added centralAuth struct, renamed flag allowEmptySignature to enableSignatureCheck

2025-03-05 06:46:48 +00:00 · 2022-02-09 14:59:40 +01:00 · 2022-02-09 14:59:40 +01:00 · 9ba211d2fc
commit 9ba211d2fc
parent 56014a7efd
4 changed files with 33 additions and 19 deletions
--- a/central_auth.go
+++ b/central_auth.go
@ -1 +1,16 @@
 package steward
+
+type signatureBase32 string
+type argsString string
+
+type centralAuth struct {
+	schema map[Node]map[argsString]signatureBase32
+}
+
+func newCentralAuth() *centralAuth {
+	a := centralAuth{
+		schema: make(map[Node]map[argsString]signatureBase32),
+	}
+
+	return &a
+}
--- a/configuration_flags.go
+++ b/configuration_flags.go
@ -75,10 +75,8 @@ type Configuration struct {
 	EnableSocket bool
 	// EnableTUI will enable the Terminal User Interface
 	EnableTUI bool
-	// AllowEmptySignature will allow subscribers to handle messages
-	// with empty signatures. The only reason for using this flag
-	// should be to upgrade from version 0.1.15 and earlier.
-	AllowEmptySignature bool
+	// EnableSignatureCheck
+	EnableSignatureCheck bool
 	// IsCentralAuth
 	IsCentralAuth bool

@ -149,7 +147,7 @@ type ConfigurationFromFile struct {
 	SetBlockProfileRate      *int
 	EnableSocket             *bool
 	EnableTUI                *bool
-	AllowEmptySignature      *bool
+	EnableSignatureCheck     *bool
 	IsCentralAuth            *bool

 	StartPubREQHello          *int
@ -207,7 +205,7 @@ func newConfigurationDefaults() Configuration {
 		SetBlockProfileRate:      0,
 		EnableSocket:             true,
 		EnableTUI:                false,
-		AllowEmptySignature:      true,
+		EnableSignatureCheck:     false,
 		IsCentralAuth:            false,

 		StartSubREQErrorLog:       true,
@ -379,10 +377,10 @@ func checkConfigValues(cf ConfigurationFromFile) Configuration {
 	} else {
 		conf.EnableTUI = *cf.EnableTUI
 	}
-	if cf.AllowEmptySignature == nil {
-		conf.AllowEmptySignature = cd.AllowEmptySignature
+	if cf.EnableSignatureCheck == nil {
+		conf.EnableSignatureCheck = cd.EnableSignatureCheck
 	} else {
-		conf.AllowEmptySignature = *cf.AllowEmptySignature
+		conf.EnableSignatureCheck = *cf.EnableSignatureCheck
 	}
 	if cf.IsCentralAuth == nil {
 		conf.IsCentralAuth = cd.IsCentralAuth
@ -526,10 +524,10 @@ func (c *Configuration) CheckFlags() error {
 	flag.StringVar(&c.Compression, "compression", fc.Compression, "compression method to use. defaults to no compression, z = zstd, g = gzip. Undefined value will default to no compression")
 	flag.StringVar(&c.Serialization, "serialization", fc.Serialization, "Serialization method to use. defaults to gob, other values are = cbor. Undefined value will default to gob")
 	flag.IntVar(&c.SetBlockProfileRate, "setBlockProfileRate", fc.SetBlockProfileRate, "Enable block profiling by setting the value to f.ex. 1. 0 = disabled")
-	flag.BoolVar(&c.EnableSocket, "enableSocket", fc.EnableSocket, "true/false for enabling the creation of a steward.sock file")
+	flag.BoolVar(&c.EnableSocket, "enableSocket", fc.EnableSocket, "true/false, for enabling the creation of a steward.sock file")
 	flag.BoolVar(&c.EnableTUI, "enableTUI", fc.EnableTUI, "true/false for enabling the Terminal User Interface")
-	flag.BoolVar(&c.AllowEmptySignature, "allowEmptySignature", fc.AllowEmptySignature, "true/false AllowEmptySignature will allow subscribers to handle messages with empty signatures. The only reason for using this flag should be to upgrade from version 0.1.15 and earlier")
-	flag.BoolVar(&c.IsCentralAuth, "isCentralAuth", fc.IsCentralAuth, "true/false, is this the central auth server")
+	flag.BoolVar(&c.EnableSignatureCheck, "enableSignatureCheck", fc.EnableSignatureCheck, "true/false *TESTING* enable signature checking.")
+	flag.BoolVar(&c.IsCentralAuth, "isCentralAuth", fc.IsCentralAuth, "true/false, *TESTING* is this the central auth server")

 	flag.IntVar(&c.StartPubREQHello, "startPubREQHello", fc.StartPubREQHello, "Make the current node send hello messages to central at given interval in seconds")

--- a/process.go
+++ b/process.go
@ -10,7 +10,6 @@ import (
 	"io"
 	"log"
 	"os"
-	"strings"
 	"sync"
 	"time"

@ -544,11 +543,6 @@ func (p process) messageSubscriberHandler(natsConn *nats.Conn, thisNode string,
 	}
 }

-// argsToString takes args in the format of []string and returns a string.
-func argsToString(args []string) string {
-	return strings.Join(args, " ")
-}
-
 // SubscribeMessage will register the Nats callback function for the specified
 // nats subject. This allows us to receive Nats messages for a given subject
 // on a node.
--- a/signatures.go
+++ b/signatures.go
@ -8,6 +8,7 @@ import (
 	"log"
 	"os"
 	"path/filepath"
+	"strings"
 	"sync"
 )

@ -212,11 +213,12 @@ func (s *signatures) readKeyFile(keyFile string) (ed2519key []byte, b64Key []byt
 // verifySignature
 func (s *signatures) verifySignature(m Message) bool {
 	fmt.Printf(" * DEBUG: verifySignature, method: %v\n", m.Method)
-	if s.configuration.AllowEmptySignature {
+	if !s.configuration.EnableSignatureCheck {
 		fmt.Printf(" * DEBUG: verifySignature: AllowEmptySignature set to TRUE\n")
 		return true
 	}

+	// TODO: Only enable signature checking for REQCliCommand for now.
 	if m.Method != REQCliCommand {
 		fmt.Printf(" * DEBUG: verifySignature: WAS OTHER THAN CLI COMMAND\n")
 		return true
@ -230,3 +232,8 @@ func (s *signatures) verifySignature(m Message) bool {

 	return ok
 }
+
+// argsToString takes args in the format of []string and returns a string.
+func argsToString(args []string) string {
+	return strings.Join(args, " ")
+}