle->rest_handle->url_param_map, &cache_key) ) + if (GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &cache_key) ) { - GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("invalid_request"); handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); handle->response_code = MHD_HTTP_BAD_REQUEST; @@ -1721,21 +1624,18 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, //Check parameter grant_type == "authorization_code" if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) { - GNUNET_free_non_null(user_psw); handle->emsg=GNUNET_strdup("unsupported_grant_type"); handle->response_code = MHD_HTTP_BAD_REQUEST; GNUNET_SCHEDULER_add_now (&do_error, handle); return; } GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); - int i = 1; - if ( GNUNET_SYSERR - == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, - &cache_key, - &i, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) + if (GNUNET_SYSERR == + GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, + &cache_key, + &i, + GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) { - GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("invalid_request"); handle->edesc = GNUNET_strdup("Cannot use the same code more than once"); handle->response_code = MHD_HTTP_BAD_REQUEST; @@ -1744,18 +1644,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, } //decode code - struct GNUNET_CRYPTO_EcdsaPublicKey cid; - GNUNET_STRINGS_string_to_data (client_id, - strlen(client_id), - &cid, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - struct GNUNET_RECLAIM_Ticket *ticket; - if(GNUNET_OK != parse_authz_code (&cid, - code, - &ticket, - &nonce)) + if(GNUNET_OK != OIDC_parse_authz_code (&cid, + code, + &ticket, + &nonce)) { - GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("invalid_request"); handle->edesc = GNUNET_strdup("invalid code"); handle->response_code = MHD_HTTP_BAD_REQUEST; @@ -1763,27 +1656,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } - // this is the current client (relying party) - struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; - GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); - if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) - { - GNUNET_free_non_null(user_psw); - handle->emsg = GNUNET_strdup("invalid_request"); - handle->edesc = GNUNET_strdup("invalid code"); - handle->response_code = MHD_HTTP_BAD_REQUEST; - GNUNET_SCHEDULER_add_now (&do_error, handle); - GNUNET_free(ticket); - return; - } - //create jwt - struct GNUNET_TIME_Relative expiration_time; - if ( GNUNET_OK - != GNUNET_CONFIGURATION_get_value_time(cfg, "reclaim-rest-plugin", - "expiration_time", &expiration_time) ) + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_time(cfg, + "reclaim-rest-plugin", + "expiration_time", + &expiration_time)) { - GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("server_error"); handle->edesc = GNUNET_strdup ("gnunet configuration failed"); handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; @@ -1792,34 +1671,21 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, return; } - struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); //TODO OPTIONAL acr,amr,azp - - struct EgoEntry *ego_entry; - for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) - { - GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); - if (0 == memcmp (&pub_key, &ticket->audience, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) - { - break; - } - } - if ( NULL == ego_entry ) + if (GNUNET_NO == ego_exists (handle, + &ticket->audience)) { - GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("invalid_request"); handle->edesc = GNUNET_strdup("invalid code..."); handle->response_code = MHD_HTTP_BAD_REQUEST; GNUNET_SCHEDULER_add_now (&do_error, handle); GNUNET_free(ticket); - return; } if ( GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin", "jwt_secret", &jwt_secret) ) { - GNUNET_free_non_null(user_psw); handle->emsg = GNUNET_strdup("invalid_request"); handle->edesc = GNUNET_strdup("No signing secret configured!"); handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; @@ -1827,56 +1693,31 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, GNUNET_free(ticket); return; } - char *id_token = jwt_create_from_list(&ticket->audience, - &ticket->identity, - cl, - &expiration_time, - (NULL != nonce) ? nonce : NULL, - jwt_secret); - - //Create random access_token - char* access_token_number; - char* access_token; - uint64_t random_number; - random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX); - GNUNET_asprintf(&access_token_number, "%" PRIu64, random_number); - GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token); - - - - //TODO OPTIONAL add refresh_token and scope - GNUNET_asprintf (&json_response, - "{ \"access_token\" : \"%s\", " - "\"token_type\" : \"Bearer\", " - "\"expires_in\" : %d, " - "\"id_token\" : \"%s\"}", - access_token, - expiration_time, - id_token); - GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key); - char *id_ticket_combination; - char *ticket_string; - ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket, - sizeof (struct GNUNET_RECLAIM_Ticket)); - GNUNET_asprintf(&id_ticket_combination, - "%s;%s", - client_id, - ticket_string); - GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token, - &cache_key, - id_ticket_combination, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); - + //TODO We should collect the attributes here. cl always empty + cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); + id_token = OIDC_id_token_new (&ticket->audience, + &ticket->identity, + cl, + &expiration_time, + (NULL != nonce) ? nonce : NULL, + jwt_secret); + access_token = OIDC_access_token_new (); + OIDC_build_token_response (access_token, + id_token, + &expiration_time, + &json_response); + + store_ticket_reference (handle, + access_token, + ticket, + &cid); resp = GNUNET_REST_create_response (json_response); MHD_add_response_header (resp, "Cache-Control", "no-store"); MHD_add_response_header (resp, "Pragma", "no-cache"); MHD_add_response_header (resp, "Content-Type", "application/json"); handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl); - GNUNET_free(access_token_number); GNUNET_free(access_token); - GNUNET_free(user_psw); GNUNET_free(json_response); GNUNET_free(ticket); GNUNET_free(id_token); -- cgit v1.2.3 From 6c4bd20776ce2dd060beee9abd7baaf7d38c4988 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 23 Jul 2018 13:32:54 +0200 Subject: fixes --- src/reclaim/oidc_helper.c | 4 ++-- src/reclaim/plugin_rest_openid_connect.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 9a99c5668..5ad1ff0a0 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c @@ -364,8 +364,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, } if (NULL != nonce_str) - memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), - nonce_str, + memcpy (nonce_str, + &purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), strlen (nonce_str)); if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, purpose, diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 06815d9d1..1846df901 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -903,8 +903,7 @@ lookup_redirect_uri_result (void *cls, (unsigned char) '/'); *pos = '\0'; handle->redirect_suffix = GNUNET_strdup (pos + 1); - GNUNET_free (tmp); - + GNUNET_STRINGS_string_to_data (tmp_key_str, strlen (tmp_key_str), &redirect_zone, @@ -917,6 +916,8 @@ lookup_redirect_uri_result (void *cls, handle, &get_client_name_result, handle); + GNUNET_free (tmp); + } /** @@ -1476,7 +1477,6 @@ check_authorization (struct RequestHandle *handle, cid, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - GNUNET_free (client_id); GNUNET_free (basic_authorization); return GNUNET_OK; } -- cgit v1.2.3 From e3383d7cd239905487bfae46967256bb2a1a98ab Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 23 Jul 2018 13:55:18 +0200 Subject: fix --- src/reclaim/oidc_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 5ad1ff0a0..f63e38e9a 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c @@ -226,7 +226,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); if (NULL != nonce) - memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), + memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket), nonce, strlen (nonce)); if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer, @@ -365,7 +365,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, } if (NULL != nonce_str) memcpy (nonce_str, - &purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), + ((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket), strlen (nonce_str)); if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, purpose, -- cgit v1.2.3 From a84e3a97d067bb36d350ee6acb09772fcda37127 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 23 Jul 2018 14:10:33 +0200 Subject: fix signature check --- src/reclaim/oidc_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index f63e38e9a..1e9e64fec 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c @@ -364,8 +364,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, } if (NULL != nonce_str) - memcpy (nonce_str, - ((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket), + memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket), + nonce_str, strlen (nonce_str)); if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, purpose, -- cgit v1.2.3 From 5fb272d662eca0707b1a5c7747ae476f8157d332 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 23 Jul 2018 19:29:44 +0200 Subject: fix --- src/gns/plugin_rest_gns.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/gns/plugin_rest_gns.c b/src/gns/plugin_rest_gns.c index 2b729db54..e76a5d116 100644 --- a/src/gns/plugin_rest_gns.c +++ b/src/gns/plugin_rest_gns.c @@ -281,6 +281,15 @@ gnsrecord_to_json (const struct GNUNET_GNSRECORD_Data *rd) return record_obj; } + +static void +do_cleanup (void *cls) +{ + struct LookupHandle *handle = cls; + cleanup_handle (handle); +} + + /** * Function called with the result of a GNS lookup. * @@ -325,7 +334,7 @@ process_lookup_result (void *cls, uint32_t rd_count, resp = GNUNET_REST_create_response (result); handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); GNUNET_free (result); - cleanup_handle (handle); + GNUNET_SCHEDULER_add_now (&do_cleanup, handle); } -- cgit v1.2.3 From 94c9fde8f4136432bb4cbc99ba5102702279df14 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 23 Jul 2018 22:10:47 +0200 Subject: switch to gnsrecord reclaim records for OIDC clients --- src/include/gnunet_gnsrecord_lib.h | 10 +++++ src/reclaim/plugin_gnsrecord_reclaim.c | 6 +++ src/reclaim/plugin_rest_openid_connect.c | 65 ++++++++++++++++++-------------- 3 files changed, 53 insertions(+), 28 deletions(-) diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index 20846238b..693cc6cdb 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h @@ -131,6 +131,16 @@ extern "C" */ #define GNUNET_GNSRECORD_TYPE_ABE_MASTER 65551 +/** + * Record type for reclaim OIDC clients + */ +#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT 65552 + +/** + * Record type for reclaim OIDC redirect URIs + */ +#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT 65553 + /** * Flags that can be set for a record. */ diff --git a/src/reclaim/plugin_gnsrecord_reclaim.c b/src/reclaim/plugin_gnsrecord_reclaim.c index 0322df752..181a4bbc2 100644 --- a/src/reclaim/plugin_gnsrecord_reclaim.c +++ b/src/reclaim/plugin_gnsrecord_reclaim.c @@ -57,6 +57,8 @@ value_to_string (void *cls, return GNUNET_strndup (data, data_size); case GNUNET_GNSRECORD_TYPE_ABE_KEY: case GNUNET_GNSRECORD_TYPE_ABE_MASTER: + case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT: + case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: return GNUNET_STRINGS_data_to_string_alloc (data, data_size); case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: //DEPRECATED ecdhe_privkey = data; @@ -118,6 +120,8 @@ string_to_value (void *cls, return GNUNET_OK; case GNUNET_GNSRECORD_TYPE_ABE_KEY: case GNUNET_GNSRECORD_TYPE_ABE_MASTER: + case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: + case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT: return GNUNET_STRINGS_string_to_data (s, strlen (s), *data, @@ -181,6 +185,8 @@ static struct { { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY }, { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER }, { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA }, + { "RECLAIM_OIDC_CLIENT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT }, + { "RECLAIM_OIDC_REDIRECT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT }, { NULL, UINT32_MAX } }; diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 1846df901..99459427c 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -886,38 +886,47 @@ lookup_redirect_uri_result (void *cls, struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone; handle->gns_op = NULL; - if (1 != rd_count) + if (0 == rd_count) { handle->emsg = GNUNET_strdup("server_error"); handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } - tmp = GNUNET_strdup (rd->data); - pos = strrchr (tmp, - (unsigned char) '.'); - *pos = '\0'; - handle->redirect_prefix = GNUNET_strdup (tmp); - tmp_key_str = pos + 1; - pos = strchr (tmp_key_str, - (unsigned char) '/'); - *pos = '\0'; - handle->redirect_suffix = GNUNET_strdup (pos + 1); - - GNUNET_STRINGS_string_to_data (tmp_key_str, - strlen (tmp_key_str), - &redirect_zone, - sizeof (redirect_zone)); - - GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, - &handle->priv_key, - &redirect_zone, - &get_client_name_error, - handle, - &get_client_name_result, - handle); - GNUNET_free (tmp); - + for (int i = 0; i < rd_count; i++) + { + if (0 != strcmp (rd[0].data, + handle->oidc->redirect_uri)) + continue; + tmp = GNUNET_strdup (rd[0].data); + pos = strrchr (tmp, + (unsigned char) '.'); + *pos = '\0'; + handle->redirect_prefix = GNUNET_strdup (tmp); + tmp_key_str = pos + 1; + pos = strchr (tmp_key_str, + (unsigned char) '/'); + *pos = '\0'; + handle->redirect_suffix = GNUNET_strdup (pos + 1); + + GNUNET_STRINGS_string_to_data (tmp_key_str, + strlen (tmp_key_str), + &redirect_zone, + sizeof (redirect_zone)); + + GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, + &handle->priv_key, + &redirect_zone, + &get_client_name_error, + handle, + &get_client_name_result, + handle); + GNUNET_free (tmp); + return; + } + handle->emsg = GNUNET_strdup("server_error"); + handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); + GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); } /** @@ -940,9 +949,9 @@ oidc_ticket_issue_cb (void* cls, return; } handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle, - handle->oidc->redirect_uri, + "+", &handle->oidc->client_pkey, - GNUNET_DNSPARSER_TYPE_TXT, + GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, GNUNET_GNS_LO_DEFAULT, &lookup_redirect_uri_result, handle); -- cgit v1.2.3 From 4336c9fddab44104eef6a480f354a92b6befa255 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 23 Jul 2018 22:58:20 +0200 Subject: fix wrong record type --- src/reclaim/plugin_gnsrecord_reclaim.c | 8 ++++---- src/reclaim/plugin_rest_openid_connect.c | 6 ++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/reclaim/plugin_gnsrecord_reclaim.c b/src/reclaim/plugin_gnsrecord_reclaim.c index 181a4bbc2..ecd1d6e77 100644 --- a/src/reclaim/plugin_gnsrecord_reclaim.c +++ b/src/reclaim/plugin_gnsrecord_reclaim.c @@ -54,11 +54,11 @@ value_to_string (void *cls, case GNUNET_GNSRECORD_TYPE_ID_ATTR: return GNUNET_STRINGS_data_to_string_alloc (data, data_size); case GNUNET_GNSRECORD_TYPE_ID_TOKEN: //DEPRECATED + case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT: + case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: return GNUNET_strndup (data, data_size); case GNUNET_GNSRECORD_TYPE_ABE_KEY: case GNUNET_GNSRECORD_TYPE_ABE_MASTER: - case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT: - case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: return GNUNET_STRINGS_data_to_string_alloc (data, data_size); case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: //DEPRECATED ecdhe_privkey = data; @@ -115,13 +115,13 @@ string_to_value (void *cls, *data, *data_size); case GNUNET_GNSRECORD_TYPE_ID_TOKEN: + case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: + case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: *data = GNUNET_strdup (s); *data_size = strlen (s); return GNUNET_OK; case GNUNET_GNSRECORD_TYPE_ABE_KEY: case GNUNET_GNSRECORD_TYPE_ABE_MASTER: - case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: - case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT: return GNUNET_STRINGS_string_to_data (s, strlen (s), *data, diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 99459427c..24673c692 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -895,10 +895,12 @@ lookup_redirect_uri_result (void *cls, } for (int i = 0; i < rd_count; i++) { - if (0 != strcmp (rd[0].data, + if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) + continue; + if (0 != strcmp (rd[i].data, handle->oidc->redirect_uri)) continue; - tmp = GNUNET_strdup (rd[0].data); + tmp = GNUNET_strdup (rd[i].data); pos = strrchr (tmp, (unsigned char) '.'); *pos = '\0'; -- cgit v1.2.3 From 60b3288f5af19525e9d6dfbd65efd39f0854575f Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 23 Jul 2018 23:14:17 +0200 Subject: fix --- src/reclaim/plugin_gnsrecord_reclaim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/reclaim/plugin_gnsrecord_reclaim.c b/src/reclaim/plugin_gnsrecord_reclaim.c index ecd1d6e77..781b88abc 100644 --- a/src/reclaim/plugin_gnsrecord_reclaim.c +++ b/src/reclaim/plugin_gnsrecord_reclaim.c @@ -115,7 +115,7 @@ string_to_value (void *cls, *data, *data_size); case GNUNET_GNSRECORD_TYPE_ID_TOKEN: - case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: + case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT: case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: *data = GNUNET_strdup (s); *data_size = strlen (s); -- cgit v1.2.3 From 4cc2532d1d842721030f7ac386b2eacc85e0d0b9 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 24 Jul 2018 21:49:47 +0200 Subject: also return empty egos --- src/identity/plugin_rest_identity.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c index 52685c52e..355d75fd9 100644 --- a/src/identity/plugin_rest_identity.c +++ b/src/identity/plugin_rest_identity.c @@ -436,13 +436,6 @@ ego_info_response (struct GNUNET_REST_RequestHandle *con, json_decref (name_str); GNUNET_JSONAPI_document_resource_add (json_document, json_resource); } - if (0 == GNUNET_JSONAPI_document_resource_count (json_document)) - { - GNUNET_JSONAPI_document_delete (json_document); - handle->emsg = GNUNET_strdup ("No identities found!"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } GNUNET_JSONAPI_document_serialize (json_document, &result_str); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); resp = GNUNET_REST_create_response (result_str); -- cgit v1.2.3 From 3430620e67bacdb1910027f29a9b83e5c251a393 Mon Sep 17 00:00:00 2001 From: lurchi Date: Tue, 24 Jul 2018 23:37:57 +0200 Subject: Remove restrictive and unnecessary assert Using the SCHEDULER_add* functions is now allowed before the first call to GNUNET_SCHEDULER_do_work. --- src/util/scheduler.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/src/util/scheduler.c b/src/util/scheduler.c index 93d133d1b..014288944 100644 --- a/src/util/scheduler.c +++ b/src/util/scheduler.c @@ -965,8 +965,6 @@ GNUNET_SCHEDULER_cancel (struct GNUNET_SCHEDULER_Task *task) /* scheduler must be running */ GNUNET_assert (NULL != scheduler_driver); - GNUNET_assert ( (NULL != active_task) || - (GNUNET_NO == task->lifeness) ); is_fd_task = (NULL != task->fds); if (is_fd_task) { @@ -1056,9 +1054,9 @@ GNUNET_SCHEDULER_add_with_reason_and_priority (GNUNET_SCHEDULER_TaskCallback tas { struct GNUNET_SCHEDULER_Task *t; + /* scheduler must be running */ + GNUNET_assert (NULL != scheduler_driver); GNUNET_assert (NULL != task); - GNUNET_assert ((NULL != active_task) || - (GNUNET_SCHEDULER_REASON_STARTUP == reason)); t = GNUNET_new (struct GNUNET_SCHEDULER_Task); t->read_fd = -1; t->write_fd = -1; @@ -1099,7 +1097,8 @@ GNUNET_SCHEDULER_add_at_with_priority (struct GNUNET_TIME_Absolute at, struct GNUNET_SCHEDULER_Task *pos; struct GNUNET_SCHEDULER_Task *prev; - GNUNET_assert (NULL != active_task); + /* scheduler must be running */ + GNUNET_assert (NULL != scheduler_driver); GNUNET_assert (NULL != task); t = GNUNET_new (struct GNUNET_SCHEDULER_Task); t->callback = task; @@ -1286,7 +1285,8 @@ GNUNET_SCHEDULER_add_shutdown (GNUNET_SCHEDULER_TaskCallback task, { struct GNUNET_SCHEDULER_Task *t; - GNUNET_assert (NULL != active_task); + /* scheduler must be running */ + GNUNET_assert (NULL != scheduler_driver); GNUNET_assert (NULL != task); t = GNUNET_new (struct GNUNET_SCHEDULER_Task); t->callback = task; @@ -1403,7 +1403,8 @@ add_without_sets (struct GNUNET_TIME_Relative delay, { struct GNUNET_SCHEDULER_Task *t; - GNUNET_assert (NULL != active_task); + /* scheduler must be running */ + GNUNET_assert (NULL != scheduler_driver); GNUNET_assert (NULL != task); t = GNUNET_new (struct GNUNET_SCHEDULER_Task); init_fd_info (t, @@ -1832,7 +1833,6 @@ GNUNET_SCHEDULER_add_select (enum GNUNET_SCHEDULER_Priority prio, /* scheduler must be running */ GNUNET_assert (NULL != scheduler_driver); - GNUNET_assert (NULL != active_task); GNUNET_assert (NULL != task); int no_rs = (NULL == rs); int no_ws = (NULL == ws); @@ -2164,12 +2164,12 @@ struct GNUNET_SCHEDULER_Handle * GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver) { struct GNUNET_SCHEDULER_Handle *sh; - struct GNUNET_SCHEDULER_Task tsk; const struct GNUNET_DISK_FileHandle *pr; - /* general set-up */ - GNUNET_assert (NULL == active_task); + /* scheduler must not be running */ + GNUNET_assert (NULL == scheduler_driver); GNUNET_assert (NULL == shutdown_pipe_handle); + /* general set-up */ sh = GNUNET_new (struct GNUNET_SCHEDULER_Handle); shutdown_pipe_handle = GNUNET_DISK_pipe (GNUNET_NO, GNUNET_NO, @@ -2204,10 +2204,6 @@ GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver) /* Setup initial tasks */ current_priority = GNUNET_SCHEDULER_PRIORITY_DEFAULT; current_lifeness = GNUNET_NO; - memset (&tsk, - 0, - sizeof (tsk)); - active_task = &tsk; install_parent_control_task = GNUNET_SCHEDULER_add_now (&install_parent_control_handler, NULL); @@ -2217,7 +2213,6 @@ GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver) &shutdown_pipe_cb, NULL); current_lifeness = GNUNET_YES; - active_task = NULL; scheduler_driver->set_wakeup (scheduler_driver->cls, get_timeout ()); /* begin main event loop */ -- cgit v1.2.3 From 5794e80239687f6fe88311bb7156d105d30170de Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Wed, 25 Jul 2018 17:53:31 +0200 Subject: fix rps service: better handling of cadet channels --- src/rps/gnunet-service-rps.c | 282 ++++++++++++++++++++++++++++++++----------- 1 file changed, 214 insertions(+), 68 deletions(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index 12794945e..fcb68b724 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -163,6 +163,11 @@ struct PendingMessage const char *type; }; +/** + * @brief Context for a channel + */ +struct ChannelCtx; + /** * Struct used to keep track of other peer's status * @@ -181,7 +186,7 @@ struct PeerContext /** * Channel open to client. */ - struct GNUNET_CADET_Channel *send_channel; + struct ChannelCtx *send_channel_ctx; /** * Flags to the sending channel @@ -191,7 +196,7 @@ struct PeerContext /** * Channel open from client. */ - struct GNUNET_CADET_Channel *recv_channel; // unneeded? + struct ChannelCtx *recv_channel_ctx; // unneeded? /** * Flags to the receiving channel @@ -264,6 +269,39 @@ struct PeersIteratorCls void *cls; }; +/** + * @brief Context for a channel + */ +struct ChannelCtx +{ + /** + * @brief Meant to be used in a DLL + */ + struct ChannelCtx *next; + struct ChannelCtx *prev; + + /** + * @brief The channel itself + */ + struct GNUNET_CADET_Channel *channel; + + /** + * @brief The peer context associated with the channel + */ + struct PeerContext *peer_ctx; + + /** + * @brief Scheduled task that will destroy this context + */ + struct GNUNET_SCHEDULER_Task *destruction_task; +}; + +/** + * @brief The DLL of channel contexts + */ +static struct ChannelCtx *channel_ctx_head; +static struct ChannelCtx *channel_ctx_tail; + /** * @brief Hashmap of valid peers. */ @@ -387,8 +425,8 @@ Peers_check_connected (const struct GNUNET_PeerIdentity *peer) /* Get the context */ peer_ctx = get_peer_ctx (peer); /* If we have no channel to this peer we don't know whether it's online */ - if ( (NULL == peer_ctx->send_channel) && - (NULL == peer_ctx->recv_channel) ) + if ( (NULL == peer_ctx->send_channel_ctx) && + (NULL == peer_ctx->recv_channel_ctx) ) { Peers_unset_peer_flag (peer, Peers_ONLINE); return GNUNET_NO; @@ -575,6 +613,24 @@ handle_peer_pull_reply (void *cls, /* End declaration of handlers */ +/** + * @brief Allocate memory for a new channel context and insert it into DLL + * + * @param peer_ctx context of the according peer + * + * @return The channel context + */ +static struct ChannelCtx * +add_channel_ctx (struct PeerContext *peer_ctx); + +/** + * @brief Remove the channel context from the DLL and free the memory. + * + * @param channel_ctx The channel context. + */ +static void +remove_channel_ctx (struct ChannelCtx *channel_ctx); + /** * @brief Get the channel of a peer. If not existing, create. @@ -610,16 +666,17 @@ get_channel (const struct GNUNET_PeerIdentity *peer) peer_ctx = get_peer_ctx (peer); - if (NULL == peer_ctx->send_channel) + if (NULL == peer_ctx->send_channel_ctx) { LOG (GNUNET_ERROR_TYPE_DEBUG, "Trying to establish channel to peer %s\n", GNUNET_i2s (peer)); ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity); *ctx_peer = *peer; - peer_ctx->send_channel = + peer_ctx->send_channel_ctx = add_channel_ctx (peer_ctx); + peer_ctx->send_channel_ctx->channel = GNUNET_CADET_channel_create (cadet_handle, - (struct GNUNET_PeerIdentity *) ctx_peer, /* context */ + peer_ctx->send_channel_ctx, /* context */ peer, &port, GNUNET_CADET_OPTION_RELIABLE, @@ -627,8 +684,9 @@ get_channel (const struct GNUNET_PeerIdentity *peer) cleanup_destroyed_channel, /* Disconnect handler */ cadet_handlers); } - GNUNET_assert (NULL != peer_ctx->send_channel); - return peer_ctx->send_channel; + GNUNET_assert (NULL != peer_ctx->send_channel_ctx); + GNUNET_assert (NULL != peer_ctx->send_channel_ctx->channel); + return peer_ctx->send_channel_ctx->channel; } @@ -1199,7 +1257,7 @@ Peers_check_removable (const struct GNUNET_PeerIdentity *peer) } peer_ctx = get_peer_ctx (peer); - if ( (NULL != peer_ctx->recv_channel) || + if ( (NULL != peer_ctx->recv_channel_ctx) || (NULL != peer_ctx->pending_messages_head) || (GNUNET_NO == check_peer_flag_set (peer_ctx, Peers_PULL_REPLY_PENDING)) ) { @@ -1269,23 +1327,28 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) peer_ctx->liveliness_check_pending = NULL; } channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING); - if (NULL != peer_ctx->send_channel && + if (NULL != peer_ctx->send_channel_ctx && GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING)) { LOG (GNUNET_ERROR_TYPE_DEBUG, "Destroying send channel\n"); - GNUNET_CADET_channel_destroy (peer_ctx->send_channel); - peer_ctx->send_channel = NULL; + GNUNET_CADET_channel_destroy (peer_ctx->send_channel_ctx->channel); + remove_channel_ctx (peer_ctx->send_channel_ctx); + peer_ctx->send_channel_ctx = NULL; peer_ctx->mq = NULL; } channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING); - if (NULL != peer_ctx->recv_channel && + if (NULL != peer_ctx->recv_channel_ctx && GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING)) { LOG (GNUNET_ERROR_TYPE_DEBUG, "Destroying recv channel\n"); - GNUNET_CADET_channel_destroy (peer_ctx->recv_channel); - peer_ctx->recv_channel = NULL; + GNUNET_CADET_channel_destroy (peer_ctx->recv_channel_ctx->channel); + if (NULL != peer_ctx->recv_channel_ctx) + { + remove_channel_ctx (peer_ctx->recv_channel_ctx); + } + peer_ctx->recv_channel_ctx = NULL; } GNUNET_free (peer_ctx->send_channel_flags); @@ -1496,7 +1559,7 @@ Peers_check_peer_send_intention (const struct GNUNET_PeerIdentity *peer) const struct PeerContext *peer_ctx; peer_ctx = get_peer_ctx (peer); - if (NULL != peer_ctx->recv_channel) + if (NULL != peer_ctx->recv_channel_ctx) { return GNUNET_YES; } @@ -1521,6 +1584,7 @@ Peers_handle_inbound_channel (void *cls, { struct PeerContext *peer_ctx; struct GNUNET_PeerIdentity *ctx_peer; + struct ChannelCtx *channel_ctx; LOG (GNUNET_ERROR_TYPE_DEBUG, "New channel was established to us (Peer %s).\n", @@ -1531,6 +1595,8 @@ Peers_handle_inbound_channel (void *cls, set_peer_live (peer_ctx); ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity); *ctx_peer = *initiator; + channel_ctx = add_channel_ctx (peer_ctx); + channel_ctx->channel = channel; /* We only accept one incoming channel per peer */ if (GNUNET_YES == Peers_check_peer_send_intention (initiator)) { @@ -1540,13 +1606,14 @@ Peers_handle_inbound_channel (void *cls, set_channel_flag (peer_ctx->recv_channel_flags, Peers_CHANNEL_ESTABLISHED_TWICE); //GNUNET_CADET_channel_destroy (channel); - GNUNET_CADET_channel_destroy (peer_ctx->recv_channel); - peer_ctx->recv_channel = channel; + GNUNET_CADET_channel_destroy (peer_ctx->recv_channel_ctx->channel); + remove_channel_ctx (peer_ctx->recv_channel_ctx); + peer_ctx->recv_channel_ctx = channel_ctx; /* return the channel context */ - return ctx_peer; + return channel_ctx; } - peer_ctx->recv_channel = channel; - return ctx_peer; + peer_ctx->recv_channel_ctx = channel_ctx; + return channel_ctx; } @@ -1568,7 +1635,7 @@ Peers_check_sending_channel_exists (const struct GNUNET_PeerIdentity *peer) return GNUNET_NO; } peer_ctx = get_peer_ctx (peer); - if (NULL == peer_ctx->send_channel) + if (NULL == peer_ctx->send_channel_ctx) { return GNUNET_NO; } @@ -1601,12 +1668,14 @@ Peers_check_channel_role (const struct GNUNET_PeerIdentity *peer, } peer_ctx = get_peer_ctx (peer); if ( (Peers_CHANNEL_ROLE_SENDING == role) && - (channel == peer_ctx->send_channel) ) + (NULL != peer_ctx->send_channel_ctx) && + (channel == peer_ctx->send_channel_ctx->channel) ) { return GNUNET_YES; } if ( (Peers_CHANNEL_ROLE_RECEIVING == role) && - (channel == peer_ctx->recv_channel) ) + (NULL != peer_ctx->recv_channel_ctx) && + (channel == peer_ctx->recv_channel_ctx->channel) ) { return GNUNET_YES; } @@ -1636,11 +1705,11 @@ Peers_destroy_sending_channel (const struct GNUNET_PeerIdentity *peer) return GNUNET_NO; } peer_ctx = get_peer_ctx (peer); - if (NULL != peer_ctx->send_channel) + if (NULL != peer_ctx->send_channel_ctx) { set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_CLEAN); - GNUNET_CADET_channel_destroy (peer_ctx->send_channel); - peer_ctx->send_channel = NULL; + GNUNET_CADET_channel_destroy (peer_ctx->send_channel_ctx->channel); + peer_ctx->send_channel_ctx = NULL; peer_ctx->mq = NULL; (void) Peers_check_connected (peer); return GNUNET_YES; @@ -1648,6 +1717,35 @@ Peers_destroy_sending_channel (const struct GNUNET_PeerIdentity *peer) return GNUNET_NO; } +static void +destroy_channel (void *cls) +{ + struct ChannelCtx *channel_ctx = cls; + struct PeerContext *peer_ctx = channel_ctx->peer_ctx; + uint32_t *channel_flag; + + channel_ctx = NULL; + GNUNET_CADET_channel_destroy (peer_ctx->send_channel_ctx->channel); + channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_SENDING); + Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING); + remove_channel_ctx (peer_ctx->send_channel_ctx); + peer_ctx->send_channel_ctx = NULL; + if (channel_ctx == peer_ctx->send_channel_ctx) + { + peer_ctx->mq = NULL; + } +} + +static void +schedule_channel_destruction (struct ChannelCtx *channel_ctx) +{ + if (NULL != channel_ctx->destruction_task) + { + channel_ctx->destruction_task = + GNUNET_SCHEDULER_add_now (destroy_channel, channel_ctx); + } +} + /** * This is called when a channel is destroyed. * @@ -1658,9 +1756,9 @@ void Peers_cleanup_destroyed_channel (void *cls, const struct GNUNET_CADET_Channel *channel) { - struct GNUNET_PeerIdentity *peer = cls; - struct PeerContext *peer_ctx; - uint32_t *channel_flag; + struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; + struct PeerContext *peer_ctx = channel_ctx->peer_ctx; if (GNUNET_NO == Peers_check_peer_known (peer)) {/* We don't want to implicitly create a context that we're about to kill */ @@ -1669,7 +1767,6 @@ Peers_cleanup_destroyed_channel (void *cls, GNUNET_i2s (peer)); return; } - peer_ctx = get_peer_ctx (peer); /* If our peer issued the destruction of the channel, the #Peers_TO_DESTROY * flag will be set. In this case simply make sure that the channels are @@ -1679,30 +1776,23 @@ Peers_cleanup_destroyed_channel (void *cls, {/* We initiatad the destruction of this particular peer */ LOG (GNUNET_ERROR_TYPE_DEBUG, "Peer is in the process of being destroyed\n"); - if (channel == peer_ctx->send_channel) + if (channel == channel_ctx->channel) { - peer_ctx->send_channel = NULL; + peer_ctx->send_channel_ctx = NULL; peer_ctx->mq = NULL; } - else if (channel == peer_ctx->recv_channel) + else if (channel == peer_ctx->recv_channel_ctx->channel) { - peer_ctx->recv_channel = NULL; + peer_ctx->recv_channel_ctx = NULL; } - if (NULL != peer_ctx->send_channel) + if (NULL != peer_ctx->send_channel_ctx) { - GNUNET_CADET_channel_destroy (peer_ctx->send_channel); - channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_SENDING); - Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING); - peer_ctx->send_channel = NULL; - peer_ctx->mq = NULL; + schedule_channel_destruction (peer_ctx->send_channel_ctx); } - if (NULL != peer_ctx->recv_channel) + if (NULL != peer_ctx->recv_channel_ctx) { - GNUNET_CADET_channel_destroy (peer_ctx->recv_channel); - channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_RECEIVING); - Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING); - peer_ctx->recv_channel = NULL; + schedule_channel_destruction (peer_ctx->recv_channel_ctx); } /* Set the #Peers_ONLINE flag accordingly */ (void) Peers_check_connected (peer); @@ -1713,20 +1803,22 @@ Peers_cleanup_destroyed_channel (void *cls, { /* We did not initiate the destruction of this peer */ LOG (GNUNET_ERROR_TYPE_DEBUG, "Peer is NOT in the process of being destroyed\n"); - if (channel == peer_ctx->send_channel) + if ( (NULL != peer_ctx->send_channel_ctx) && + (channel == peer_ctx->send_channel_ctx->channel) ) { /* Something (but us) killd the channel - clean up peer */ LOG (GNUNET_ERROR_TYPE_DEBUG, "send channel (%s) was destroyed - cleaning up\n", GNUNET_i2s (peer)); - peer_ctx->send_channel = NULL; + peer_ctx->send_channel_ctx = NULL; peer_ctx->mq = NULL; } - else if (channel == peer_ctx->recv_channel) + else if ( (NULL != peer_ctx->recv_channel_ctx) && + (channel == peer_ctx->recv_channel_ctx->channel) ) { /* Other peer doesn't want to send us messages anymore */ LOG (GNUNET_ERROR_TYPE_DEBUG, "Peer %s destroyed recv channel - cleaning up channel\n", GNUNET_i2s (peer)); - peer_ctx->recv_channel = NULL; + peer_ctx->recv_channel_ctx = NULL; } else { @@ -1818,7 +1910,7 @@ Peers_get_recv_channel (const struct GNUNET_PeerIdentity *peer) GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer)); peer_ctx = get_peer_ctx (peer); - return peer_ctx->recv_channel; + return peer_ctx->recv_channel_ctx->channel; } /*********************************************************************** * /Old gnunet-service-rps_peers.c @@ -2654,6 +2746,35 @@ clean_peer (const struct GNUNET_PeerIdentity *peer) } } +/** + * @brief Allocate memory for a new channel context and insert it into DLL + * + * @param peer_ctx context of the according peer + * + * @return The channel context + */ +static struct ChannelCtx * +add_channel_ctx (struct PeerContext *peer_ctx) +{ + struct ChannelCtx *channel_ctx; + channel_ctx = GNUNET_new (struct ChannelCtx); + channel_ctx->peer_ctx = peer_ctx; + GNUNET_CONTAINER_DLL_insert (channel_ctx_head, channel_ctx_tail, channel_ctx); + return channel_ctx; +} + +/** + * @brief Remove the channel context from the DLL and free the memory. + * + * @param channel_ctx The channel context. + */ +static void +remove_channel_ctx (struct ChannelCtx *channel_ctx) +{ + GNUNET_CONTAINER_DLL_remove (channel_ctx_head, channel_ctx_tail, channel_ctx); + GNUNET_free (channel_ctx); +} + /** * @brief This is called when a channel is destroyed. * @@ -2670,7 +2791,8 @@ static void cleanup_destroyed_channel (void *cls, const struct GNUNET_CADET_Channel *channel) { - struct GNUNET_PeerIdentity *peer = cls; + struct ChannelCtx *channel_ctx = cls; + struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; uint32_t *channel_flag; struct PeerContext *peer_ctx; @@ -2681,7 +2803,7 @@ cleanup_destroyed_channel (void *cls, LOG (GNUNET_ERROR_TYPE_WARNING, "channel (%s) without associated context was destroyed\n", GNUNET_i2s (peer)); - GNUNET_free (peer); + remove_channel_ctx (channel_ctx); return; } @@ -2710,7 +2832,21 @@ cleanup_destroyed_channel (void *cls, to_file (file_name_view_log, "-%s\t(cleanup channel, ourself)", GNUNET_i2s_full (peer)); - GNUNET_free (peer); + remove_channel_ctx (channel_ctx); + if (peer_ctx->send_channel_ctx == channel_ctx) + { + peer_ctx->send_channel_ctx = NULL; + } + else if (peer_ctx->recv_channel_ctx == channel_ctx) + { + peer_ctx->recv_channel_ctx = NULL; + } + else + { + LOG (GNUNET_ERROR_TYPE_ERROR, + "Trying to remove channel_ctx that is not associated with a peer\n"); + GNUNET_assert (0); + } return; } @@ -2726,7 +2862,7 @@ cleanup_destroyed_channel (void *cls, { /* We are about to clean the sending channel. Clean the respective * context */ Peers_cleanup_destroyed_channel (cls, channel); - GNUNET_free (peer); + remove_channel_ctx (channel_ctx); return; } else @@ -2734,7 +2870,7 @@ cleanup_destroyed_channel (void *cls, * open. It probably went down. Remove it from our knowledge. */ Peers_cleanup_destroyed_channel (cls, channel); remove_peer (peer); - GNUNET_free (peer); + remove_channel_ctx (channel_ctx); return; } } @@ -2751,7 +2887,7 @@ cleanup_destroyed_channel (void *cls, { /* Other peer tried to establish a channel to us twice. We do not accept * that. Clean the context. */ Peers_cleanup_destroyed_channel (cls, channel); - GNUNET_free (peer); + remove_channel_ctx (channel_ctx); return; } else @@ -2759,7 +2895,7 @@ cleanup_destroyed_channel (void *cls, * it. */ Peers_cleanup_destroyed_channel (cls, channel); clean_peer (peer); - GNUNET_free (peer); + remove_channel_ctx (channel_ctx); return; } } @@ -2768,7 +2904,7 @@ cleanup_destroyed_channel (void *cls, LOG (GNUNET_ERROR_TYPE_WARNING, "Destroyed channel is neither sending nor receiving channel\n"); } - GNUNET_free (peer); + remove_channel_ctx (channel_ctx); } /*********************************************************************** @@ -3163,11 +3299,12 @@ static void handle_peer_check (void *cls, const struct GNUNET_MessageHeader *msg) { - const struct GNUNET_PeerIdentity *peer = cls; + const struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; LOG (GNUNET_ERROR_TYPE_DEBUG, "Received CHECK_LIVE (%s)\n", GNUNET_i2s (peer)); - GNUNET_CADET_receive_done (Peers_get_recv_channel (peer)); + GNUNET_CADET_receive_done (channel_ctx->channel); } /** @@ -3183,7 +3320,8 @@ static void handle_peer_push (void *cls, const struct GNUNET_MessageHeader *msg) { - const struct GNUNET_PeerIdentity *peer = cls; + const struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; // (check the proof of work (?)) @@ -3228,7 +3366,7 @@ handle_peer_push (void *cls, CustomPeerMap_put (push_map, peer); GNUNET_break_op (Peers_check_peer_known (peer)); - GNUNET_CADET_receive_done (Peers_get_recv_channel (peer)); + GNUNET_CADET_receive_done (channel_ctx->channel); } @@ -3244,7 +3382,8 @@ static void handle_peer_pull_request (void *cls, const struct GNUNET_MessageHeader *msg) { - struct GNUNET_PeerIdentity *peer = cls; + const struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; const struct GNUNET_PeerIdentity *view_array; LOG (GNUNET_ERROR_TYPE_DEBUG, "Received PULL REQUEST (%s)\n", GNUNET_i2s (peer)); @@ -3267,7 +3406,7 @@ handle_peer_pull_request (void *cls, #endif /* ENABLE_MALICIOUS */ GNUNET_break_op (Peers_check_peer_known (peer)); - GNUNET_CADET_receive_done (Peers_get_recv_channel (peer)); + GNUNET_CADET_receive_done (channel_ctx->channel); view_array = View_get_as_array (); send_pull_reply (peer, view_array, View_size ()); } @@ -3324,8 +3463,9 @@ static void handle_peer_pull_reply (void *cls, const struct GNUNET_RPS_P2P_PullReplyMessage *msg) { + const struct ChannelCtx *channel_ctx = cls; + const struct GNUNET_PeerIdentity *sender = &channel_ctx->peer_ctx->peer_id; const struct GNUNET_PeerIdentity *peers; - struct GNUNET_PeerIdentity *sender = cls; uint32_t i; #ifdef ENABLE_MALICIOUS struct AttackedPeer *tmp_att_peer; @@ -3393,7 +3533,7 @@ handle_peer_pull_reply (void *cls, clean_peer (sender); GNUNET_break_op (Peers_check_peer_known (sender)); - GNUNET_CADET_receive_done (Peers_get_recv_channel (sender)); + GNUNET_CADET_receive_done (channel_ctx->channel); } @@ -4105,6 +4245,7 @@ shutdown_task (void *cls) { struct ClientContext *client_ctx; struct ReplyCls *reply_cls; + struct ChannelCtx *channel_ctx; LOG (GNUNET_ERROR_TYPE_DEBUG, "RPS is going down\n"); @@ -4128,6 +4269,11 @@ shutdown_task (void *cls) GNUNET_CONTAINER_DLL_remove (cli_ctx_head, cli_ctx_tail, client_ctx); GNUNET_free (client_ctx); } + /* Clean all leftover channel contexts */ + while (NULL != (channel_ctx = channel_ctx_head)) + { + remove_channel_ctx (channel_ctx); + } GNUNET_PEERINFO_notify_cancel (peerinfo_notify_handle); GNUNET_PEERINFO_disconnect (peerinfo_handle); -- cgit v1.2.3 From 3215ab6ef18080f74362be7cee871179166a9f56 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 26 Jul 2018 16:52:36 +0200 Subject: rps service: don't send 'ping' twice --- src/rps/gnunet-service-rps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index fcb68b724..a5fb88157 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -1225,7 +1225,8 @@ Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer) ret = Peers_insert_peer (peer); peer_ctx = get_peer_ctx (peer); - if (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE)) + if ( (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE)) && + (NULL == peer_ctx->liveliness_check_pending) ) { check_peer_live (peer_ctx); } -- cgit v1.2.3 From 85c97d3186e61c9e98528100e7db16e89a220cd8 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 26 Jul 2018 16:53:24 +0200 Subject: fix rps service: don't null out context, just channel --- src/rps/gnunet-service-rps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index a5fb88157..d6c6d0ecc 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -1725,7 +1725,7 @@ destroy_channel (void *cls) struct PeerContext *peer_ctx = channel_ctx->peer_ctx; uint32_t *channel_flag; - channel_ctx = NULL; + channel_ctx->destruction_task = NULL; GNUNET_CADET_channel_destroy (peer_ctx->send_channel_ctx->channel); channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_SENDING); Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING); -- cgit v1.2.3 From 75885ed261991edb96d0f585c1ddef0cdaa97395 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 26 Jul 2018 16:53:51 +0200 Subject: rps service: improve logging - log peer id --- src/rps/gnunet-service-rps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index d6c6d0ecc..8ea10e4ca 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -3447,7 +3447,8 @@ check_peer_pull_reply (void *cls, if (GNUNET_YES != Peers_check_peer_flag (sender, Peers_PULL_REPLY_PENDING)) { LOG (GNUNET_ERROR_TYPE_WARNING, - "Received a pull reply from a peer we didn't request one from!\n"); + "Received a pull reply from a peer (%s) we didn't request one from!\n", + GNUNET_i2s (sender)); GNUNET_break_op (0); return GNUNET_SYSERR; } -- cgit v1.2.3 From a53cfea7ff589a4710671da427186648551008d5 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 26 Jul 2018 17:04:44 +0200 Subject: rps profiler: destroy pending req and rep in right place --- src/rps/gnunet-rps-profiler.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c index a06598764..49714872f 100644 --- a/src/rps/gnunet-rps-profiler.c +++ b/src/rps/gnunet-rps-profiler.c @@ -922,13 +922,11 @@ cancel_request (struct PendingReply *pending_rep) void clean_peer (unsigned peer_index) { - struct PendingReply *pending_rep; struct PendingRequest *pending_req; - pending_rep = rps_peers[peer_index].pending_rep_head; - while (NULL != (pending_rep = rps_peers[peer_index].pending_rep_head)) + while (NULL != (pending_req = rps_peers[peer_index].pending_req_head)) { - cancel_request (pending_rep); + cancel_pending_req (pending_req); } pending_req = rps_peers[peer_index].pending_req_head; rps_disconnect_adapter (&rps_peers[peer_index], @@ -1273,7 +1271,7 @@ rps_disconnect_adapter (void *cls, { struct RPSPeer *peer = cls; struct GNUNET_RPS_Handle *h = op_result; - struct PendingRequest *pending_req; + struct PendingReply *pending_rep; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "disconnect_adapter (%u)\n", @@ -1281,9 +1279,9 @@ rps_disconnect_adapter (void *cls, GNUNET_assert (NULL != peer); if (NULL != peer->rps_handle) { - while (NULL != (pending_req = peer->pending_req_head)) + while (NULL != (pending_rep = peer->pending_rep_head)) { - cancel_pending_req (pending_req); + cancel_request (pending_rep); } GNUNET_assert (h == peer->rps_handle); GNUNET_RPS_disconnect (h); -- cgit v1.2.3 From e5bce382b3c4b1534da95032cc7f01e2c58ae387 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 26 Jul 2018 17:05:55 +0200 Subject: fix rps service: put peer id into structure once --- src/rps/gnunet-service-rps_custommap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rps/gnunet-service-rps_custommap.c b/src/rps/gnunet-service-rps_custommap.c index 42507655b..9e003eb39 100644 --- a/src/rps/gnunet-service-rps_custommap.c +++ b/src/rps/gnunet-service-rps_custommap.c @@ -213,7 +213,7 @@ CustomPeerMap_remove_peer (const struct CustomPeerMap *c_peer_map, GNUNET_assert (NULL != last_index); GNUNET_assert (CustomPeerMap_size (c_peer_map) == *last_index); GNUNET_CONTAINER_multihashmap32_put (c_peer_map->hash_map, *index, last_p, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST); + GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); GNUNET_CONTAINER_multihashmap32_remove_all (c_peer_map->hash_map, *last_index); *last_index = *index; } -- cgit v1.2.3 From 7901ef08d68f9db9a56874f19d6d2b83571e40ba Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Fri, 27 Jul 2018 19:57:03 +0200 Subject: Fix rps service: restructure channel-related code There is still an error left. Valgrind reports ==2008== Invalid read of size 8 ==2008== at 0x50662A4: GNUNET_CONTAINER_multipeermap_contains (container_multipeermap.c:542) ==2008== by 0x114E8A: Peers_remove_peer (gnunet-service-rps.c:1306) ==2008== by 0x114E65: destroy_peer (gnunet-service-rps.c:1283) ==2008== by 0x50A29B2: GNUNET_SCHEDULER_do_work (scheduler.c:2104) ==2008== by 0x50A382D: select_loop (scheduler.c:2400) ==2008== by 0x509DE48: GNUNET_SCHEDULER_run (scheduler.c:725) ==2008== by 0x50A989E: GNUNET_SERVICE_run_ (service.c:1875) ==2008== by 0x11EE83: main (gnunet-service-rps.c:4584) ==2008== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==2008== ==2008== ==2008== Process terminating with default action of signal 11 (SIGSEGV) ==2008== Access not within mapped region at address 0x0 ==2008== at 0x50662A4: GNUNET_CONTAINER_multipeermap_contains (container_multipeermap.c:542) ==2008== by 0x114E8A: Peers_remove_peer (gnunet-service-rps.c:1306) ==2008== by 0x114E65: destroy_peer (gnunet-service-rps.c:1283) ==2008== by 0x50A29B2: GNUNET_SCHEDULER_do_work (scheduler.c:2104) ==2008== by 0x50A382D: select_loop (scheduler.c:2400) ==2008== by 0x509DE48: GNUNET_SCHEDULER_run (scheduler.c:725) ==2008== by 0x50A989E: GNUNET_SERVICE_run_ (service.c:1875) ==2008== by 0x11EE83: main (gnunet-service-rps.c:4584) This seems to only appear at shutdown so it is not dramatic. --- src/rps/gnunet-service-rps.c | 324 +++++++++++++++++-------------------------- 1 file changed, 129 insertions(+), 195 deletions(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index 8ea10e4ca..555660c04 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -246,6 +246,11 @@ struct PeerContext struct PendingMessage *pending_messages_head; struct PendingMessage *pending_messages_tail; + /** + * @brief Task to destroy this context. + */ + struct GNUNET_SCHEDULER_Task *destruction_task; + /** * This is pobably followed by 'statistical' data (when we first saw * it, how did we get its ID, how many pushes (in a timeinterval), @@ -1274,6 +1279,23 @@ Peers_get_channel_flag (const struct GNUNET_PeerIdentity *peer, int Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags); +static void +destroy_peer (void *cls) +{ + struct PeerContext *peer_ctx = cls; + + GNUNET_assert (NULL != peer_ctx); + peer_ctx->destruction_task = NULL; + Peers_remove_peer (&peer_ctx->peer_id); +} + +static void +destroy_channel (void *cls); + + +static void +schedule_channel_destruction (struct ChannelCtx *channel_ctx); + /** * @brief Remove peer * @@ -1298,7 +1320,34 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) "Going to remove peer %s\n", GNUNET_i2s (&peer_ctx->peer_id)); Peers_unset_peer_flag (peer, Peers_ONLINE); + /* Do we still have to wait for destruction of channels + * or issue the destruction? */ + if (NULL != peer_ctx->send_channel_ctx && + NULL != peer_ctx->send_channel_ctx->destruction_task) + { + GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); + return GNUNET_NO; + } + if (NULL != peer_ctx->recv_channel_ctx && + NULL != peer_ctx->recv_channel_ctx->destruction_task) + { + GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); + return GNUNET_NO; + } + if (NULL != peer_ctx->recv_channel_ctx) + { + schedule_channel_destruction (peer_ctx->recv_channel_ctx); + GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); + return GNUNET_NO; + } + if (NULL != peer_ctx->send_channel_ctx) + { + schedule_channel_destruction (peer_ctx->send_channel_ctx); + GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); + return GNUNET_NO; + } + // TODO this probably leaks memory GNUNET_array_grow (peer_ctx->pending_ops, peer_ctx->num_pending_ops, 0); while (NULL != peer_ctx->pending_messages_head) { @@ -1311,6 +1360,7 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) peer_ctx->liveliness_check_pending, sizeof (struct PendingMessage))) ) { + // TODO this may leak memory peer_ctx->liveliness_check_pending = NULL; } remove_pending_message (peer_ctx->pending_messages_head, GNUNET_YES); @@ -1327,29 +1377,10 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) remove_pending_message (peer_ctx->liveliness_check_pending, GNUNET_YES); peer_ctx->liveliness_check_pending = NULL; } - channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING); - if (NULL != peer_ctx->send_channel_ctx && - GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING)) - { - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Destroying send channel\n"); - GNUNET_CADET_channel_destroy (peer_ctx->send_channel_ctx->channel); - remove_channel_ctx (peer_ctx->send_channel_ctx); - peer_ctx->send_channel_ctx = NULL; - peer_ctx->mq = NULL; - } - channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING); - if (NULL != peer_ctx->recv_channel_ctx && - GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING)) + + if (NULL != peer_ctx->destruction_task) { - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Destroying recv channel\n"); - GNUNET_CADET_channel_destroy (peer_ctx->recv_channel_ctx->channel); - if (NULL != peer_ctx->recv_channel_ctx) - { - remove_channel_ctx (peer_ctx->recv_channel_ctx); - } - peer_ctx->recv_channel_ctx = NULL; + GNUNET_SCHEDULER_cancel (peer_ctx->destruction_task); } GNUNET_free (peer_ctx->send_channel_flags); @@ -1363,6 +1394,15 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) return GNUNET_YES; } +static void +schedule_peer_ctx_destruction (struct PeerContext *peer_ctx) +{ + GNUNET_assert (NULL != peer_ctx); + if (NULL == peer_ctx->destruction_task) + { + GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); + } +} /** * @brief set flags on a given peer. @@ -1708,10 +1748,7 @@ Peers_destroy_sending_channel (const struct GNUNET_PeerIdentity *peer) peer_ctx = get_peer_ctx (peer); if (NULL != peer_ctx->send_channel_ctx) { - set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_CLEAN); - GNUNET_CADET_channel_destroy (peer_ctx->send_channel_ctx->channel); - peer_ctx->send_channel_ctx = NULL; - peer_ctx->mq = NULL; + schedule_channel_destruction (peer_ctx->send_channel_ctx); (void) Peers_check_connected (peer); return GNUNET_YES; } @@ -1723,23 +1760,19 @@ destroy_channel (void *cls) { struct ChannelCtx *channel_ctx = cls; struct PeerContext *peer_ctx = channel_ctx->peer_ctx; - uint32_t *channel_flag; + + GNUNET_assert (channel_ctx == peer_ctx->send_channel_ctx || + channel_ctx == peer_ctx->recv_channel_ctx); channel_ctx->destruction_task = NULL; - GNUNET_CADET_channel_destroy (peer_ctx->send_channel_ctx->channel); - channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_SENDING); - Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING); + GNUNET_CADET_channel_destroy (channel_ctx->channel); remove_channel_ctx (peer_ctx->send_channel_ctx); - peer_ctx->send_channel_ctx = NULL; - if (channel_ctx == peer_ctx->send_channel_ctx) - { - peer_ctx->mq = NULL; - } } static void schedule_channel_destruction (struct ChannelCtx *channel_ctx) { + GNUNET_assert (NULL != channel_ctx); if (NULL != channel_ctx->destruction_task) { channel_ctx->destruction_task = @@ -1747,6 +1780,7 @@ schedule_channel_destruction (struct ChannelCtx *channel_ctx) } } + /** * This is called when a channel is destroyed. * @@ -1772,61 +1806,30 @@ Peers_cleanup_destroyed_channel (void *cls, /* If our peer issued the destruction of the channel, the #Peers_TO_DESTROY * flag will be set. In this case simply make sure that the channels are * cleaned. */ - /* FIXME This distinction seems to be redundant */ - if (Peers_check_peer_flag (peer, Peers_TO_DESTROY)) - {/* We initiatad the destruction of this particular peer */ + /* The distinction seems to be redundant */ + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Peer is NOT in the process of being destroyed\n"); + if ( (NULL != peer_ctx->send_channel_ctx) && + (channel == peer_ctx->send_channel_ctx->channel) ) + { /* Something (but us) killd the channel - clean up peer */ LOG (GNUNET_ERROR_TYPE_DEBUG, - "Peer is in the process of being destroyed\n"); - if (channel == channel_ctx->channel) - { - peer_ctx->send_channel_ctx = NULL; - peer_ctx->mq = NULL; - } - else if (channel == peer_ctx->recv_channel_ctx->channel) - { - peer_ctx->recv_channel_ctx = NULL; - } - - if (NULL != peer_ctx->send_channel_ctx) - { - schedule_channel_destruction (peer_ctx->send_channel_ctx); - } - if (NULL != peer_ctx->recv_channel_ctx) - { - schedule_channel_destruction (peer_ctx->recv_channel_ctx); - } - /* Set the #Peers_ONLINE flag accordingly */ - (void) Peers_check_connected (peer); - return; + "send channel (%s) was destroyed - cleaning up\n", + GNUNET_i2s (peer)); + remove_channel_ctx (peer_ctx->send_channel_ctx); } - - else - { /* We did not initiate the destruction of this peer */ + else if ( (NULL != peer_ctx->recv_channel_ctx) && + (channel == peer_ctx->recv_channel_ctx->channel) ) + { /* Other peer doesn't want to send us messages anymore */ LOG (GNUNET_ERROR_TYPE_DEBUG, - "Peer is NOT in the process of being destroyed\n"); - if ( (NULL != peer_ctx->send_channel_ctx) && - (channel == peer_ctx->send_channel_ctx->channel) ) - { /* Something (but us) killd the channel - clean up peer */ - LOG (GNUNET_ERROR_TYPE_DEBUG, - "send channel (%s) was destroyed - cleaning up\n", - GNUNET_i2s (peer)); - peer_ctx->send_channel_ctx = NULL; - peer_ctx->mq = NULL; - } - else if ( (NULL != peer_ctx->recv_channel_ctx) && - (channel == peer_ctx->recv_channel_ctx->channel) ) - { /* Other peer doesn't want to send us messages anymore */ - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Peer %s destroyed recv channel - cleaning up channel\n", - GNUNET_i2s (peer)); - peer_ctx->recv_channel_ctx = NULL; - } - else - { - LOG (GNUNET_ERROR_TYPE_WARNING, - "unknown channel (%s) was destroyed\n", - GNUNET_i2s (peer)); - } + "Peer %s destroyed recv channel - cleaning up channel\n", + GNUNET_i2s (peer)); + remove_channel_ctx (peer_ctx->send_channel_ctx); + } + else + { + LOG (GNUNET_ERROR_TYPE_WARNING, + "unknown channel (%s) was destroyed\n", + GNUNET_i2s (peer)); } (void) Peers_check_connected (peer); } @@ -2572,6 +2575,9 @@ send_pull_reply (const struct GNUNET_PeerIdentity *peer_id, Peers_send_message (peer_id, ev, "PULL REPLY"); GNUNET_STATISTICS_update(stats, "# pull reply send issued", 1, GNUNET_NO); + // TODO check with send intention: as send_channel is used/opened we indicate + // a sending intention without intending it. + // -> clean peer afterwards? } @@ -2704,7 +2710,7 @@ remove_peer (const struct GNUNET_PeerIdentity *peer) CustomPeerMap_remove_peer (push_map, peer); RPS_sampler_reinitialise_by_value (prot_sampler, peer); RPS_sampler_reinitialise_by_value (client_sampler, peer); - Peers_remove_peer (peer); + schedule_peer_ctx_destruction (get_peer_ctx (peer)); } @@ -2772,8 +2778,32 @@ add_channel_ctx (struct PeerContext *peer_ctx) static void remove_channel_ctx (struct ChannelCtx *channel_ctx) { - GNUNET_CONTAINER_DLL_remove (channel_ctx_head, channel_ctx_tail, channel_ctx); + struct PeerContext *peer_ctx = channel_ctx->peer_ctx; + if (NULL != channel_ctx->destruction_task) + { + GNUNET_SCHEDULER_cancel (channel_ctx->destruction_task); + } GNUNET_free (channel_ctx); + + if (channel_ctx == peer_ctx->send_channel_ctx) + { + peer_ctx->send_channel_ctx = NULL; + peer_ctx->mq = NULL; + } + else if (channel_ctx == peer_ctx->recv_channel_ctx) + { + peer_ctx->recv_channel_ctx = NULL; + } + else + { + LOG (GNUNET_ERROR_TYPE_ERROR, + "Trying to remove channel_ctx that is not associated with a peer\n"); + LOG (GNUNET_ERROR_TYPE_ERROR, + "\trecv: %p\n", peer_ctx->recv_channel_ctx); + LOG (GNUNET_ERROR_TYPE_ERROR, + "\tsend: %p\n", peer_ctx->send_channel_ctx); + GNUNET_assert (0); + } } /** @@ -2809,103 +2839,21 @@ cleanup_destroyed_channel (void *cls, } peer_ctx = get_peer_ctx (peer); - if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING)) - { - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Callback on destruction of recv-channel was called (%s)\n", - GNUNET_i2s (peer)); - set_channel_flag (peer_ctx->recv_channel_flags, Peers_CHANNEL_DESTROING); - } else if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING)) - { - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Callback on destruction of send-channel was called (%s)\n", - GNUNET_i2s (peer)); - set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_DESTROING); - } else { - LOG (GNUNET_ERROR_TYPE_ERROR, - "Channel to be destroyed has is neither sending nor receiving role\n"); - } - if (GNUNET_YES == Peers_check_peer_flag (peer, Peers_TO_DESTROY)) - { /* We are in the middle of removing that peer from our knowledge. In this - case simply make sure that the channels are cleaned. */ - Peers_cleanup_destroyed_channel (cls, channel); - to_file (file_name_view_log, - "-%s\t(cleanup channel, ourself)", - GNUNET_i2s_full (peer)); - remove_channel_ctx (channel_ctx); - if (peer_ctx->send_channel_ctx == channel_ctx) - { - peer_ctx->send_channel_ctx = NULL; - } - else if (peer_ctx->recv_channel_ctx == channel_ctx) - { - peer_ctx->recv_channel_ctx = NULL; - } - else - { - LOG (GNUNET_ERROR_TYPE_ERROR, - "Trying to remove channel_ctx that is not associated with a peer\n"); - GNUNET_assert (0); - } - return; - } + // What should be done here: + // * cleanup everything related to the channel + // * memory + // * remove peer if necessary - if (GNUNET_YES == - Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING)) - { /* Channel used for sending was destroyed */ - /* Possible causes of channel destruction: - * - ourselves -> cleaning send channel -> clean context - * - other peer -> peer probably went down -> remove - */ - channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING); - if (GNUNET_YES == Peers_check_channel_flag (channel_flag, Peers_CHANNEL_CLEAN)) - { /* We are about to clean the sending channel. Clean the respective - * context */ - Peers_cleanup_destroyed_channel (cls, channel); - remove_channel_ctx (channel_ctx); - return; - } - else - { /* Other peer destroyed our sending channel that it is supposed to keep - * open. It probably went down. Remove it from our knowledge. */ - Peers_cleanup_destroyed_channel (cls, channel); - remove_peer (peer); - remove_channel_ctx (channel_ctx); - return; - } - } - else if (GNUNET_YES == - Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING)) - { /* Channel used for receiving was destroyed */ - /* Possible causes of channel destruction: - * - ourselves -> peer tried to establish channel twice -> clean context - * - other peer -> peer doesn't want to send us data -> clean - */ - channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING); - if (GNUNET_YES == - Peers_check_channel_flag (channel_flag, Peers_CHANNEL_ESTABLISHED_TWICE)) - { /* Other peer tried to establish a channel to us twice. We do not accept - * that. Clean the context. */ - Peers_cleanup_destroyed_channel (cls, channel); - remove_channel_ctx (channel_ctx); - return; - } - else - { /* Other peer doesn't want to send us data anymore. We are free to clean - * it. */ - Peers_cleanup_destroyed_channel (cls, channel); - clean_peer (peer); - remove_channel_ctx (channel_ctx); - return; - } + if (peer_ctx->recv_channel_ctx == channel_ctx) + { + remove_channel_ctx (channel_ctx); } - else + else if (peer_ctx->send_channel_ctx == channel_ctx) { - LOG (GNUNET_ERROR_TYPE_WARNING, - "Destroyed channel is neither sending nor receiving channel\n"); + remove_channel_ctx (channel_ctx); + remove_peer (&peer_ctx->peer_id); } - remove_channel_ctx (channel_ctx); } /*********************************************************************** @@ -3164,8 +3112,6 @@ handle_client_seed (void *cls, num_peers = ntohl (msg->num_peers); peers = (struct GNUNET_PeerIdentity *) &msg[1]; - //peers = GNUNET_new_array (num_peers, struct GNUNET_PeerIdentity); - //GNUNET_memcpy (peers, &msg[1], num_peers * sizeof (struct GNUNET_PeerIdentity)); LOG (GNUNET_ERROR_TYPE_DEBUG, "Client seeded peers:\n"); @@ -3180,9 +3126,6 @@ handle_client_seed (void *cls, got_peer (&peers[i]); } - - ////GNUNET_free (peers); - GNUNET_SERVICE_client_continue (cli_ctx->client); } @@ -4078,7 +4021,6 @@ do_round (void *cls) "-%s", GNUNET_i2s_full (&peers_to_clean[i])); clean_peer (&peers_to_clean[i]); - //peer_destroy_channel_send (sender); } GNUNET_array_grow (peers_to_clean, peers_to_clean_size, 0); @@ -4134,7 +4076,6 @@ do_round (void *cls) GNUNET_i2s (update_peer)); insert_in_sampler (NULL, update_peer); clean_peer (update_peer); /* This cleans only if it is not in the view */ - //peer_destroy_channel_send (sender); } for (i = 0; i < CustomPeerMap_size (pull_map); i++) @@ -4145,7 +4086,6 @@ do_round (void *cls) insert_in_sampler (NULL, CustomPeerMap_get_peer_by_index (pull_map, i)); /* This cleans only if it is not in the view */ clean_peer (CustomPeerMap_get_peer_by_index (pull_map, i)); - //peer_destroy_channel_send (sender); } @@ -4247,7 +4187,6 @@ shutdown_task (void *cls) { struct ClientContext *client_ctx; struct ReplyCls *reply_cls; - struct ChannelCtx *channel_ctx; LOG (GNUNET_ERROR_TYPE_DEBUG, "RPS is going down\n"); @@ -4271,11 +4210,6 @@ shutdown_task (void *cls) GNUNET_CONTAINER_DLL_remove (cli_ctx_head, cli_ctx_tail, client_ctx); GNUNET_free (client_ctx); } - /* Clean all leftover channel contexts */ - while (NULL != (channel_ctx = channel_ctx_head)) - { - remove_channel_ctx (channel_ctx); - } GNUNET_PEERINFO_notify_cancel (peerinfo_notify_handle); GNUNET_PEERINFO_disconnect (peerinfo_handle); -- cgit v1.2.3 From 8c418c66fcdba8854c8a4c49696436c75dec856d Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Fri, 27 Jul 2018 20:00:45 +0200 Subject: remove now obsolete usage of channel-related flags --- src/rps/gnunet-service-rps.c | 98 +------------------------------------------- 1 file changed, 1 insertion(+), 97 deletions(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index 555660c04..4d502713f 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -96,11 +96,6 @@ static struct GNUNET_HashCode port; */ #define unset_peer_flag(peer_ctx, mask) ((peer_ctx->peer_flags) &= ~(mask)) -/** - * Set a channel flag of given channel context. - */ -#define set_channel_flag(channel_flags, mask) ((*channel_flags) |= (mask)) - /** * Get channel flag of given channel context. */ @@ -188,20 +183,10 @@ struct PeerContext */ struct ChannelCtx *send_channel_ctx; - /** - * Flags to the sending channel - */ - uint32_t *send_channel_flags; - /** * Channel open from client. */ - struct ChannelCtx *recv_channel_ctx; // unneeded? - - /** - * Flags to the receiving channel - */ - uint32_t *recv_channel_flags; + struct ChannelCtx *recv_channel_ctx; /** * Array of pending operations on this peer. @@ -375,8 +360,6 @@ create_peer_ctx (const struct GNUNET_PeerIdentity *peer) ctx = GNUNET_new (struct PeerContext); ctx->peer_id = *peer; - ctx->send_channel_flags = GNUNET_new (uint32_t); - ctx->recv_channel_flags = GNUNET_new (uint32_t); ret = GNUNET_CONTAINER_multipeermap_put (peer_map, peer, ctx, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); GNUNET_assert (GNUNET_OK == ret); @@ -1307,7 +1290,6 @@ int Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) { struct PeerContext *peer_ctx; - uint32_t *channel_flag; if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (peer_map, peer)) { @@ -1383,9 +1365,6 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) GNUNET_SCHEDULER_cancel (peer_ctx->destruction_task); } - GNUNET_free (peer_ctx->send_channel_flags); - GNUNET_free (peer_ctx->recv_channel_flags); - if (GNUNET_YES != GNUNET_CONTAINER_multipeermap_remove_all (peer_map, &peer_ctx->peer_id)) { LOG (GNUNET_ERROR_TYPE_WARNING, "removing peer from peer_map failed\n"); @@ -1459,77 +1438,6 @@ Peers_check_peer_flag (const struct GNUNET_PeerIdentity *peer, enum Peers_PeerFl return check_peer_flag_set (peer_ctx, flags); } - -/** - * @brief set flags on a given channel. - * - * @param channel the channel to set flags on - * @param flags the flags - */ -void -Peers_set_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags) -{ - set_channel_flag (channel_flags, flags); -} - - -/** - * @brief unset flags on a given channel. - * - * @param channel the channel to unset flags on - * @param flags the flags - */ -void -Peers_unset_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags) -{ - unset_channel_flag (channel_flags, flags); -} - - -/** - * @brief Check whether flags on a channel are set. - * - * @param channel the channel to check the flag of - * @param flags the flags to check - * - * @return #GNUNET_YES if all given flags are set - * #GNUNET_NO otherwise - */ -int -Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags) -{ - return check_channel_flag_set (channel_flags, flags); -} - -/** - * @brief Get the flags for the channel in @a role for @a peer. - * - * @param peer Peer to get the channel flags for. - * @param role Role of channel to get flags for - * - * @return The flags. - */ -uint32_t * -Peers_get_channel_flag (const struct GNUNET_PeerIdentity *peer, - enum Peers_ChannelRole role) -{ - const struct PeerContext *peer_ctx; - - peer_ctx = get_peer_ctx (peer); - if (Peers_CHANNEL_ROLE_SENDING == role) - { - return peer_ctx->send_channel_flags; - } - else if (Peers_CHANNEL_ROLE_RECEIVING == role) - { - return peer_ctx->recv_channel_flags; - } - else - { - GNUNET_assert (0); - } -} - /** * @brief Check whether we have information about the given peer. * @@ -1644,9 +1552,6 @@ Peers_handle_inbound_channel (void *cls, LOG (GNUNET_ERROR_TYPE_WARNING, "Already got one receive channel. Destroying old one.\n"); GNUNET_break_op (0); - set_channel_flag (peer_ctx->recv_channel_flags, - Peers_CHANNEL_ESTABLISHED_TWICE); - //GNUNET_CADET_channel_destroy (channel); GNUNET_CADET_channel_destroy (peer_ctx->recv_channel_ctx->channel); remove_channel_ctx (peer_ctx->recv_channel_ctx); peer_ctx->recv_channel_ctx = channel_ctx; @@ -2824,7 +2729,6 @@ cleanup_destroyed_channel (void *cls, { struct ChannelCtx *channel_ctx = cls; struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id; - uint32_t *channel_flag; struct PeerContext *peer_ctx; GNUNET_assert (NULL != peer); -- cgit v1.2.3 From 07a57f226261b7a78a57cc6de7e9f03738994b29 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Fri, 27 Jul 2018 20:01:28 +0200 Subject: Remove obsolete DLL for cancellations of tasks --- src/rps/gnunet-service-rps.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index 4d502713f..f48b3d85d 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -286,12 +286,6 @@ struct ChannelCtx struct GNUNET_SCHEDULER_Task *destruction_task; }; -/** - * @brief The DLL of channel contexts - */ -static struct ChannelCtx *channel_ctx_head; -static struct ChannelCtx *channel_ctx_tail; - /** * @brief Hashmap of valid peers. */ @@ -2671,7 +2665,6 @@ add_channel_ctx (struct PeerContext *peer_ctx) struct ChannelCtx *channel_ctx; channel_ctx = GNUNET_new (struct ChannelCtx); channel_ctx->peer_ctx = peer_ctx; - GNUNET_CONTAINER_DLL_insert (channel_ctx_head, channel_ctx_tail, channel_ctx); return channel_ctx; } -- cgit v1.2.3 From 88d8593d0b28b81ced737da13a9c52e39faa8ec4 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Fri, 27 Jul 2018 22:33:02 +0200 Subject: documentation: update formulations --- doc/documentation/chapters/user.texi | 182 +++++++++++++++++++++++++++-------- 1 file changed, 142 insertions(+), 40 deletions(-) diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi index 711d1d4a8..35afdf5f7 100644 --- a/doc/documentation/chapters/user.texi +++ b/doc/documentation/chapters/user.texi @@ -720,7 +720,6 @@ files. * fs-Downloading:: * fs-Publishing:: * fs-Concepts:: -* fs-Directories:: * Namespace Management:: * File-Sharing URIs:: * GTK User Interface:: @@ -851,7 +850,7 @@ $ gnunet-publish -m "description:GNU License" -k gpl -k test -m "mimetype:text/p The option @code{-k} is used to specify keywords for the file that should be inserted. You can supply any number of keywords, and each of the keywords will be sufficient to locate and -retrieve the file. Please note that you must use the @code{-k} option +retrieve the file. Please note that you must use the @code{-k} option more than once -- one for each expression you use as a keyword for the filename. @@ -911,18 +910,17 @@ able to crack the encryption (e.g. by guessing the keyword. @subsection Concepts @c %**end of header -Sharing files in GNUnet is not quite as simple as in traditional -file sharing systems. For example, it is not sufficient to just -place files into a specific directory to share them. In addition -to anonymous routing GNUnet attempts to give users a better experience -in searching for content. GNUnet uses cryptography to safely break -content into smaller pieces that can be obtained from different -sources without allowing participants to corrupt files. GNUnet -makes it difficult for an adversary to send back bogus search -results. GNUnet enables content providers to group related content -and to establish a reputation. Furthermore, GNUnet allows updates -to certain content to be made available. This section is supposed -to introduce users to the concepts that are used to achieve these goals. +For better results with filesharing it is useful to understand the +following concepts. +In addition to anonymous routing GNUnet attempts to give users a better +experience in searching for content. GNUnet uses cryptography to safely +break content into smaller pieces that can be obtained from different +sources without allowing participants to corrupt files. GNUnet makes it +difficult for an adversary to send back bogus search results. GNUnet +enables content providers to group related content and to establish a +reputation. Furthermore, GNUnet allows updates to certain content to be +made available. This section is supposed to introduce users to the +concepts that are used to achieve these goals. @menu @@ -942,10 +940,10 @@ to introduce users to the concepts that are used to achieve these goals. @c %**end of header A file in GNUnet is just a sequence of bytes. Any file-format is allowed -and the maximum file size is theoretically 264 bytes, except that it -would take an impractical amount of time to share such a file. -GNUnet itself never interprets the contents of shared files, except -when using GNU libextractor to obtain keywords. +and the maximum file size is theoretically @math{2^64 - 1} bytes, except +that it would take an impractical amount of time to share such a file. +GNUnet itself never interprets the contents of shared files, except when +using GNU libextractor to obtain keywords. @node Keywords @subsubsection Keywords @@ -975,10 +973,26 @@ it cannot be changed since it is treated just like an ordinary file by the network. Small files (of a few kilobytes) can be inlined in the directory, so that a separate download becomes unnecessary. +Directories are shared just like ordinary files. If you download a +directory with @command{gnunet-download}, you can use +@command{gnunet-directory} to list its contents. The canonical +extension for GNUnet directories when stored as files in your +local file-system is ".gnd". The contents of a directory are URIs and +meta data. +The URIs contain all the information required by +@command{gnunet-download} to retrieve the file. The meta data +typically includes the mime-type, description, a filename and +other meta information, and possibly even the full original file +(if it was small). + @node Pseudonyms @subsubsection Pseudonyms @c %**end of header +@b{Please note that the text in this subsection is outdated and needs} +@b{to be rewritten for version 0.10!} +@b{This especially concerns the terminology of Pseudonym/Ego/Identity.} + Pseudonyms in GNUnet are essentially public-private (RSA) key pairs that allow a GNUnet user to maintain an identity (which may or may not be detached from their real-life identity). GNUnet's pseudonyms are not @@ -994,6 +1008,10 @@ to copy around). @subsubsection Namespaces @c %**end of header +@b{Please note that the text in this subsection is outdated and needs} +@b{to be rewritten for version 0.10!} +@b{This especially concerns the terminology of Pseudonym/Ego/Identity.} + A namespace is a set of files that were signed by the same pseudonym. Files (or directories) that have been signed and placed into a namespace can be updated. Updates are identified as authentic if the same secret @@ -1005,11 +1023,15 @@ same entity (which does not have to be the same person). @subsubsection Advertisements @c %**end of header +@b{Please note that the text in this subsection is outdated and needs} +@b{to be rewritten for version 0.10!} +@b{This especially concerns the terminology of Pseudonym/Ego/Identity.} + Advertisements are used to notify other users about the existence of a namespace. Advertisements are propagated using the normal keyword search. When an advertisement is received (in response to a search), the namespace is added to the list of namespaces available in the namespace-search -dialogs of gnunet-fs-gtk and printed by gnunet-pseudonym. Whenever a +dialogs of gnunet-fs-gtk and printed by @code{gnunet-identity}. Whenever a namespace is created, an appropriate advertisement can be generated. The default keyword for the advertising of namespaces is "namespace". @@ -1017,7 +1039,7 @@ Note that GNUnet differentiates between your pseudonyms (the identities that you control) and namespaces. If you create a pseudonym, you will not automatically see the respective namespace. You first have to create an advertisement for the namespace and find it using keyword -search --- even for your own namespaces. The @command{gnunet-pseudonym} +search --- even for your own namespaces. The @command{gnunet-identity} tool is currently responsible for both managing pseudonyms and namespaces. This will likely change in the future to reduce the potential for confusion. @@ -1065,22 +1087,6 @@ level by one. If all blocks reach replication level zero, the selection is simply random. -@node fs-Directories -@subsection Directories -@c %**end of header - -Directories are shared just like ordinary files. If you download a -directory with @command{gnunet-download}, you can use -@command{gnunet-directory} to list its contents. The canonical -extension for GNUnet directories when stored as files in your -local file-system is ".gnd". The contents of a directory are URIs and -meta data. -The URIs contain all the information required by -@command{gnunet-download} to retrieve the file. The meta data -typically includes the mime-type, description, a filename and -other meta information, and possibly even the full original file -(if it was small). - @node Namespace Management @subsection Namespace Management @c %**end of header @@ -1088,8 +1094,8 @@ other meta information, and possibly even the full original file @b{Please note that the text in this subsection is outdated and needs} @b{to be rewritten for version 0.10!} -The gnunet-pseudonym tool can be used to create pseudonyms and -to advertise namespaces. By default, gnunet-pseudonym simply +The @code{gnunet-identity} tool can be used to create pseudonyms and +to advertise namespaces. By default, @code{gnunet-identity -D} simply lists all locally available pseudonyms. @@ -1105,6 +1111,10 @@ lists all locally available pseudonyms. @subsubsection Creating Pseudonyms @c %**end of header +@b{Please note that the text in this subsection is outdated and needs} +@b{to be rewritten for version 0.10!} +@b{This especially concerns the terminology of Pseudonym/Ego/Identity.} + With the @command{-C NICK} option it can also be used to create a new pseudonym. A pseudonym is the virtual identity of the entity in control of a namespace. Anyone can create @@ -1116,6 +1126,10 @@ used. @subsubsection Deleting Pseudonyms @c %**end of header +@b{Please note that the text in this subsection is outdated and needs} +@b{to be rewritten for version 0.10!} +@b{This especially concerns the terminology of Pseudonym/Ego/Identity.} + With the @command{-D NICK} option pseudonyms can be deleted. Once the pseudonym has been deleted it is impossible to add content to the corresponding namespace. Deleting the @@ -1126,6 +1140,10 @@ unavailable. @subsubsection Advertising namespaces @c %**end of header +@b{Please note that the text in this subsection is outdated and needs} +@b{to be rewritten for version 0.10!} +@b{This especially concerns the terminology of Pseudonym/Ego/Identity.} + Each namespace is associated with meta-data that describes the namespace. This meta-data is provided by the user at the time that the namespace is advertised. Advertisements @@ -1142,6 +1160,10 @@ the quality of the content found in it. @subsubsection Namespace names @c %**end of header +@b{Please note that the text in this subsection is outdated and needs} +@b{to be rewritten for version 0.10!} +@b{This especially concerns the terminology of Pseudonym/Ego/Identity.} + While the namespace is uniquely identified by its ID, another way to refer to the namespace is to use the NICKNAME. The NICKNAME can be freely chosen by the creator of the namespace and @@ -1153,6 +1175,10 @@ to the NICKNAME to get a unique identifier. @subsubsection Namespace root @c %**end of header +@b{Please note that the text in this subsection is outdated and needs} +@b{to be rewritten for version 0.10!} +@b{This especially concerns the terminology of Pseudonym/Ego/Identity.} + An item of particular interest in the namespace advertisement is the ROOT. The ROOT is the identifier of a designated entry in the namespace. The idea is that the ROOT can be used to advertise an @@ -1240,6 +1266,10 @@ Furthermore they must not contain '++'. @subsubsection Namespace content (sks) @c %**end of header +@b{Please note that the text in this subsection is outdated and needs} +@b{to be rewritten for version 0.10!} +@b{This especially concerns the terminology of Pseudonym/Ego/Identity.} + Namespaces are sets of files that have been approved by some (usually pseudonymous) user --- typically by that user publishing all of the files together. A file can be in many namespaces. A file is in a @@ -1440,8 +1470,8 @@ $ gnunet-identity -C "myzone" Henceforth, on your system you control the TLD ``myzone''. -All of your zones can be listed using the @command{gnunet-identity} -command line tool as well: +All of your zones can be listed (displayed) using the +@command{gnunet-identity} command line tool as well: @example $ gnunet-identity -d @@ -1590,6 +1620,18 @@ GNS currently supports the following record types: * CNAME:: * GNS2DNS:: * SOA SRV PTR and MX:: +* PLACE:: +* PHONE:: +* ID ATTR:: +* ID TOKEN:: +* ID TOKEN METADATA:: +* CREDENTIAL:: +* POLICY:: +* ATTRIBUTE:: +* ABE KEY:: +* ABE MASTER:: +* RECLAIM OIDC CLIENT:: +* RECLAIM OIDC REDIRECT:: @end menu @node NICK @@ -1761,6 +1803,66 @@ should use the ZKEY zone as the destination hostname and GNS-enabled mail servers should be configured to accept e-mails to the ZKEY-zones of all local users. +@node PLACE +@subsubsection PLACE + +Record type for a social place. + +@node PHONE +@subsubsection PHONE + +Record type for a phone (of CONVERSATION). + +@node ID ATTR +@subsubsection ID ATTR + +Record type for identity attributes (of IDENTITY). + +@node ID TOKEN +@subsubsection ID TOKEN + +Record type for an identity token (of IDENTITY-TOKEN). + +@node ID TOKEN METADATA +@subsubsection ID TOKEN METADATA + +Record type for the private metadata of an identity token (of IDENTITY-TOKEN). + +@node CREDENTIAL +@subsubsection CREDENTIAL + +Record type for credential. + +@node POLICY +@subsubsection POLICY + +Record type for policies. + +@node ATTRIBUTE +@subsubsection ATTRIBUTE + +Record type for reverse lookups. + +@node ABE KEY +@subsubsection ABE KEY + +Record type for ABE records. + +@node ABE MASTER +@subsubsection ABE MASTER + +Record type for ABE master keys. + +@node RECLAIM OIDC CLIENT +@subsubsection RECLAIM OIDC CLIENT + +Record type for reclaim OIDC clients. + +@node RECLAIM OIDC REDIRECT +@subsubsection RECLAIM OIDC REDIRECT + +Record type for reclaim OIDC redirect URIs. + @node Synchronizing with legacy DNS @subsection Synchronizing with legacy DNS -- cgit v1.2.3 From 5bd70d462b4b50afd729eb234e0c2b6a02388bea Mon Sep 17 00:00:00 2001 From: lurchi Date: Sun, 29 Jul 2018 18:18:34 +0200 Subject: GNUNET_SCHEDULER_do_work: always check if shutdown is necessary and update wakeup time --- src/util/scheduler.c | 162 +++++++++++++++++++++++++++------------------------ 1 file changed, 86 insertions(+), 76 deletions(-) diff --git a/src/util/scheduler.c b/src/util/scheduler.c index 014288944..5d3836639 100644 --- a/src/util/scheduler.c +++ b/src/util/scheduler.c @@ -2022,99 +2022,109 @@ GNUNET_SCHEDULER_do_work (struct GNUNET_SCHEDULER_Handle *sh) if (timeout.abs_value_us > now.abs_value_us) { /** - * The driver called this function before the current timeout was - * reached (and no FD tasks are ready). This can happen in the - * rare case when the system time is changed while the driver is - * waiting for the timeout, so we handle this gracefully. It might - * also be a programming error in the driver though. + * The event loop called this function before the current timeout was + * reached (and no FD tasks are ready). This is acceptable if + * + * - the system time was changed while the driver was waiting for + * the timeout + * - an external event loop called GNUnet API functions outside of + * the callbacks called in GNUNET_SCHEDULER_do_work and thus + * wasn't notified about the new timeout + * + * It might also mean we are busy-waiting because of a programming + * error in the external event loop. */ LOG (GNUNET_ERROR_TYPE_DEBUG, "GNUNET_SCHEDULER_do_work did not find any ready " "tasks and timeout has not been reached yet.\n"); - return GNUNET_NO; } - /** - * the current timeout was reached but no ready tasks were found, - * internal scheduler error! - */ - GNUNET_assert (0); - } - - /* find out which task priority level we are going to - process this time */ - max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP; - GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]); - /* yes, p>0 is correct, 0 is "KEEP" which should - * always be an empty queue (see assertion)! */ - for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--) - { - pos = ready_head[p]; - if (NULL != pos) - break; + else + { + /** + * the current timeout was reached but no ready tasks were found, + * internal scheduler error! + */ + GNUNET_assert (0); + } } - GNUNET_assert (NULL != pos); /* ready_count wrong? */ - - /* process all tasks at this priority level, then yield */ - while (NULL != (pos = ready_head[p])) + else { - GNUNET_CONTAINER_DLL_remove (ready_head[p], - ready_tail[p], - pos); - ready_count--; - current_priority = pos->priority; - current_lifeness = pos->lifeness; - active_task = pos; -#if PROFILE_DELAYS - if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us > - DELAY_THRESHOLD.rel_value_us) + /* find out which task priority level we are going to + process this time */ + max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP; + GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]); + /* yes, p>0 is correct, 0 is "KEEP" which should + * always be an empty queue (see assertion)! */ + for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--) { - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Task %p took %s to be scheduled\n", - pos, - GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time), - GNUNET_YES)); + pos = ready_head[p]; + if (NULL != pos) + break; } -#endif - tc.reason = pos->reason; - GNUNET_NETWORK_fdset_zero (sh->rs); - GNUNET_NETWORK_fdset_zero (sh->ws); - // FIXME: do we have to remove FdInfos from fds if they are not ready? - tc.fds_len = pos->fds_len; - tc.fds = pos->fds; - for (unsigned int i = 0; i != pos->fds_len; ++i) + GNUNET_assert (NULL != pos); /* ready_count wrong? */ + + /* process all tasks at this priority level, then yield */ + while (NULL != (pos = ready_head[p])) { - struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i]; - if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et)) + GNUNET_CONTAINER_DLL_remove (ready_head[p], + ready_tail[p], + pos); + ready_count--; + current_priority = pos->priority; + current_lifeness = pos->lifeness; + active_task = pos; +#if PROFILE_DELAYS + if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us > + DELAY_THRESHOLD.rel_value_us) { - GNUNET_NETWORK_fdset_set_native (sh->rs, - fdi->sock); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Task %p took %s to be scheduled\n", + pos, + GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time), + GNUNET_YES)); } - if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et)) +#endif + tc.reason = pos->reason; + GNUNET_NETWORK_fdset_zero (sh->rs); + GNUNET_NETWORK_fdset_zero (sh->ws); + // FIXME: do we have to remove FdInfos from fds if they are not ready? + tc.fds_len = pos->fds_len; + tc.fds = pos->fds; + for (unsigned int i = 0; i != pos->fds_len; ++i) { - GNUNET_NETWORK_fdset_set_native (sh->ws, - fdi->sock); + struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i]; + if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et)) + { + GNUNET_NETWORK_fdset_set_native (sh->rs, + fdi->sock); + } + if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et)) + { + GNUNET_NETWORK_fdset_set_native (sh->ws, + fdi->sock); + } } - } - tc.read_ready = sh->rs; - tc.write_ready = sh->ws; - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Running task %p\n", - pos); - GNUNET_assert (NULL != pos->callback); - pos->callback (pos->callback_cls); - if (NULL != pos->fds) - { - int del_result = scheduler_driver->del (scheduler_driver->cls, pos); - if (GNUNET_OK != del_result) + tc.read_ready = sh->rs; + tc.write_ready = sh->ws; + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Running task %p\n", + pos); + GNUNET_assert (NULL != pos->callback); + pos->callback (pos->callback_cls); + if (NULL != pos->fds) { - LOG (GNUNET_ERROR_TYPE_ERROR, - "driver could not delete task %p\n", pos); - GNUNET_assert (0); + int del_result = scheduler_driver->del (scheduler_driver->cls, pos); + if (GNUNET_OK != del_result) + { + LOG (GNUNET_ERROR_TYPE_ERROR, + "driver could not delete task %p\n", pos); + GNUNET_assert (0); + } } + active_task = NULL; + dump_backtrace (pos); + destroy_task (pos); } - active_task = NULL; - dump_backtrace (pos); - destroy_task (pos); } shutdown_if_no_lifeness (); if (0 == ready_count) -- cgit v1.2.3 From 227562cb27929112f543947204336e87da489132 Mon Sep 17 00:00:00 2001 From: dvn Date: Wed, 1 Aug 2018 12:52:33 +0200 Subject: README.md: Create a Markdown README document --- README.md | 160 +++ contrib/branding/logo/gnunet-logo-dark-text.svg | 1411 +++++++++++++++++++++++ contrib/gnunet-arch-full.svg | 648 +++++++++++ 3 files changed, 2219 insertions(+) create mode 100644 README.md create mode 100644 contrib/branding/logo/gnunet-logo-dark-text.svg create mode 100644 contrib/gnunet-arch-full.svg diff --git a/README.md b/README.md new file mode 100644 index 000000000..85b1103d6 --- /dev/null +++ b/README.md @@ -0,0 +1,160 @@ +
GNUnet
+> GNUnet is a *new* network protocol stack for building secure, distributed, and privacy-preserving applications. + +* [Install](#how-to-install-gnunet) + * [From Source](#from-source) + * [Using Docker](#docker) +* [Using GNUnet](#using-gnunet) +* [License](#license) + +How to Install GNUnet +--------------------- + +### 1. From Source + +**Dependencies** + +Install these packages. Some of them may need to be installed from source depending on your OS. + +``` +- libmicrohttpd >= 0.9.42 +- libgcrypt >= 1.6 +- libgnurl >= 7.35.0 (recommended, available from https://gnunet.org/gnurl) +- libcurl >= 7.35.0 (alternative to libgnurl) +- libunistring >= 0.9.2 +- gnutls >= 3.2.12 (highly recommended: a gnutls linked against libunbound) +- libidn >= 1.0 +- libextractor >= 0.6.1 (highly recommended) +- openssl >= 1.0 (binary, used to generate X.509 certificate) +- libltdl >= 2.2 (part of GNU libtool) +- sqlite >= 3.8 (default database, required) +- mysql >= 5.1 (alternative to sqlite) +- postgres >= 9.5 (alternative to sqlite) +- Texinfo >= 5.2 [*1] +- which (for the bootstrap script) +- gettext +- zlib +- pkg-config +``` + + +You can also install the dependencies with the [GNU Guix package manager:](https://https://www.gnu.org/software/guix/) by using the provided environment file: + +```shell +guix package -l guix-env.scm +``` + + +**Using GNU Make** + +```shell +./bootstrap # Run this to generate the configure files. +./configure # See the various flags avalable to you. +make +make install +``` + +**Using the [GNU Guix package manager:](https://https://www.gnu.org/software/guix/) ** + +```shell +# To build, run tests, and install: +guix package -f guix-env.scm + +# To skip the testing phase: +guix package -f guix-env.scm:notest +``` + + +### 2. Docker + +``` +cd docker +docker build -t gnunet . +``` + + + +## Using GNUnet + +There are many possible ways to use the subsystems of GNUnet, we will provide a few examples in this section. + + +
GNUnet Modular Architecture
+ +>***GNUnet is composed of over 30 modular subsystems*** + + + +### GNS + +*coming soon* + +### Cadet + +#### Examples + +Open a Cadet connection: + +```shell +# Node 1 +cadet -o +``` + +Conect to peer: + +```shell +# Node 2 +cadet +``` + +#### Sharing Files + +With the cli tool, you can also share files: + +```shell +# Node 1 +cadet -o > filename +``` + +```shell +# Node 2 +cadet +``` + + +VPN +--- + +Running a Hostlist Server +-------------------------- + +GNUnet Configuration +-------------------------- +### Examples + +```yaml +[transport] +OPTIONS = -L DEBUG +PLUGINS = tcp +#PLUGINS = udp + +[transport-tcp] +OPTIONS = -L DEBUG +BINDTO = 192.168.0.2 +``` + +TODO: *explain what this does and add more* + + +Philosophy +------------------------- + + +Related Projects +------------------------- + + + + pep.foundation Secushare + + \ No newline at end of file diff --git a/contrib/branding/logo/gnunet-logo-dark-text.svg b/contrib/branding/logo/gnunet-logo-dark-text.svg new file mode 100644 index 000000000..5644e0ae7 --- /dev/null +++ b/contrib/branding/logo/gnunet-logo-dark-text.svg @@ -0,0 +1,1411 @@ + + + logo for GNUnet + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + logo for GNUnet + + + Luis Felipe López Acevedo, Amirouche Boubekki, carlo von lynX + + + + + GNUnet e.V. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/contrib/gnunet-arch-full.svg b/contrib/gnunet-arch-full.svg new file mode 100644 index 000000000..766f2b855 --- /dev/null +++ b/contrib/gnunet-arch-full.svg @@ -0,0 +1,648 @@ + + + + + + +dependencies + + +voting + +voting + + +consensus + +consensus + + +voting->consensus + + + + +identity + +identity + + +voting->identity + + + + +cadet + +cadet + + +voting->cadet + + + + +secretsharing + +secretsharing + + +voting->secretsharing + + + + +consensus->cadet + + + + +set + +set + + +consensus->set + + + + +dht + +dht + + +cadet->dht + + + + +core + +core + + +cadet->core + + + + +block + +block + + +cadet->block + + + + +secretsharing->consensus + + + + +fs + +fs + + +fs->identity + + + + +fs->cadet + + + + +fs->dht + + + + +fs->core + + + + +datastore + +datastore + + +fs->datastore + + + + +ats + +ats + + +fs->ats + + + + +fs->block + + + + +dht->core + + + + +dht->block + + + + +nse + +nse + + +dht->nse + + + + +datacache + +datacache + + +dht->datacache + + + + +peerinfo + +peerinfo + + +dht->peerinfo + + + + +hello + +hello + + +dht->hello + + + + +transport + +transport + + +core->transport + + + + +exit + +exit + + +exit->cadet + + + + +tun + +tun + + +exit->tun + + + + +dnsstub + +dnsstub + + +exit->dnsstub + + + + +vpn + +vpn + + +vpn->cadet + + + + +vpn->tun + + + + +regex + +regex + + +vpn->regex + + + + +regex->dht + + + + +regex->block + + + + +pt + +pt + + +pt->cadet + + + + +pt->vpn + + + + +dns + +dns + + +pt->dns + + + + +dnsparser + +dnsparser + + +pt->dnsparser + + + + +dns->tun + + + + +dns->dnsstub + + + + +gnsrecord + +gnsrecord + + +dnsparser->gnsrecord + + + + +zonemaster + +zonemaster + + +zonemaster->dht + + + + +namestore + +namestore + + +zonemaster->namestore + + + + +namestore->identity + + + + +namestore->gnsrecord + + + + +gns + +gns + + +gns->identity + + + + +gns->dht + + + + +gns->block + + + + +gns->dnsstub + + + + +gns->vpn + + + + +gns->dns + + + + +gns->dnsparser + + + + +revocation + +revocation + + +gns->revocation + + + + +gns->gnsrecord + + + + +revocation->core + + + + +revocation->set + + + + +set->cadet + + + + +conversation + +conversation + + +conversation->cadet + + + + +conversation->gns + + + + +conversation->gnsrecord + + + + +speaker + +speaker + + +conversation->speaker + + + + +microphone + +microphone + + +conversation->microphone + + + + +nse->core + + + + +peerinfo->hello + + + + +transport->ats + + + + +transport->peerinfo + + + + +transport->hello + + + + +nat + +nat + + +transport->nat + + + + +fragmentation + +fragmentation + + +transport->fragmentation + + + + +topology + +topology + + +topology->core + + + + +topology->peerinfo + + + + +topology->hello + + + + +topology->transport + + + + +hostlist + +hostlist + + +hostlist->core + + + + +hostlist->peerinfo + + + + +hostlist->hello + + + + +scalarproduct + +scalarproduct + + +scalarproduct->cadet + + + + +scalarproduct->set + + + + +secushare + +secushare + + +social + +social + + +secushare->social + + + + +multicast + +multicast + + +multicast->cadet + + + + +psyc + +psyc + + +psyc->multicast + + + + +psycstore + +psycstore + + +psyc->psycstore + + + + +social->gns + + + + +social->psyc + + + + +rps + +rps + + +rps->core + + + + + -- cgit v1.2.3 From 34bd9d209a0886d643fa7f03908aea38ba13845d Mon Sep 17 00:00:00 2001 From: dvn Date: Wed, 1 Aug 2018 13:04:32 +0200 Subject: README.md: syntax fix, and logo resize --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 85b1103d6..b8a23c1fd 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ -
GNUnet
+
GNUnet
+ > GNUnet is a *new* network protocol stack for building secure, distributed, and privacy-preserving applications. * [Install](#how-to-install-gnunet) @@ -157,4 +158,4 @@ Related Projects pep.foundation Secushare - \ No newline at end of file + -- cgit v1.2.3 From cca76741cab20706a255d2a72b879b90dfdd40f2 Mon Sep 17 00:00:00 2001 From: dvn Date: Wed, 1 Aug 2018 13:08:50 +0200 Subject: README.md: Fix image alignment, and sizing --- README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b8a23c1fd..abaed5134 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ -
GNUnet
+

+ GNUnet +

> GNUnet is a *new* network protocol stack for building secure, distributed, and privacy-preserving applications. @@ -55,7 +57,7 @@ make make install ``` -**Using the [GNU Guix package manager:](https://https://www.gnu.org/software/guix/) ** +**Using the [GNU Guix package manager:](https://https://www.gnu.org/software/guix/)** ```shell # To build, run tests, and install: @@ -79,8 +81,9 @@ docker build -t gnunet . There are many possible ways to use the subsystems of GNUnet, we will provide a few examples in this section. - -
GNUnet Modular Architecture
+

+ GNUnet Modular Architecture +

>***GNUnet is composed of over 30 modular subsystems*** @@ -156,6 +159,6 @@ Related Projects - pep.foundation Secushare + pep.foundation Secushare -- cgit v1.2.3 From 8f2201c8fcf359623fb90d876937054e7f01cf8b Mon Sep 17 00:00:00 2001 From: dvn Date: Wed, 1 Aug 2018 14:19:41 +0200 Subject: README.md: Add file transfer via cadet usage example. --- README.md | 50 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index abaed5134..4e18660ce 100644 --- a/README.md +++ b/README.md @@ -77,22 +77,19 @@ docker build -t gnunet . -## Using GNUnet +Using GNUnet +------------- -There are many possible ways to use the subsystems of GNUnet, we will provide a few examples in this section. +There are many possible ways to use the subsystems of GNUnet, so we will provide a few examples in this section.

- GNUnet Modular Architecture + GNUnet Modular Architecture

>***GNUnet is composed of over 30 modular subsystems*** -### GNS - -*coming soon* - ### Cadet #### Examples @@ -101,14 +98,14 @@ Open a Cadet connection: ```shell # Node 1 -cadet -o +gnunet-cadet -o ``` Conect to peer: ```shell # Node 2 -cadet +gnunet-cadet ``` #### Sharing Files @@ -117,20 +114,43 @@ With the cli tool, you can also share files: ```shell # Node 1 -cadet -o > filename +gnunet-cadet -o > filename ``` +On the Node 2 we're going to send the file to Node 1, and to do this we need to make use of [coprocesses](https://www.gnu.org/software/bash/manual/html_node/Coprocesses.html). +The syntax for using coprocesses varies per shell. In our example we are assuming Bash. More info for different shells can be found [here](https://unix.stackexchange.com/questions/86270/how-do-you-use-the-command-coproc-in-various-shells) + ```shell # Node 2 -cadet +coproc gnunet-cadet +cat >&"${COPROC[1]}" ``` +Now this enables us to do some fun things, such as streaming video by piping to a media player: -VPN ---- +```shell +# Node 1 +gnunet-cadet -o | vlc - +``` -Running a Hostlist Server --------------------------- +```shell +# Node 2 +coproc gnunet-cadet +cat >&"${COPROC[1]}" +``` + +### GNS + +*coming soon* + + +### VPN + +*coming soon* + +### Running a Hostlist Server + +*coming soon* GNUnet Configuration -------------------------- -- cgit v1.2.3 From 7881dd86f0cbd6525b43390bc35a0fead7f3d3a7 Mon Sep 17 00:00:00 2001 From: dvn Date: Wed, 1 Aug 2018 14:23:49 +0200 Subject: README.md: make architecture svg larger --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4e18660ce..0173e220f 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ Using GNUnet There are many possible ways to use the subsystems of GNUnet, so we will provide a few examples in this section.

- GNUnet Modular Architecture + GNUnet Modular Architecture

>***GNUnet is composed of over 30 modular subsystems*** -- cgit v1.2.3 From 3256190f26310f367ad336f90cad460401e8c1da Mon Sep 17 00:00:00 2001 From: dvn Date: Wed, 1 Aug 2018 16:28:18 +0200 Subject: README.md: Add examples for using gnunet-fs --- README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/README.md b/README.md index 0173e220f..f52b68bab 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,15 @@ There are many possible ways to use the subsystems of GNUnet, so we will provide >***GNUnet is composed of over 30 modular subsystems*** +### Start GNUnet Services + +Before we can begin using most of the components we must start them. + +```shell +gnunet-arm --start +``` + +Now we can open up another shell and try using some of the modules. ### Cadet @@ -139,6 +148,27 @@ coproc gnunet-cadet cat >&"${COPROC[1]}" ``` +### Filesharing + +You can use GNUnet as a content-addressed storage, much like IPFS: sharing immutable files in a decentralized fashion with added privacy. + +For instance, you can get a nice cat picture with +```sh +gnunet-download gnunet://fs/loc/CB0ZX5EM1ZNNRT7AX93RVHCN1H49242DWZ4AXBTCJBAG22Z33VHYMR61J71YJXTXHEC22TNE0PRWA6D5X7NFNY2J9BNMG0SFN5DKZ0G.R48JSE2T4Y3W2AMDHZYX2MMDJC4HR0BVTJYNWJT2DGK7EQXR35DT84H9ZRAK3QTCTHDBAE1S6W16P8PCKC4HGEEKNW2T42HXF9RS1J0.1906755.J5Z3BDEG2PW332001GGZ2SSKCCSV8WDM696HNARG49X9TMABC4DG.B6Y7BCJ6B5K40EXCXASX1HQAD8MBJ9WTFWPCE3F15Q3Q4Y2PB8BKVGCS5HA4FG4484858NB74PBEE5V1638MGG7NS40A82K7QKK3G0G.1577833200 --output cat.png +``` + +You can also give files to the network, like so: + +```sh +$ echo "I love GNUnet" > ILoveGNUnet.txt +$ gnunet-publish ILoveGNUnet.txt + +Publishing `/tmp/ILoveGNUnet.txt` done. +URI is `gnunet://fs/chk/SXA4RGZWDHE4PDWD2F4XG778J4SZY3E3SNDZ9AWFRZYYBV52W1T2WQNZCF1NYAT842800SSBQ8F247TG6MX7H4S1RWZZSC8ZXGQ4YPR.AZ3B5WR1XCWCWR6W30S2365KFY7A3R5AMF5SRN3Z11R72SMVQDX3F6GXQSZMWZGM5BSYVDQEJ93CR024QAAE65CKHM52GH8MZK1BM90.14`. +``` + +The URI you get is what you can use to retrieve the file with `gnunet-download`. + ### GNS *coming soon* -- cgit v1.2.3 From d538fb055b1ba63181c779c189a5f17e796a8b4b Mon Sep 17 00:00:00 2001 From: dvn Date: Wed, 1 Aug 2018 17:24:40 +0200 Subject: docker: Add a docker quick-start directory --- docker/Dockerfile | 102 ++++++++++++++++++++++++++++++++++ docker/README.md | 130 ++++++++++++++++++++++++++++++++++++++++++++ docker/docker-entrypoint.sh | 15 +++++ docker/gnunet.conf | 21 +++++++ 4 files changed, 268 insertions(+) create mode 100644 docker/Dockerfile create mode 100644 docker/README.md create mode 100644 docker/docker-entrypoint.sh create mode 100644 docker/gnunet.conf diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 000000000..c91ce4210 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,102 @@ +FROM ubuntu:18.04 + +ENV DEBIAN_FRONTEND noninteractive + +# Install tools and dependencies +RUN apt-get update && \ + apt-get -y install --no-install-recommends \ + ca-certificates \ + libsasl2-modules \ + git \ + automake \ + autopoint \ + autoconf \ + texinfo \ + libtool \ + libltdl-dev \ + libgpg-error-dev \ + libidn11-dev \ + libunistring-dev \ + libglpk-dev \ + libbluetooth-dev \ + libextractor-dev \ + libmicrohttpd-dev \ + libgnutls28-dev \ + libgcrypt20-dev \ + libpq-dev \ + libsqlite3-dev && \ + apt-get clean all && \ + apt-get -y autoremove && \ + rm -rf \ + /var/lib/apt/lists/* \ + /tmp/* + +# Install GNUrl +ENV GNURL_GIT_URL https://git.taler.net/gnurl.git +ENV GNURL_GIT_BRANCH gnurl-7.57.0 + +RUN git clone $GNURL_GIT_URL \ + --branch $GNURL_GIT_BRANCH \ + --depth=1 \ + --quiet && \ + cd /gnurl && \ + autoreconf -i && \ + ./configure \ + --enable-ipv6 \ + --with-gnutls \ + --without-libssh2 \ + --without-libmetalink \ + --without-winidn \ + --without-librtmp \ + --without-nghttp2 \ + --without-nss \ + --without-cyassl \ + --without-polarssl \ + --without-ssl \ + --without-winssl \ + --without-darwinssl \ + --disable-sspi \ + --disable-ntlm-wb \ + --disable-ldap \ + --disable-rtsp \ + --disable-dict \ + --disable-telnet \ + --disable-tftp \ + --disable-pop3 \ + --disable-imap \ + --disable-smtp \ + --disable-gopher \ + --disable-file \ + --disable-ftp \ + --disable-smb && \ + make install && \ + cd - && \ + rm -fr /gnurl + +# Install GNUnet +ENV GNUNET_PREFIX /usr/local/gnunet +ENV CFLAGS '-g -Wall -O0' + +COPY ../ /gnunet + +RUN cd /gnunet && \ + ./bootstrap && \ + ./configure \ + --with-nssdir=/lib \ + --prefix="$GNUNET_PREFIX" \ + --enable-logging=verbose && \ + make -j3 && \ + make install && \ + ldconfig && \ + cd - && \ + rm -fr /gnunet + +# Configure GNUnet +COPY gnunet.conf /etc/gnunet.conf +COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint +RUN chmod 755 /usr/local/bin/docker-entrypoint + +ENV LOCAL_PORT_RANGE='40001 40200' +ENV PATH "$GNUNET_PREFIX/bin:/usr/local/bin:$PATH" + +ENTRYPOINT ["docker-entrypoint"] diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 000000000..4e0e6b951 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,130 @@ +# gnunet-docker +A Dockerfile (and maybe later docker-compose.yml) for getting a running GNUnet docker container. + +> This README and parts of the Dockerfile were adapted from https://github.com/compiaffe/gnunet-docker + + +## Build it +This will take quite a while and will consume a bit of data. + +```bash +docker build -t gnunet . +``` + +## Start it from the newly created gnunet image +Start a container from `gnunet` image, which can access /dev/net/tun, has access to the host network. We are going to name it `gnunet1`. + +Note the `--rm` that will delete the container as soon as you stop it and `-ti` gives you an interactive terminal. + +#### Linux Users +```bash +docker run \ + --rm \ + -ti \ + --privileged \ + --name gnunet1 \ + --net=host \ + -v /dev/net/tun:/dev/net/tun \ + gnunet +``` + +#### Mac Users +```bash +docker run \ + --rm \ + -it \ + --privileged \ + --name gnunet1 \ + -e LOCAL_PORT_RANGE='40001 40200' \ + -e GNUNET_PORT=2086 \ + -p 2086:2086 \ + -p 2086:2086/udp \ + -p40001-40200:40001-40200 \ + -p40001-40200:40001-40200/udp \ + gnunet +``` + +This terminal will keep on printing to screen at the moment. So go on in a new terminal please. + +Don't worry about warnings too much... + +## Check if you are connected +Open a new terminal and connect to the container we just started: + +```bash +docker exec -it gnunet1 gnunet-peerinfo -i +``` + +If you get a list of peers, all is good. + +## Multiple containers on the same host +### Running +#### Run Container 1 +```bash +export GPORT=2086 LPORT='40001-40200' GNAME=gnunet1 +docker run \ + --rm \ + -it \ + --privileged \ + -e GNUNET_PORT=$GPORT \ + -e LOCAL_PORT_RANGE="${LPORT/-/ }" \ + -p $GPORT:$GPORT \ + -p $GPORT:$GPORT/udp \ + -p$LPORT:$LPORT \ + -p$LPORT:$LPORT/udp \ + --name $GNAME \ + gnunet +``` + +#### Run Container 2 +```bash +export GPORT=2087 LPORT='40201-40400' GNAME=gnunet2 +docker run \ + --rm \ + -it \ + --privileged \ + -e GNUNET_PORT=$GPORT \ + -e LOCAL_PORT_RANGE="${LPORT/-/ }" \ + -p $GPORT:$GPORT \ + -p $GPORT:$GPORT/udp \ + -p$LPORT:$LPORT \ + -p$LPORT:$LPORT/udp \ + --name $GNAME \ + gnunet +``` + +### Testing cadet example +#### Container 1 +```bash +$ docker exec -it gnunet1 bash +$ gnunet-peerinfo -s +I am peer `VWPN1NZA6YMM866EJ5J2NY47XG692MQ6H6WASVECF0M18A9SCMZ0'. +$ gnunet-cadet -o asdasd +``` + +#### Container 2 +```bash +$ docker exec -it gnunet2 bash +$ gnunet-cadet VWPN1NZA6YMM866EJ5J2NY47XG692MQ6H6WASVECF0M18A9SCMZ0 asdasd +``` + +### Testing file sharing example +#### Container 1 +```bash +$ docker exec -it gnunet1 bash +$ echo 'test' > test.txt +$ gnunet-publish test.txt +Publishing `/test.txt' done. +URI is `gnunet://fs/chk/1RZ7A8TAQHMF8DWAGTSZ9CSA365T60C4BC6DDS810VM78D2Q0366CRX8DGFA29EWBT9BW5Y9HYD0Z1EAKNFNJQDJ04QQSGTQ352W28R.7MYB03GYXT17Z93ZRZRVV64AH9KPWFSVDEZGVE84YHD63XZFJ36B86M48KHTZVF87SZ05HBVB44PCXE8CVWAH72VN1SKYPRK1QN2C98.5'. +``` + +#### Container 2 +```bash +$ docker exec -it gnunet2 bash +$ gnunet-download -o out.file "gnunet://fs/chk/1RZ7A8TAQHMF8DWAGTSZ9CSA365T60C4BC6DDS810VM78D2Q0366CRX8DGFA29EWBT9BW5Y9HYD0Z1EAKNFNJQDJ04QQSGTQ352W28R.7MYB03GYXT17Z93ZRZRVV64AH9KPWFSVDEZGVE84YHD63XZFJ36B86M48KHTZVF87SZ05HBVB44PCXE8CVWAH72VN1SKYPRK1QN2C98.5" +100% [============================================================] +Downloading `out.file' done (0 b/s). +$ cat out.file +test +``` + diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh new file mode 100644 index 000000000..7f98ef68b --- /dev/null +++ b/docker/docker-entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/bash -e + +echo "${LOCAL_PORT_RANGE:-49152 65535}" > /proc/sys/net/ipv4/ip_local_port_range +sed -i 's/$GNUNET_PORT/'${GNUNET_PORT:-2086}'/g' /etc/gnunet.conf + +if [[ $# -eq 0 ]]; then + exec gnunet-arm \ + --config=/etc/gnunet.conf \ + --start \ + --monitor +elif [[ -z $1 ]] || [[ ${1:0:1} == '-' ]]; then + exec gnunet-arm "$@" +else + exec "$@" +fi diff --git a/docker/gnunet.conf b/docker/gnunet.conf new file mode 100644 index 000000000..c8299ef46 --- /dev/null +++ b/docker/gnunet.conf @@ -0,0 +1,21 @@ +[arm] +SYSTEM_ONLY = NO +USER_ONLY = NO + +[fs] +FORCESTART = NO + +[nat] +ENABLE_UPNP = NO +BEHIND_NAT = YES + +[transport-tcp] +PORT = $GNUNET_PORT +ADVERTISED_PORT = $GNUNET_PORT + +[transport-udp] +PORT = $GNUNET_PORT +BROADCAST = YES + +[cadet] +TESTING_IGNORE_KEYS = ACCEPT_FROM; -- cgit v1.2.3 From dfe12347d2c359f77d2ca732bf7aa7cb0239922e Mon Sep 17 00:00:00 2001 From: dvn Date: Thu, 2 Aug 2018 13:35:47 +0200 Subject: README.md: provide link to libmicrohttpd --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f52b68bab..e805a3170 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ How to Install GNUnet Install these packages. Some of them may need to be installed from source depending on your OS. ``` -- libmicrohttpd >= 0.9.42 +- libmicrohttpd >= 0.9.42 (available from https://www.gnu.org/software/libmicrohttpd/) - libgcrypt >= 1.6 - libgnurl >= 7.35.0 (recommended, available from https://gnunet.org/gnurl) - libcurl >= 7.35.0 (alternative to libgnurl) -- cgit v1.2.3 From d837b84241ed01cf42e95c95948224cdbf285e18 Mon Sep 17 00:00:00 2001 From: dvn Date: Thu, 2 Aug 2018 14:33:18 +0200 Subject: docker: move Dockerfile to root of repo This is because of a limitation of Docker, which requires that you run the Dockerfile from the directory in which you will copy in data. Moving it to the root of the repo allows us to COPY in the code instead of doing a 'git pull' from the container. --- Dockerfile | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ docker/Dockerfile | 102 ------------------------------------------------------ docker/README.md | 8 +++++ 3 files changed, 110 insertions(+), 102 deletions(-) create mode 100644 Dockerfile delete mode 100644 docker/Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..4fdd91f60 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,102 @@ +FROM ubuntu:18.04 + +ENV DEBIAN_FRONTEND noninteractive + +# Install tools and dependencies +RUN apt-get update && \ + apt-get -y install --no-install-recommends \ + ca-certificates \ + libsasl2-modules \ + git \ + automake \ + autopoint \ + autoconf \ + texinfo \ + libtool \ + libltdl-dev \ + libgpg-error-dev \ + libidn11-dev \ + libunistring-dev \ + libglpk-dev \ + libbluetooth-dev \ + libextractor-dev \ + libmicrohttpd-dev \ + libgnutls28-dev \ + libgcrypt20-dev \ + libpq-dev \ + libsqlite3-dev && \ + apt-get clean all && \ + apt-get -y autoremove && \ + rm -rf \ + /var/lib/apt/lists/* \ + /tmp/* + +# Install GNUrl +ENV GNURL_GIT_URL https://git.taler.net/gnurl.git +ENV GNURL_GIT_BRANCH gnurl-7.57.0 + +RUN git clone $GNURL_GIT_URL \ + --branch $GNURL_GIT_BRANCH \ + --depth=1 \ + --quiet && \ + cd /gnurl && \ + autoreconf -i && \ + ./configure \ + --enable-ipv6 \ + --with-gnutls \ + --without-libssh2 \ + --without-libmetalink \ + --without-winidn \ + --without-librtmp \ + --without-nghttp2 \ + --without-nss \ + --without-cyassl \ + --without-polarssl \ + --without-ssl \ + --without-winssl \ + --without-darwinssl \ + --disable-sspi \ + --disable-ntlm-wb \ + --disable-ldap \ + --disable-rtsp \ + --disable-dict \ + --disable-telnet \ + --disable-tftp \ + --disable-pop3 \ + --disable-imap \ + --disable-smtp \ + --disable-gopher \ + --disable-file \ + --disable-ftp \ + --disable-smb && \ + make install && \ + cd - && \ + rm -fr /gnurl + +# Install GNUnet +ENV GNUNET_PREFIX /usr/local/gnunet +ENV CFLAGS '-g -Wall -O0' + +COPY . /gnunet + +RUN cd /gnunet && \ + ./bootstrap && \ + ./configure \ + --with-nssdir=/lib \ + --prefix="$GNUNET_PREFIX" \ + --enable-logging=verbose && \ + make -j3 && \ + make install && \ + ldconfig && \ + cd - && \ + rm -fr /gnunet + +# Configure GNUnet +COPY docker/gnunet.conf /etc/gnunet.conf +COPY docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint +RUN chmod 755 /usr/local/bin/docker-entrypoint + +ENV LOCAL_PORT_RANGE='40001 40200' +ENV PATH "$GNUNET_PREFIX/bin:/usr/local/bin:$PATH" + +ENTRYPOINT ["docker-entrypoint"] diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index c91ce4210..000000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,102 +0,0 @@ -FROM ubuntu:18.04 - -ENV DEBIAN_FRONTEND noninteractive - -# Install tools and dependencies -RUN apt-get update && \ - apt-get -y install --no-install-recommends \ - ca-certificates \ - libsasl2-modules \ - git \ - automake \ - autopoint \ - autoconf \ - texinfo \ - libtool \ - libltdl-dev \ - libgpg-error-dev \ - libidn11-dev \ - libunistring-dev \ - libglpk-dev \ - libbluetooth-dev \ - libextractor-dev \ - libmicrohttpd-dev \ - libgnutls28-dev \ - libgcrypt20-dev \ - libpq-dev \ - libsqlite3-dev && \ - apt-get clean all && \ - apt-get -y autoremove && \ - rm -rf \ - /var/lib/apt/lists/* \ - /tmp/* - -# Install GNUrl -ENV GNURL_GIT_URL https://git.taler.net/gnurl.git -ENV GNURL_GIT_BRANCH gnurl-7.57.0 - -RUN git clone $GNURL_GIT_URL \ - --branch $GNURL_GIT_BRANCH \ - --depth=1 \ - --quiet && \ - cd /gnurl && \ - autoreconf -i && \ - ./configure \ - --enable-ipv6 \ - --with-gnutls \ - --without-libssh2 \ - --without-libmetalink \ - --without-winidn \ - --without-librtmp \ - --without-nghttp2 \ - --without-nss \ - --without-cyassl \ - --without-polarssl \ - --without-ssl \ - --without-winssl \ - --without-darwinssl \ - --disable-sspi \ - --disable-ntlm-wb \ - --disable-ldap \ - --disable-rtsp \ - --disable-dict \ - --disable-telnet \ - --disable-tftp \ - --disable-pop3 \ - --disable-imap \ - --disable-smtp \ - --disable-gopher \ - --disable-file \ - --disable-ftp \ - --disable-smb && \ - make install && \ - cd - && \ - rm -fr /gnurl - -# Install GNUnet -ENV GNUNET_PREFIX /usr/local/gnunet -ENV CFLAGS '-g -Wall -O0' - -COPY ../ /gnunet - -RUN cd /gnunet && \ - ./bootstrap && \ - ./configure \ - --with-nssdir=/lib \ - --prefix="$GNUNET_PREFIX" \ - --enable-logging=verbose && \ - make -j3 && \ - make install && \ - ldconfig && \ - cd - && \ - rm -fr /gnunet - -# Configure GNUnet -COPY gnunet.conf /etc/gnunet.conf -COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint -RUN chmod 755 /usr/local/bin/docker-entrypoint - -ENV LOCAL_PORT_RANGE='40001 40200' -ENV PATH "$GNUNET_PREFIX/bin:/usr/local/bin:$PATH" - -ENTRYPOINT ["docker-entrypoint"] diff --git a/docker/README.md b/docker/README.md index 4e0e6b951..ce05012fc 100644 --- a/docker/README.md +++ b/docker/README.md @@ -7,6 +7,14 @@ A Dockerfile (and maybe later docker-compose.yml) for getting a running GNUnet d ## Build it This will take quite a while and will consume a bit of data. +First you need to go to the root of this repo. + +```bash +cd .. +``` + +Now you can build the image. + ```bash docker build -t gnunet . ``` -- cgit v1.2.3 From dc76b749974a4c9dc44b4e6def578e6859f879ff Mon Sep 17 00:00:00 2001 From: dvn Date: Thu, 2 Aug 2018 15:01:41 +0200 Subject: README.md: add section on VPN usage This section and filesharing are almost verbatim copies of a tutorial wldhx made half-a-year ago. --- README.md | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 60 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e805a3170..e0ec41b9d 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,6 @@ guix package -f guix-env.scm:notest ### 2. Docker ``` -cd docker docker build -t gnunet . ``` @@ -176,7 +175,64 @@ The URI you get is what you can use to retrieve the file with `gnunet-download`. ### VPN -*coming soon* +#### "Half-hidden" services + +You can tunnel IP traffic through GNUnet allowing you to offer web, SSH, messaging or other servers without revealing your IP address. + +This is similar to Tor's Hidden (aka Onion) services, but currently does not provide as much privacy as onion routing isn't yet implemented; on the other hand, you can tunnel UDP, unlike Tor. + +#### Configuring server + +First, set up access from GNUnet to IP with `exit`: + +`gnunet.conf`: +``` +[exit] +FORCESTART = YES +EXIT_IPV4 = YES +EXIT_RANGE_IPV4_POLICY = 169.254.86.1; +``` + +Exit, by the way can also be used as a general-purpose IP proxy i.e. exit relay but here we restrict IPs to be accessed to those we'll be serving stuff on only. + +Then, start up a server to be shared. For the sake of example, + +```sh +python3 -m http.server 8080 +``` + +Now to configure the actual "half-hidden service". The config syntax is as follows: + +```sh +[.gnunet.] +TCP_REDIRECTS = :: +``` + +...which for our example would be + +```sh +[myhttptest.gnunet.] +TCP_REDIRECTS = 80:169.254.86.1:8080 +``` + +Local IP can be anything (if allowed by other configuration) but a localhost address (in other words, you can't bind a hidden service to the loopback interface and say 127.0.0.1 in `TCP_REDIRECTS`). The packets will appear as coming from the exit TUN interface to whatever address is configured in `TCP_REDIRECTS` (unlike SSH local forwarding, where the packets appear as coming from the loopback interface) and so they will not be forwarded to 127.0.0.1. + +You can share access to this service with a peer id, shared secret and IP port numbler: here `gnunet-peerinfo -s`, `myhttptest` and `80` respectively. + +#### Connecting + +`gnunet-vpn` gives you ephemeral IPs to connect to if you tell it a peer id and a shared secret, like so: + +```sh +$ gnunet-vpn -p N7R25J8ADR553EPW0NFWNCXK9V80RVCP69QJ47XMT82VKAR7Y300 -t -s myhttptest +10.11.139.20 + +# And just connect to the given IP +$ wget 10.11.139.20 +Connecting to 10.11.139.20:80... connected. +``` + +(You can try it out with your browser too.) ### Running a Hostlist Server @@ -203,12 +259,10 @@ TODO: *explain what this does and add more* Philosophy ------------------------- +GNUnet is made for an open society: It's a self-organizing network and it's [http://www.gnu.org/philosophy/free-sw.html](free software) as in freedom. GNUnet puts you in control of your data. You determine which data to share with whom, and you're not pressured to accept compromises. + Related Projects ------------------------- - - pep.foundation Secushare - - -- cgit v1.2.3 From bbcc293821aecf82003de2305942e1350e5e8693 Mon Sep 17 00:00:00 2001 From: dvn Date: Thu, 2 Aug 2018 15:07:11 +0200 Subject: README.md: er, not ssh -- bring back rsh! --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e0ec41b9d..3f40b3d87 100644 --- a/README.md +++ b/README.md @@ -177,7 +177,7 @@ The URI you get is what you can use to retrieve the file with `gnunet-download`. #### "Half-hidden" services -You can tunnel IP traffic through GNUnet allowing you to offer web, SSH, messaging or other servers without revealing your IP address. +You can tunnel IP traffic through GNUnet allowing you to offer web, [rsh](https://linux.die.net/man/1/rsh), messaging or other servers without revealing your IP address. This is similar to Tor's Hidden (aka Onion) services, but currently does not provide as much privacy as onion routing isn't yet implemented; on the other hand, you can tunnel UDP, unlike Tor. -- cgit v1.2.3 From 7bd650c1a944be9e772a907cb269ac0b50f98de2 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 6 Aug 2018 14:34:56 +0200 Subject: add copying rest plugin --- src/rest/Makefile.am | 14 +++ src/rest/plugin_rest_copying.c | 233 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 247 insertions(+) create mode 100644 src/rest/plugin_rest_copying.c diff --git a/src/rest/Makefile.am b/src/rest/Makefile.am index ebfb98024..848b7101c 100644 --- a/src/rest/Makefile.am +++ b/src/rest/Makefile.am @@ -29,6 +29,20 @@ libexec_PROGRAMS = \ EXTRA_DIST = \ rest.conf +plugin_LTLIBRARIES = libgnunet_plugin_rest_copying.la + +libgnunet_plugin_rest_copying_la_SOURCES = \ + plugin_rest_copying.c +libgnunet_plugin_rest_copying_la_LIBADD = \ + $(top_builddir)/src/rest/libgnunetrest.la \ + $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ + $(top_builddir)/src/jsonapi/libgnunetjsonapiutils.la \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ + $(LTLIBINTL) -ljansson -lmicrohttpd +libgnunet_plugin_rest_copying_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + + gnunet_rest_server_SOURCES = \ gnunet-rest-server.c diff --git a/src/rest/plugin_rest_copying.c b/src/rest/plugin_rest_copying.c new file mode 100644 index 000000000..f6a085c03 --- /dev/null +++ b/src/rest/plugin_rest_copying.c @@ -0,0 +1,233 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2018 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + */ +/** + * @author Martin Schanzenbach + * @file gns/plugin_rest_copying.c + * @brief REST plugin that serves licensing information. + * + */ + +#include "platform.h" +#include "gnunet_rest_plugin.h" +#include +#include +#include + +#define GNUNET_REST_API_NS_COPYING "/copying" + +#define GNUNET_REST_COPYING_TEXT "GNU Affero General Public License version 3 or later. See also: " + +/** + * @brief struct returned by the initialization function of the plugin + */ +struct Plugin +{ + const struct GNUNET_CONFIGURATION_Handle *cfg; +}; + +const struct GNUNET_CONFIGURATION_Handle *cfg; + +struct RequestHandle +{ + /** + * Handle to rest request + */ + struct GNUNET_REST_RequestHandle *rest_handle; + + /** + * The plugin result processor + */ + GNUNET_REST_ResultProcessor proc; + + /** + * The closure of the result processor + */ + void *proc_cls; + + /** + * HTTP response code + */ + int response_code; + +}; + + +/** + * Cleanup request handle. + * + * @param handle Handle to clean up + */ +static void +cleanup_handle (struct RequestHandle *handle) +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cleaning up\n"); + GNUNET_free (handle); +} + + +/** + * Task run on shutdown. Cleans up everything. + * + * @param cls unused + * @param tc scheduler context + */ +static void +do_error (void *cls) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + + resp = GNUNET_REST_create_response (NULL); + handle->proc (handle->proc_cls, resp, handle->response_code); + cleanup_handle (handle); +} + + +/** + * Handle rest request + * + * @param handle the lookup handle + */ +static void +get_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + struct MHD_Response *resp; + struct RequestHandle *handle = cls; + + resp = GNUNET_REST_create_response (GNUNET_REST_COPYING_TEXT); + handle->proc (handle->proc_cls, + resp, + MHD_HTTP_OK); + cleanup_handle (handle); +} + + + +/** + * Handle rest request + * + * @param handle the lookup handle + */ +static void +options_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + struct MHD_Response *resp; + struct RequestHandle *handle = cls; + + resp = GNUNET_REST_create_response (NULL); + MHD_add_response_header (resp, + "Access-Control-Allow-Methods", + MHD_HTTP_METHOD_GET); + handle->proc (handle->proc_cls, + resp, + MHD_HTTP_OK); + cleanup_handle (handle); +} + + +/** + * Function processing the REST call + * + * @param method HTTP method + * @param url URL of the HTTP request + * @param data body of the HTTP request (optional) + * @param data_size length of the body + * @param proc callback function for the result + * @param proc_cls closure for @a proc + * @return #GNUNET_OK if request accepted + */ +static void +rest_copying_process_request (struct GNUNET_REST_RequestHandle *conndata_handle, + GNUNET_REST_ResultProcessor proc, + void *proc_cls) +{ + static const struct GNUNET_REST_RequestHandler handlers[] = { + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_COPYING, &get_cont}, + {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_COPYING, &options_cont}, + GNUNET_REST_HANDLER_END + }; + struct RequestHandle *handle = GNUNET_new (struct RequestHandle); + struct GNUNET_REST_RequestHandlerError err; + + handle->proc_cls = proc_cls; + handle->proc = proc; + handle->rest_handle = conndata_handle; + + if (GNUNET_NO == GNUNET_JSONAPI_handle_request (conndata_handle, + handlers, + &err, + handle)) + { + handle->response_code = err.error_code; + GNUNET_SCHEDULER_add_now (&do_error, handle); + } +} + + +/** + * Entry point for the plugin. + * + * @param cls the "struct GNUNET_NAMESTORE_PluginEnvironment*" + * @return NULL on error, otherwise the plugin context + */ +void * +libgnunet_plugin_rest_copying_init (void *cls) +{ + static struct Plugin plugin; + cfg = cls; + struct GNUNET_REST_Plugin *api; + + if (NULL != plugin.cfg) + return NULL; /* can only initialize once! */ + memset (&plugin, 0, sizeof (struct Plugin)); + plugin.cfg = cfg; + api = GNUNET_new (struct GNUNET_REST_Plugin); + api->cls = &plugin; + api->name = GNUNET_REST_API_NS_COPYING; + api->process_request = &rest_copying_process_request; + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + _("COPYING REST API initialized\n")); + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the plugin context (as returned by "init") + * @return always NULL + */ +void * +libgnunet_plugin_rest_copying_done (void *cls) +{ + struct GNUNET_REST_Plugin *api = cls; + struct Plugin *plugin = api->cls; + + plugin->cfg = NULL; + GNUNET_free (api); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "COPYING REST plugin is finished\n"); + return NULL; +} + +/* end of plugin_rest_copying.c */ -- cgit v1.2.3 From 070a1c2e37fe8930bad59cbd06d6a0f55a8364f0 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 6 Aug 2018 16:05:57 +0200 Subject: ensure ego identifiers are lowercase --- src/identity/gnunet-service-identity.c | 49 +++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/src/identity/gnunet-service-identity.c b/src/identity/gnunet-service-identity.c index 6b8e21806..266f5ccc3 100644 --- a/src/identity/gnunet-service-identity.c +++ b/src/identity/gnunet-service-identity.c @@ -371,11 +371,12 @@ handle_get_default_message (void *cls, struct GNUNET_MQ_Envelope *env; struct GNUNET_SERVICE_Client *client = cls; struct Ego *ego; - const char *name; + char *name; char *identifier; - name = (const char *) &gdm[1]; + name = GNUNET_strdup ((const char *) &gdm[1]); + GNUNET_STRINGS_utf8_tolower ((const char *) &gdm[1], name); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received GET_DEFAULT for service `%s' from client\n", name); @@ -387,6 +388,7 @@ handle_get_default_message (void *cls, { send_result_code (client, 1, gettext_noop ("no default known")); GNUNET_SERVICE_client_continue (client); + GNUNET_free (name); return; } for (ego = ego_head; NULL != ego; ego = ego->next) @@ -399,6 +401,7 @@ handle_get_default_message (void *cls, GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client), env); GNUNET_SERVICE_client_continue (client); GNUNET_free (identifier); + GNUNET_free (name); return; } } @@ -406,6 +409,7 @@ handle_get_default_message (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Failed to find ego `%s'\n", name); + GNUNET_free (name); send_result_code (client, 1, gettext_noop ("default configured, but ego unknown (internal error)")); GNUNET_SERVICE_client_continue (client); @@ -477,9 +481,11 @@ handle_set_default_message (void *cls, { struct Ego *ego; struct GNUNET_SERVICE_Client *client = cls; - const char *str; + char *str; + + str = GNUNET_strdup ((const char *) &sdm[1]); + GNUNET_STRINGS_utf8_tolower ((const char *) &sdm[1], str); - str = (const char *) &sdm[1]; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received SET_DEFAULT for service `%s' from client\n", str); @@ -500,10 +506,12 @@ handle_set_default_message (void *cls, subsystem_cfg_file); send_result_code (client, 0, NULL); GNUNET_SERVICE_client_continue (client); + GNUNET_free (str); return; } } send_result_code (client, 1, _("Unknown ego specified for service (internal error)")); + GNUNET_free (str); GNUNET_SERVICE_client_continue (client); } @@ -585,12 +593,13 @@ handle_create_message (void *cls, { struct GNUNET_SERVICE_Client *client = cls; struct Ego *ego; - const char *str; + char *str; char *fn; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received CREATE message from client\n"); - str = (const char *) &crm[1]; + str = GNUNET_strdup ((const char *) &crm[1]); + GNUNET_STRINGS_utf8_tolower ((const char *) &crm[1], str); for (ego = ego_head; NULL != ego; ego = ego->next) { if (0 == strcmp (ego->identifier, @@ -598,6 +607,7 @@ handle_create_message (void *cls, { send_result_code (client, 1, gettext_noop ("identifier already in use for another ego")); GNUNET_SERVICE_client_continue (client); + GNUNET_free (str); return; } } @@ -620,6 +630,7 @@ handle_create_message (void *cls, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", fn); GNUNET_free (fn); + GNUNET_free (str); notify_listeners (ego); GNUNET_SERVICE_client_continue (client); } @@ -726,18 +737,22 @@ handle_rename_message (void *cls, { uint16_t old_name_len; struct Ego *ego; - const char *old_name; - const char *new_name; + char *old_name; + char *new_name; struct RenameContext rename_ctx; struct GNUNET_SERVICE_Client *client = cls; char *fn_old; char *fn_new; + const char *old_name_tmp; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received RENAME message from client\n"); old_name_len = ntohs (rm->old_name_len); - old_name = (const char *) &rm[1]; - new_name = &old_name[old_name_len]; + old_name_tmp = (const char *) &rm[1]; + old_name = GNUNET_strdup (old_name_tmp); + GNUNET_STRINGS_utf8_tolower (old_name_tmp, old_name); + new_name = GNUNET_strdup (&old_name_tmp[old_name_len]); + GNUNET_STRINGS_utf8_tolower (&old_name_tmp[old_name_len], old_name); /* check if new name is already in use */ for (ego = ego_head; NULL != ego; ego = ego->next) @@ -747,6 +762,8 @@ handle_rename_message (void *cls, { send_result_code (client, 1, gettext_noop ("target name already exists")); GNUNET_SERVICE_client_continue (client); + GNUNET_free (old_name); + GNUNET_free (new_name); return; } } @@ -776,6 +793,8 @@ handle_rename_message (void *cls, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "rename", fn_old); GNUNET_free (fn_old); GNUNET_free (fn_new); + GNUNET_free (old_name); + GNUNET_free (new_name); notify_listeners (ego); send_result_code (client, 0, NULL); GNUNET_SERVICE_client_continue (client); @@ -785,6 +804,8 @@ handle_rename_message (void *cls, /* failed to locate old name */ send_result_code (client, 1, gettext_noop ("no matching ego found")); + GNUNET_free (old_name); + GNUNET_free (new_name); GNUNET_SERVICE_client_continue (client); } @@ -868,13 +889,15 @@ handle_delete_message (void *cls, const struct DeleteMessage *dm) { struct Ego *ego; - const char *name; + char *name; char *fn; struct GNUNET_SERVICE_Client *client = cls; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received DELETE message from client\n"); - name = (const char *) &dm[1]; + name = GNUNET_strdup ((const char *) &dm[1]); + GNUNET_STRINGS_utf8_tolower ((const char *) &dm[1], name); + for (ego = ego_head; NULL != ego; ego = ego->next) { if (0 == strcmp (ego->identifier, @@ -901,6 +924,7 @@ handle_delete_message (void *cls, notify_listeners (ego); GNUNET_free (ego->pk); GNUNET_free (ego); + GNUNET_free (name); send_result_code (client, 0, NULL); GNUNET_SERVICE_client_continue (client); return; @@ -908,6 +932,7 @@ handle_delete_message (void *cls, } send_result_code (client, 1, gettext_noop ("no matching ego found")); + GNUNET_free (name); GNUNET_SERVICE_client_continue (client); } -- cgit v1.2.3 From fcaa5854af792cad00c36ed1fd1c4e7fc2602f65 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 6 Aug 2018 16:36:58 +0200 Subject: remove jsonapi dep from copying --- src/rest/Makefile.am | 4 +--- src/rest/plugin_rest_copying.c | 10 ++++------ 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/src/rest/Makefile.am b/src/rest/Makefile.am index 848b7101c..ce0454d53 100644 --- a/src/rest/Makefile.am +++ b/src/rest/Makefile.am @@ -35,10 +35,8 @@ libgnunet_plugin_rest_copying_la_SOURCES = \ plugin_rest_copying.c libgnunet_plugin_rest_copying_la_LIBADD = \ $(top_builddir)/src/rest/libgnunetrest.la \ - $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ - $(top_builddir)/src/jsonapi/libgnunetjsonapiutils.la \ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ - $(LTLIBINTL) -ljansson -lmicrohttpd + $(LTLIBINTL) -lmicrohttpd libgnunet_plugin_rest_copying_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) diff --git a/src/rest/plugin_rest_copying.c b/src/rest/plugin_rest_copying.c index f6a085c03..668dc5d38 100644 --- a/src/rest/plugin_rest_copying.c +++ b/src/rest/plugin_rest_copying.c @@ -24,9 +24,7 @@ #include "platform.h" #include "gnunet_rest_plugin.h" -#include #include -#include #define GNUNET_REST_API_NS_COPYING "/copying" @@ -173,10 +171,10 @@ rest_copying_process_request (struct GNUNET_REST_RequestHandle *conndata_handle, handle->proc = proc; handle->rest_handle = conndata_handle; - if (GNUNET_NO == GNUNET_JSONAPI_handle_request (conndata_handle, - handlers, - &err, - handle)) + if (GNUNET_NO == GNUNET_REST_handle_request (conndata_handle, + handlers, + &err, + handle)) { handle->response_code = err.error_code; GNUNET_SCHEDULER_add_now (&do_error, handle); -- cgit v1.2.3 From b3932f39b028d5db0d2e641e8593679c657b6bd1 Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Tue, 7 Aug 2018 16:02:36 +0200 Subject: Restructure removal of peers during shutdown (rps service) --- src/rps/gnunet-service-rps.c | 114 ++++++++++++++++++++++++------------------- 1 file changed, 64 insertions(+), 50 deletions(-) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index f48b3d85d..21963ee42 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -68,6 +68,7 @@ static struct GNUNET_STATISTICS_Handle *stats; */ static struct GNUNET_PeerIdentity own_identity; +static int in_shutdown = GNUNET_NO; /** * @brief Port used for cadet. @@ -1271,7 +1272,30 @@ destroy_channel (void *cls); static void -schedule_channel_destruction (struct ChannelCtx *channel_ctx); +schedule_channel_destruction (struct ChannelCtx *channel_ctx) +{ + GNUNET_assert (NULL != channel_ctx); + if (NULL != channel_ctx->destruction_task && + GNUNET_NO == in_shutdown) + { + channel_ctx->destruction_task = + GNUNET_SCHEDULER_add_now (destroy_channel, channel_ctx); + } +} + + +static void +schedule_peer_destruction (struct PeerContext *peer_ctx) +{ + GNUNET_assert (NULL != peer_ctx); + if (NULL != peer_ctx->destruction_task && + GNUNET_NO == in_shutdown) + { + peer_ctx->destruction_task = + GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); + } +} + /** * @brief Remove peer @@ -1285,6 +1309,8 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) { struct PeerContext *peer_ctx; + GNUNET_assert (NULL != peer_map); + if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (peer_map, peer)) { return GNUNET_NO; @@ -1296,35 +1322,13 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) "Going to remove peer %s\n", GNUNET_i2s (&peer_ctx->peer_id)); Peers_unset_peer_flag (peer, Peers_ONLINE); - /* Do we still have to wait for destruction of channels - * or issue the destruction? */ - if (NULL != peer_ctx->send_channel_ctx && - NULL != peer_ctx->send_channel_ctx->destruction_task) - { - GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); - return GNUNET_NO; - } - if (NULL != peer_ctx->recv_channel_ctx && - NULL != peer_ctx->recv_channel_ctx->destruction_task) - { - GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); - return GNUNET_NO; - } - if (NULL != peer_ctx->recv_channel_ctx) - { - schedule_channel_destruction (peer_ctx->recv_channel_ctx); - GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); - return GNUNET_NO; - } - if (NULL != peer_ctx->send_channel_ctx) - { - schedule_channel_destruction (peer_ctx->send_channel_ctx); - GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); - return GNUNET_NO; - } + /* Clear list of pending operations */ // TODO this probably leaks memory + // ('only' the cls to the function. Not sure what to do with it) GNUNET_array_grow (peer_ctx->pending_ops, peer_ctx->num_pending_ops, 0); + + /* Remove all pending messages */ while (NULL != peer_ctx->pending_messages_head) { LOG (GNUNET_ERROR_TYPE_DEBUG, @@ -1341,6 +1345,7 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) } remove_pending_message (peer_ctx->pending_messages_head, GNUNET_YES); } + /* If we are still waiting for notification whether this peer is live * cancel the according task */ if (NULL != peer_ctx->liveliness_check_pending) @@ -1354,6 +1359,35 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) peer_ctx->liveliness_check_pending = NULL; } + + /* Do we still have to wait for destruction of channels + * or issue the destruction? */ + if (NULL != peer_ctx->send_channel_ctx && + NULL != peer_ctx->send_channel_ctx->destruction_task + ) + { + schedule_peer_destruction (peer_ctx); + return GNUNET_NO; + } + if (NULL != peer_ctx->recv_channel_ctx && + NULL != peer_ctx->recv_channel_ctx->destruction_task) + { + schedule_peer_destruction (peer_ctx); + return GNUNET_NO; + } + if (NULL != peer_ctx->recv_channel_ctx) + { + schedule_channel_destruction (peer_ctx->recv_channel_ctx); + schedule_peer_destruction (peer_ctx); + return GNUNET_NO; + } + if (NULL != peer_ctx->send_channel_ctx) + { + schedule_channel_destruction (peer_ctx->send_channel_ctx); + schedule_peer_destruction (peer_ctx); + return GNUNET_NO; + } + if (NULL != peer_ctx->destruction_task) { GNUNET_SCHEDULER_cancel (peer_ctx->destruction_task); @@ -1367,16 +1401,6 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer) return GNUNET_YES; } -static void -schedule_peer_ctx_destruction (struct PeerContext *peer_ctx) -{ - GNUNET_assert (NULL != peer_ctx); - if (NULL == peer_ctx->destruction_task) - { - GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx); - } -} - /** * @brief set flags on a given peer. * @@ -1668,18 +1692,6 @@ destroy_channel (void *cls) remove_channel_ctx (peer_ctx->send_channel_ctx); } -static void -schedule_channel_destruction (struct ChannelCtx *channel_ctx) -{ - GNUNET_assert (NULL != channel_ctx); - if (NULL != channel_ctx->destruction_task) - { - channel_ctx->destruction_task = - GNUNET_SCHEDULER_add_now (destroy_channel, channel_ctx); - } -} - - /** * This is called when a channel is destroyed. * @@ -2609,7 +2621,7 @@ remove_peer (const struct GNUNET_PeerIdentity *peer) CustomPeerMap_remove_peer (push_map, peer); RPS_sampler_reinitialise_by_value (prot_sampler, peer); RPS_sampler_reinitialise_by_value (client_sampler, peer); - schedule_peer_ctx_destruction (get_peer_ctx (peer)); + schedule_peer_destruction (get_peer_ctx (peer)); } @@ -4085,6 +4097,8 @@ shutdown_task (void *cls) struct ClientContext *client_ctx; struct ReplyCls *reply_cls; + in_shutdown = GNUNET_YES; + LOG (GNUNET_ERROR_TYPE_DEBUG, "RPS is going down\n"); -- cgit v1.2.3 From 6f78cbe8ca06b0c6333436864974ffe4c970a7e6 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 10:32:31 +0200 Subject: use to_string for attribute --- src/reclaim/gnunet-reclaim.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index 9947eac6d..68a37b704 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -341,8 +341,11 @@ iter_cb (void *cls, } GNUNET_free (attrs_tmp); } else if (list) { + attr_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, + attr->data, + attr->data_size); GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "%s: %s\n", attr->name, (char*)attr->data); + "%s: %s\n", attr->name, attr_str); } GNUNET_RECLAIM_get_attributes_next (attr_iterator); } -- cgit v1.2.3 From 4b691472077b84f1986f0fed678ffe0aed6f6d42 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 10:54:21 +0200 Subject: update --- doc/documentation/chapters/user.texi | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi index 35afdf5f7..50b795197 100644 --- a/doc/documentation/chapters/user.texi +++ b/doc/documentation/chapters/user.texi @@ -1920,17 +1920,17 @@ $ gnunet-identity -C "username" Henceforth, you can manage a new user profile of the user ``username''. -To add an email address to your user profile, simply use the @command{gnunet-idp} command line tool:: +To add an email address to your user profile, simply use the @command{gnunet-reclaim} command line tool:: @example -$ gnunet-idp -e "username" -a "email" -V "username@@example.gnunet" +$ gnunet-reclaim -e "username" -a "email" -V "username@@example.gnunet" @end example -All of your attributes can be listed using the @command{gnunet-idp} +All of your attributes can be listed using the @command{gnunet-reclaim} command line tool as well: @example -$ gnunet-idp -e "username" -D +$ gnunet-reclaim -e "username" -D @end example Currently, and by default, attribute values are interpreted as plain text. @@ -1942,7 +1942,7 @@ In the future there might be more value types such as X.509 certificate credenti If you want to allow a third party such as a website or friend to access to your attributes (or a subset thereof) execute: @example -$ gnunet-idp -e "username" -r "PKEY" -i "attribute1,attribute2,..." +$ gnunet-reclaim -e "username" -r "PKEY" -i "attribute1,attribute2,..." @end example Where "PKEY" is the public key of the third party and "attribute1,attribute2,..." is a comma-separated list of attribute names, such as "email", that you want to share. @@ -1953,7 +1953,7 @@ You must give this "ticket" to the requesting third party. The third party can then retrieve your shared identity attributes using: @example -$ gnunet-idp -e "friend" -C "ticket" +$ gnunet-reclaim -e "friend" -C "ticket" @end example This will retrieve and list the shared identity attributes. @@ -1962,7 +1962,7 @@ Further, the "ticket" can be re-used later to retrieve up-to-date attributes in To list all given authorizations (tickets) you can execute: @example -$ gnunet-idp -e "friend" -T (TODO there is only a REST API for this ATM) +$ gnunet-reclaim -e "friend" -T (TODO there is only a REST API for this ATM) @end example -- cgit v1.2.3 From 26bf151b590d18c360ca9bb77890fbd2d79775f3 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 11:10:46 +0200 Subject: fix ego not found --- src/reclaim/gnunet-reclaim.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index 68a37b704..33bad662d 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -357,6 +357,7 @@ ego_iter_finished (void *cls) { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Ego %s not found\n", ego_name); + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; } -- cgit v1.2.3 From 6b82442f874cbabaaf19e8c558584ceca734cff6 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 11:23:07 +0200 Subject: Apparently ignoring return values from add_now is almost always a bug --- src/reclaim/gnunet-reclaim.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index 33bad662d..ecc81fb8e 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -134,9 +134,15 @@ static struct GNUNET_TIME_Relative exp_interval; */ static struct GNUNET_SCHEDULER_Task *timeout; +/** + * Cleanup task + */ +static struct GNUNET_SCHEDULER_Task *cleanup_task; + static void do_cleanup(void *cls) { + cleanup_task = NULL; if (NULL != timeout) GNUNET_SCHEDULER_cancel (timeout); if (NULL != reclaim_op) @@ -166,7 +172,7 @@ ticket_issue_cb (void* cls, ticket_str); GNUNET_free (ticket_str); } - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } static void @@ -179,7 +185,7 @@ store_attr_cont (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", emsg); } - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } static void @@ -191,7 +197,7 @@ process_attrs (void *cls, if (NULL == identity) { reclaim_op = NULL; - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; } if (NULL == attr) @@ -213,7 +219,7 @@ iter_error (void *cls) attr_iterator = NULL; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over attributes\n"); - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } static void @@ -223,7 +229,8 @@ timeout_task (void *cls) ret = 1; GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Timeout\n"); - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + if (NULL == cleanup_task) + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } static void @@ -236,7 +243,7 @@ process_rvk (void *cls, int success, const char* msg) "Revocation failed.\n"); ret = 1; } - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } static void @@ -250,7 +257,7 @@ iter_finished (void *cls) attr_iterator = NULL; if (list) { - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; } @@ -308,7 +315,7 @@ iter_finished (void *cls) NULL); return; } - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } static void @@ -351,13 +358,13 @@ iter_cb (void *cls, } static void -ego_iter_finished (void *cls) +start_get_attributes () { if (NULL == pkey) { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Ego %s not found\n", ego_name); - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; } @@ -402,7 +409,7 @@ ego_cb (void *cls, if (NULL == name) { if (GNUNET_YES == init) { init = GNUNET_NO; - GNUNET_SCHEDULER_add_now (&ego_iter_finished, NULL); + start_get_attributes(); } return; } -- cgit v1.2.3 From 8f6ad409fd2c25119453eab7b741428584fa8f80 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 12:58:48 +0200 Subject: fix case insensitivity --- src/reclaim-attribute/reclaim_attribute.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/reclaim-attribute/reclaim_attribute.c b/src/reclaim-attribute/reclaim_attribute.c index 74d668ea8..1ffa9618f 100644 --- a/src/reclaim-attribute/reclaim_attribute.c +++ b/src/reclaim-attribute/reclaim_attribute.c @@ -218,23 +218,27 @@ GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name, { struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr; char *write_ptr; + char *attr_name_tmp = GNUNET_strdup (attr_name); + + GNUNET_STRINGS_utf8_tolower (attr_name, attr_name_tmp); attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim) + - strlen (attr_name) + 1 + + strlen (attr_name_tmp) + 1 + data_size); attr->type = type; attr->data_size = data_size; attr->version = 0; write_ptr = (char*)&attr[1]; GNUNET_memcpy (write_ptr, - attr_name, - strlen (attr_name) + 1); + attr_name_tmp, + strlen (attr_name_tmp) + 1); attr->name = write_ptr; write_ptr += strlen (attr->name) + 1; GNUNET_memcpy (write_ptr, data, data_size); attr->data = write_ptr; + GNUNET_free (attr_name_tmp); return attr; } -- cgit v1.2.3 From 9c164a60e4e3d6fadfd85cdd8d3def851c37d0de Mon Sep 17 00:00:00 2001 From: Julius Bünger Date: Thu, 9 Aug 2018 13:54:10 +0200 Subject: Add docstrings to recently introduced functions --- src/rps/gnunet-service-rps.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c index 21963ee42..d601ac7d4 100644 --- a/src/rps/gnunet-service-rps.c +++ b/src/rps/gnunet-service-rps.c @@ -1257,6 +1257,11 @@ Peers_get_channel_flag (const struct GNUNET_PeerIdentity *peer, int Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags); +/** + * @brief Callback for the scheduler to destroy the knowledge of a peer. + * + * @param cls Context of the peer + */ static void destroy_peer (void *cls) { @@ -1271,6 +1276,13 @@ static void destroy_channel (void *cls); +/** + * @brief Schedule the destruction of the given channel. + * + * Do so only if it was not already scheduled and not during shutdown. + * + * @param channel_ctx The context of the channel to destroy. + */ static void schedule_channel_destruction (struct ChannelCtx *channel_ctx) { @@ -1284,6 +1296,13 @@ schedule_channel_destruction (struct ChannelCtx *channel_ctx) } +/** + * @brief Schedule the destruction of the given peer. + * + * Do so only if it was not already scheduled and not during shutdown. + * + * @param peer_ctx The context of the peer to destroy. + */ static void schedule_peer_destruction (struct PeerContext *peer_ctx) { @@ -1678,6 +1697,11 @@ Peers_destroy_sending_channel (const struct GNUNET_PeerIdentity *peer) return GNUNET_NO; } +/** + * @brief Callback for scheduler to destroy a channel + * + * @param cls Context of the channel + */ static void destroy_channel (void *cls) { -- cgit v1.2.3 From 3c4c38d3b0b058d7037321af148c5ad2fedb3a0f Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 14:22:40 +0200 Subject: issue case insensitivity --- src/reclaim/gnunet-reclaim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index ecc81fb8e..f56425b17 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -332,7 +332,7 @@ iter_cb (void *cls, attrs_tmp = GNUNET_strdup (issue_attrs); attr_str = strtok (attrs_tmp, ","); while (NULL != attr_str) { - if (0 != strcmp (attr_str, attr->name)) { + if (0 != strcasecmp (attr_str, attr->name)) { attr_str = strtok (NULL, ","); continue; } -- cgit v1.2.3 From 60548eb84908c969034a9ab4f8d66b9a315c7d42 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 16:07:33 +0200 Subject: fix output; fix revocation --- src/reclaim/gnunet-reclaim.c | 46 +++++++++++++++++++++++++++++------- src/reclaim/gnunet-service-reclaim.c | 2 +- 2 files changed, 38 insertions(+), 10 deletions(-) diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index f56425b17..02138cfff 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -139,6 +139,11 @@ static struct GNUNET_SCHEDULER_Task *timeout; */ static struct GNUNET_SCHEDULER_Task *cleanup_task; +/** + * Claim to store + */ +struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim; + static void do_cleanup(void *cls) { @@ -249,7 +254,6 @@ process_rvk (void *cls, int success, const char* msg) static void iter_finished (void *cls) { - struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim; char *data; size_t data_size; int type; @@ -303,16 +307,25 @@ iter_finished (void *cls) attr_value, (void**)&data, &data_size)); - claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name, - type, - data, - data_size); + if (NULL != claim) + { + claim->type = type; + claim->data = data; + claim->data_size = data_size; + } else { + claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name, + type, + data, + data_size); + } reclaim_op = GNUNET_RECLAIM_attribute_store (reclaim_handle, pkey, claim, &exp_interval, &store_attr_cont, NULL); + GNUNET_free (data); + GNUNET_free (claim); return; } cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -326,8 +339,19 @@ iter_cb (void *cls, struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; char *attrs_tmp; char *attr_str; + const char *attr_type; - if (issue_attrs) + if ((NULL != attr_name) && (NULL != claim)) + { + if (0 == strcasecmp (attr_name, attr->name)) + { + claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, + attr->type, + attr->data, + attr->data_size); + } + } + else if (issue_attrs) { attrs_tmp = GNUNET_strdup (issue_attrs); attr_str = strtok (attrs_tmp, ","); @@ -351,8 +375,9 @@ iter_cb (void *cls, attr_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, attr->data, attr->data_size); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "%s: %s\n", attr->name, attr_str); + attr_type = GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (attr->type); + fprintf (stdout, + "%s\t%s\t%u\t%s\n", attr->name, attr_type, attr->version, attr_str); } GNUNET_RECLAIM_get_attributes_next (attr_iterator); } @@ -383,9 +408,12 @@ start_get_attributes () &ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); + if (list) + fprintf (stdout, + "Name\tType\tVersion\tValue\n"); attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); - + claim = NULL; attr_iterator = GNUNET_RECLAIM_get_attributes_start (reclaim_handle, pkey, &iter_error, diff --git a/src/reclaim/gnunet-service-reclaim.c b/src/reclaim/gnunet-service-reclaim.c index bf8780a92..3321a79d8 100644 --- a/src/reclaim/gnunet-service-reclaim.c +++ b/src/reclaim/gnunet-service-reclaim.c @@ -1439,9 +1439,9 @@ check_attr_cb (void *cls, buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim); buf = GNUNET_malloc (buf_size); + rh->attrs->list_head->claim->version++; GNUNET_RECLAIM_ATTRIBUTE_serialize (rh->attrs->list_head->claim, buf); - rh->attrs->list_head->claim->version++; GNUNET_asprintf (&policy, "%s_%lu", rh->attrs->list_head->claim->name, rh->attrs->list_head->claim->version); -- cgit v1.2.3 From 8bab004ac3e562f24c4167b59dde287abd6496d4 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 16:10:56 +0200 Subject: syntax --- src/reclaim/gnunet-reclaim.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index 02138cfff..5aec0cb9a 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -312,7 +312,9 @@ iter_finished (void *cls) claim->type = type; claim->data = data; claim->data_size = data_size; - } else { + } + else + { claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name, type, data, @@ -371,7 +373,9 @@ iter_cb (void *cls, break; } GNUNET_free (attrs_tmp); - } else if (list) { + } + else if (list) + { attr_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, attr->data, attr->data_size); -- cgit v1.2.3 From e91515cb196a029ec97d93594092618c8e801f75 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 16:13:01 +0200 Subject: actually fix revocation --- src/reclaim/gnunet-reclaim.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index 5aec0cb9a..837b42916 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -367,6 +367,7 @@ iter_cb (void *cls, attr->type, attr->data, attr->data_size); + le->claim->version = attr->version; GNUNET_CONTAINER_DLL_insert (attr_list->list_head, attr_list->list_tail, le); -- cgit v1.2.3 From c1d682ec363c5cb4e8fdca5ee9b4dd8eaff29204 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 9 Aug 2018 16:22:33 +0200 Subject: use fprintf, change output style --- src/reclaim/gnunet-reclaim.c | 45 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index 837b42916..677e9f49f 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -187,8 +187,8 @@ store_attr_cont (void *cls, { reclaim_op = NULL; if (GNUNET_SYSERR == success) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "%s\n", emsg); + fprintf (stderr, + "%s\n", emsg); } cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } @@ -199,6 +199,8 @@ process_attrs (void *cls, const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr) { char *value_str; + const char* attr_type; + if (NULL == identity) { reclaim_op = NULL; @@ -213,8 +215,9 @@ process_attrs (void *cls, value_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type, attr->data, attr->data_size); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "%s: %s\n", attr->name, value_str); + attr_type = GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (attr->type); + fprintf (stdout, + "%s: %s [%s,v%u]\n", attr->name, value_str, attr_type, attr->version); } @@ -222,8 +225,8 @@ static void iter_error (void *cls) { attr_iterator = NULL; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to iterate over attributes\n"); + fprintf (stderr, + "Failed to iterate over attributes\n"); cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } @@ -232,8 +235,8 @@ timeout_task (void *cls) { timeout = NULL; ret = 1; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Timeout\n"); + fprintf (stderr, + "Timeout\n"); if (NULL == cleanup_task) cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } @@ -244,8 +247,8 @@ process_rvk (void *cls, int success, const char* msg) reclaim_op = NULL; if (GNUNET_OK != success) { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Revocation failed.\n"); + fprintf (stderr, + "Revocation failed.\n"); ret = 1; } cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -382,7 +385,7 @@ iter_cb (void *cls, attr->data_size); attr_type = GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (attr->type); fprintf (stdout, - "%s\t%s\t%u\t%s\n", attr->name, attr_type, attr->version, attr_str); + "%s: %s [%s,v%u]\n", attr->name, attr_str, attr_type, attr->version); } GNUNET_RECLAIM_get_attributes_next (attr_iterator); } @@ -392,8 +395,8 @@ start_get_attributes () { if (NULL == pkey) { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Ego %s not found\n", ego_name); + fprintf (stderr, + "Ego %s not found\n", ego_name); cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; } @@ -413,10 +416,6 @@ start_get_attributes () &ticket, sizeof (struct GNUNET_RECLAIM_Ticket)); - if (list) - fprintf (stdout, - "Name\tType\tVersion\tValue\n"); - attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); claim = NULL; attr_iterator = GNUNET_RECLAIM_get_attributes_start (reclaim_handle, @@ -462,24 +461,24 @@ run (void *cls, if (NULL == ego_name) { ret = 1; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - _("Ego is required\n")); + fprintf (stderr, + _("Ego is required\n")); return; } if ( (NULL == attr_value) && (NULL != attr_name) ) { ret = 1; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - _("Attribute value missing!\n")); + fprintf (stderr, + _("Attribute value missing!\n")); return; } if ( (NULL == rp) && (NULL != issue_attrs) ) { ret = 1; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - _("Requesting party key is required!\n")); + fprintf (stderr, + _("Requesting party key is required!\n")); return; } -- cgit v1.2.3