Merge "veyron.io/veyron/veyron/runtimes/google/ipc: Bugfix. dhcpListener was never triggered, even for ":0" addresses."
diff --git a/lib/modules/core/mounttable.go b/lib/modules/core/mounttable.go
index 9326030..b0104d5 100644
--- a/lib/modules/core/mounttable.go
+++ b/lib/modules/core/mounttable.go
@@ -89,7 +89,7 @@
output += fmt.Sprintf("R%d=%s[", entry, n.Name)
t := ""
for _, s := range n.Servers {
- t += fmt.Sprintf("%s:%s, ", s.Server, s.TTL)
+ t += fmt.Sprintf("%s:%s, ", s.Server, s.Expires)
}
t = strings.TrimSuffix(t, ", ")
output += fmt.Sprintf("%s]\n", t)
diff --git a/lib/unixfd/unixfd.go b/lib/unixfd/unixfd.go
index 8c55ab3..132a6c9 100644
--- a/lib/unixfd/unixfd.go
+++ b/lib/unixfd/unixfd.go
@@ -190,13 +190,13 @@
// SendConnection creates a new connected socket and sends
// one end over 'conn', along with 'data'. It returns the address for
// the local end of the socketpair.
-// Note that the returned address refers to an open file descriptor,
+// Note that the returned address is an open file descriptor,
// which you must close if you do not Dial or Listen to the address.
-func SendConnection(conn *net.UnixConn, data []byte) (addr net.Addr, err error) {
+func SendConnection(conn *net.UnixConn, data []byte, closeOnExec bool) (addr net.Addr, err error) {
if len(data) < 1 {
return nil, errors.New("cannot send a socket without data.")
}
- local, remote, err := socketpair(true)
+ remote, local, err := socketpair(closeOnExec)
if err != nil {
return nil, err
}
@@ -250,6 +250,17 @@
return Addr(uintptr(fd)), n, nil
}
+func CloseUnixAddr(addr net.Addr) error {
+ if addr.Network() != Network {
+ return errors.New("invalid network")
+ }
+ fd, err := strconv.ParseInt(addr.String(), 10, 32)
+ if err != nil {
+ return err
+ }
+ return syscall.Close(int(fd))
+}
+
func init() {
stream.RegisterProtocol(Network, unixFDConn, unixFDListen)
}
diff --git a/lib/unixfd/unixfd_test.go b/lib/unixfd/unixfd_test.go
index 7094b93..6dca48f 100644
--- a/lib/unixfd/unixfd_test.go
+++ b/lib/unixfd/unixfd_test.go
@@ -136,7 +136,7 @@
if err != nil {
t.Fatalf("FileConn: %v", err)
}
- caddr, err := SendConnection(uclient.(*net.UnixConn), []byte("hello"))
+ caddr, err := SendConnection(uclient.(*net.UnixConn), []byte("hello"), true)
if err != nil {
t.Fatalf("SendConnection: %v", err)
}
diff --git a/runtimes/google/lib/publisher/publisher.go b/runtimes/google/lib/publisher/publisher.go
index 83468e2..f7e474a 100644
--- a/runtimes/google/lib/publisher/publisher.go
+++ b/runtimes/google/lib/publisher/publisher.go
@@ -313,17 +313,17 @@
func (ps *pubState) published() []string {
var ret []string
for _, name := range ps.names {
- mtServers, err := ps.ns.ResolveToMountTable(ps.ctx, name)
+ e, err := ps.ns.ResolveToMountTableX(ps.ctx, name)
if err != nil {
vlog.Errorf("ipc pub: couldn't resolve %v to mount table: %v", name, err)
continue
}
- if len(mtServers) == 0 {
+ if len(e.Servers) == 0 {
vlog.Errorf("ipc pub: no mount table found for %v", name)
continue
}
- for _, s := range mtServers {
- ret = append(ret, naming.MakeResolvable(s))
+ for _, s := range e.Servers {
+ ret = append(ret, naming.JoinAddressName(s.Server, e.Name))
}
}
return ret
diff --git a/runtimes/google/naming/namespace/all_test.go b/runtimes/google/naming/namespace/all_test.go
index ad6a9b0..9c29b25 100644
--- a/runtimes/google/naming/namespace/all_test.go
+++ b/runtimes/google/naming/namespace/all_test.go
@@ -143,7 +143,7 @@
if err != nil {
boom(t, "Failed to ResolveToMountTable %q: %s", name, err)
}
- compare(t, "ResolveToMoutTable", name, servers, want)
+ compare(t, "ResolveToMountTable", name, servers, want)
}
func testResolve(t *testing.T, r veyron2.Runtime, ns naming.Namespace, name string, want ...string) {
diff --git a/runtimes/google/naming/namespace/cache.go b/runtimes/google/naming/namespace/cache.go
index 4686928..01b704e 100644
--- a/runtimes/google/naming/namespace/cache.go
+++ b/runtimes/google/naming/namespace/cache.go
@@ -19,26 +19,25 @@
// cache is a generic interface to the resolution cache.
type cache interface {
- remember(prefix string, servers []mountedServer)
+ remember(prefix string, entry *naming.MountEntry)
forget(names []string)
- lookup(name string) ([]mountedServer, string)
+ lookup(name string) (naming.MountEntry, error)
}
// ttlCache is an instance of cache that obeys ttl from the mount points.
type ttlCache struct {
sync.Mutex
- epochStart time.Time
- entries map[string][]mountedServer
+ entries map[string]naming.MountEntry
}
// newTTLCache creates an empty ttlCache.
func newTTLCache() cache {
- return &ttlCache{epochStart: time.Now(), entries: make(map[string][]mountedServer)}
+ return &ttlCache{entries: make(map[string]naming.MountEntry)}
}
-func isStale(now uint32, servers []mountedServer) bool {
- for _, s := range servers {
- if s.TTL <= now {
+func isStale(now time.Time, e naming.MountEntry) bool {
+ for _, s := range e.Servers {
+ if s.Expires.Before(now) {
return true
}
}
@@ -54,11 +53,6 @@
return strings.TrimSuffix(name, "/")
}
-// esecs returns seconds since start of this cache's epoch.
-func (c *ttlCache) esecs() uint32 {
- return uint32(time.Since(c.epochStart).Seconds())
-}
-
// randomDrop randomly removes one cache entry. Assumes we've already locked the cache.
func (c *ttlCache) randomDrop() {
n := rand.Intn(len(c.entries))
@@ -74,7 +68,7 @@
// cleaner reduces the number of entries. Assumes we've already locked the cache.
func (c *ttlCache) cleaner() {
// First dump any stale entries.
- now := c.esecs()
+ now := time.Now()
for k, v := range c.entries {
if len(c.entries) < cacheHisteresisSize {
return
@@ -91,12 +85,19 @@
}
// remember the servers associated with name with suffix removed.
-func (c *ttlCache) remember(prefix string, servers []mountedServer) {
+func (c *ttlCache) remember(prefix string, entry *naming.MountEntry) {
+ // Remove suffix. We only care about the name that gets us
+ // to the mounttable from the last mounttable.
prefix = normalize(prefix)
- for i := range servers {
- // Remember when this cached entry times out relative to our epoch.
- servers[i].TTL += c.esecs()
+ prefix = naming.TrimSuffix(prefix, entry.Name)
+ // Copy the entry.
+ var ce naming.MountEntry
+ for _, s := range entry.Servers {
+ ce.Servers = append(ce.Servers, s)
}
+ ce.MT = entry.MT
+ // All keys must be terminal.
+ prefix = naming.MakeTerminal(prefix)
c.Lock()
// Enforce an upper limit on the cache size.
if len(c.entries) >= maxCacheEntries {
@@ -104,7 +105,7 @@
c.cleaner()
}
}
- c.entries[prefix] = servers
+ c.entries[prefix] = ce
c.Unlock()
}
@@ -125,25 +126,26 @@
}
// lookup searches the cache for a maximal prefix of name and returns the associated servers,
-// prefix, and suffix. If any of the associated servers is past its TTL, don't return anything
+// prefix, and suffix. If any of the associated servers is expired, don't return anything
// since that would reduce availability.
-func (c *ttlCache) lookup(name string) ([]mountedServer, string) {
+func (c *ttlCache) lookup(name string) (naming.MountEntry, error) {
name = normalize(name)
c.Lock()
defer c.Unlock()
- now := c.esecs()
+ now := time.Now()
for prefix, suffix := name, ""; len(prefix) > 0; prefix, suffix = backup(prefix, suffix) {
- servers, ok := c.entries[prefix]
+ e, ok := c.entries[prefix]
if !ok {
continue
}
- if isStale(now, servers) {
- return nil, ""
+ if isStale(now, e) {
+ return e, naming.ErrNoSuchName
}
- vlog.VI(2).Infof("namespace cache %s -> %v %s", name, servers, suffix)
- return servers, suffix
+ vlog.VI(2).Infof("namespace cache %s -> %v %s", name, e.Servers, e.Name)
+ e.Name = suffix
+ return e, nil
}
- return nil, ""
+ return naming.MountEntry{}, naming.ErrNoSuchName
}
// backup moves the last element of the prefix to the suffix. "//" is preserved. Thus
@@ -170,7 +172,7 @@
// nullCache is an instance of cache that does nothing.
type nullCache int
-func newNullCache() cache { return nullCache(1) }
-func (nullCache) remember(prefix string, servers []mountedServer) {}
-func (nullCache) forget(names []string) {}
-func (nullCache) lookup(name string) ([]mountedServer, string) { return nil, "" }
+func newNullCache() cache { return nullCache(1) }
+func (nullCache) remember(prefix string, entry *naming.MountEntry) {}
+func (nullCache) forget(names []string) {}
+func (nullCache) lookup(name string) (e naming.MountEntry, err error) { return e, naming.ErrNoSuchName }
diff --git a/runtimes/google/naming/namespace/cache_test.go b/runtimes/google/naming/namespace/cache_test.go
index e3908a5..d707509 100644
--- a/runtimes/google/naming/namespace/cache_test.go
+++ b/runtimes/google/naming/namespace/cache_test.go
@@ -3,17 +3,22 @@
import (
"fmt"
"testing"
+ "time"
"veyron.io/veyron/veyron2/naming"
)
-func compatible(server string, servers []mountedServer) bool {
+func compatible(server string, servers []naming.MountedServer) bool {
if len(servers) == 0 {
return server == ""
}
return servers[0].Server == server
}
+func future(secs uint32) time.Time {
+ return time.Now().Add(time.Duration(secs) * time.Second)
+}
+
// TestCache tests the cache directly rather than via the namespace methods.
func TestCache(t *testing.T) {
preload := []struct {
@@ -27,63 +32,69 @@
}
c := newTTLCache()
for _, p := range preload {
- c.remember(naming.TrimSuffix(p.name, p.suffix), []mountedServer{mountedServer{Server: p.server, TTL: 30}})
+ e := &naming.MountEntry{Name: p.suffix, Servers: []naming.MountedServer{naming.MountedServer{Server: p.server, Expires: future(30)}}}
+ c.remember(p.name, e)
}
tests := []struct {
- name string
- suffix string
- server string
+ name string
+ suffix string
+ server string
+ succeed bool
}{
- {"/h1//a/b/c/d", "c/d", "/h2"},
- {"/h2//c/d", "d", "/h3"},
- {"/h3//d", "", "/h4:1234"},
- {"/notintcache", "", ""},
- {"/h1//a/b/f//g", "f//g", "/h2"},
- {"/h3//d//e", "//e", "/h4:1234"},
+ {"/h1//a/b/c/d", "c/d", "/h2", true},
+ {"/h2//c/d", "d", "/h3", true},
+ {"/h3//d", "", "/h4:1234", true},
+ {"/notintcache", "", "", false},
+ {"/h1//a/b/f//g", "f//g", "/h2", true},
+ {"/h3//d//e", "//e", "/h4:1234", true},
}
for _, p := range tests {
- servers, suffix := c.lookup(p.name)
- if suffix != p.suffix || !compatible(p.server, servers) {
- t.Errorf("%s: unexpected depth: got %v, %s not %s, %s", p.name, servers, suffix, p.server, p.suffix)
+ e, err := c.lookup(p.name)
+ if (err == nil) != p.succeed {
+ t.Errorf("%s: lookup failed", p.name)
+ }
+ if e.Name != p.suffix || !compatible(p.server, e.Servers) {
+ t.Errorf("%s: got %v, %s not %s, %s", p.name, e.Name, e.Servers, p.suffix, p.server)
}
}
}
func TestCacheLimit(t *testing.T) {
c := newTTLCache().(*ttlCache)
- servers := []mountedServer{mountedServer{Server: "the rain in spain", TTL: 3000}}
+ e := &naming.MountEntry{Servers: []naming.MountedServer{naming.MountedServer{Server: "the rain in spain", Expires: future(3000)}}}
for i := 0; i < maxCacheEntries; i++ {
- c.remember(fmt.Sprintf("%d", i), servers)
+ c.remember(fmt.Sprintf("%d", i), e)
if len(c.entries) > maxCacheEntries {
t.Errorf("unexpected cache size: got %d not %d", len(c.entries), maxCacheEntries)
}
}
// Adding one more element should reduce us to 3/4 full.
- c.remember(fmt.Sprintf("%d", maxCacheEntries), servers)
+ c.remember(fmt.Sprintf("%d", maxCacheEntries), e)
if len(c.entries) != cacheHisteresisSize {
t.Errorf("cache shrunk wrong amount: got %d not %d", len(c.entries), cacheHisteresisSize)
}
}
func TestCacheTTL(t *testing.T) {
+ before := time.Now()
c := newTTLCache().(*ttlCache)
// Fill cache.
- servers := []mountedServer{mountedServer{Server: "the rain in spain", TTL: 3000}}
+ e := &naming.MountEntry{Servers: []naming.MountedServer{naming.MountedServer{Server: "the rain in spain", Expires: future(3000)}}}
for i := 0; i < maxCacheEntries; i++ {
- c.remember(fmt.Sprintf("%d", i), servers)
+ c.remember(fmt.Sprintf("%d", i), e)
}
// Time out half the entries.
i := len(c.entries) / 2
for k := range c.entries {
- c.entries[k][0].TTL = 0
+ c.entries[k].Servers[0].Expires = before
if i == 0 {
break
}
i--
}
// Add an entry and make sure we now have room.
- c.remember(fmt.Sprintf("%d", maxCacheEntries+2), servers)
+ c.remember(fmt.Sprintf("%d", maxCacheEntries+2), e)
if len(c.entries) > cacheHisteresisSize {
t.Errorf("entries did not timeout: got %d not %d", len(c.entries), cacheHisteresisSize)
}
@@ -101,7 +112,8 @@
ns, _ := New(nil)
c := ns.resolutionCache.(*ttlCache)
for _, p := range preload {
- c.remember(p.name, []mountedServer{mountedServer{Server: p.server, TTL: 3000}})
+ e := &naming.MountEntry{Servers: []naming.MountedServer{naming.MountedServer{Server: "p.server", Expires: future(3000)}}}
+ c.remember(p.name, e)
}
toflush := "/h1/xyzzy"
if ns.FlushCacheEntry(toflush) {
@@ -112,17 +124,17 @@
t.Errorf("%s should have caused something to flush", toflush)
}
name := preload[2].name
- if _, ok := c.entries[name]; ok {
- t.Errorf("%s should have been flushed", name)
+ if _, ok := c.entries[name]; !ok {
+ t.Errorf("%s should not have been flushed", name)
}
if len(c.entries) != 2 {
t.Errorf("%s flushed too many entries", toflush)
}
+ toflush = preload[1].name
if !ns.FlushCacheEntry(toflush) {
t.Errorf("%s should have caused something to flush", toflush)
}
- name = preload[1].name
- if _, ok := c.entries[name]; ok {
+ if _, ok := c.entries[toflush]; ok {
t.Errorf("%s should have been flushed", name)
}
if len(c.entries) != 1 {
@@ -146,8 +158,9 @@
name := "/h1//a"
serverName := "/h2//"
c := ns.resolutionCache.(*ttlCache)
- c.remember(name, []mountedServer{mountedServer{Server: serverName, TTL: 3000}})
- if servers, _ := c.lookup(name); servers == nil || servers[0].Server != serverName {
+ e := &naming.MountEntry{Servers: []naming.MountedServer{naming.MountedServer{Server: serverName, Expires: future(3000)}}}
+ c.remember(name, e)
+ if ne, err := c.lookup(name); err != nil || ne.Servers[0].Server != serverName {
t.Errorf("should have found the server in the cache")
}
@@ -157,8 +170,8 @@
t.Errorf("caching not disabled")
}
nc := ns.resolutionCache.(nullCache)
- nc.remember(name, []mountedServer{mountedServer{Server: serverName, TTL: 3000}})
- if servers, _ := nc.lookup(name); servers != nil {
+ nc.remember(name, e)
+ if _, err := nc.lookup(name); err == nil {
t.Errorf("should not have found the server in the cache")
}
@@ -168,8 +181,8 @@
t.Errorf("caching disabled")
}
c = ns.resolutionCache.(*ttlCache)
- c.remember(name, []mountedServer{mountedServer{Server: serverName, TTL: 3000}})
- if servers, _ := c.lookup(name); servers == nil || servers[0].Server != serverName {
+ c.remember(name, e)
+ if ne, err := c.lookup(name); err != nil || ne.Servers[0].Server != serverName {
t.Errorf("should have found the server in the cache")
}
}
diff --git a/runtimes/google/naming/namespace/glob.go b/runtimes/google/naming/namespace/glob.go
index 0992eaa..89fdfb1 100644
--- a/runtimes/google/naming/namespace/glob.go
+++ b/runtimes/google/naming/namespace/glob.go
@@ -4,12 +4,12 @@
"container/list"
"io"
"strings"
- "time"
"veyron.io/veyron/veyron/lib/glob"
"veyron.io/veyron/veyron2/context"
"veyron.io/veyron/veyron2/naming"
+ "veyron.io/veyron/veyron2/services/mounttable/types"
"veyron.io/veyron/veyron2/vlog"
)
@@ -57,7 +57,7 @@
// At this point we're commited to a server since it answered tha call.
for {
- var e mountEntry
+ var e types.MountEntry
err := call.Recv(&e)
if err == io.EOF {
break
@@ -127,24 +127,6 @@
return reply, nil
}
-func convertStringsToServers(servers []string) (ret []naming.MountedServer) {
- for _, s := range servers {
- ret = append(ret, naming.MountedServer{Server: s})
- }
- return
-}
-
-// TODO(p): I may just give up and assume that these two will always be the same. For
-// now this lets me make the RPC interface and the model's MountTable structs be arbitrarily
-// different.
-func convertServers(servers []mountedServer) []naming.MountedServer {
- var reply []naming.MountedServer
- for _, s := range servers {
- reply = append(reply, naming.MountedServer{Server: s.Server, TTL: time.Duration(s.TTL) * time.Second})
- }
- return reply
-}
-
// depth returns the directory depth of a given name.
func depth(name string) int {
name = strings.Trim(name, "/")
diff --git a/runtimes/google/naming/namespace/mount.go b/runtimes/google/naming/namespace/mount.go
index 35d5c01..8339a8b 100644
--- a/runtimes/google/naming/namespace/mount.go
+++ b/runtimes/google/naming/namespace/mount.go
@@ -6,6 +6,7 @@
"veyron.io/veyron/veyron2/context"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
+ "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/services/mounttable/types"
"veyron.io/veyron/veyron2/vlog"
)
@@ -13,7 +14,7 @@
// mountIntoMountTable mounts a single server into a single mount table.
func mountIntoMountTable(ctx context.T, client ipc.Client, name, server string, ttl time.Duration, flags types.MountFlag) error {
ctx, _ = ctx.WithTimeout(callTimeout)
- call, err := client.StartCall(ctx, name, "Mount", []interface{}{server, uint32(ttl.Seconds()), flags})
+ call, err := client.StartCall(ctx, name, "Mount", []interface{}{server, uint32(ttl.Seconds()), flags}, options.NoResolve(true))
if err != nil {
return err
}
@@ -26,7 +27,7 @@
// unmountFromMountTable removes a single mounted server from a single mount table.
func unmountFromMountTable(ctx context.T, client ipc.Client, name, server string) error {
ctx, _ = ctx.WithTimeout(callTimeout)
- call, err := client.StartCall(ctx, name, "Unmount", []interface{}{server})
+ call, err := client.StartCall(ctx, name, "Unmount", []interface{}{server}, options.NoResolve(true))
if err != nil {
return err
}
diff --git a/runtimes/google/naming/namespace/namespace.go b/runtimes/google/naming/namespace/namespace.go
index 88855c0..5c2ceca 100644
--- a/runtimes/google/naming/namespace/namespace.go
+++ b/runtimes/google/naming/namespace/namespace.go
@@ -107,6 +107,32 @@
return []string{name}
}
+// rootMountEntry 'roots' a name creating a mount entry for the name.
+func (ns *namespace) rootMountEntry(name string) *naming.MountEntry {
+ e := new(naming.MountEntry)
+ expiration := time.Now().Add(time.Hour) // plenty of time for a call
+ address, suffix := naming.SplitAddressName(name)
+ if len(address) == 0 {
+ e.MT = true
+ e.Name = name
+ ns.RLock()
+ defer ns.RUnlock()
+ for _, r := range ns.roots {
+ e.Servers = append(e.Servers, naming.MountedServer{Server: r, Expires: expiration})
+ }
+ return e
+ }
+ // TODO(p): right now I assume any address handed to me to be resolved is a mount table.
+ // Eventually we should do something like the following:
+ // if ep, err := ns.rt.NewEndpoint(address); err == nil && ep.ServesMountTable() {
+ // e.MT = true
+ // }
+ e.MT = true
+ e.Name = suffix
+ e.Servers = append(e.Servers, naming.MountedServer{Server: address, Expires: expiration})
+ return e
+}
+
// notAnMT returns true if the error indicates this isn't a mounttable server.
func notAnMT(err error) bool {
switch verror.ErrorID(err) {
diff --git a/runtimes/google/naming/namespace/resolve.go b/runtimes/google/naming/namespace/resolve.go
index f246c06..b6a8315 100644
--- a/runtimes/google/naming/namespace/resolve.go
+++ b/runtimes/google/naming/namespace/resolve.go
@@ -7,40 +7,32 @@
"veyron.io/veyron/veyron2/context"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
+ "veyron.io/veyron/veyron2/options"
+ "veyron.io/veyron/veyron2/services/mounttable/types"
"veyron.io/veyron/veyron2/verror"
"veyron.io/veyron/veyron2/vlog"
)
-func convertServersToStrings(servers []mountedServer, suffix string) (ret []string) {
- for _, s := range servers {
- ret = append(ret, naming.Join(s.Server, suffix))
- }
- return
-}
-
-func (ns *namespace) resolveAgainstMountTable(ctx context.T, client ipc.Client, names []string) ([]string, error) {
+func (ns *namespace) resolveAgainstMountTable(ctx context.T, client ipc.Client, e *naming.MountEntry) (*naming.MountEntry, error) {
// Try each server till one answers.
finalErr := errors.New("no servers to resolve query")
- for _, name := range names {
- // We want to resolve the name against the MountTable specified in its
- // address, without recursing through ourselves. To this we force
- // the entire name component to be terminal.
- name = naming.MakeTerminal(name)
+ for _, s := range e.Servers {
+ name := naming.JoinAddressName(s.Server, e.Name)
// First check the cache.
- if servers, suffix := ns.resolutionCache.lookup(name); len(servers) > 0 {
- return convertServersToStrings(servers, suffix), nil
+ if ne, err := ns.resolutionCache.lookup(name); err == nil {
+ vlog.VI(2).Infof("resolveAMT %s from cache -> %v", name, convertServersToStrings(ne.Servers, ne.Name))
+ return &ne, nil
}
// Not in cache, call the real server.
callCtx, _ := ctx.WithTimeout(callTimeout)
- call, err := client.StartCall(callCtx, name, "ResolveStep", nil)
+ call, err := client.StartCall(callCtx, name, "ResolveStepX", nil, options.NoResolve(true))
if err != nil {
finalErr = err
vlog.VI(2).Infof("ResolveStep.StartCall %s failed: %s", name, err)
continue
}
- servers := []mountedServer{}
- var suffix string
- ierr := call.Finish(&servers, &suffix, &err)
+ var entry types.MountEntry
+ ierr := call.Finish(&entry, &err)
if ierr != nil {
// Internal/system error.
finalErr = ierr
@@ -57,15 +49,17 @@
continue
}
// Add result to cache.
- ns.resolutionCache.remember(naming.TrimSuffix(name, suffix), servers)
- return convertServersToStrings(servers, suffix), nil
+ ne := convertMountEntry(&entry)
+ ns.resolutionCache.remember(name, ne)
+ vlog.VI(2).Infof("resolveAMT %s -> %v", name, *ne)
+ return ne, nil
}
return nil, finalErr
}
-func terminal(names []string) bool {
- for _, name := range names {
- if !naming.Terminal(name) {
+func terminal(e *naming.MountEntry) bool {
+ for _, s := range e.Servers {
+ if !naming.Terminal(naming.JoinAddressName(s.Server, e.Name)) {
return false
}
}
@@ -79,79 +73,86 @@
return
}
-// Resolve implements veyron2/naming.Namespace.
-func (ns *namespace) Resolve(ctx context.T, name string) ([]string, error) {
+// ResolveX implements veyron2/naming.Namespace.
+func (ns *namespace) ResolveX(ctx context.T, name string) (*naming.MountEntry, error) {
defer vlog.LogCall()()
- names := ns.rootName(name)
+ e := ns.rootMountEntry(name)
if vlog.V(2) {
_, file, line, _ := runtime.Caller(1)
- vlog.Infof("Resolve(%s) called from %s:%d", name, file, line)
- vlog.Infof("Resolve(%s) -> rootNames %s", name, names)
+ vlog.Infof("ResolveX(%s) called from %s:%d", name, file, line)
+ vlog.Infof("ResolveX(%s) -> rootMountEntry %v", name, *e)
}
- if len(names) == 0 {
+ if len(e.Servers) == 0 {
return nil, naming.ErrNoMountTable
}
// Iterate walking through mount table servers.
for remaining := ns.maxResolveDepth; remaining > 0; remaining-- {
- vlog.VI(2).Infof("Resolve(%s) loop %s", name, names)
- if terminal(names) {
- vlog.VI(1).Infof("Resolve(%s) -> %s", name, names)
- return names, nil
+ vlog.VI(2).Infof("ResolveX(%s) loop %v", name, *e)
+ if !e.MT || terminal(e) {
+ vlog.VI(1).Infof("ResolveX(%s) -> %v", name, *e)
+ return e, nil
}
var err error
- curr := names
- if names, err = ns.resolveAgainstMountTable(ctx, ns.rt.Client(), names); err != nil {
+ curr := e
+ if e, err = ns.resolveAgainstMountTable(ctx, ns.rt.Client(), curr); err != nil {
// If the name could not be found in the mount table, return an error.
if verror.Equal(naming.ErrNoSuchNameRoot, err) {
err = naming.ErrNoSuchName
}
if verror.Equal(naming.ErrNoSuchName, err) {
- vlog.VI(1).Infof("Resolve(%s) -> (NoSuchName: %v)", name, curr)
+ vlog.VI(1).Infof("ResolveX(%s) -> (NoSuchName: %v)", name, curr)
return nil, err
}
// Any other failure (server not found, no ResolveStep
// method, etc.) are a sign that iterative resolution can
// stop.
- t := makeTerminal(curr)
- vlog.VI(1).Infof("Resolve(%s) -> %s", name, t)
- return t, nil
+ vlog.VI(1).Infof("ResolveX(%s) -> %v", name, curr)
+ return curr, nil
}
}
return nil, naming.ErrResolutionDepthExceeded
}
-// ResolveToMountTable implements veyron2/naming.Namespace.
-func (ns *namespace) ResolveToMountTable(ctx context.T, name string) ([]string, error) {
+// Resolve implements veyron2/naming.Namespace.
+func (ns *namespace) Resolve(ctx context.T, name string) ([]string, error) {
defer vlog.LogCall()()
- names := ns.rootName(name)
+ e, err := ns.ResolveX(ctx, name)
+ if err != nil {
+ return nil, err
+ }
+ return naming.ToStringSlice(e), nil
+}
+
+// ResolveToMountTableX implements veyron2/naming.Namespace.
+func (ns *namespace) ResolveToMountTableX(ctx context.T, name string) (*naming.MountEntry, error) {
+ defer vlog.LogCall()()
+ e := ns.rootMountEntry(name)
if vlog.V(2) {
_, file, line, _ := runtime.Caller(1)
- vlog.Infof("ResolveToMountTable(%s) called from %s:%d", name, file, line)
- vlog.Infof("ResolveToMountTable(%s) -> rootNames %s", name, names)
+ vlog.Infof("ResolveToMountTableX(%s) called from %s:%d", name, file, line)
+ vlog.Infof("ResolveToMountTableX(%s) -> rootNames %v", name, e)
}
- if len(names) == 0 {
+ if len(e.Servers) == 0 {
return nil, naming.ErrNoMountTable
}
- last := names
+ last := e
for remaining := ns.maxResolveDepth; remaining > 0; remaining-- {
- vlog.VI(2).Infof("ResolveToMountTable(%s) loop %s", name, names)
+ vlog.VI(2).Infof("ResolveToMountTable(%s) loop %v", name, e)
var err error
- curr := names
- if terminal(curr) {
- t := makeTerminal(last)
- vlog.VI(1).Infof("ResolveToMountTable(%s) -> %s", name, t)
- return t, nil
+ curr := e
+ // If the next name to resolve doesn't point to a mount table, we're done.
+ if !e.MT || terminal(e) {
+ vlog.VI(1).Infof("ResolveToMountTableX(%s) -> %v", name, last)
+ return last, nil
}
- if names, err = ns.resolveAgainstMountTable(ctx, ns.rt.Client(), names); err != nil {
+ if e, err = ns.resolveAgainstMountTable(ctx, ns.rt.Client(), e); err != nil {
if verror.Equal(naming.ErrNoSuchNameRoot, err) {
- t := makeTerminal(last)
- vlog.VI(1).Infof("ResolveToMountTable(%s) -> %s (NoSuchRoot: %v)", name, t, curr)
- return t, nil
+ vlog.VI(1).Infof("ResolveToMountTableX(%s) -> %v (NoSuchRoot: %v)", name, last, curr)
+ return last, nil
}
if verror.Equal(naming.ErrNoSuchName, err) {
- t := makeTerminal(curr)
- vlog.VI(1).Infof("ResolveToMountTable(%s) -> %s (NoSuchName: %v)", name, t, curr)
- return t, nil
+ vlog.VI(1).Infof("ResolveToMountTableX(%s) -> %v (NoSuchName: %v)", name, curr, curr)
+ return curr, nil
}
// Lots of reasons why another error can happen. We are trying
// to single out "this isn't a mount table".
@@ -159,22 +160,30 @@
// that means "we are up but don't implement what you are
// asking for".
if notAnMT(err) {
- t := makeTerminal(last)
- vlog.VI(1).Infof("ResolveToMountTable(%s) -> %s", name, t)
- return t, nil
+ vlog.VI(1).Infof("ResolveToMountTableX(%s) -> %v", name, last)
+ return last, nil
}
// TODO(caprita): If the server is unreachable for
// example, we may still want to return its parent
// mounttable rather than an error.
- vlog.VI(1).Infof("ResolveToMountTable(%s) -> %v", name, err)
+ vlog.VI(1).Infof("ResolveToMountTableX(%s) -> %v", name, err)
return nil, err
}
-
last = curr
}
return nil, naming.ErrResolutionDepthExceeded
}
+// ResolveToMountTable implements veyron2/naming.Namespace.
+func (ns *namespace) ResolveToMountTable(ctx context.T, name string) ([]string, error) {
+ defer vlog.LogCall()()
+ e, err := ns.ResolveToMountTableX(ctx, name)
+ if err != nil {
+ return nil, err
+ }
+ return naming.ToStringSlice(e), nil
+}
+
func finishUnresolve(call ipc.Call) ([]string, error) {
var newNames []string
var unresolveErr error
@@ -245,14 +254,14 @@
// all branches since we want to flush all entries at which we might end up whereas in a resolution,
// we stop with the first branch that works.
n := naming.MakeTerminal(n)
- if mts, suffix := ns.resolutionCache.lookup(n); mts != nil {
+ if e, err := ns.resolutionCache.lookup(n); err == nil {
// Recurse.
- for _, server := range mts {
- flushed = flushed || ns.FlushCacheEntry(naming.Join(server.Server, suffix))
+ for _, s := range e.Servers {
+ flushed = flushed || ns.FlushCacheEntry(naming.Join(s.Server, e.Name))
}
if !flushed {
// Forget the entry we just used.
- ns.resolutionCache.forget([]string{naming.TrimSuffix(n, suffix)})
+ ns.resolutionCache.forget([]string{naming.TrimSuffix(n, e.Name)})
flushed = true
}
}
diff --git a/runtimes/google/naming/namespace/stub.go b/runtimes/google/naming/namespace/stub.go
index 9661cae..5e1699c 100644
--- a/runtimes/google/naming/namespace/stub.go
+++ b/runtimes/google/naming/namespace/stub.go
@@ -1,21 +1,38 @@
package namespace
-// This file defines data types that are also defined in the idl for the
-// mounttable. We live with the duplication here to avoid having to depend
-// on stubs which in turn depend on the runtime etc.
+import (
+ "time"
-// mountedServer mirrors mounttable.MountedServer
-type mountedServer struct {
- // Server is the OA that's mounted.
- Server string
- // TTL is the remaining time (in seconds) before the mount entry expires.
- TTL uint32
+ "veyron.io/veyron/veyron2/naming"
+ "veyron.io/veyron/veyron2/services/mounttable/types"
+)
+
+func convertServersToStrings(servers []naming.MountedServer, suffix string) (ret []string) {
+ for _, s := range servers {
+ ret = append(ret, naming.Join(s.Server, suffix))
+ }
+ return
}
-// mountEntry mirrors mounttable.MountEntry
-type mountEntry struct {
- // Name is the mounted name.
- Name string
- // Servers (if present) specifies the mounted names (Link is empty).
- Servers []mountedServer
+func convertStringsToServers(servers []string) (ret []naming.MountedServer) {
+ for _, s := range servers {
+ ret = append(ret, naming.MountedServer{Server: s})
+ }
+ return
+}
+
+func convertServers(servers []types.MountedServer) []naming.MountedServer {
+ var reply []naming.MountedServer
+ for _, s := range servers {
+ if s.TTL == 0 {
+ s.TTL = 32000000 // > 1 year
+ }
+ expires := time.Now().Add(time.Duration(s.TTL) * time.Second)
+ reply = append(reply, naming.MountedServer{Server: s.Server, Expires: expires})
+ }
+ return reply
+}
+
+func convertMountEntry(e *types.MountEntry) *naming.MountEntry {
+ return &naming.MountEntry{Name: e.Name, MT: e.MT, Servers: convertServers(e.Servers)}
}
diff --git a/runtimes/google/testing/mocks/naming/namespace.go b/runtimes/google/testing/mocks/naming/namespace.go
index 58c914c..bff47f6 100644
--- a/runtimes/google/testing/mocks/naming/namespace.go
+++ b/runtimes/google/testing/mocks/naming/namespace.go
@@ -77,6 +77,34 @@
return nil, verror.NoExistf("Resolve name %q not found in %v", name, ns.mounts)
}
+func (ns *namespace) ResolveX(ctx context.T, name string) (*naming.MountEntry, error) {
+ defer vlog.LogCall()()
+ e := new(naming.MountEntry)
+ if address, _ := naming.SplitAddressName(name); len(address) > 0 {
+ e.Servers = []naming.MountedServer{naming.MountedServer{Server: name, Expires: time.Now().Add(1000 * time.Hour)}}
+ return e, nil
+ }
+ ns.Lock()
+ defer ns.Unlock()
+ for prefix, servers := range ns.mounts {
+ if strings.HasPrefix(name, prefix) {
+ e.Name = strings.TrimLeft(strings.TrimPrefix(name, prefix), "/")
+ for _, s := range servers {
+ e.Servers = append(e.Servers, naming.MountedServer{Server: s, Expires: time.Now().Add(1000 * time.Hour)})
+ }
+ return e, nil
+ }
+ }
+ return nil, verror.NoExistf("Resolve name %q not found in %v", name, ns.mounts)
+}
+
+func (ns *namespace) ResolveToMountTableX(ctx context.T, name string) (*naming.MountEntry, error) {
+ defer vlog.LogCall()()
+ // TODO(mattr): Implement this method for tests that might need it.
+ panic("ResolveToMountTable not implemented")
+ return nil, nil
+}
+
func (ns *namespace) ResolveToMountTable(ctx context.T, name string) ([]string, error) {
defer vlog.LogCall()()
// TODO(mattr): Implement this method for tests that might need it.
diff --git a/security/agent/agentd/main.go b/security/agent/agentd/main.go
index 423e146..28e448d 100644
--- a/security/agent/agentd/main.go
+++ b/security/agent/agentd/main.go
@@ -18,6 +18,8 @@
"veyron.io/veyron/veyron2/vlog"
)
+var keypath = flag.String("additional_principals", "", "If non-empty, allow for the creation of new principals and save them in this directory.")
+
func main() {
flag.Usage = func() {
fmt.Fprintf(os.Stderr, `Usage: %s [agent options] command command_args...
@@ -34,7 +36,7 @@
vlog.Fatal("VEYRON_CREDENTIALS must be set to directory")
}
- p, err := newPrincipalFromDir(dir)
+ p, passphrase, err := newPrincipalFromDir(dir)
if err != nil {
vlog.Fatalf("failed to create new principal from dir(%s): %v", dir, err)
}
@@ -54,10 +56,23 @@
log.Fatalf("setenv: %v", err)
}
+ if *keypath == "" && passphrase != nil {
+ // If we're done with the passphrase, zero it out so it doesn't stay in memory
+ for i := range passphrase {
+ passphrase[i] = 0
+ }
+ passphrase = nil
+ }
+
// Start running our server.
- var sock *os.File
+ var sock, mgrSock *os.File
if sock, err = server.RunAnonymousAgent(runtime, p); err != nil {
- log.Fatalf("RunAgent: %v", err)
+ log.Fatalf("RunAnonymousAgent: %v", err)
+ }
+ if *keypath != "" {
+ if mgrSock, err = server.RunKeyManager(runtime, *keypath, passphrase); err != nil {
+ log.Fatalf("RunKeyManager: %v", err)
+ }
}
// Now run the client and wait for it to finish.
@@ -67,6 +82,10 @@
cmd.Stderr = os.Stderr
cmd.ExtraFiles = []*os.File{sock}
+ if mgrSock != nil {
+ cmd.ExtraFiles = append(cmd.ExtraFiles, mgrSock)
+ }
+
err = cmd.Start()
if err != nil {
log.Fatalf("Error starting child: %v", err)
@@ -77,7 +96,7 @@
os.Exit(status.ExitStatus())
}
-func newPrincipalFromDir(dir string) (security.Principal, error) {
+func newPrincipalFromDir(dir string) (security.Principal, []byte, error) {
p, err := vsecurity.LoadPersistentPrincipal(dir, nil)
if os.IsNotExist(err) {
return handleDoesNotExist(dir)
@@ -85,30 +104,31 @@
if err == vsecurity.PassphraseErr {
return handlePassphrase(dir)
}
- return p, err
+ return p, nil, err
}
-func handleDoesNotExist(dir string) (security.Principal, error) {
+func handleDoesNotExist(dir string) (security.Principal, []byte, error) {
fmt.Println("Private key file does not exist. Creating new private key...")
- pass, err := getPassword("Enter passphrase (entering nothing will store unecrypted): ")
+ pass, err := getPassword("Enter passphrase (entering nothing will store unencrypted): ")
if err != nil {
- return nil, fmt.Errorf("failed to read passphrase: %v", err)
+ return nil, nil, fmt.Errorf("failed to read passphrase: %v", err)
}
p, err := vsecurity.CreatePersistentPrincipal(dir, pass)
if err != nil {
- return nil, err
+ return nil, pass, err
}
vsecurity.InitDefaultBlessings(p, "agent_principal")
- return p, nil
+ return p, pass, nil
}
-func handlePassphrase(dir string) (security.Principal, error) {
+func handlePassphrase(dir string) (security.Principal, []byte, error) {
fmt.Println("Private key file is encrypted. Please enter passphrase.")
pass, err := getPassword("Enter passphrase: ")
if err != nil {
- return nil, fmt.Errorf("failed to read passphrase: %v", err)
+ return nil, nil, fmt.Errorf("failed to read passphrase: %v", err)
}
- return vsecurity.LoadPersistentPrincipal(dir, pass)
+ p, err := vsecurity.LoadPersistentPrincipal(dir, pass)
+ return p, pass, err
}
func getPassword(prompt string) ([]byte, error) {
diff --git a/security/agent/client.go b/security/agent/client.go
index f162452..6a3925f 100644
--- a/security/agent/client.go
+++ b/security/agent/client.go
@@ -54,13 +54,15 @@
// os.GetEnv(agent.FdVarName).
// 'ctx' should not have a deadline, and should never be cancelled.
func NewAgentPrincipal(c ipc.Client, fd int, ctx context.T) (security.Principal, error) {
- conn, err := net.FileConn(os.NewFile(uintptr(fd), "agent_client"))
+ f := os.NewFile(uintptr(fd), "agent_client")
+ defer f.Close()
+ conn, err := net.FileConn(f)
if err != nil {
return nil, err
}
// This is just an arbitrary 1 byte string. The value is ignored.
data := make([]byte, 1)
- addr, err := unixfd.SendConnection(conn.(*net.UnixConn), data)
+ addr, err := unixfd.SendConnection(conn.(*net.UnixConn), data, true)
if err != nil {
return nil, err
}
diff --git a/security/agent/keymgr/client.go b/security/agent/keymgr/client.go
new file mode 100644
index 0000000..bfda45c
--- /dev/null
+++ b/security/agent/keymgr/client.go
@@ -0,0 +1,90 @@
+// Package keymgr provides a client for the Node Manager to manage keys in
+// the "Agent" process.
+package keymgr
+
+import (
+ "net"
+ "os"
+ "strconv"
+ "sync"
+
+ "veyron.io/veyron/veyron/lib/unixfd"
+ "veyron.io/veyron/veyron/security/agent/server"
+ "veyron.io/veyron/veyron2/context"
+ "veyron.io/veyron/veyron2/verror"
+)
+
+const defaultManagerSocket = 4
+
+type Agent struct {
+ conn *net.UnixConn // Guarded by mu
+ mu sync.Mutex
+}
+
+// NewAgent returns a client connected to the agent on the default file descriptors.
+func NewAgent() (*Agent, error) {
+ return newAgent(defaultManagerSocket)
+}
+
+func newAgent(fd int) (a *Agent, err error) {
+ file := os.NewFile(uintptr(fd), "fd")
+ defer file.Close()
+ conn, err := net.FileConn(file)
+ if err != nil {
+ return nil, err
+ }
+
+ return &Agent{conn: conn.(*net.UnixConn)}, nil
+}
+
+// NewPrincipal creates a new principal and returns the handle and a socket serving
+// the principal.
+// Typically the socket will be passed to a child process using cmd.ExtraFiles.
+func (a *Agent) NewPrincipal(ctx context.T, in_memory bool) (handle []byte, conn *os.File, err error) {
+ req := make([]byte, 1)
+ if in_memory {
+ req[0] = 1
+ }
+ a.mu.Lock()
+ defer a.mu.Unlock()
+ conn, err = a.connect(req)
+ if err != nil {
+ return nil, nil, err
+ }
+ buf := make([]byte, server.PrincipalHandleByteSize)
+ n, err := a.conn.Read(buf)
+ if err != nil {
+ conn.Close()
+ return nil, nil, err
+ }
+ if n != server.PrincipalHandleByteSize {
+ conn.Close()
+ return nil, nil, verror.BadProtocolf("invalid response from agent. (expected %d bytes, got %d)", server.PrincipalHandleByteSize, n)
+ }
+ return buf, conn, nil
+}
+
+func (a *Agent) connect(req []byte) (*os.File, error) {
+ // We're passing this to a child, so no CLOEXEC.
+ addr, err := unixfd.SendConnection(a.conn, req, false)
+ if err != nil {
+ return nil, err
+ }
+ fd, err := strconv.ParseInt(addr.String(), 10, 32)
+ if err != nil {
+ return nil, err
+ }
+ return os.NewFile(uintptr(fd), "client"), nil
+}
+
+// NewConnection creates a connection to an agent which exports a principal
+// previously created with NewPrincipal.
+// Typically this will be passed to a child process using cmd.ExtraFiles.
+func (a *Agent) NewConnection(handle []byte) (*os.File, error) {
+ if len(handle) != server.PrincipalHandleByteSize {
+ return nil, verror.BadArgf("Invalid key handle")
+ }
+ a.mu.Lock()
+ defer a.mu.Unlock()
+ return a.connect(handle)
+}
diff --git a/security/agent/keymgr/keymgr_test.go b/security/agent/keymgr/keymgr_test.go
new file mode 100644
index 0000000..74ca7e3
--- /dev/null
+++ b/security/agent/keymgr/keymgr_test.go
@@ -0,0 +1,191 @@
+package keymgr
+
+import (
+ "io/ioutil"
+ "os"
+ "path/filepath"
+ "reflect"
+ "syscall"
+ "testing"
+ _ "veyron.io/veyron/veyron/profiles"
+ "veyron.io/veyron/veyron/security/agent"
+ "veyron.io/veyron/veyron/security/agent/server"
+ "veyron.io/veyron/veyron2"
+ "veyron.io/veyron/veyron2/options"
+ "veyron.io/veyron/veyron2/rt"
+ "veyron.io/veyron/veyron2/security"
+)
+
+func createAgent(runtime veyron2.Runtime, path string) (*Agent, func(), error) {
+ var defers []func()
+ cleanup := func() {
+ for _, f := range defers {
+ f()
+ }
+ }
+ sock, err := server.RunKeyManager(runtime, path, nil)
+ var agent *Agent
+ if sock != nil {
+ defers = append(defers, func() { os.RemoveAll(path) })
+ defers = append(defers, func() { sock.Close() })
+ fd, err := syscall.Dup(int(sock.Fd()))
+ if err != nil {
+ return nil, cleanup, err
+ }
+ agent, err = newAgent(fd)
+ }
+ return agent, cleanup, err
+}
+
+func TestNoNodemanager(t *testing.T) {
+ runtime := rt.Init()
+ agent, cleanup, err := createAgent(runtime, "")
+ defer cleanup()
+ if err == nil {
+ t.Fatal(err)
+ }
+ if agent != nil {
+ t.Fatal("No agent should be created when key path is empty")
+ }
+}
+
+func createClient(runtime veyron2.Runtime, nmagent *Agent, id []byte) (security.Principal, error) {
+ file, err := nmagent.NewConnection(id)
+ if err != nil {
+ return nil, err
+ }
+ defer file.Close()
+ return createClient2(runtime, file)
+}
+
+func createClient2(runtime veyron2.Runtime, conn *os.File) (security.Principal, error) {
+ client, err := runtime.NewClient(options.VCSecurityNone)
+ if err != nil {
+ return nil, err
+ }
+ fd, err := syscall.Dup(int(conn.Fd()))
+ if err != nil {
+ return nil, err
+ }
+
+ return agent.NewAgentPrincipal(client, fd, runtime.NewContext())
+}
+
+func TestSigning(t *testing.T) {
+ runtime := rt.Init()
+ path, err := ioutil.TempDir("", "agent")
+ if err != nil {
+ t.Fatal(err)
+ }
+ agent, cleanup, err := createAgent(runtime, path)
+ defer cleanup()
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ id1, conn1, err := agent.NewPrincipal(runtime.NewContext(), false)
+ if err != nil {
+ t.Fatal(err)
+ }
+ conn1.Close()
+ id2, conn2, err := agent.NewPrincipal(runtime.NewContext(), false)
+ if err != nil {
+ t.Fatal(err)
+ }
+ conn2.Close()
+
+ dir, err := os.Open(filepath.Join(path, "keys"))
+ if err != nil {
+ t.Fatal(err)
+ }
+ files, err := dir.Readdir(-1)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if len(files) != 2 {
+ t.Errorf("Expected 2 files created, found %d", len(files))
+ }
+
+ a, err := createClient(runtime, agent, id1)
+ if err != nil {
+ t.Fatal(err)
+ }
+ b, err := createClient(runtime, agent, id2)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if reflect.DeepEqual(a.PublicKey(), b.PublicKey()) {
+ t.Fatal("Keys should not be equal")
+ }
+ sig1, err := a.Sign([]byte("foobar"))
+ if err != nil {
+ t.Fatal(err)
+ }
+ sig2, err := b.Sign([]byte("foobar"))
+ if err != nil {
+ t.Fatal(err)
+ }
+ if !sig1.Verify(a.PublicKey(), []byte("foobar")) {
+ t.Errorf("Signature a fails verification")
+ }
+ if !sig2.Verify(b.PublicKey(), []byte("foobar")) {
+ t.Errorf("Signature b fails verification")
+ }
+ if sig2.Verify(a.PublicKey(), []byte("foobar")) {
+ t.Errorf("Signatures should not cross verify")
+ }
+}
+
+func TestInMemorySigning(t *testing.T) {
+ runtime := rt.Init()
+ path, err := ioutil.TempDir("", "agent")
+ if err != nil {
+ t.Fatal(err)
+ }
+ agent, cleanup, err := createAgent(runtime, path)
+ defer cleanup()
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ id, conn, err := agent.NewPrincipal(runtime.NewContext(), true)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ dir, err := os.Open(filepath.Join(path, "keys"))
+ if err != nil {
+ t.Fatal(err)
+ }
+ files, err := dir.Readdir(-1)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if len(files) != 0 {
+ t.Errorf("Expected 0 files created, found %d", len(files))
+ }
+
+ c, err := createClient2(runtime, conn)
+ if err != nil {
+ t.Fatal(err)
+ }
+ sig, err := c.Sign([]byte("foobar"))
+ if err != nil {
+ t.Fatal(err)
+ }
+ if !sig.Verify(c.PublicKey(), []byte("foobar")) {
+ t.Errorf("Signature a fails verification")
+ }
+
+ c2, err := createClient(runtime, agent, id)
+ if err != nil {
+ t.Fatal(err)
+ }
+ sig, err = c2.Sign([]byte("foobar"))
+ if err != nil {
+ t.Fatal(err)
+ }
+ if !sig.Verify(c.PublicKey(), []byte("foobar")) {
+ t.Errorf("Signature a fails verification")
+ }
+}
diff --git a/security/agent/server/server.go b/security/agent/server/server.go
index 63aeeb3..a9798ff 100644
--- a/security/agent/server/server.go
+++ b/security/agent/server/server.go
@@ -1,71 +1,206 @@
-// Package server provides a server which keeps a private key in memory
-// and allows clients to use the key for signing.
-//
-// PROTOCOL
-//
-// The agent starts processes with the VEYRON_AGENT_FD set to one end of a
-// unix domain socket. To connect to the agent, a client should create
-// a unix domain socket pair. Then send one end of the socket to the agent
-// with 1 byte of data. The agent will then serve the Agent service on
-// the recieved socket, using VCSecurityNone.
package server
import (
+ "crypto/ecdsa"
+ "crypto/elliptic"
+ "crypto/rand"
+ "crypto/sha512"
+ "crypto/x509"
+ "encoding/base64"
"fmt"
"io"
+ "net"
"os"
+ "path/filepath"
+ "strconv"
+ "sync"
"veyron.io/veyron/veyron/lib/unixfd"
+ vsecurity "veyron.io/veyron/veyron/security"
"veyron.io/veyron/veyron2"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/security"
"veyron.io/veyron/veyron2/vdl/vdlutil"
+ "veyron.io/veyron/veyron2/verror"
"veyron.io/veyron/veyron2/vlog"
)
+const PrincipalHandleByteSize = sha512.Size
+
+type keyHandle [PrincipalHandleByteSize]byte
+
type agentd struct {
principal security.Principal
}
+type keymgr struct {
+ path string
+ principals map[keyHandle]security.Principal // GUARDED_BY(Mutex)
+ passphrase []byte
+ runtime veyron2.Runtime
+ mu sync.Mutex
+}
+
// RunAnonymousAgent starts the agent server listening on an
-// anonymous unix domain socket. It will respond to SignatureRequests
+// anonymous unix domain socket. It will respond to requests
// using 'principal'.
// The returned 'client' is typically passed via cmd.ExtraFiles to a child process.
func RunAnonymousAgent(runtime veyron2.Runtime, principal security.Principal) (client *os.File, err error) {
- // VCSecurityNone is safe since we're using anonymous unix sockets.
- // Only our child process can possibly communicate on the socket.
- s, err := runtime.NewServer(options.VCSecurityNone)
- if err != nil {
- return nil, err
- }
-
local, remote, err := unixfd.Socketpair()
if err != nil {
return nil, err
}
+ if err = startAgent(local, runtime, principal); err != nil {
+ return nil, err
+ }
+ return remote, err
+}
- serverAgent := NewServerAgent(agentd{principal})
+// RunKeyManager starts the key manager server listening on an
+// anonymous unix domain socket. It will persist principals in 'path' using 'passphrase'.
+// Typically only used by the node manager.
+// The returned 'client' is typically passed via cmd.ExtraFiles to a child process.
+func RunKeyManager(runtime veyron2.Runtime, path string, passphrase []byte) (client *os.File, err error) {
+ if path == "" {
+ return nil, verror.BadArgf("storage path is required")
+ }
+
+ mgr := &keymgr{path: path, passphrase: passphrase, principals: make(map[keyHandle]security.Principal), runtime: runtime}
+
+ if err := os.MkdirAll(filepath.Join(mgr.path, "keys"), 0700); err != nil {
+ return nil, err
+ }
+ if err := os.MkdirAll(filepath.Join(mgr.path, "creds"), 0700); err != nil {
+ return nil, err
+ }
+
+ local, client, err := unixfd.Socketpair()
+ if err != nil {
+ return nil, err
+ }
+
+ go mgr.readNMConns(local)
+
+ return client, nil
+}
+
+func (a keymgr) readNMConns(conn *net.UnixConn) {
+ defer conn.Close()
+ var buf keyHandle
+ for {
+ addr, n, err := unixfd.ReadConnection(conn, buf[:])
+ if err == io.EOF {
+ return
+ } else if err != nil {
+ vlog.Infof("Error accepting connection: %v", err)
+ continue
+ }
+ var principal security.Principal
+ if n == len(buf) {
+ principal = a.readKey(buf)
+ } else if n == 1 {
+ var handle []byte
+ if handle, principal, err = a.newKey(buf[0] == 1); err != nil {
+ vlog.Infof("Error creating key: %v", err)
+ unixfd.CloseUnixAddr(addr)
+ continue
+ }
+ if _, err = conn.Write(handle); err != nil {
+ vlog.Infof("Error sending key handle: %v", err)
+ unixfd.CloseUnixAddr(addr)
+ continue
+ }
+ } else {
+ vlog.Infof("invalid key: %d bytes, expected %d or 1", n, len(buf))
+ unixfd.CloseUnixAddr(addr)
+ continue
+ }
+ conn := dial(addr)
+ if principal != nil && conn != nil {
+ if err := startAgent(conn, a.runtime, principal); err != nil {
+ vlog.Infof("error starting agent: %v", err)
+ }
+ }
+ }
+}
+
+func (a *keymgr) readKey(handle keyHandle) security.Principal {
+ a.mu.Lock()
+ cachedKey, ok := a.principals[handle]
+ a.mu.Unlock()
+ if ok {
+ return cachedKey
+ }
+ filename := base64.URLEncoding.EncodeToString(handle[:])
+ in, err := os.Open(filepath.Join(a.path, "keys", filename))
+ if err != nil {
+ vlog.Errorf("unable to open key file: %v", err)
+ return nil
+ }
+ defer in.Close()
+ key, err := vsecurity.LoadPEMKey(in, a.passphrase)
+ if err != nil {
+ vlog.Errorf("unable to load key: %v", err)
+ return nil
+ }
+
+ principal, err := vsecurity.NewPersistentPrincipalFromSigner(security.NewInMemoryECDSASigner(key.(*ecdsa.PrivateKey)), filepath.Join(a.path, "creds", filename))
+ if err != nil {
+ vlog.Errorf("unable to load principal: %v", err)
+ return nil
+ }
+ return principal
+}
+
+func dial(addr net.Addr) *net.UnixConn {
+ fd, err := strconv.ParseInt(addr.String(), 10, 32)
+ if err != nil {
+ vlog.Errorf("Invalid address %v", addr)
+ return nil
+ }
+ file := os.NewFile(uintptr(fd), "client")
+ defer file.Close()
+ conn, err := net.FileConn(file)
+ if err != nil {
+ vlog.Infof("unable to create conn: %v", err)
+ }
+ return conn.(*net.UnixConn)
+}
+
+func startAgent(conn *net.UnixConn, runtime veyron2.Runtime, principal security.Principal) error {
+ agent := &agentd{principal: principal}
+ serverAgent := NewServerAgent(agent)
go func() {
buf := make([]byte, 1)
for {
- clientAddr, _, err := unixfd.ReadConnection(local, buf)
+ clientAddr, _, err := unixfd.ReadConnection(conn, buf)
if err == io.EOF {
return
}
if err == nil {
+ // VCSecurityNone is safe since we're using anonymous unix sockets.
+ // Only our child process can possibly communicate on the socket.
+ //
+ // Also, VCSecurityNone implies that s (ipc.Server) created below does not
+ // authenticate to clients, so runtime.Principal is irrelevant for the agent.
+ // TODO(ribrdb): Shutdown these servers when the connection is closed.
+ s, err := runtime.NewServer(options.VCSecurityNone)
+ if err != nil {
+ vlog.Infof("Error creating server: %v", err)
+ continue
+ }
spec := ipc.ListenSpec{Protocol: clientAddr.Network(), Address: clientAddr.String()}
- _, err = s.Listen(spec)
+ if _, err = s.Listen(spec); err == nil {
+ err = s.Serve("", ipc.LeafDispatcher(serverAgent, nil))
+ }
}
if err != nil {
vlog.Infof("Error accepting connection: %v", err)
}
}
}()
- if err = s.Serve("", ipc.LeafDispatcher(serverAgent, nil)); err != nil {
- return
- }
- return remote, nil
+ return nil
}
func (a agentd) Bless(_ ipc.ServerContext, key []byte, with security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (security.WireBlessings, error) {
@@ -104,6 +239,49 @@
return a.principal.MintDischarge(tpCaveat, caveat, additionalCaveats...)
}
+func (a keymgr) newKey(in_memory bool) (id []byte, p security.Principal, err error) {
+ if a.path == "" {
+ return nil, nil, verror.NoAccessf("not running in multi-key mode")
+ }
+ key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+ keyHandle, err := keyid(key)
+ if err != nil {
+ return nil, nil, err
+ }
+ signer := security.NewInMemoryECDSASigner(key)
+ if in_memory {
+ p, err = vsecurity.NewPrincipalFromSigner(signer)
+ if err != nil {
+ return nil, nil, err
+ }
+ a.principals[keyHandle] = p
+ } else {
+ filename := base64.URLEncoding.EncodeToString(keyHandle[:])
+ out, err := os.OpenFile(filepath.Join(a.path, "keys", filename), os.O_WRONLY|os.O_CREATE, 0600)
+ if err != nil {
+ return nil, nil, err
+ }
+ defer out.Close()
+ err = vsecurity.SavePEMKey(out, key, a.passphrase)
+ if err != nil {
+ return nil, nil, err
+ }
+ p, err = vsecurity.NewPersistentPrincipalFromSigner(signer, filepath.Join(a.path, "creds", filename))
+ if err != nil {
+ return nil, nil, err
+ }
+ }
+ return keyHandle[:], p, nil
+}
+
+func keyid(key *ecdsa.PrivateKey) (handle keyHandle, err error) {
+ slice, err := x509.MarshalPKIXPublicKey(&key.PublicKey)
+ if err != nil {
+ return
+ }
+ return sha512.Sum512(slice), nil
+}
+
func (a agentd) PublicKey(_ ipc.ServerContext) ([]byte, error) {
return a.principal.PublicKey().MarshalBinary()
}
diff --git a/security/agent/server/wire.vdl b/security/agent/server/wire.vdl
index 6ef6f8e..40fc724 100644
--- a/security/agent/server/wire.vdl
+++ b/security/agent/server/wire.vdl
@@ -1,24 +1,49 @@
+// Package server provides a server which keeps a principal in memory
+// and allows clients to use that principal.
+//
+// PROTOCOL
+//
+// The agent starts processes with the VEYRON_AGENT_FD set to one end of a
+// unix domain socket. To connect to the agent, a client should create
+// a unix domain socket pair. Then send one end of the socket to the agent
+// with 1 byte of data. The agent will then serve the Agent service on
+// the recieved socket, using VCSecurityNone.
+//
+// The agent also supports an optional mode where it can manage multiple principals.
+// Typically this is only used by NodeManager. In this mode, VEYRON_AGENT_FD
+// will be 3, and there will be another socket at fd 4.
+// Creating a new principal is similar to connecting to to agent: create a socket
+// pair and send one end on fd 4 with 1 byte of data.
+// Set the data to 1 to request the principal only be stored in memory.
+// The agent will create a new principal and respond with a principal handle on fd 4.
+// To connect using a previously created principal, create a socket pair and send
+// one end with they principal handle as data on fd 4. The agent will not send a
+// response on fd 4.
+// In either, you can use the normal process to connect to an agent over the
+// other end of the pair. Typically you would pass the other end to a child
+// process and set VEYRON_AGENT_FD so it knows to connect.
+
package server
import (
- "veyron.io/veyron/veyron2/security"
+ "veyron.io/veyron/veyron2/security"
)
type Agent interface {
- Bless(key []byte, wit security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (security.WireBlessings, error)
- BlessSelf(name string, caveats []security.Caveat) (security.WireBlessings, error)
- Sign(message []byte) (security.Signature, error)
- MintDischarge(tp any, caveat security.Caveat, additionalCaveats []security.Caveat) (any, error)
- PublicKey() ([]byte, error)
- AddToRoots(blessing security.WireBlessings) error
+ Bless(key []byte, wit security.WireBlessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (security.WireBlessings, error)
+ BlessSelf(name string, caveats []security.Caveat) (security.WireBlessings, error)
+ Sign(message []byte) (security.Signature, error)
+ MintDischarge(tp any, caveat security.Caveat, additionalCaveats []security.Caveat) (any, error)
+ PublicKey() ([]byte, error)
+ AddToRoots(blessing security.WireBlessings) error
- BlessingStoreSet(blessings security.WireBlessings, forPeers security.BlessingPattern) (security.WireBlessings, error)
- BlessingStoreForPeer(peerBlessings []string) (security.WireBlessings, error)
- BlessingStoreSetDefault(blessings security.WireBlessings) error
- BlessingStoreDefault() (security.WireBlessings, error)
- BlessingStoreDebugString() (string, error)
+ BlessingStoreSet(blessings security.WireBlessings, forPeers security.BlessingPattern) (security.WireBlessings, error)
+ BlessingStoreForPeer(peerBlessings []string) (security.WireBlessings, error)
+ BlessingStoreSetDefault(blessings security.WireBlessings) error
+ BlessingStoreDefault() (security.WireBlessings, error)
+ BlessingStoreDebugString() (string, error)
- BlessingRootsAdd(root []byte, pattern security.BlessingPattern) error
- BlessingRootsRecognized(root []byte, blessing string) error
- BlessingRootsDebugString() (string, error)
+ BlessingRootsAdd(root []byte, pattern security.BlessingPattern) error
+ BlessingRootsRecognized(root []byte, blessing string) error
+ BlessingRootsDebugString() (string, error)
}
diff --git a/services/mounttable/lib/mounttable.go b/services/mounttable/lib/mounttable.go
index ce6e6f3..b052b1b 100644
--- a/services/mounttable/lib/mounttable.go
+++ b/services/mounttable/lib/mounttable.go
@@ -275,7 +275,8 @@
// Make sure the server name is reasonable.
epString, _ := naming.SplitAddressName(server)
- if _, err := rt.R().NewEndpoint(epString); err != nil {
+ ep, err := rt.R().NewEndpoint(epString)
+ if err != nil {
return fmt.Errorf("malformed address %q for mounted server %q", epString, server)
}
@@ -289,10 +290,11 @@
if hasReplaceFlag(flags) {
n.mount = nil
}
+ wantMT := hasMTFlag(flags) || ep.ServesMountTable()
if n.mount == nil {
- n.mount = &mount{servers: NewServerList(), mt: hasMTFlag(flags)}
+ n.mount = &mount{servers: NewServerList(), mt: wantMT}
} else {
- if hasMTFlag(flags) != n.mount.mt {
+ if wantMT != n.mount.mt {
return fmt.Errorf("MT doesn't match")
}
}
diff --git a/tools/associate/doc.go b/tools/associate/doc.go
new file mode 100644
index 0000000..5be1076
--- /dev/null
+++ b/tools/associate/doc.go
@@ -0,0 +1,72 @@
+// This file was auto-generated via go generate.
+// DO NOT UPDATE MANUALLY
+
+/*
+The associate tool facilitates creating blessing to system account associations.
+
+Usage:
+ associate <command>
+
+The associate commands are:
+ list Lists the account associations.
+ add Associate the listed blessings with the specified system account
+ remove Removes system accounts associated with the listed blessings.
+ help Display help for commands or topics
+Run "associate help [command]" for command usage.
+
+The global flags are:
+ -alsologtostderr=true: log to standard error as well as files
+ -log_backtrace_at=:0: when logging hits line file:N, emit a stack trace
+ -log_dir=: if non-empty, write log files to this directory
+ -logtostderr=false: log to standard error instead of files
+ -max_stack_buf_size=4292608: max size in bytes of the buffer to use for logging stack traces
+ -stderrthreshold=2: logs at or above this threshold go to stderr
+ -v=0: log level for V logs
+ -vmodule=: comma-separated list of pattern=N settings for file-filtered logging
+ -vv=0: log level for V logs
+
+Associate List
+
+Lists all account associations
+
+Usage:
+ associate list <nodemanager>.
+
+<nodemanager> is the name of the node manager to connect to.
+
+Associate Add
+
+Associate the listed blessings with the specified system account
+
+Usage:
+ associate add <nodemanager> <systemName> <blessing>...
+
+<identify specifier>... is a list of 1 or more identify specifications
+<systemName> is the name of an account holder on the local system
+<blessing>.. are the blessings to associate systemAccount with
+
+Associate Remove
+
+Removes system accounts associated with the listed blessings.
+
+Usage:
+ associate remove <nodemanager> <blessing>...
+
+<nodemanager> is the node manager to connect to
+<blessing>... is a list of blessings.
+
+Associate Help
+
+Help with no args displays the usage of the parent command.
+Help with args displays the usage of the specified sub-command or help topic.
+"help ..." recursively displays help for all commands and topics.
+
+Usage:
+ associate help [flags] [command/topic ...]
+
+[command/topic ...] optionally identifies a specific sub-command or help topic.
+
+The help flags are:
+ -style=text: The formatting style for help output, either "text" or "godoc".
+*/
+package main
diff --git a/tools/associate/impl.go b/tools/associate/impl.go
new file mode 100644
index 0000000..a60f649
--- /dev/null
+++ b/tools/associate/impl.go
@@ -0,0 +1,104 @@
+package main
+
+import (
+ "fmt"
+ "time"
+
+ "veyron.io/veyron/veyron/lib/cmdline"
+
+ "veyron.io/veyron/veyron2/rt"
+ "veyron.io/veyron/veyron2/services/mgmt/node"
+)
+
+var cmdList = &cmdline.Command{
+ Run: runList,
+ Name: "list",
+ Short: "Lists the account associations.",
+ Long: "Lists all account associations.",
+ ArgsName: "<nodemanager>.",
+ ArgsLong: `
+<nodemanager> is the name of the node manager to connect to.`,
+}
+
+func runList(cmd *cmdline.Command, args []string) error {
+ if expected, got := 1, len(args); expected != got {
+ return cmd.UsageErrorf("list: incorrect number of arguments, expected %d, got %d", expected, got)
+ }
+
+ ctx, cancel := rt.R().NewContext().WithTimeout(time.Minute)
+ defer cancel()
+ nodeStub, err := node.BindNode(args[0])
+ if err != nil {
+ return fmt.Errorf("BindNode(%s) failed: %v", args[0], err)
+ }
+ assocs, err := nodeStub.ListAssociations(ctx)
+ if err != nil {
+ return fmt.Errorf("ListAssociations failed: %v", err)
+ }
+
+ for _, a := range assocs {
+ fmt.Fprintf(cmd.Stdout(), "%s %s\n", a.IdentityName, a.AccountName)
+ }
+ return nil
+}
+
+var cmdAdd = &cmdline.Command{
+ Run: runAdd,
+ Name: "add",
+ Short: "Add the listed blessings with the specified system account.",
+ Long: "Add the listed blessings with the specified system account.",
+ ArgsName: "<nodemanager> <systemName> <blessing>...",
+ ArgsLong: `
+<nodemanager> is the name of the node manager to connect to.
+<systemName> is the name of an account holder on the local system.
+<blessing>.. are the blessings to associate systemAccount with.`,
+}
+
+func runAdd(cmd *cmdline.Command, args []string) error {
+ if expected, got := 3, len(args); got < expected {
+ return cmd.UsageErrorf("add: incorrect number of arguments, expected at least %d, got %d", expected, got)
+ }
+ ctx, cancel := rt.R().NewContext().WithTimeout(time.Minute)
+ defer cancel()
+ nodeStub, err := node.BindNode(args[0])
+ if err != nil {
+ return fmt.Errorf("BindNode(%s) failed: %v", args[0], err)
+ }
+ return nodeStub.AssociateAccount(ctx, args[2:], args[1])
+}
+
+var cmdRemove = &cmdline.Command{
+ Run: runRemove,
+ Name: "remove",
+ Short: "Removes system accounts associated with the listed blessings.",
+ Long: "Removes system accounts associated with the listed blessings.",
+ ArgsName: "<nodemanager> <blessing>...",
+ ArgsLong: `
+<nodemanager> is the name of the node manager to connect to.
+<blessing>... is a list of blessings.`,
+}
+
+func runRemove(cmd *cmdline.Command, args []string) error {
+ if expected, got := 2, len(args); got < expected {
+ return cmd.UsageErrorf("remove: incorrect number of arguments, expected at least %d, got %d", expected, got)
+ }
+ ctx, cancel := rt.R().NewContext().WithTimeout(time.Minute)
+ defer cancel()
+ nodeStub, err := node.BindNode(args[0])
+ if err != nil {
+ return fmt.Errorf("BindNode(%s) failed: %v", args[0], err)
+ }
+
+ return nodeStub.AssociateAccount(ctx, args[1:], "")
+}
+
+func root() *cmdline.Command {
+ return &cmdline.Command{
+ Name: "associate",
+ Short: "Tool for creating associations between Vanadium blessings and a system account",
+ Long: `
+The associate tool facilitates managing blessing to system account associations.
+`,
+ Children: []*cmdline.Command{cmdList, cmdAdd, cmdRemove},
+ }
+}
diff --git a/tools/associate/impl_test.go b/tools/associate/impl_test.go
new file mode 100644
index 0000000..7043fcf
--- /dev/null
+++ b/tools/associate/impl_test.go
@@ -0,0 +1,266 @@
+package main
+
+import (
+ "bytes"
+ "reflect"
+ "strings"
+ "testing"
+
+ "veyron.io/veyron/veyron2/security"
+ "veyron.io/veyron/veyron2/services/mgmt/binary"
+ "veyron.io/veyron/veyron2/services/mgmt/node"
+ "veyron.io/veyron/veyron2/services/mounttable"
+
+ "veyron.io/veyron/veyron/profiles"
+ "veyron.io/veyron/veyron2"
+ "veyron.io/veyron/veyron2/ipc"
+ "veyron.io/veyron/veyron2/naming"
+ "veyron.io/veyron/veyron2/rt"
+ "veyron.io/veyron/veyron2/vlog"
+)
+
+type mockNodeInvoker struct {
+ tape *Tape
+ t *testing.T
+}
+
+type ListAssociationResponse struct {
+ na []node.Association
+ err error
+}
+
+func (mni *mockNodeInvoker) ListAssociations(ipc.ServerContext) (associations []node.Association, err error) {
+ vlog.VI(2).Infof("ListAssociations() was called")
+
+ ir := mni.tape.Record("ListAssociations")
+ r := ir.(ListAssociationResponse)
+ return r.na, r.err
+}
+
+type AddAssociationStimulus struct {
+ fun string
+ identityNames []string
+ accountName string
+}
+
+func (i *mockNodeInvoker) AssociateAccount(call ipc.ServerContext, identityNames []string, accountName string) error {
+ ri := i.tape.Record(AddAssociationStimulus{"AssociateAccount", identityNames, accountName})
+ switch r := ri.(type) {
+ case nil:
+ return nil
+ case error:
+ return r
+ }
+ i.t.Fatalf("AssociateAccount (mock) response %v is of bad type", ri)
+ return nil
+}
+
+func (i *mockNodeInvoker) Claim(call ipc.ServerContext) error { return nil }
+func (*mockNodeInvoker) Describe(ipc.ServerContext) (node.Description, error) {
+ return node.Description{}, nil
+}
+func (*mockNodeInvoker) IsRunnable(_ ipc.ServerContext, description binary.Description) (bool, error) {
+ return false, nil
+}
+func (*mockNodeInvoker) Reset(call ipc.ServerContext, deadline uint64) error { return nil }
+func (*mockNodeInvoker) Install(ipc.ServerContext, string) (string, error) { return "", nil }
+func (*mockNodeInvoker) Refresh(ipc.ServerContext) error { return nil }
+func (*mockNodeInvoker) Restart(ipc.ServerContext) error { return nil }
+func (*mockNodeInvoker) Resume(ipc.ServerContext) error { return nil }
+func (i *mockNodeInvoker) Revert(call ipc.ServerContext) error { return nil }
+func (*mockNodeInvoker) Start(ipc.ServerContext) ([]string, error) { return []string{}, nil }
+func (*mockNodeInvoker) Stop(ipc.ServerContext, uint32) error { return nil }
+func (*mockNodeInvoker) Suspend(ipc.ServerContext) error { return nil }
+func (*mockNodeInvoker) Uninstall(ipc.ServerContext) error { return nil }
+func (i *mockNodeInvoker) Update(ipc.ServerContext) error { return nil }
+func (*mockNodeInvoker) UpdateTo(ipc.ServerContext, string) error { return nil }
+func (i *mockNodeInvoker) SetACL(ipc.ServerContext, security.ACL, string) error { return nil }
+func (i *mockNodeInvoker) GetACL(ipc.ServerContext) (security.ACL, string, error) {
+ return security.ACL{}, "", nil
+}
+func (i *mockNodeInvoker) Glob(ctx ipc.ServerContext, pattern string, stream mounttable.GlobbableServiceGlobStream) error {
+ return nil
+}
+
+type dispatcher struct {
+ tape *Tape
+ t *testing.T
+}
+
+func NewDispatcher(t *testing.T, tape *Tape) *dispatcher {
+ return &dispatcher{tape: tape, t: t}
+}
+
+func (d *dispatcher) Lookup(suffix, method string) (ipc.Invoker, security.Authorizer, error) {
+ invoker := ipc.ReflectInvoker(node.NewServerNode(&mockNodeInvoker{tape: d.tape, t: d.t}))
+ return invoker, nil, nil
+}
+
+func startServer(t *testing.T, r veyron2.Runtime, tape *Tape) (ipc.Server, naming.Endpoint, error) {
+ dispatcher := NewDispatcher(t, tape)
+ server, err := r.NewServer()
+ if err != nil {
+ t.Errorf("NewServer failed: %v", err)
+ return nil, nil, err
+ }
+ endpoint, err := server.Listen(profiles.LocalListenSpec)
+ if err != nil {
+ t.Errorf("Listen failed: %v", err)
+ stopServer(t, server)
+ return nil, nil, err
+ }
+ if err := server.Serve("", dispatcher); err != nil {
+ t.Errorf("Serve failed: %v", err)
+ stopServer(t, server)
+ return nil, nil, err
+ }
+ return server, endpoint, nil
+}
+
+func stopServer(t *testing.T, server ipc.Server) {
+ if err := server.Stop(); err != nil {
+ t.Errorf("server.Stop failed: %v", err)
+ }
+}
+
+func TestListCommand(t *testing.T) {
+ runtime := rt.Init()
+ tape := NewTape()
+ server, endpoint, err := startServer(t, runtime, tape)
+ if err != nil {
+ return
+ }
+ defer stopServer(t, server)
+
+ // Setup the command-line.
+ cmd := root()
+ var stdout, stderr bytes.Buffer
+ cmd.Init(nil, &stdout, &stderr)
+ nodeName := naming.JoinAddressName(endpoint.String(), "")
+
+ // Test the 'list' command.
+ tape.SetResponses([]interface{}{ListAssociationResponse{
+ na: []node.Association{
+ {
+ "root/self",
+ "alice_self_account",
+ },
+ {
+ "root/other",
+ "alice_other_account",
+ },
+ },
+ err: nil,
+ }})
+
+ if err := cmd.Execute([]string{"list", nodeName}); err != nil {
+ t.Fatalf("%v", err)
+ }
+ if expected, got := "root/self alice_self_account\nroot/other alice_other_account", strings.TrimSpace(stdout.String()); got != expected {
+ t.Fatalf("Unexpected output from list. Got %q, expected %q", got, expected)
+ }
+ if got, expected := tape.Play(), []interface{}{"ListAssociations"}; !reflect.DeepEqual(expected, got) {
+ t.Errorf("invalid call sequence. Got %v, want %v", got, expected)
+ }
+ tape.Rewind()
+ stdout.Reset()
+
+ // Test list with bad parameters.
+ if err := cmd.Execute([]string{"list", nodeName, "hello"}); err == nil {
+ t.Fatalf("wrongly failed to receive a non-nil error.")
+ }
+ if got, expected := len(tape.Play()), 0; got != expected {
+ t.Errorf("invalid call sequence. Got %v, want %v", got, expected)
+ }
+ tape.Rewind()
+ stdout.Reset()
+}
+
+func TestAddCommand(t *testing.T) {
+ runtime := rt.Init()
+ tape := NewTape()
+ server, endpoint, err := startServer(t, runtime, tape)
+ if err != nil {
+ return
+ }
+ defer stopServer(t, server)
+
+ // Setup the command-line.
+ cmd := root()
+ var stdout, stderr bytes.Buffer
+ cmd.Init(nil, &stdout, &stderr)
+ nodeName := naming.JoinAddressName(endpoint.String(), "//myapp/1")
+
+ if err := cmd.Execute([]string{"add", "one"}); err == nil {
+ t.Fatalf("wrongly failed to receive a non-nil error.")
+ }
+ if got, expected := len(tape.Play()), 0; got != expected {
+ t.Errorf("invalid call sequence. Got %v, want %v", got, expected)
+ }
+ tape.Rewind()
+ stdout.Reset()
+
+ tape.SetResponses([]interface{}{nil})
+ if err := cmd.Execute([]string{"add", nodeName, "alice", "root/self"}); err != nil {
+ t.Fatalf("%v", err)
+ }
+ expected := []interface{}{
+ AddAssociationStimulus{"AssociateAccount", []string{"root/self"}, "alice"},
+ }
+ if got := tape.Play(); !reflect.DeepEqual(expected, got) {
+ t.Errorf("unexpected result. Got %v want %v", got, expected)
+ }
+ tape.Rewind()
+ stdout.Reset()
+
+ tape.SetResponses([]interface{}{nil})
+ if err := cmd.Execute([]string{"add", nodeName, "alice", "root/other", "root/self"}); err != nil {
+ t.Fatalf("%v", err)
+ }
+ expected = []interface{}{
+ AddAssociationStimulus{"AssociateAccount", []string{"root/other", "root/self"}, "alice"},
+ }
+ if got := tape.Play(); !reflect.DeepEqual(expected, got) {
+ t.Errorf("unexpected result. Got %v want %v", got, expected)
+ }
+ tape.Rewind()
+ stdout.Reset()
+}
+
+func TestRemoveCommand(t *testing.T) {
+ runtime := rt.Init()
+ tape := NewTape()
+ server, endpoint, err := startServer(t, runtime, tape)
+ if err != nil {
+ return
+ }
+ defer stopServer(t, server)
+
+ // Setup the command-line.
+ cmd := root()
+ var stdout, stderr bytes.Buffer
+ cmd.Init(nil, &stdout, &stderr)
+ nodeName := naming.JoinAddressName(endpoint.String(), "//myapp/1")
+
+ if err := cmd.Execute([]string{"remove", "one"}); err == nil {
+ t.Fatalf("wrongly failed to receive a non-nil error.")
+ }
+ if got, expected := len(tape.Play()), 0; got != expected {
+ t.Errorf("invalid call sequence. Got %v, want %v", got, expected)
+ }
+ tape.Rewind()
+ stdout.Reset()
+
+ tape.SetResponses([]interface{}{nil})
+ if err := cmd.Execute([]string{"remove", nodeName, "root/self"}); err != nil {
+ t.Fatalf("%v", err)
+ }
+ expected := []interface{}{
+ AddAssociationStimulus{"AssociateAccount", []string{"root/self"}, ""},
+ }
+ if got := tape.Play(); !reflect.DeepEqual(expected, got) {
+ t.Errorf("unexpected result. Got %v want %v", got, expected)
+ }
+ tape.Rewind()
+ stdout.Reset()
+}
diff --git a/tools/associate/main.go b/tools/associate/main.go
new file mode 100644
index 0000000..a99a159
--- /dev/null
+++ b/tools/associate/main.go
@@ -0,0 +1,21 @@
+// The following enables go generate to generate the doc.go file.
+// Things to look out for:
+// 1) go:generate evaluates double-quoted strings into a single argument.
+// 2) go:generate performs $NAME expansion, so the bash cmd can't contain '$'.
+// 3) We generate into a *.tmp file first, otherwise go run will pick up the
+// initially empty *.go file, and fail.
+//
+//go:generate bash -c "{ echo -e '// This file was auto-generated via go generate.\n// DO NOT UPDATE MANUALLY\n\n/*' && veyron go run *.go help -style=godoc ... && echo -e '*/\npackage main'; } > ./doc.go.tmp && mv ./doc.go.tmp ./doc.go"
+
+package main
+
+import (
+ "veyron.io/veyron/veyron2/rt"
+
+ _ "veyron.io/veyron/veyron/profiles"
+)
+
+func main() {
+ defer rt.Init().Cleanup()
+ root().Main()
+}
diff --git a/tools/associate/mock_test.go b/tools/associate/mock_test.go
new file mode 100644
index 0000000..936fc45
--- /dev/null
+++ b/tools/associate/mock_test.go
@@ -0,0 +1,40 @@
+package main
+
+import (
+ "fmt"
+)
+
+type Tape struct {
+ stimuli []interface{}
+ responses []interface{}
+}
+
+func (r *Tape) Record(call interface{}) interface{} {
+ r.stimuli = append(r.stimuli, call)
+
+ if len(r.responses) < 1 {
+ return fmt.Errorf("Record(%#v) had no response", call)
+ }
+ resp := r.responses[0]
+ r.responses = r.responses[1:]
+ return resp
+}
+
+func (r *Tape) SetResponses(responses []interface{}) {
+ r.responses = responses
+}
+
+func (r *Tape) Rewind() {
+ r.stimuli = make([]interface{}, 0)
+ r.responses = make([]interface{}, 0)
+}
+
+func (r *Tape) Play() []interface{} {
+ return r.stimuli
+}
+
+func NewTape() *Tape {
+ tape := new(Tape)
+ tape.Rewind()
+ return tape
+}
diff --git a/tools/debug/impl.go b/tools/debug/impl.go
index 4448abe..3b4ba10 100644
--- a/tools/debug/impl.go
+++ b/tools/debug/impl.go
@@ -91,7 +91,7 @@
}
fmt.Fprint(cmd.Stdout(), me.Name)
for _, s := range me.Servers {
- fmt.Fprintf(cmd.Stdout(), " %s (TTL %s)", s.Server, s.TTL)
+ fmt.Fprintf(cmd.Stdout(), " %s (Expires %s)", s.Server, s.Expires)
}
fmt.Fprintln(cmd.Stdout())
}
diff --git a/tools/mgmt/nminstall b/tools/mgmt/nminstall
index c6358d2..5f0e116 100755
--- a/tools/mgmt/nminstall
+++ b/tools/mgmt/nminstall
@@ -15,7 +15,7 @@
#
# Usage:
#
-# # Gets binaries from local repository (TODO(caprita): implement)
+# # Gets binaries from local repository
# ./nminstall <install parent dir>
#
# # Gets binaries from local filesystem
@@ -34,7 +34,31 @@
# TODO(caprita): Also agent.
readonly BIN_NAMES=(noded suidhelper)
-#######################################################
+###############################################################################
+# Copies one binary from source to destination.
+# Arguments:
+# name of the binary
+# source dir of binary
+# destination dir of binary
+# Returns:
+# None
+###############################################################################
+copy_binary() {
+ local -r BIN_NAME="$1"
+ local -r BIN_SRC_DIR="$2"
+ local -r BIN_DEST_DIR="$3"
+ local -r SOURCE="${BIN_SRC_DIR}/${BIN_NAME}"
+ if [[ -x "${SOURCE}" ]]; then
+ local -r DESTINATION="${BIN_DEST_DIR}/${BIN_NAME}"
+ cp "${SOURCE}" "${DESTINATION}"
+ chmod 700 "${DESTINATION}"
+ else
+ echo "couldn't find ${SOURCE}"
+ exit 1
+ fi
+}
+
+###############################################################################
# Fetches binaries needed by node manager installation.
# Globals:
# BIN_NAMES
@@ -44,7 +68,7 @@
# source of binaries
# Returns:
# None
-#######################################
+###############################################################################
get_binaries() {
local -r BIN_INSTALL="$1"
local -r BIN_SOURCE="$2"
@@ -60,22 +84,23 @@
exit 1
fi
local -r REPO_BIN_DIR="${VEYRON_ROOT}/veyron/go/bin"
- echo "Fetching binaries:${bin_names_str} from: ${REPO_BIN_DIR} ..."
+ echo "Fetching binaries:${bin_names_str} from build repository: ${REPO_BIN_DIR} ..."
for bin_name in ${BIN_NAMES[@]}; do
- local repo_source="${REPO_BIN_DIR}/${bin_name}"
- if [[ -x "${repo_source}" ]]; then
- local file_destination="${BIN_INSTALL}/${bin_name}"
- cp "${repo_source}" "${file_destination}"
- chmod 700 "${file_destination}"
- else
- echo "couldn't find ${repo_source}"
- exit 1
- fi
+ copy_binary "${bin_name}" "${REPO_BIN_DIR}" "${BIN_INSTALL}"
done
- echo "Binaries are in ${BIN_INSTALL}."
return
fi
+ # If the source is specified as an existing local filesystem path,
+ # look for the binaries there.
+ if [[ -d "${BIN_SOURCE}" ]]; then
+ echo "Fetching binaries:${bin_names_str} locally from: ${BIN_SOURCE} ..."
+ for bin_name in ${BIN_NAMES[@]}; do
+ copy_binary "${bin_name}" "${BIN_SOURCE}" "${BIN_INSTALL}"
+ done
+ return
+ fi
+
echo 'ERROR: couldn'"'"'t fetch binaries.'
exit 1
}
@@ -107,6 +132,7 @@
# Fetch the binaries.
local -r BIN_SOURCE="$2"
get_binaries "${BIN_INSTALL}" "${BIN_SOURCE}"
+ echo "Binaries are in ${BIN_INSTALL}."
# Set up the suidhelper.
echo "Configuring suidhelper ..."
diff --git a/tools/mounttable/impl.go b/tools/mounttable/impl.go
index 1ad5896..1c88cc7 100644
--- a/tools/mounttable/impl.go
+++ b/tools/mounttable/impl.go
@@ -7,20 +7,27 @@
"veyron.io/veyron/veyron/lib/cmdline"
"veyron.io/veyron/veyron2/context"
+ "veyron.io/veyron/veyron2/naming"
+ "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/services/mounttable"
+ "veyron.io/veyron/veyron2/services/mounttable/types"
)
func bindMT(ctx context.T, name string) (mounttable.MountTable, error) {
- mts, err := rt.R().Namespace().ResolveToMountTable(ctx, name)
+ e, err := rt.R().Namespace().ResolveToMountTableX(ctx, name)
if err != nil {
return nil, err
}
- if len(mts) == 0 {
+ if len(e.Servers) == 0 {
return nil, fmt.Errorf("Failed to find any mount tables at %q", name)
}
- fmt.Println(mts)
- return mounttable.BindMountTable(mts[0])
+ var servers []string
+ for _, s := range e.Servers {
+ servers = append(servers, naming.JoinAddressName(s.Server, e.Name))
+ }
+ fmt.Println(servers)
+ return mounttable.BindMountTable(servers[0])
}
var cmdGlob = &cmdline.Command{
@@ -86,23 +93,38 @@
}
func runMount(cmd *cmdline.Command, args []string) error {
- if expected, got := 3, len(args); expected != got {
- return cmd.UsageErrorf("mount: incorrect number of arguments, expected %d, got %d", expected, got)
+ got := len(args)
+ if got < 2 || got > 4 {
+ return cmd.UsageErrorf("mount: incorrect number of arguments, expected 2, 3, or 4, got %d", got)
+ }
+ var flags types.MountFlag
+ var seconds uint32
+ if got >= 3 {
+ ttl, err := time.ParseDuration(args[2])
+ if err != nil {
+ return fmt.Errorf("TTL parse error: %v", err)
+ }
+ seconds = uint32(ttl.Seconds())
+ }
+ if got >= 4 {
+ for _, c := range args[3] {
+ switch c {
+ case 'M':
+ flags |= types.MountFlag(types.MT)
+ case 'R':
+ flags |= types.MountFlag(types.Replace)
+ }
+ }
}
ctx, cancel := rt.R().NewContext().WithTimeout(time.Minute)
defer cancel()
- c, err := bindMT(ctx, args[0])
- if err != nil {
- return fmt.Errorf("bind error: %v", err)
- }
- ttl, err := time.ParseDuration(args[2])
- if err != nil {
- return fmt.Errorf("TTL parse error: %v", err)
- }
- err = c.Mount(ctx, args[1], uint32(ttl.Seconds()), 0)
+ call, err := rt.R().Client().StartCall(ctx, args[0], "Mount", []interface{}{args[1], seconds, 0}, options.NoResolve(true))
if err != nil {
return err
}
+ if ierr := call.Finish(&err); ierr != nil {
+ return ierr
+ }
fmt.Fprintln(cmd.Stdout(), "Name mounted successfully.")
return nil
@@ -126,14 +148,13 @@
}
ctx, cancel := rt.R().NewContext().WithTimeout(time.Minute)
defer cancel()
- c, err := bindMT(ctx, args[0])
- if err != nil {
- return fmt.Errorf("bind error: %v", err)
- }
- err = c.Unmount(ctx, args[1])
+ call, err := rt.R().Client().StartCall(ctx, args[0], "Unmount", []interface{}{args[1]}, options.NoResolve(true))
if err != nil {
return err
}
+ if ierr := call.Finish(&err); ierr != nil {
+ return ierr
+ }
fmt.Fprintln(cmd.Stdout(), "Name unmounted successfully.")
return nil
diff --git a/tools/namespace/impl.go b/tools/namespace/impl.go
index 0980229..5b00ce6 100644
--- a/tools/namespace/impl.go
+++ b/tools/namespace/impl.go
@@ -5,7 +5,7 @@
"time"
"veyron.io/veyron/veyron/lib/cmdline"
-
+ "veyron.io/veyron/veyron2/naming"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/vlog"
)
@@ -38,7 +38,7 @@
for res := range c {
fmt.Fprint(cmd.Stdout(), res.Name)
for _, s := range res.Servers {
- fmt.Fprintf(cmd.Stdout(), " %s (TTL %s)", s.Server, s.TTL)
+ fmt.Fprintf(cmd.Stdout(), " %s (Expires %s)", s.Server, s.Expires)
}
fmt.Fprintln(cmd.Stdout())
}
@@ -156,13 +156,13 @@
ns := rt.R().Namespace()
ctx, cancel := rt.R().NewContext().WithTimeout(time.Minute)
defer cancel()
- servers, err := ns.ResolveToMountTable(ctx, name)
+ e, err := ns.ResolveToMountTableX(ctx, name)
if err != nil {
- vlog.Infof("ns.ResolveToMountTable(%q) failed: %v", name, err)
+ vlog.Infof("ns.ResolveToMountTableX(%q) failed: %v", name, err)
return err
}
- for _, s := range servers {
- fmt.Fprintln(cmd.Stdout(), s)
+ for _, s := range e.Servers {
+ fmt.Fprintln(cmd.Stdout(), naming.JoinAddressName(s.Server, e.Name))
}
return nil
}
diff --git a/tools/naming/simulator/mt_complex.scr b/tools/naming/simulator/mt_complex.scr
index a5c85e2..027ddff 100644
--- a/tools/naming/simulator/mt_complex.scr
+++ b/tools/naming/simulator/mt_complex.scr
@@ -238,7 +238,7 @@
# Now, use mount directly to create a 'symlink'
set symlink_target=some/deep/name/that/is/a/mount
-mount tl/b/symlink /$mt_b_addr/$symlink_target 1h
+mount tl/b/symlink /$mt_b_addr/$symlink_target 1h M
wait $_
ls -l tl/b/symlink
