// **
user_ticket[uid] = m->getTicket();
+ // verify the ticket
+ assert(user_ticket[uid]->verif_ticket(monmap->get_key()));
+
// wait up the waiter(s)
// this signals all ticket waiters
for (list<Cond*>::iterator p = ticket_waiter_cond[uid].begin();
dout(10) << "get_user_ticket waiting for ticket for uid " << uid << endl;
}
- cout << "Ready to wait for reply" << endl;
// wait for reply
ticket_waiter_cond[uid].push_back( &cond );
- cout << "Waiting for a Wait" << endl;
// naively assume we'll get a ticket FIXME
while (user_ticket.count(uid) == 0) {
- cout << "user_ticket.count(uid) = " << user_ticket.count(uid) << endl;
cond.Wait(client_lock);
}
- cout << "Did I break the loop?" << endl;
}
- cout << "About to leave sending request function" << endl;
+
// inc ref count
user_ticket_ref[uid]++;
return user_ticket[uid];
cout << "Received a " << ext_cap.mode() << " capability for uid: "
<< ext_cap.get_uid() << " for inode: " << ext_cap.get_ino() << endl;
-
- if (reply->get_ext_cap().verif_extcap(monmap->get_key()))
- cout << "Verified the signature correctly" << endl;
- else
- cout << "Failed to verify the signature" << endl;
+
+ assert(ext_cap.verif_extcap(monmap->get_key()));
// cache it
- //f->inode->set_ext_cap(uid, ext_cap);
+ f->inode->set_ext_cap(uid, ext_cap);
assert(reply->get_file_caps_seq() >= f->inode->caps[mds].seq);
if (reply->get_file_caps_seq() > f->inode->caps[mds].seq) {
enum {MD5DIGESTSIZE=16, SHA1DIGESTSIZE=20, SHA256DIGESTSIZE=32,
SHA384DIGESTSIZE=48, SHA512DIGESTSIZE=64};
enum {RJ128KEYSIZE=16, RJBLOCKSIZE=16, RC5KEYSIZE=16, RC5BLOCKSIZE=8};
- enum {ESIGNSIGSIZE=192};
+ enum {ESIGNSIGSIZE=192, ESIGNKEYSIZE=404};
typedef CryptoPP::SecByteBlock SigBuf;
typedef CryptoPP::FixedSizeSecBlock<byte,ESIGNSIGSIZE> FixedSigBuf;
SigBuf signature;
public:
+ friend class Client;
+ friend class OSD;
// default constructor, should really not be used
ExtCap() {}
// FYI, you should resign the cap after this
void set_mode(int new_mode) { data.mode = new_mode; }
- /*
- SigBuf get_sig() {
- if (sigConverted)
- return signature;
- signature.Assign(allocSig.data(), allocSig.size());
- sigConverted = true;
- return signature;
- }
-
- FixedSigBuf get_fixed_sig() {
- return allocSig;
- }
-
- FixedSigBuf *get_fixed_sig_ptr( ){
- return &allocSig;
- }
- */
-
const cap_data_t* get_data() const {
return (&data);
}
//toHex(capArray, hexArray, sizeof(capArray), sizeof(capArray));
//cout << "Signed content capArray hex: " << endl << string((const char*)hexArray,sizeof(hexArray)) << endl;
- //cout << "SIGNATURE SIZE: " << signature.size() << endl;
- //allocSig.Assign(signature,signature.size());
-
//byte hexTest[sizeof(sigArray)];
//memset(hexTest, 0x00, sizeof(sigArray));
//toHex(sigArray, hexTest, sizeof(sigArray), sizeof(sigArray));
byte capArray[sizeof(data)];
memcpy(capArray, &data, sizeof(data));
- //byte hexArray[sizeof(capArray)];
+ //byte hexArray[sizeof(sigArray)];
//memset(hexArray, 0x00, sizeof(hexArray));
- //toHex(capArray, hexArray, sizeof(capArray), sizeof(capArray));
- //cout << "Verified content capArray hex: " << endl << string((const char*)hexArray,sizeof(hexArray)) << endl;
+ //toHex(sigArray, hexArray, sizeof(sigArray), sizeof(sigArray));
+ //cout << "Verified signature hex: " << endl << string((const char*)hexArray,sizeof(hexArray)) << endl;
signature.Assign(sigArray, sizeof(sigArray));
}
void _encode(bufferlist& bl) {
- /*
- bl.append((char*)&(data.id), sizeof(data.id));
- bl.append((char*)&(data.t_s), sizeof(data.t_s));
- bl.append((char*)&(data.t_e), sizeof(data.t_e));
- bl.append((char*)&(data.mode), sizeof(data.mode));
- bl.append((char*)&(data.comp), sizeof(data.comp));
- bl.append((char*)&(data.uid), sizeof(data.uid));
- bl.append((char*)&(data.gid), sizeof(data.gid));
- bl.append((char*)&(data.ino), sizeof(data.ino));
- */
bl.append((char*)&(data), sizeof(data));
- //bl.append((char*)((void*)allocSig), sizeof(allocSig));
bl.append((char*)sigArray, sizeof(sigArray));
-
- //::_encode(user_rhash, bl);
- //::_encode(file_rhash, bl);
}
void _decode(bufferlist& bl, int& off) {
- /*
- bl.copy(off, sizeof(data.id), (char*)&(data.id));
- off += sizeof(data.id);
- bl.copy(off, sizeof(data.t_s), (char*)&(data.t_s));
- off += sizeof(data.t_s);
- bl.copy(off, sizeof(data.t_e), (char*)&(data.t_e));
- off += sizeof(data.t_e);
- bl.copy(off, sizeof(data.mode), (char*)&(data.mode));
- off += sizeof(data.mode);
- bl.copy(off, sizeof(data.comp), (char*)&(data.comp));
- off += sizeof(data.comp);
- bl.copy(off, sizeof(data.uid), (char*)&(data.uid));
- off += sizeof(data.uid);
- bl.copy(off, sizeof(data.gid), (char*)&(data.gid));
- off += sizeof(data.gid);
- bl.copy(off, sizeof(data.ino ), (char*)&(data.ino ));
- off += sizeof(data.ino);
- */
bl.copy(off, sizeof(data), (char*)&(data));
off += sizeof(data);
- //bl.copy(off, sizeof(allocSig), (char*)((void*)allocSig));
- //off += sizeof(allocSig);
bl.copy(off, sizeof(sigArray), (char*)sigArray);
off += sizeof(sigArray);
-
- //::_decode(user_rhash, bl, off);
- //::_decode(file_rhash, bl, off);
}
};
utime_t t_s;
utime_t t_e;
// shared key IV
- // needs to be converted back to a byte arry to be used
- string iv;
- string username;
- string pubKey;
+ byte iv[RJBLOCKSIZE];
+ char pubKey[ESIGNKEYSIZE];
+ //string iv;
+ //string username;
+ //string pubKey;
};
ident_t identity;
- esignPub realKey;
- FixedSigBuf allocSig;
- SigBuf signature;
+ byte sigArray[ESIGNSIGSIZE];
+ esignPub realPubKey;
+ //FixedSigBuf allocSig;
+ //SigBuf signature;
bool keyConverted;
- bool sigConverted;
+ //bool sigConverted;
public:
friend class Monitor;
friend class MDS;
public:
- Ticket () : keyConverted(false), sigConverted(false) { }
+ Ticket () : keyConverted(false) { }
+ /*
Ticket(uid_t u, gid_t g, utime_t s, utime_t e,
string initVec, string user, string key) {
identity.uid = u;
keyConverted = false;
sigConverted = false;
}
+ */
+ // take the key as a string and convert it automatically
+ // assume the IV is the correct size
+ Ticket(uid_t u, gid_t g, byte *initVec, esignPub key) {
+ identity.uid = u;
+ identity.gid = g;
+ identity.t_s = g_clock.now();
+ identity.t_e = identity.t_s;
+ identity.t_e += 3600;
+ //identity.t_s = s;
+ //identity.t_e = e;
+ memcpy(identity.iv, initVec, sizeof(identity.iv));
+ memcpy(identity.pubKey, pubToString(key).c_str(), sizeof(identity.pubKey));
+ }
~Ticket() { }
uid_t get_uid() const { return identity.uid; }
uid_t get_gid() const { return identity.gid; }
- const string& get_iv() { return identity.iv; }
+ //const string& get_iv() { return identity.iv; }
+ void get_iv(byte* arg) {
+ memcpy(arg, identity.iv, sizeof(identity.iv));
+ }
- const string& get_str_key() { return identity.pubKey; }
esignPub get_key() {
if (keyConverted)
- return realKey;
- realKey = _fromStr_esignPubKey(identity.pubKey);
+ return realPubKey;
+ realPubKey = _fromStr_esignPubKey(string(identity.pubKey,
+ sizeof(identity.pubKey)));
keyConverted = true;
- return realKey;
+ return realPubKey;
}
-
+ /*
SigBuf get_sig() {
if (sigConverted)
return signature;
sigConverted = true;
return signature;
}
-
+ */
void sign_ticket(esignPriv privKey) {
byte ticketArray[sizeof(identity)];
memcpy(ticketArray, &identity, sizeof(identity));
+ SigBuf signature;
signature = esignSig(ticketArray, sizeof(identity), privKey);
- allocSig.Assign(signature,signature.size());
+ //allocSig.Assign(signature,signature.size());
+ assert(signature.size() == ESIGNSIGSIZE);
+ memcpy(sigArray, signature.data(), signature.size());
}
bool verif_ticket (esignPub pubKey) {
byte ticketArray[sizeof(identity)];
memcpy(ticketArray, &identity, sizeof(identity));
- signature.Assign(allocSig, allocSig.size());
+ SigBuf signature;
+ signature.Assign(sigArray, sizeof(sigArray));
return esignVer(ticketArray, sizeof(identity), signature, pubKey);
}
void decode(bufferlist& blist, int& off) {
-
+ /*
blist.copy(off, sizeof(identity.uid), (char*)&(identity.uid));
off += sizeof(identity.uid);
blist.copy(off, sizeof(identity.gid), (char*)&(identity.gid));
off += sizeof(identity.t_s);
blist.copy(off, sizeof(identity.t_e), (char*)&(identity.t_e));
off += sizeof(identity.t_e);
- blist.copy(off, sizeof(allocSig), (char*)&allocSig);
- off += sizeof(allocSig);
- //blist.copy(off, sizeof(identity), (char*)&identity);
- //off += sizeof(identity);
+ */
+ blist.copy(off, sizeof(identity), (char*)&identity);
+ off += sizeof(identity);
+ blist.copy(off, sizeof(sigArray), (char*)sigArray);
+ off += sizeof(sigArray);
+ //blist.copy(off, sizeof(allocSig), (char*)&allocSig);
+ //off += sizeof(allocSig);
- _decode(identity.iv, blist, off);
- _decode(identity.username, blist, off);
- _decode(identity.pubKey, blist, off);
+ //_decode(identity.iv, blist, off);
+ //_decode(identity.username, blist, off);
+ //_decode(identity.pubKey, blist, off);
}
void encode(bufferlist& blist) {
-
+ /*
blist.append((char*)&(identity.uid), sizeof(identity.uid));
blist.append((char*)&(identity.gid), sizeof(identity.gid));
blist.append((char*)&(identity.t_s), sizeof(identity.t_s));
blist.append((char*)&(identity.t_e), sizeof(identity.t_e));
blist.append((char*)&allocSig, sizeof(allocSig));
- //blist.append((char*)&identity, sizeof(identity));
+ */
+ blist.append((char*)&identity, sizeof(identity));
+ blist.append((char*)sigArray, sizeof(sigArray));
- _encode(identity.iv, blist);
- _encode(identity.username, blist);
- _encode(identity.pubKey, blist);
+ //_encode(identity.iv, blist);
+ //_encode(identity.username, blist);
+ //_encode(identity.pubKey, blist);
}
};
else
cout << "RE-ESIGN signature verification FAILED" << endl;
+ cout << "Trying to convert ESIGN pub key to byte array" << endl;
+ string tempString = pubToString(pubKey);
+ char charKey[tempString.size()];
+ memcpy(charKey, tempString.c_str(), sizeof(charKey));
+ byte hexKey[sizeof(charKey)];
+ memset(hexKey, 0x00, sizeof(hexKey));
+ toHex((byte*)charKey, hexKey, sizeof(charKey), sizeof(hexKey));
+ cout << "ESIGN public key size is: " << tempString.size() << " " << sizeof(hexKey) << endl;
+ cout << "Hex array of ESIGN public key: " << string((const char*)hexKey, sizeof(hexKey)) << endl;
+ string convString(charKey, sizeof(charKey));
+ esignPub testKey = _fromStr_esignPubKey(convString);
+ if (esignVer(signMsg, strlen((const char*)signMsg), mySignature, testKey))
+ cout << "ARRAY copy KEY verified" << endl;
+ else
+ cout << "Array copy Key failed" << endl;
+
// RSA signature
byte* rsaMsg = (byte *)"Message to sign";
char* rsaInput = "rsa1024.dat";
// secure extended caps
//map<int,ExtCap*>& get_client_extcaps() { return ext_caps; }
- void add_user_extcap(uid_t user, ExtCap extcap) {
+ void add_user_extcap(uid_t user, ExtCap* extcap) {
//if (ext_caps.empty())
// get(CINODE_PIN_CAPS);
assert(ext_caps.count(user) == 0);
- ext_caps[user] = extcap;
+ ext_caps[user] = (*extcap);
}
void remove_user_extcap(uid_t user) {
assert(ext_caps.count(user) == 1);
int my_client = req->get_client();
uid_t my_user = req->get_caller_uid();
int my_want = 0;
- // only care about reading a writing, no sync
- if (mode & FILE_MODE_R) my_want |= CAP_FILE_RD;
- if (mode & FILE_MODE_W) my_want |= CAP_FILE_WR;
-
- //ExtCap *ext_cap = in->get_user_extcap(my_user);
- ExtCap *ext_cap = new ExtCap(my_want, my_user, in->ino());
- //ExtCap ext_cap(my_want, my_user, in->ino());
- //if (!ext_cap) {
- cout << "Made new " << my_want << " capability for uid: "
- << ext_cap->get_uid() << " for inode: " << ext_cap->get_ino()<< endl;
+ // issue most generic cap (RW)
+ my_want |= FILE_MODE_RW;
- //ExtCap my_cap(my_want, my_user, in->ino());
-
- // caches this capability in the inode
- //in->add_user_extcap(my_user, my_cap);
+ // check cache
+ ExtCap *ext_cap = in->get_user_extcap(my_user);
- //ext_cap = (&my_cap);
- //ext_cap = in->get_user_extcap(my_user);
+ if (!ext_cap) {
+ // make new cap
+ ext_cap = new ExtCap(my_want, my_user, in->ino());
+
+ cout << "Made new " << my_want << " capability for uid: "
+ << ext_cap->get_uid() << " for inode: " << ext_cap->get_ino()<< endl;
- ext_cap->sign_extcap(mds->getPrvKey());
+ ext_cap->sign_extcap(mds->getPrvKey());
- if(ext_cap->verif_extcap(mds->getPubKey()))
- cout << "Locker.cc::Verification succeeded" << endl;
- else
- cout << "Locker.cc::Verification failed" << endl;
- //}
+ // caches this capability in the inode
+ in->add_user_extcap(my_user,ext_cap);
+
+ }
// we want to index based on mode, so we can cache more caps
// does the cached cap have the write mode?
- /*else {
- cout << "Got capability from cache!!!" << endl;
- if (ext_cap->mode() != mode) {
+ else {
+ cout << "Got cached " << my_want << " capability for uid: "
+ << ext_cap->get_uid() << " for inode: " << ext_cap->get_ino() << endl;
+ if (ext_cap->mode() < mode) {
ext_cap->set_mode(mode);
- ext_cap->clear_signature();
ext_cap->sign_extcap(mds->getPrvKey());
- }*/
+ }
+ }
return ext_cap;
}
// create signed security capability
ExtCap *ext_cap = mds->locker->issue_new_extcaps(cur, mode, req);
- if(ext_cap->verif_extcap(mds->getPubKey()))
- cout << "Server.cc::first::Verification succeeded" << endl;
- else
- cout << "Server.cc::first::Verification failed" << endl;
-
if (!cap) return; // can't issue (yet), so wait!
dout(12) << "open gets caps " << cap_string(cap->pending()) << " for " << req->get_source() << " on " << *cur << endl;
// set security cap
reply->set_ext_cap(ext_cap);
- if(reply->get_ptr_cap()->verif_extcap(mds->getPubKey()))
- cout << "Server.cc::ptr::Verification succeeded" << endl;
- else
- cout << "Server.cc::prr::Verification failed" << endl;
-
- if(reply->get_ext_cap().verif_extcap(mds->getPubKey()))
- cout << "Server.cc::Verification succeeded" << endl;
- else
- cout << "Server.cc::Verification failed" << endl;
reply_request(req, reply, cur);
}
}
MClientAuthUserAck(Ticket *ticket) : Message(MSG_CLIENT_AUTH_USER_ACK) {
myTicket = (*ticket);
+
}
char *get_type_name() { return "client_auth_user_ack"; }
// user should be able to make new ticket eventually
if (user_tickets.count(uid) == 0) {
gid_t gid = m->get_gid();
- // ticket time = 60 minutes (too long? too short?)
- utime_t t_s = g_clock.now();
- utime_t t_e = t_s;
- t_e += 3600;
- string name = "unknown";
- string key = m->get_str_key();
// create iv
- char iv[RJBLOCKSIZE];
- memset(iv, 0x01, RJBLOCKSIZE); // worthless right now
- string k_0 = iv;
+ byte iv[RJBLOCKSIZE];
+ // set generic IV
+ memset(iv, 0x01, RJBLOCKSIZE);
// create a ticket
- userTicket = new Ticket(uid, gid, t_s, t_e, k_0, name, key);
+ userTicket = new Ticket(uid, gid, iv, m->get_key());
// sign the ticket
userTicket->sign_ticket(mon->myPrivKey);
- // test the verification
- //if (userTicket.verif_ticket(mon->myPubKey))
- // cout << "Verification succeeded" << endl;
- //else
- // cout << "Verification failed" << endl;
-
// cache the ticket
user_tickets[uid] = userTicket;
}
projects / ceph.git / commitdiff