예제 #1
0
int shpam_pshadow_set(shfs_ino_t *file, shseed_t *seed, shkey_t *sess_key)
{
  shadow_t save;
  int err;

  err = shpam_shadow_load(file, seed->seed_uid, &save);
  if (err)
    return (err);

  /* validate session key */
  if (shtime_after(shtime(), save.sh_expire))
    return (SHERR_KEYEXPIRED);
  if (!shkey_cmp(&save.sh_sess, sess_key))
    return (SHERR_KEYREJECTED);

  err = shpam_shadow_session_expire(file, seed->seed_uid, sess_key);
  if (err)
    return (err);

  err = shpam_pshadow_store(file, seed);
  if (err)
    return (err);

  return (0);
}
예제 #2
0
int shpam_shadow_remove(shfs_ino_t *file, uint64_t uid, shkey_t *sess_key)
{
  shadow_t *ent;
  shadow_t save;
  shkey_t *key;
  int err;

  if (!sess_key)
    return (SHERR_NOKEY);

  err = shpam_shadow_load(file, uid, &save);
  if (err) {
    return (err);
}

  if (shtime_after(shtime(), save.sh_expire))
    return (SHERR_KEYEXPIRED);

  if (!shkey_cmp(&save.sh_sess, sess_key))
    return (SHERR_KEYREJECTED);

  key = shkey_bin((char *)&uid, sizeof(uid));
  err = shfs_cred_remove(file, key);
  shkey_free(&key);
  if (err) {
    return (err);
}

  return (0);
}
예제 #3
0
int txop_contract_confirm(shpeer_t *peer, tx_contract_t *contract)
{
  shtime_t now;
  shkey_t *key;
  int sig_ok;

  if (0 != strcmp(contract->con_cur, COIN_USDE) &&
      0 != strcmp(contract->con_cur, COIN_GMC) &&
      0 != strcmp(contract->con_cur, COIN_SYS))
    return (SHERR_INVAL);

  now = shtime();
  if (shtime_before(shtime(), contract->con_birth) ||
      shtime_before(shtime(), contract->con_stamp) ||
      shtime_after(contract->con_birth, contract->con_stamp))
    return (SHERR_TIME);

  key = shkey_hexgen(contract->con_key + 8);
  if (!key)
    return (SHERR_NOKEY);
  sig_ok = shkey_cmp(key, &contract->con_sig);
  shkey_free(&key);
  if (!sig_ok)
    return (SHERR_KEYREJECTED);

  return (0);
}
예제 #4
0
int shpam_shadow_session(shfs_ino_t *file, shseed_t *seed, shkey_t **sess_p, shtime_t *expire_p)
{
  shadow_t *ent;
  shadow_t save;
  shkey_t *sess_key;
  shkey_t *ret_key;
  shkey_t *seed_key;
  shtime_t stamp;
  shtime_t now;
  uint64_t crc;
  int err;

  if (!file->tree)
    return (SHERR_INVAL);

  err = shpam_shadow_load(file, seed->seed_uid, &save);
  if (err) {
    return (err);
}

  now = shtime();
  if (shtime_after(now, save.sh_expire)) {
    /* generate new session key with default expiration */
    stamp = shtime_adj(now, MAX_SHARE_SESSION_TIME);
    sess_key = _shpam_shadow_session_gen(seed, &save.sh_id, stamp); 
    if (!sess_key)
      return (SHERR_KEYREVOKED);

    save.sh_expire = stamp;
    memcpy(&save.sh_sess, sess_key, sizeof(save.sh_sess));
    err = shpam_shadow_store(file, &save);
    shkey_free(&sess_key);
    if (err) {
      return (err);
}
  }

  if (expire_p)
    *expire_p = save.sh_expire;

  if (sess_p) {
    ret_key = (shkey_t *)calloc(1, sizeof(shkey_t));
    memcpy(ret_key, &save.sh_sess, sizeof(shkey_t));
    *sess_p = ret_key;
  }

  return (0);
}
예제 #5
0
int shpam_shadow_session_expire(shfs_ino_t *file, uint64_t uid, shkey_t *sess_key)
{
  shadow_t *ent;
  shadow_t save;
  int err;

  err = shpam_shadow_load(file, uid, &save);
  if (err)
    return (err);

  if (shtime_after(shtime(), save.sh_expire))
    return (SHERR_KEYEXPIRED);
  if (!shkey_cmp(&save.sh_sess, sess_key))
    return (SHERR_KEYREJECTED);

  save.sh_expire = 0;
  err = shpam_shadow_store(file, &save);
  if (err)
    return (err);

  return (0);
}
예제 #6
0
int shcert_verify(shcert_t *cert, shcert_t *parent)
{
  shtime_t now;
  int err;

  if (!(cert->cert_flag & SHCERT_CERT_CHAIN)) {
    /* initial (CA) chain entity */
    if (parent)
      return (SHERR_INVAL);

    return (0);
  }

  /* supplemental chain entity */
  if (!parent)
    return (SHERR_INVAL);

  /* The Issuer of each certificate (except the last one) matches the Subject of the next (parent) certificate in the list. */
  if (0 != strcasecmp(cert->cert_iss.ent_name, 
        parent->cert_sub.ent_name)) {
    return (SHERR_ACCESS); 
  }

  now = shtime();
  if (!shtime_after(now, shcert_sub_stamp(cert))) {
    return (SHERR_ACCESS);
  }
  if (!shtime_before(now, shcert_sub_expire(cert))) {
    return (SHERR_KEYEXPIRED);
  }

  /* The signature of one certificate can be verified using the public key contained in the following certificate. */
  err = shcert_sign_verify(cert, parent); 
  if (err)
    return (err);

  return (0);
}
예제 #7
0
int sharedaemon_bcast_recv(void)
{
    struct sockaddr_in addr;
    socklen_t addr_len;
    struct timeval to;
    fd_set read_set;
    shpeer_t *peer;
    char dgram[512];
    ssize_t r_len;
    int err;

    err = bcast_recv_init();
    if (err) {
        return (err);
    }

    FD_ZERO(&read_set);
    FD_SET(_bcast_recv_fd, &read_set);

    /* nonblocking read */
    memset(&to, 0, sizeof(to));
    err = select(_bcast_recv_fd+1, &read_set, NULL, NULL, &to);
    if (err < 0) {
        return (-errno);
    }
    if (err == 0) {
//fprintf(stderr, "\rWaiting for select(_bcast_recv_fd)..");
//fflush(stderr);
        return (0); /* nothing to read */
    }

    addr_len = sizeof(addr);
    memset(&addr, 0, addr_len);
    r_len = recvfrom(_bcast_recv_fd,
                     dgram, sizeof dgram, 0, &addr, &addr_len);
    if (r_len < 0) {
        fprintf(stderr, "DEBUG: %d = recvfrom()\n", r_len);
        return (-errno);
    }

    /* and who are you? */
    if (r_len < sizeof(shpeer_t)) {
        fprintf(stderr, "DEBUG: <%d bytes> pending..\n", r_len);
        return (SHERR_INVAL);
    }

#if 0
    now = shtime();
    tx = (tx_t *)dgram;
    if (shtime_after(tx->tx_stamp, now) ||
            shtime_before(tx->tx_stamp, shtime_adj(now, -BROADCAST_TIMEOUT))) {
        /* broadcast message must indicate sane time-frame. */
        return (SHERR_TIME);
    }

    switch (tx->tx_op) {
    case TX_PEER:
        peer_tx = (tx_peer_t *)dgram;
        if (0 != shkey_cmp(&tx->tx_peer, shpeer_kpriv(&peer_tx->peer)))
            return (SHERR_INVAL); /* only accept self-referencing broadcast */
    }
#endif


    /* share-daemon broadcasting it's peer address. */
    peer = (shpeer_t *)dgram;

    if (!shkey_cmp(shpeer_kpub(sharedaemon_peer()), shpeer_kpub(peer))) {
        /* this is not a shared peer */
        return (0); /* all done */
    }

    if (!shkey_cmp(shpeer_kpub(sharedaemon_peer()), shpeer_kpub(peer))) {
        fprintf(stderr, "DEBUG: invalid key\n");
        /* this is a peer referencing ourselves. */
        //err = sharedaemon_netclient_alias(&addr);
    }



    switch (peer->type) {
    case SHNET_PEER_LOCAL:
    case SHNET_PEER_IPV4:

        /*
           memset(&addr, '\000', sizeof(struct sockaddr_in));
           memcpy(&addr, &peer_tx->peer.addr, sizeof(peer_tx->peer.addr));
           */
        fprintf(stderr, "DEBUG: received UDP broadcast with peer \"%s\"\n", shpeer_print(peer));
        fprintf(stderr, "DEBUG: received UDP broadcast for \"%s\" port %d\n", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
        if (!peer->addr.sin_port)
            break; /* otay */

        addr.sin_family = AF_INET;
        err = sharedaemon_netclient_conn(peer, &addr);
        if (err)
            return (err);

        break;
    }
    fprintf(stderr, "DEBUG: processed bcast recv\n");

    return (0);
}