[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated: start fixing gns
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] branch master updated: start fixing gns |
|
Date: |
Mon, 05 Mar 2018 19:40:05 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new bb5a41d07 start fixing gns
new 044170c00 Merge branch 'master' of git+ssh://gnunet.org/gnunet
bb5a41d07 is described below
commit bb5a41d072ab7964006cb68a45e043d856cb630e
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Mon Mar 5 19:39:56 2018 +0100
start fixing gns
---
src/gns/gnunet-gns-proxy.c | 191 +++++++++++++++++++--
.../gnunet-service-identity-provider.c | 19 +-
src/identity-provider/identity-provider.conf | 2 +-
.../plugin_rest_identity_provider.c | 76 ++++----
4 files changed, 220 insertions(+), 68 deletions(-)
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index ba162c5e3..73af0e693 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -483,6 +483,11 @@ struct Socks5Request
struct GNUNET_GNS_LookupRequest *gns_lookup;
/**
+ * Handle to Ego lookup, during #SOCKS5_RESOLVING phase.
+ */
+ struct GNUNET_IDENTITY_EgoLookup *el;
+
+ /**
* Client socket read task
*/
struct GNUNET_SCHEDULER_Task * rtask;
@@ -528,6 +533,11 @@ struct Socks5Request
char *domain;
/**
+ * the tld
+ */
+ const char *tld;
+
+ /**
* DNS Legacy Host Name as given by GNS, NULL if not given.
*/
char *leho;
@@ -1088,16 +1098,18 @@ curl_check_hdr (void *buffer, size_t size, size_t
nmemb, void *cls)
if (0 == strcasecmp (cookie_domain, s5r->leho + delta_cdomain))
{
offset += sprintf (new_cookie_hdr + offset,
- " domain=%s;",
- s5r->domain);
+ " domain=%s.%s;",
+ s5r->domain,
+ s5r->tld);
continue;
}
}
else if (0 == strcmp (cookie_domain, s5r->leho))
{
offset += sprintf (new_cookie_hdr + offset,
- " domain=%s;",
- s5r->domain);
+ " domain=%s.%s;",
+ s5r->domain,
+ s5r->tld);
continue;
}
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
@@ -1126,11 +1138,12 @@ curl_check_hdr (void *buffer, size_t size, size_t
nmemb, void *cls)
strlen (leho_host)))
{
GNUNET_asprintf (&new_location,
- "%s%s%s",
+ "%s%s.%s%s",
(HTTPS_PORT != s5r->port)
? "http://";
: "https://";,
s5r->domain,
+ s5r->tld,
hdr_val + strlen (leho_host));
hdr_val = new_location;
}
@@ -2370,17 +2383,23 @@ setup_data_transfer (struct Socks5Request *s5r)
int fd;
const struct sockaddr *addr;
socklen_t len;
+ char *domain;
switch (s5r->port)
{
case HTTPS_PORT:
- hd = lookup_ssl_httpd (s5r->domain);
+ GNUNET_asprintf (&domain,
+ "%s.%s",
+ s5r->domain,
+ s5r->tld);
+ hd = lookup_ssl_httpd (domain);
if (NULL == hd)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
_("Failed to start HTTPS server for `%s'\n"),
s5r->domain);
cleanup_s5r (s5r);
+ GNUNET_free (domain);
return;
}
break;
@@ -2399,6 +2418,7 @@ setup_data_transfer (struct Socks5Request *s5r)
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
_("Failed to pass client to MHD\n"));
cleanup_s5r (s5r);
+ GNUNET_free (domain);
return;
}
s5r->hd = hd;
@@ -2406,6 +2426,7 @@ setup_data_transfer (struct Socks5Request *s5r)
s5r->timeout_task = GNUNET_SCHEDULER_add_delayed (HTTP_HANDSHAKE_TIMEOUT,
&timeout_s5r_handshake,
s5r);
+ GNUNET_free (domain);
}
@@ -2670,6 +2691,82 @@ clear_from_s5r_rbuf (struct Socks5Request *s5r,
/**
+ * Method called to with the ego we are to use for the lookup,
+ * when the ego is determined by a name.
+ *
+ * @param cls closure (NULL, unused)
+ * @param ego ego handle, NULL if not found
+ */
+static void
+identity_zone_cb (void *cls,
+ const struct GNUNET_IDENTITY_Ego *ego)
+{
+ struct Socks5Request *s5r = cls;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+
+ s5r->el = NULL;
+ if (NULL == ego)
+ {
+ signal_socks_failure (s5r,
+ SOCKS5_STATUS_GENERAL_FAILURE);
+ return;
+
+ }
+ GNUNET_IDENTITY_ego_get_public_key (ego,
+ &pkey);
+ s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle,
+ s5r->domain,
+ &pkey,
+ GNUNET_DNSPARSER_TYPE_A,
+ GNUNET_NO /* only cached */,
+ &handle_gns_result,
+ s5r);
+
+
+}
+
+/**
+ * Obtain TLD from @a name
+ *
+ * @param name a name
+ * @return the part of @a name after the last ".",
+ * or @a name if @a name does not contain a "."
+ */
+static const char *
+get_tld (const char *name)
+{
+ const char *tld;
+
+ tld = strrchr (name,
+ (unsigned char) '.');
+ if (NULL == tld)
+ tld = name;
+ else
+ tld++; /* skip the '.' */
+ return tld;
+}
+
+/**
+ * Eat the TLD of the given @a name.
+ *
+ * @param name a name
+ */
+static void
+eat_tld (char *name)
+{
+ char *tld;
+
+ GNUNET_assert (0 < strlen (name));
+ tld = strrchr (name,
+ (unsigned char) '.');
+ if (NULL == tld)
+ strcpy (name,
+ GNUNET_GNS_MASTERZONE_STR);
+ else
+ *tld = '\0';
+}
+
+/**
* Read data from incoming Socks5 connection
*
* @param cls the closure with the `struct Socks5Request`
@@ -2684,6 +2781,9 @@ do_s5r_read (void *cls)
ssize_t rlen;
size_t alen;
const struct GNUNET_SCHEDULER_TaskContext *tc;
+ char *zonestr;
+ char *dot_tld;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
s5r->rtask = NULL;
tc = GNUNET_SCHEDULER_get_task_context ();
@@ -2834,13 +2934,70 @@ do_s5r_read (void *cls)
ntohs (*port));
s5r->state = SOCKS5_RESOLVING;
s5r->port = ntohs (*port);
- s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle,
- s5r->domain,
- &local_gns_zone,
- GNUNET_DNSPARSER_TYPE_A,
- GNUNET_NO /* only cached */,
- &handle_gns_result,
- s5r);
+ /* TLD is zkey */
+ s5r->tld = get_tld (s5r->domain);
+ if (GNUNET_OK ==
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (s5r->tld,
+ strlen (s5r->tld),
+ &pkey))
+ {
+ eat_tld (s5r->domain);
+ s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle,
+ s5r->domain,
+ &pkey,
+ GNUNET_DNSPARSER_TYPE_A,
+ GNUNET_NO /* only cached */,
+ &handle_gns_result,
+ s5r);
+
+ break;
+ }
+ /* TLD is mapped in our config */
+ GNUNET_asprintf (&dot_tld,
+ ".%s",
+ s5r->tld);
+ if (GNUNET_OK ==
+ GNUNET_CONFIGURATION_get_value_string (cfg,
+ "gns",
+ dot_tld,
+ &zonestr))
+ {
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (zonestr,
+ strlen (zonestr),
+ &pkey))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "gns",
+ dot_tld,
+ _("Expected a base32-encoded public
zone key\n"));
+ GNUNET_free (zonestr);
+ GNUNET_free (dot_tld);
+ signal_socks_failure (s5r,
+ SOCKS5_STATUS_GENERAL_FAILURE);
+ return;
+
+ }
+ GNUNET_free (zonestr);
+ GNUNET_free (dot_tld);
+ eat_tld (s5r->domain);
+ s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle,
+ s5r->domain,
+ &pkey,
+ GNUNET_DNSPARSER_TYPE_A,
+ GNUNET_NO /* only cached */,
+ &handle_gns_result,
+ s5r);
+ break;
+ }
+
+ /* TLD matches against ego */
+ eat_tld (s5r->domain);
+
+ s5r->el = GNUNET_IDENTITY_ego_lookup (cfg,
+ s5r->tld,
+ &identity_zone_cb,
+ s5r);
break;
}
default:
@@ -3281,10 +3438,10 @@ main (int argc, char *const *argv)
struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_option_ulong ('p',
- "port",
- NULL,
- gettext_noop ("listen on specified port
(default: 7777)"),
- &port),
+ "port",
+ NULL,
+ gettext_noop ("listen on specified port
(default: 7777)"),
+ &port),
GNUNET_GETOPT_option_string ('a',
"authority",
diff --git a/src/identity-provider/gnunet-service-identity-provider.c
b/src/identity-provider/gnunet-service-identity-provider.c
index 265719d58..523eebf39 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -1668,7 +1668,6 @@ process_consume_abe_key (void *cls, uint32_t rd_count,
size_t size;
char *buf;
char *scope;
- char *lookup_query;
handle->lookup_request = NULL;
if (1 != rd_count)
@@ -1720,18 +1719,15 @@ process_consume_abe_key (void *cls, uint32_t rd_count,
for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ","))
{
- GNUNET_asprintf (&lookup_query,
- "%s.gnu",
- scope);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Looking up %s\n", lookup_query);
+ "Looking up %s\n", scope);
parallel_lookup = GNUNET_new (struct ParallelLookup);
parallel_lookup->handle = handle;
parallel_lookup->label = GNUNET_strdup (scope);
parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get();
parallel_lookup->lookup_request
= GNUNET_GNS_lookup (gns_handle,
- lookup_query,
+ scope,
&handle->ticket.identity,
GNUNET_GNSRECORD_TYPE_ID_ATTR,
GNUNET_GNS_LO_DEFAULT,
@@ -1740,7 +1736,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count,
GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head,
handle->parallel_lookups_tail,
parallel_lookup);
- GNUNET_free (lookup_query);
+ GNUNET_free (scope);
}
GNUNET_free (scopes);
GNUNET_free (buf);
@@ -1756,7 +1752,6 @@ handle_consume_ticket_message (void *cls,
{
struct ConsumeTicketHandle *ch;
struct IdpClient *idp = cls;
- char* lookup_query;
char* rnd_label;
ch = GNUNET_new (struct ConsumeTicketHandle);
@@ -1769,22 +1764,18 @@ handle_consume_ticket_message (void *cls,
ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]);
rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd,
sizeof (uint64_t));
- GNUNET_asprintf (&lookup_query,
- "%s.gnu",
- rnd_label);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Looking for ABE key under %s\n", lookup_query);
+ "Looking for ABE key under %s\n", rnd_label);
ch->lookup_start_time = GNUNET_TIME_absolute_get ();
ch->lookup_request
= GNUNET_GNS_lookup (gns_handle,
- lookup_query,
+ rnd_label,
&ch->ticket.identity,
GNUNET_GNSRECORD_TYPE_ABE_KEY,
GNUNET_GNS_LO_DEFAULT,
&process_consume_abe_key,
ch);
GNUNET_free (rnd_label);
- GNUNET_free (lookup_query);
GNUNET_SERVICE_client_continue (idp->client);
}
diff --git a/src/identity-provider/identity-provider.conf
b/src/identity-provider/identity-provider.conf
index b78af3553..ea0028933 100644
--- a/src/identity-provider/identity-provider.conf
+++ b/src/identity-provider/identity-provider.conf
@@ -14,7 +14,7 @@ DATABASE = sqlite
[identity-rest-plugin]
#ADDRESS = https://identity.gnu:8000#/login
-ADDRESS = https://identity.gnu/ui/#/login
+ADDRESS = https://reclaim.id/ui/#/login
PSW = secret
EXPIRATION_TIME = 3600
diff --git a/src/identity-provider/plugin_rest_identity_provider.c
b/src/identity-provider/plugin_rest_identity_provider.c
index 3f9279d5c..7b4ebf2fc 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -409,6 +409,11 @@ struct RequestHandle
char *url;
/**
+ * The tld for redirect
+ */
+ char *tld;
+
+ /**
* Error response message
*/
char *emsg;
@@ -457,6 +462,8 @@ cleanup_handle (struct RequestHandle *handle)
GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
if (NULL != handle->url)
GNUNET_free (handle->url);
+ if (NULL != handle->tld)
+ GNUNET_free (handle->tld);
if (NULL != handle->emsg)
GNUNET_free (handle->emsg);
if (NULL != handle->edesc)
@@ -1463,6 +1470,8 @@ static void get_client_name_result (void *cls,
char *code_base64_final_string;
char *redirect_path;
char *tmp;
+ char *tmp_prefix;
+ char *prefix;
ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket,
sizeof (struct
GNUNET_IDENTITY_PROVIDER_Ticket));
//TODO change if more attributes are needed (see max_age)
@@ -1476,8 +1485,13 @@ static void get_client_name_result (void *cls,
redirect_path = strtok (tmp, "/");
redirect_path = strtok (NULL, "/");
redirect_path = strtok (NULL, "/");
- GNUNET_asprintf (&redirect_uri, "https://%s.gnu/%s?%s=%s&state=%s";,
- label,
+ tmp_prefix = GNUNET_strdup (handle->oidc->redirect_uri);
+ prefix = strrchr (tmp_prefix,
+ (unsigned char) '.');
+ *prefix = '\0';
+ GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s",
+ tmp_prefix,
+ handle->tld,
redirect_path,
handle->oidc->response_type,
code_base64_final_string, handle->oidc->state);
@@ -1486,6 +1500,7 @@ static void get_client_name_result (void *cls,
handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
GNUNET_free (tmp);
+ GNUNET_free (tmp_prefix);
GNUNET_free (redirect_uri);
GNUNET_free (ticket_str);
GNUNET_free (code_json_string);
@@ -1730,7 +1745,6 @@ static void namestore_iteration_finished (void *cls)
struct RequestHandle *handle = cls;
struct GNUNET_HashCode cache_key;
- char *expected_redirect_uri;
char *expected_scope;
char delimiter[]=" ";
int number_of_ignored_parameter, iterator;
@@ -1766,23 +1780,9 @@ static void namestore_iteration_finished (void *cls)
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
- handle->oidc->redirect_uri =
GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
+ handle->oidc->redirect_uri = GNUNET_strdup
(GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+ &cache_key));
- GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey";,
handle->oidc->client_id);
- // verify the redirect uri matches https://<client_id>.zkey[/xyz]
- if( 0 != strncmp( expected_redirect_uri, handle->oidc->redirect_uri,
strlen(expected_redirect_uri)) )
- {
- handle->oidc->redirect_uri = NULL;
- handle->emsg=GNUNET_strdup("invalid_request");
- handle->edesc=GNUNET_strdup("Invalid redirect_uri");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- GNUNET_free(expected_redirect_uri);
- return;
- }
- handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri);
-
- GNUNET_free(expected_redirect_uri);
// REQUIRED value: response_type
GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
&cache_key);
@@ -1897,6 +1897,9 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle
*con_handle,
{
struct RequestHandle *handle = cls;
struct GNUNET_HashCode cache_key;
+ struct EgoEntry *tmp_ego;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
cookie_identity_interpretation(handle);
@@ -1922,9 +1925,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle
*con_handle,
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
- handle->oidc->client_id =
GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
- handle->oidc->client_id = GNUNET_strdup (handle->oidc->client_id);
+ handle->oidc->client_id = GNUNET_strdup
(GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+ &cache_key));
if ( GNUNET_OK
!= GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
@@ -1952,6 +1954,22 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle
*con_handle,
handle->ego_entry = handle->ego_head;
handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key
(handle->ego_head->ego);
handle->oidc->is_client_trusted = GNUNET_NO;
+
+ //First check if client_id is one of our egos; TODO: handle other TLD cases:
Delegation, from config
+ for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
+ {
+ priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
+ GNUNET_CRYPTO_ecdsa_key_get_public (priv_key,
+ &pkey);
+ if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey,
+ sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+ {
+ handle->tld = GNUNET_strdup (tmp_ego->identifier);
+ handle->oidc->is_client_trusted = GNUNET_YES;
+ handle->ego_entry = handle->ego_tail;
+ }
+ }
+
// Checks if client_id is valid:
handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (
@@ -2217,20 +2235,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle
*con_handle,
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
- // check redirect_uri
- GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey";, client_id);
- // verify the redirect uri matches https://<client_id>.zkey[/xyz]
- if( 0 != strncmp( expected_redirect_uri, redirect_uri,
strlen(expected_redirect_uri)) )
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg=GNUNET_strdup("invalid_request");
- handle->edesc=GNUNET_strdup("Invalid redirect_uri");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- GNUNET_free(expected_redirect_uri);
- return;
- }
- GNUNET_free(expected_redirect_uri);
GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
int i = 1;
if ( GNUNET_SYSERR
--
To stop receiving notification emails like this one, please contact
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnunet] branch master updated: start fixing gns,
gnunet <=