[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r36801 - in gnunet/src: identity identity-provider namestor
From: |
gnunet |
Subject: |
[GNUnet-SVN] r36801 - in gnunet/src: identity identity-provider namestore |
Date: |
Sun, 10 Jan 2016 10:55:48 +0100 |
Author: schanzen
Date: 2016-01-10 10:55:48 +0100 (Sun, 10 Jan 2016)
New Revision: 36801
Modified:
gnunet/src/identity-provider/gnunet-service-identity-provider.c
gnunet/src/identity-provider/identity_token.c
gnunet/src/identity-provider/identity_token.h
gnunet/src/identity/plugin_gnsrecord_identity.c
gnunet/src/namestore/plugin_rest_namestore.c
Log:
- update issue handling, fix memleaks
Modified: gnunet/src/identity/plugin_gnsrecord_identity.c
===================================================================
--- gnunet/src/identity/plugin_gnsrecord_identity.c 2016-01-09 23:06:05 UTC
(rev 36800)
+++ gnunet/src/identity/plugin_gnsrecord_identity.c 2016-01-10 09:55:48 UTC
(rev 36801)
@@ -67,6 +67,8 @@
GNUNET_asprintf (&result,
"%s;%s;%s",
ecdhe_str, aud_str, scopes);
+ GNUNET_free (aud_str);
+ GNUNET_free (ecdhe_str);
return result;
default:
Modified: gnunet/src/identity-provider/gnunet-service-identity-provider.c
===================================================================
--- gnunet/src/identity-provider/gnunet-service-identity-provider.c
2016-01-09 23:06:05 UTC (rev 36800)
+++ gnunet/src/identity-provider/gnunet-service-identity-provider.c
2016-01-10 09:55:48 UTC (rev 36801)
@@ -255,6 +255,11 @@
* QueueEntry
*/
struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
+
+ /**
+ * The label the token is stored under
+ */
+ char *label;
};
/**
@@ -327,7 +332,6 @@
char *token_metadata;
char *write_ptr;
char *enc_token_str;
- char *val_str;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey;
@@ -402,21 +406,15 @@
{
if (0 == strcmp (attr->name, "exp"))
{
- GNUNET_asprintf (&val_str, "%ul", new_exp.abs_value_us);
- token_add_attr (new_token, attr->name, val_str);
- GNUNET_free (val_str);
+ token_add_attr_int (new_token, attr->name, new_exp.abs_value_us);
}
else if (0 == strcmp (attr->name, "nbf"))
{
- GNUNET_asprintf (&val_str, "%ul", new_nbf.abs_value_us);
- token_add_attr (new_token, attr->name, val_str);
- GNUNET_free (val_str);
+ token_add_attr_int (new_token, attr->name, new_nbf.abs_value_us);
}
else if (0 == strcmp (attr->name, "iat"))
{
- GNUNET_asprintf (&val_str, "%ul", new_iat.abs_value_us);
- token_add_attr (new_token, attr->name, val_str);
- GNUNET_free (val_str);
+ token_add_attr_int (new_token, attr->name, new_iat.abs_value_us);
}
else if ((0 == strcmp (attr->name, "iss"))
|| (0 == strcmp (attr->name, "aud")))
@@ -534,7 +532,6 @@
return GNUNET_YES;
}
-
/**
*
* Update all ID_TOKEN records for an identity and store them
@@ -913,9 +910,11 @@
if (NULL != handle->scopes)
GNUNET_free (handle->scopes);
if (NULL != handle->token)
- token_destroy (handle->token);
+ token_destroy (handle->token);
if (NULL != handle->ticket)
ticket_destroy (handle->ticket);
+ if (NULL != handle->label)
+ GNUNET_free (handle->label);
GNUNET_free (handle);
}
@@ -974,15 +973,12 @@
struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
struct IssueHandle *handle = cls;
struct GNUNET_GNSRECORD_Data token_record[2];
- char *lbl_str;
char *nonce_str;
char *enc_token_str;
char *token_metadata;
char* write_ptr;
- char* attr_val;
uint64_t time;
uint64_t exp_time;
- uint64_t rnd_key;
size_t token_metadata_len;
//Remote nonce
@@ -990,29 +986,19 @@
GNUNET_asprintf (&nonce_str, "%d", handle->nonce);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str);
- //Label
- rnd_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
- UINT64_MAX);
- GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
- sizeof (uint64_t),
- &lbl_str);
GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key,
&pub_key);
handle->ticket = ticket_create (nonce_str,
&pub_key,
- lbl_str,
+ handle->label,
&handle->aud_key);
time = GNUNET_TIME_absolute_get().abs_value_us;
exp_time = time + token_expiration_interval.rel_value_us;
- GNUNET_asprintf (&attr_val, "%ul", time);
- token_add_attr (handle->token, "nbf", attr_val);
- token_add_attr (handle->token, "iat", attr_val);
- GNUNET_free (attr_val);
- GNUNET_asprintf (&attr_val, "%ul", exp_time);
- token_add_attr (handle->token, "exp", attr_val);
- GNUNET_free (attr_val);
+ token_add_attr_int (handle->token, "nbf", time);
+ token_add_attr_int (handle->token, "iat", time);
+ token_add_attr_int (handle->token, "exp", exp_time);
token_add_attr (handle->token, "nonce", nonce_str);
//Token in a serialized encrypted format
@@ -1049,13 +1035,12 @@
//Persist token
handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
&handle->iss_key,
- lbl_str,
+ handle->label,
2,
token_record,
&store_token_issue_cont,
handle);
GNUNET_free (ecdhe_privkey);
- GNUNET_free (lbl_str);
GNUNET_free (nonce_str);
GNUNET_free (enc_token_str);
GNUNET_free (token_metadata);
@@ -1195,6 +1180,8 @@
}
+
+
/**
*
* Handler for exchange message
@@ -1258,8 +1245,139 @@
}
+
/**
*
+ * Look for existing token
+ *
+ * @param cls the identity entry
+ * @param zone the identity
+ * @param lbl the name of the record
+ * @param rd_count number of records
+ * @param rd record data
+ *
+ */
+static void
+find_existing_token (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+ const char *lbl,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ struct IssueHandle *handle = cls;
+ const struct GNUNET_GNSRECORD_Data *token_metadata_record;
+ struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key;
+ struct GNUNET_HashCode key;
+ int scope_count_token;
+ uint64_t rnd_key;
+ char *scope;
+ char *tmp_scopes;
+
+ if (NULL == lbl)
+ {
+ //Done
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ ">>> No existing token found\n");
+ //Label
+ rnd_key =
+ GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
+ UINT64_MAX);
+ GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
+ sizeof (uint64_t),
+ &handle->label);
+ handle->ns_it = NULL;
+ handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
+ &handle->iss_key,
+ &attr_collect,
+ handle);
+ return;
+ }
+
+ //There should be only a single record for a token under a label
+ if (2 != rd_count)
+ {
+ GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+ return;
+ }
+
+ if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
+ {
+ token_metadata_record = &rd[0];
+ } else {
+ token_metadata_record = &rd[1];
+ }
+ if (token_metadata_record->record_type !=
GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
+ {
+ GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+ return;
+ }
+ ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey
*)token_metadata_record->data);
+ aud_key =
+ (struct GNUNET_CRYPTO_EcdsaPublicKey
*)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
+ tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct
GNUNET_CRYPTO_EcdsaPublicKey));
+
+ if (0 != memcmp (aud_key, &handle->aud_key,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+ {
+ char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key,
+ sizeof (struct
GNUNET_CRYPTO_EcdsaPublicKey));
+ //Audience does not match!
+ char *tmp = GNUNET_GNSRECORD_value_to_string
(GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA,
+
token_metadata_record->data,
+
token_metadata_record->data_size);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Token does not match audience %s vs %s. Moving on\n",
+ tmp2,
+ tmp);
+ GNUNET_free (tmp_scopes);
+ GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+ return;
+ }
+
+ scope = strtok (tmp_scopes, ",");
+ scope_count_token = 0;
+ while (NULL != scope)
+ {
+ GNUNET_CRYPTO_hash (scope,
+ strlen (scope),
+ &key);
+
+ if ((NULL != handle->attr_map) &&
+ (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains
(handle->attr_map, &key)))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Issued token does not include `%s'. Moving on\n", scope);
+ GNUNET_free (tmp_scopes);
+ GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+ return;
+ }
+ scope_count_token++;
+ scope = strtok (NULL, ",");
+ }
+ GNUNET_free (tmp_scopes);
+ //All scopes in token are also in request. Now
+ //Check length
+ if (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) ==
scope_count_token)
+ {
+ //We have an existing token
+ handle->label = GNUNET_strdup (lbl);
+ handle->ns_it = NULL;
+ handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
+ &handle->iss_key,
+ &attr_collect,
+ handle);
+
+ return;
+ }
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Nuber of attributes in token do not match request\n");
+ //No luck
+ GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+}
+
+
+/**
+ *
* Handler for issue message
*
* @param cls unused
@@ -1311,21 +1429,21 @@
issue_handle->aud_key = im->aud_key;
issue_handle->iss_key = im->iss_key;
+ GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key,
+ &issue_handle->iss_pkey);
issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration);
- issue_handle->nonce = im->nonce;
+ issue_handle->nonce = ntohl (im->nonce);
GNUNET_SERVER_receive_done (client, GNUNET_OK);
GNUNET_SERVER_notification_context_add (nc, client);
GNUNET_SERVER_client_set_user_context (client, issue_handle);
issue_handle->client = client;
issue_handle->scopes = GNUNET_strdup (scopes);
- GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key,
- &issue_handle->iss_pkey);
issue_handle->token = token_create (&issue_handle->iss_pkey,
- &im->aud_key);
+ &issue_handle->aud_key);
issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
&im->iss_key,
- &attr_collect,
+
&find_existing_token,
issue_handle);
}
Modified: gnunet/src/identity-provider/identity_token.c
===================================================================
--- gnunet/src/identity-provider/identity_token.c 2016-01-09 23:06:05 UTC
(rev 36800)
+++ gnunet/src/identity-provider/identity_token.c 2016-01-10 09:55:48 UTC
(rev 36801)
@@ -238,7 +238,8 @@
GNUNET_CONTAINER_DLL_remove (attr->val_head,
attr->val_tail,
val);
- GNUNET_free (val->value);
+ if (NULL != val->value)
+ GNUNET_free (val->value);
GNUNET_free (val);
val = tmp_val;
}
@@ -282,6 +283,37 @@
new_val);
}
+void
+token_add_attr_int (struct IdentityToken *token,
+ const char* key,
+ uint64_t value)
+{
+ struct TokenAttr *attr;
+ struct TokenAttrValue *new_val;
+ GNUNET_assert (NULL != token);
+
+ new_val = GNUNET_malloc (sizeof (struct TokenAttrValue));
+ new_val->int_value = value;
+ for (attr = token->attr_head; NULL != attr; attr = attr->next)
+ {
+ if (0 == strcmp (key, attr->name))
+ break;
+ }
+
+ if (NULL == attr)
+ {
+ attr = GNUNET_malloc (sizeof (struct TokenAttr));
+ attr->name = GNUNET_strdup (key);
+ GNUNET_CONTAINER_DLL_insert (token->attr_head,
+ token->attr_tail,
+ attr);
+ }
+
+ GNUNET_CONTAINER_DLL_insert (attr->val_head,
+ attr->val_tail,
+ new_val);
+}
+
static void
parse_json_payload(const char* payload_base64,
struct IdentityToken *token)
@@ -306,15 +338,24 @@
{
json_array_foreach (value, idx, arr_value)
{
- token_add_attr (token,
- key,
- json_string_value (arr_value));
+ if (json_is_integer (arr_value))
+ token_add_attr_int (token, key,
+ json_integer_value (arr_value));
+ else
+ token_add_attr (token,
+ key,
+ json_string_value (arr_value));
}
} else {
- token_add_attr (token, key, json_string_value (value));
+ if (json_is_integer (value))
+ token_add_attr_int (token, key,
+ json_integer_value (value));
+ else
+ token_add_attr (token, key, json_string_value (value));
}
}
+ json_decref (payload_json);
GNUNET_free (payload);
}
@@ -423,9 +464,16 @@
{
for (val = attr->val_head; NULL != val; val = val->next)
{
- json_object_set_new (root,
- attr->name,
- json_string (val->value));
+ if (NULL != val->value)
+ {
+ json_object_set_new (root,
+ attr->name,
+ json_string (val->value));
+ } else {
+ json_object_set_new (root,
+ attr->name,
+ json_integer (val->int_value));
+ }
}
}
json_str = json_dumps (root, JSON_INDENT(1));
Modified: gnunet/src/identity-provider/identity_token.h
===================================================================
--- gnunet/src/identity-provider/identity_token.h 2016-01-09 23:06:05 UTC
(rev 36800)
+++ gnunet/src/identity-provider/identity_token.h 2016-01-10 09:55:48 UTC
(rev 36801)
@@ -97,6 +97,12 @@
* Attribute value
*/
char *value;
+
+ /**
+ * Attribute int value
+ * used if NULL == value
+ */
+ uint64_t int_value;
};
struct TokenTicketPayload
@@ -176,6 +182,20 @@
const char* value);
/**
+ * Add a new key value pair to the token
+ *
+ * @param token the token to modify
+ * @param key the key
+ * @param value the value
+ */
+void
+token_add_attr_int (struct IdentityToken *token,
+ const char* key,
+ uint64_t value);
+
+
+
+/**
* Add a value to a TokenAttribute
*
* @param attr the token attribute
@@ -193,10 +213,10 @@
* @param value the value
*
*/
-void
-token_add_json (const struct IdentityToken *token,
- const char* key,
- json_t* value);
+ void
+ token_add_json (const struct IdentityToken *token,
+ const char* key,
+ json_t* value);
/**
* Serialize a token. The token will be signed and base64 according to the
@@ -214,11 +234,11 @@
*
* @return GNUNET_OK on success
*/
-int
-token_serialize (const struct IdentityToken*token,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
- char **result);
+ int
+ token_serialize (const struct IdentityToken*token,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
+ char **result);
/**
* Parses the serialized token and returns a token
@@ -229,10 +249,10 @@
*
* @return GNUNET_OK on success
*/
- int
- token_parse (const char* data,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- struct IdentityToken **result);
+ int
+ token_parse (const char* data,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey
*priv_key,
+ struct IdentityToken **result);
/**
* Parses the serialized token and returns a token
@@ -263,10 +283,10 @@
*
* @return GNUNET_OK on success
*/
-int
-token_to_string (const struct IdentityToken *token,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- char **result);
+ int
+ token_to_string (const struct IdentityToken *token,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ char **result);
/**
*
@@ -296,10 +316,10 @@
*
* @return GNUNET_OK on success
*/
-int
-ticket_serialize (struct TokenTicket *ticket,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- char **result);
+ int
+ ticket_serialize (struct TokenTicket *ticket,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ char **result);
/**
* Destroys a ticket
Modified: gnunet/src/namestore/plugin_rest_namestore.c
===================================================================
--- gnunet/src/namestore/plugin_rest_namestore.c 2016-01-09 23:06:05 UTC
(rev 36800)
+++ gnunet/src/namestore/plugin_rest_namestore.c 2016-01-10 09:55:48 UTC
(rev 36801)
@@ -561,7 +561,7 @@
const struct GNUNET_GNSRECORD_Data *rd)
{
struct RequestHandle *handle = cls;
-
+ handle->add_qe = NULL;
if (0 == rd_count)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -828,6 +828,7 @@
}
resp = GNUNET_REST_create_json_response (result);
handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_REST_jsonapi_object_delete (json_obj);
GNUNET_free (result);
GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
return;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r36801 - in gnunet/src: identity identity-provider namestore,
gnunet <=