From 52e3661c2148274ba5a34c1ae51bd7a80ec14f6f Mon Sep 17 00:00:00 2001 From: postmannen Date: Tue, 24 May 2022 12:00:38 +0200 Subject: [PATCH] added logic and starting of REQAclRequestUpdate --- central_auth_acl_handling.go | 2 +- processes.go | 18 +++++++++++++++--- requests.go | 10 +++++++++- requests_acl.go | 28 +++++++++++----------------- 4 files changed, 36 insertions(+), 22 deletions(-) diff --git a/central_auth_acl_handling.go b/central_auth_acl_handling.go index 73c5826..a33b64c 100644 --- a/central_auth_acl_handling.go +++ b/central_auth_acl_handling.go @@ -94,7 +94,7 @@ func newSchemaGenerated() *schemaGenerated { // HostACLsSerializedWithHash holds the serialized representation node specific ACL's in the authSchema. // There is also a sha256 hash of the data. type HostACLsSerializedWithHash struct { - // data is all the ACL's for a specific node serialized. + // data is all the ACL's for a specific node serialized serialized into cbor. Data []byte // hash is the sha256 hash of the ACL's. // With maps the order are not guaranteed, so A sorted appearance diff --git a/processes.go b/processes.go index 9a22089..16c9ebd 100644 --- a/processes.go +++ b/processes.go @@ -180,6 +180,9 @@ func (p *processes) Start(proc process) { if proc.configuration.IsCentralAuth { proc.startup.subREQKeysRequestUpdate(proc) proc.startup.subREQKeysAllow(proc) + + proc.startup.subREQAclRequestUpdate(proc) + proc.startup.subREQAclAddCommand(proc) proc.startup.subREQAclDeleteCommand(proc) proc.startup.subREQAclDeleteSource(proc) @@ -379,6 +382,13 @@ func (s startup) subREQKeysRequestUpdate(p process) { go proc.spawnWorker() } +func (s startup) subREQKeysDeliverUpdate(p process) { + log.Printf("Starting Public keys to Node subscriber: %#v\n", p.node) + sub := newSubject(REQKeysDeliverUpdate, string(p.node)) + proc := newProcess(p.ctx, s.server, sub, processKindSubscriber, nil) + go proc.spawnWorker() +} + func (s startup) subREQKeysAllow(p process) { log.Printf("Starting Public keys allow subscriber: %#v\n", p.node) sub := newSubject(REQKeysAllow, string(p.node)) @@ -386,13 +396,15 @@ func (s startup) subREQKeysAllow(p process) { go proc.spawnWorker() } -func (s startup) subREQKeysDeliverUpdate(p process) { - log.Printf("Starting Public keys to Node subscriber: %#v\n", p.node) - sub := newSubject(REQKeysDeliverUpdate, string(p.node)) +func (s startup) subREQAclRequestUpdate(p process) { + log.Printf("Starting Acl Request update subscriber: %#v\n", p.node) + sub := newSubject(REQAclRequestUpdate, string(p.node)) proc := newProcess(p.ctx, s.server, sub, processKindSubscriber, nil) go proc.spawnWorker() } +// HERE! + func (s startup) subREQAclAddCommand(p process) { log.Printf("Starting Acl Add Command subscriber: %#v\n", p.node) sub := newSubject(REQAclAddCommand, string(p.node)) diff --git a/requests.go b/requests.go index fd43659..7ff9e32 100644 --- a/requests.go +++ b/requests.go @@ -124,13 +124,16 @@ const ( // REQPublicKey will get the public ed25519 key from a node. REQPublicKey Method = "REQPublicKey" - // REQKeysRequestUpdate will get all the public keys from central. + // REQKeysRequestUpdate will get all the public keys from central if an update is available. REQKeysRequestUpdate Method = "REQKeysRequestUpdate" // REQKeysDeliverUpdate will deliver the public from central to a node. REQKeysDeliverUpdate Method = "REQKeysDeliverUpdate" // REQKeysAllow REQKeysAllow Method = "REQKeysAllow" + // REQAclRequestUpdate will get all node acl's from central if an update is available. + REQAclRequestUpdate Method = "REQAclRequestUpdate" + // REQAclAddCommand REQAclAddCommand = "REQAclAddCommand" // REQAclDeleteCommand @@ -248,6 +251,11 @@ func (m Method) GetMethodsAvailable() MethodsAvailable { REQKeysAllow: methodREQKeysAllow{ event: EventACK, }, + + REQAclRequestUpdate: methodREQAclRequestUpdate{ + event: EventNACK, + }, + REQAclAddCommand: methodREQAclAddCommand{ event: EventACK, }, diff --git a/requests_acl.go b/requests_acl.go index 57615d5..05b851d 100644 --- a/requests_acl.go +++ b/requests_acl.go @@ -2,7 +2,6 @@ package steward import ( "bytes" - "encoding/json" "fmt" ) @@ -42,30 +41,25 @@ func (m methodREQAclRequestUpdate) handler(proc process, message Message, node s // Using a func here to set the scope of the lock, and then be able to // defer the unlock when leaving that scope. func() { - proc.centralAuth.pki.nodesAcked.mu.Lock() - defer proc.centralAuth.pki.nodesAcked.mu.Unlock() + proc.centralAuth.accessLists.schemaGenerated.mu.Lock() + defer proc.centralAuth.accessLists.schemaGenerated.mu.Unlock() fmt.Printf(" <---- methodREQKeysRequestUpdate: received acl hash from NODE=%v, HASH=%v\n", message.FromNode, message.Data) // Check if the received hash is the same as the one currently active, - // TODO: Replace this with checking the ACL hash for the node. - if bytes.Equal(proc.centralAuth.pki.nodesAcked.keysAndHash.Hash[:], message.Data) { - fmt.Printf("\n ------------ NODE AND CENTRAL ARE EQUAL, NOTHING TO DO, EXITING HANDLER\n\n") + // If it is the same we exit the handler immediately. + hash32 := proc.centralAuth.accessLists.schemaGenerated.GeneratedACLsMap[message.FromNode].Hash + hash := hash32[:] + if bytes.Equal(hash, message.Data) { + fmt.Printf("\n ------------ NODE AND CENTRAL HAVE EQUAL ACL HASH, NOTHING TO DO, EXITING HANDLER\n\n") return } - fmt.Printf("\n ------------ NODE AND CENTRAL WERE NOT EQUAL, PREPARING TO SEND NEW VERSION OF KEYS\n\n") + fmt.Printf("\n ------------ NODE AND CENTRAL WERE NOT EQUAL ACL, PREPARING TO SEND NEW VERSION OF KEYS\n\n") - fmt.Printf(" * methodREQKeysRequestUpdate: marshalling new keys and hash to send: map=%v, hash=%v\n\n", proc.centralAuth.pki.nodesAcked.keysAndHash.Keys, proc.centralAuth.pki.nodesAcked.keysAndHash.Hash) - - b, err := json.Marshal(proc.centralAuth.pki.nodesAcked.keysAndHash) - - if err != nil { - er := fmt.Errorf("error: methodREQKeysRequestUpdate, failed to marshal keys map: %v", err) - proc.errorKernel.errSend(proc, message, er) - } - fmt.Printf("\n ----> methodREQKeysRequestUpdate: SENDING KEYS TO NODE=%v\n", message.FromNode) - newReplyMessage(proc, message, b) + fmt.Printf("\n ----> methodREQKeysRequestUpdate: SENDING ACL'S TO NODE=%v\n", message.FromNode) + // TODO: PUT THE BELOW LINE BACK AGAIN WHEN DONE TESTING! + // newReplyMessage(proc, message, proc.centralAuth.accessLists.schemaGenerated.GeneratedACLsMap[message.FromNode].Data) }() } }()