Blame - services/mgmt/device/impl/dispatcher.go - release.go.x.ref

blob: 1e5bcbb6ad6917d4c336e9256b553cefcacb38f7 [file] [log] [blame]

Jiri Simsa	5293dcb	2014-05-10 09:56:38 -0700	[diff] [blame]	1	package impl
				2
				3	import (
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	4	"bytes"
				5	"crypto/md5"
				6	"encoding/hex"
Bogdan Caprita	c87a914	2014-07-21 10:38:13 -0700	[diff] [blame]	7	"fmt"
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	8	"io/ioutil"
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	9	"os"
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	10	"path"
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	11	"path/filepath"
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	12	"strings"
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	13	"sync"
Jiri Simsa	24e87aa	2014-06-09 09:27:34 -0700	[diff] [blame]	14
Bogdan Caprita	7f49167	2014-11-13 14:51:08 -0800	[diff] [blame]	15	"veyron.io/veyron/veyron/security/agent"
				16	"veyron.io/veyron/veyron/security/agent/keymgr"
Jiri Simsa	519c507	2014-09-17 21:37:57 -0700	[diff] [blame]	17	vflag "veyron.io/veyron/veyron/security/flag"
				18	"veyron.io/veyron/veyron/security/serialization"
Bogdan Caprita	a456f47	2014-12-10 10:18:03 -0800	[diff] [blame]	19	idevice "veyron.io/veyron/veyron/services/mgmt/device"
				20	"veyron.io/veyron/veyron/services/mgmt/device/config"
Robin Thellend	4c5266e	2014-10-27 13:19:29 -0700	[diff] [blame]	21	logsimpl "veyron.io/veyron/veyron/services/mgmt/logreader/impl"
Jiri Simsa	24e87aa	2014-06-09 09:27:34 -0700	[diff] [blame]	22
Jiri Simsa	519c507	2014-09-17 21:37:57 -0700	[diff] [blame]	23	"veyron.io/veyron/veyron2/ipc"
Robin Thellend	4c5266e	2014-10-27 13:19:29 -0700	[diff] [blame]	24	"veyron.io/veyron/veyron2/naming"
Jiri Simsa	519c507	2014-09-17 21:37:57 -0700	[diff] [blame]	25	"veyron.io/veyron/veyron2/security"
Bogdan Caprita	a456f47	2014-12-10 10:18:03 -0800	[diff] [blame]	26	"veyron.io/veyron/veyron2/services/mgmt/device"
Robin Thellend	b9dd9bb	2014-10-29 13:54:08 -0700	[diff] [blame]	27	"veyron.io/veyron/veyron2/services/mgmt/pprof"
				28	"veyron.io/veyron/veyron2/services/mgmt/stats"
Jiri Simsa	519c507	2014-09-17 21:37:57 -0700	[diff] [blame]	29	"veyron.io/veyron/veyron2/services/security/access"
				30	"veyron.io/veyron/veyron2/verror"
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	31	"veyron.io/veyron/veyron2/verror2"
Jiri Simsa	519c507	2014-09-17 21:37:57 -0700	[diff] [blame]	32	"veyron.io/veyron/veyron2/vlog"
Jiri Simsa	5293dcb	2014-05-10 09:56:38 -0700	[diff] [blame]	33	)
				34
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	35	// internalState wraps state shared between different device manager
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	36	// invocations.
				37	type internalState struct {
Bogdan Caprita	7f49167	2014-11-13 14:51:08 -0800	[diff] [blame]	38	callback *callbackState
				39	updating *updatingState
				40	securityAgent *securityAgentState
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	41	}
				42
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	43	// aclLocks provides a mutex lock for each acl file path.
				44	type aclLocks map[string]*sync.Mutex
				45
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	46	// dispatcher holds the state of the device manager dispatcher.
Jiri Simsa	5293dcb	2014-05-10 09:56:38 -0700	[diff] [blame]	47	type dispatcher struct {
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	48	// acl/auth hold the acl and authorizer used to authorize access to the
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	49	// device manager methods.
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	50	acl access.TaggedACLMap
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	51	auth security.Authorizer
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	52	// etag holds the version string for the ACL. We use this for optimistic
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	53	// concurrency control when clients update the ACLs for the device
				54	// manager.
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	55	etag string
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	56	// internal holds the state that persists across RPC method invocations.
Bogdan Caprita	c87a914	2014-07-21 10:38:13 -0700	[diff] [blame]	57	internal *internalState
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	58	// config holds the device manager's (immutable) configuration state.
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	59	config *config.State
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	60	// dispatcherMutex is a lock for coordinating concurrent access to some
				61	// dispatcher methods.
Bogdan Caprita	7f49167	2014-11-13 14:51:08 -0800	[diff] [blame]	62	mu sync.RWMutex
				63	// TODO(rjkroege): Consider moving this inside internal.
Robert Kroeger	1cb4a0d	2014-10-20 11:55:38 -0700	[diff] [blame]	64	uat BlessingSystemAssociationStore
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	65	// TODO(rjkroege): Eliminate need for locks.
				66	locks aclLocks
Jiri Simsa	5293dcb	2014-05-10 09:56:38 -0700	[diff] [blame]	67	}
				68
Benjamin Prosnitz	fdfbf7b	2014-10-08 09:47:21 -0700	[diff] [blame]	69	var _ ipc.Dispatcher = (*dispatcher)(nil)
				70
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	71	const (
				72	appsSuffix = "apps"
Bogdan Caprita	9c4aa22	2014-12-10 14:46:30 -0800	[diff] [blame]	73	deviceSuffix = "device"
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	74	configSuffix = "cfg"
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	75
Bogdan Caprita	a456f47	2014-12-10 10:18:03 -0800	[diff] [blame]	76	pkgPath = "veyron.io/veyron/veyron/services/mgmt/device/impl"
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	77	)
				78
				79	var (
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	80	ErrInvalidSuffix = verror2.Register(pkgPath+".InvalidSuffix", verror2.NoRetry, "")
				81	ErrOperationFailed = verror2.Register(pkgPath+".OperationFailed", verror2.NoRetry, "")
				82	ErrOperationInProgress = verror2.Register(pkgPath+".OperationInProgress", verror2.NoRetry, "")
				83	ErrAppTitleMismatch = verror2.Register(pkgPath+".AppTitleMismatch", verror2.NoRetry, "")
				84	ErrUpdateNoOp = verror2.Register(pkgPath+".UpdateNoOp", verror2.NoRetry, "")
				85	ErrObjectNoExist = verror2.Register(pkgPath+".ObjectNoExist", verror2.NoRetry, "")
				86	ErrInvalidOperation = verror2.Register(pkgPath+".InvalidOperation", verror2.NoRetry, "")
				87	ErrInvalidBlessing = verror2.Register(pkgPath+".InvalidBlessing", verror2.NoRetry, "")
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	88	)
				89
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	90	// NewDispatcher is the device manager dispatcher factory.
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	91	func NewDispatcher(principal security.Principal, config config.State) (dispatcher, error) {
Bogdan Caprita	c87a914	2014-07-21 10:38:13 -0700	[diff] [blame]	92	if err := config.Validate(); err != nil {
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	93	return nil, fmt.Errorf("invalid config %v: %v", config, err)
Bogdan Caprita	c87a914	2014-07-21 10:38:13 -0700	[diff] [blame]	94	}
Robert Kroeger	1cb4a0d	2014-10-20 11:55:38 -0700	[diff] [blame]	95	uat, err := NewBlessingSystemAssociationStore(config.Root)
				96	if err != nil {
				97	return nil, fmt.Errorf("cannot create persistent store for identity to system account associations: %v", err)
				98	}
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	99	d := &dispatcher{
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	100	etag: "default",
Bogdan Caprita	c87a914	2014-07-21 10:38:13 -0700	[diff] [blame]	101	internal: &internalState{
Bogdan Caprita	78b6216	2014-08-21 15:35:08 -0700	[diff] [blame]	102	callback: newCallbackState(config.Name),
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	103	updating: newUpdatingState(),
Jiri Simsa	70c3205	2014-06-18 11:38:21 -0700	[diff] [blame]	104	},
Bogdan Caprita	c87a914	2014-07-21 10:38:13 -0700	[diff] [blame]	105	config: config,
Robert Kroeger	1cb4a0d	2014-10-20 11:55:38 -0700	[diff] [blame]	106	uat: uat,
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	107	locks: make(aclLocks),
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	108	}
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	109	// If there exists a signed ACL from a previous instance we prefer that.
				110	aclFile, sigFile, _ := d.getACLFilePaths()
				111	if _, err := os.Stat(aclFile); err == nil {
				112	perm := os.FileMode(0700)
				113	data, err := os.OpenFile(aclFile, os.O_RDONLY, perm)
				114	if err != nil {
				115	return nil, fmt.Errorf("failed to open acl file:%v", err)
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	116	}
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	117	defer data.Close()
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	118	sig, err := os.OpenFile(sigFile, os.O_RDONLY, perm)
				119	if err != nil {
				120	return nil, fmt.Errorf("failed to open signature file:%v", err)
				121	}
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	122	defer sig.Close()
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	123	// read and verify the signature of the acl file
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	124	reader, err := serialization.NewVerifyingReader(data, sig, principal.PublicKey())
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	125	if err != nil {
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	126	return nil, fmt.Errorf("failed to read devicemanager ACL file:%v", err)
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	127	}
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	128	acl, err := access.ReadTaggedACLMap(reader)
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	129	if err != nil {
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	130	return nil, fmt.Errorf("failed to load devicemanager ACL:%v", err)
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	131	}
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	132	if err := d.setACL(principal, acl, d.etag, false /* just update etag */); err != nil {
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	133	return nil, err
				134	}
				135	} else {
				136	if d.auth = vflag.NewAuthorizerOrDie(); d.auth == nil {
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	137	// If there are no specified ACLs we grant devicemanager
				138	// access to all principals until it is claimed.
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	139	d.auth = allowEveryone{}
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	140	}
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	141	}
Bogdan Caprita	7f49167	2014-11-13 14:51:08 -0800	[diff] [blame]	142	// If we're in 'security agent mode', set up the key manager agent.
				143	if len(os.Getenv(agent.FdVarName)) > 0 {
				144	if keyMgrAgent, err := keymgr.NewAgent(); err != nil {
				145	return nil, fmt.Errorf("NewAgent() failed: %v", err)
				146	} else {
				147	d.internal.securityAgent = &securityAgentState{
				148	keyMgrAgent: keyMgrAgent,
				149	}
				150	}
				151	}
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	152	return d, nil
				153	}
				154
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	155	func (d *dispatcher) getACLFilePaths() (acl, signature, devicedata string) {
				156	devicedata = filepath.Join(d.config.Root, "device-manager", "device-data")
				157	acl, signature = filepath.Join(devicedata, "acl.devicemanager"), filepath.Join(devicedata, "acl.signature")
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	158	return
				159	}
				160
Robin Thellend	888f8cf	2014-12-15 16:19:10 -0800	[diff] [blame^]	161	func (d *dispatcher) claimDeviceManager(ctx ipc.ServerContext) error {
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	162	// TODO(rjkroege): Scrub the state tree of installation and instance ACL files.
Robin Thellend	888f8cf	2014-12-15 16:19:10 -0800	[diff] [blame^]	163
				164	// Get the blessings to be used by the claimant.
				165	blessings := ctx.Blessings()
				166	if blessings == nil {
				167	return verror2.Make(ErrInvalidBlessing, ctx)
				168	}
				169	principal := ctx.LocalPrincipal()
				170	if err := principal.AddToRoots(blessings); err != nil {
				171	vlog.Errorf("principal.AddToRoots(%s) failed: %v", blessings, err)
				172	return verror2.Make(ErrInvalidBlessing, ctx)
				173	}
				174	names := blessings.ForContext(ctx)
Asim Shankar	8f05c22	2014-10-06 22:08:19 -0700	[diff] [blame]	175	if len(names) == 0 {
Robin Thellend	888f8cf	2014-12-15 16:19:10 -0800	[diff] [blame^]	176	vlog.Errorf("No names for claimer(%v) are trusted", blessings)
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	177	return verror2.Make(ErrOperationFailed, nil)
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	178	}
Robin Thellend	888f8cf	2014-12-15 16:19:10 -0800	[diff] [blame^]	179	principal.BlessingStore().Set(blessings, security.AllPrincipals)
				180	principal.BlessingStore().SetDefault(blessings)
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	181	// Create ACLs to transfer devicemanager permissions to the provided identity.
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	182	acl := make(access.TaggedACLMap)
				183	for _, n := range names {
				184	for _, tag := range access.AllTypicalTags() {
				185	acl.Add(security.BlessingPattern(n), string(tag))
				186	}
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	187	}
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	188	_, etag, err := d.getACL()
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	189	if err != nil {
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	190	vlog.Errorf("Failed to getACL:%v", err)
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	191	return verror2.Make(ErrOperationFailed, nil)
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	192	}
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	193	if err := d.setACL(principal, acl, etag, true /* store ACL on disk */); err != nil {
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	194	vlog.Errorf("Failed to setACL:%v", err)
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	195	return verror2.Make(ErrOperationFailed, nil)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	196	}
				197	return nil
				198	}
				199
				200	// TODO(rjkroege): Further refactor ACL-setting code.
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	201	func setAppACL(principal security.Principal, locks aclLocks, dir string, acl access.TaggedACLMap, etag string) error {
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	202	aclpath := path.Join(dir, "acls", "data")
				203	sigpath := path.Join(dir, "acls", "signature")
				204
				205	// Acquire lock. Locks are per path to an acls file.
Robert Kroeger	7d979d8	2014-11-07 17:24:35 -0800	[diff] [blame]	206	lck, contains := locks[dir]
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	207	if !contains {
				208	lck = new(sync.Mutex)
Robert Kroeger	7d979d8	2014-11-07 17:24:35 -0800	[diff] [blame]	209	locks[dir] = lck
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	210	}
				211	lck.Lock()
				212	defer lck.Unlock()
				213
				214	f, err := os.Open(aclpath)
				215	if err != nil {
				216	vlog.Errorf("LoadACL(%s) failed: %v", aclpath, err)
				217	return err
				218	}
				219	defer f.Close()
				220
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	221	curACL, err := access.ReadTaggedACLMap(f)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	222	if err != nil {
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	223	vlog.Errorf("ReadTaggedACLMap(%s) failed: %v", aclpath, err)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	224	return err
				225	}
				226	curEtag, err := computeEtag(curACL)
				227	if err != nil {
				228	vlog.Errorf("computeEtag failed: %v", err)
				229	return err
				230	}
				231
				232	if len(etag) > 0 && etag != curEtag {
				233	return verror.Make(access.ErrBadEtag, fmt.Sprintf("etag mismatch in:%s vers:%s", etag, curEtag))
				234	}
				235
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	236	return writeACLs(principal, aclpath, sigpath, dir, acl)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	237	}
				238
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	239	func getAppACL(locks aclLocks, dir string) (access.TaggedACLMap, string, error) {
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	240	aclpath := path.Join(dir, "acls", "data")
				241
				242	// Acquire lock. Locks are per path to an acls file.
Robert Kroeger	7d979d8	2014-11-07 17:24:35 -0800	[diff] [blame]	243	lck, contains := locks[dir]
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	244	if !contains {
				245	lck = new(sync.Mutex)
Robert Kroeger	7d979d8	2014-11-07 17:24:35 -0800	[diff] [blame]	246	locks[dir] = lck
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	247	}
				248	lck.Lock()
				249	defer lck.Unlock()
				250
				251	f, err := os.Open(aclpath)
				252	if err != nil {
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	253	vlog.Errorf("Open(%s) failed: %v", aclpath, err)
				254	return nil, "", err
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	255	}
				256	defer f.Close()
				257
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	258	acl, err := access.ReadTaggedACLMap(f)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	259	if err != nil {
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	260	vlog.Errorf("ReadTaggedACLMap(%s) failed: %v", aclpath, err)
				261	return nil, "", err
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	262	}
				263	curEtag, err := computeEtag(acl)
				264	if err != nil {
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	265	return nil, "", err
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	266	}
				267	return acl, curEtag, nil
				268	}
				269
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	270	func computeEtag(acl access.TaggedACLMap) (string, error) {
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	271	b := new(bytes.Buffer)
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	272	if err := acl.WriteTo(b); err != nil {
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	273	vlog.Errorf("Failed to save ACL:%v", err)
				274	return "", err
				275	}
				276	// Update the acl/etag/authorizer for this dispatcher
				277	md5hash := md5.Sum(b.Bytes())
				278	etag := hex.EncodeToString(md5hash[:])
				279	return etag, nil
				280	}
				281
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	282	func writeACLs(principal security.Principal, aclFile, sigFile, dir string, acl access.TaggedACLMap) error {
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	283	// Create dir directory if it does not exist
				284	os.MkdirAll(dir, os.FileMode(0700))
				285	// Save the object to temporary data and signature files, and then move
				286	// those files to the actual data and signature file.
				287	data, err := ioutil.TempFile(dir, "data")
				288	if err != nil {
				289	vlog.Errorf("Failed to open tmpfile data:%v", err)
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	290	return verror2.Make(ErrOperationFailed, nil)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	291	}
				292	defer os.Remove(data.Name())
				293	sig, err := ioutil.TempFile(dir, "sig")
				294	if err != nil {
				295	vlog.Errorf("Failed to open tmpfile sig:%v", err)
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	296	return verror2.Make(ErrOperationFailed, nil)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	297	}
				298	defer os.Remove(sig.Name())
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	299	writer, err := serialization.NewSigningWriteCloser(data, sig, principal, nil)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	300	if err != nil {
				301	vlog.Errorf("Failed to create NewSigningWriteCloser:%v", err)
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	302	return verror2.Make(ErrOperationFailed, nil)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	303	}
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	304	if err = acl.WriteTo(writer); err != nil {
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	305	vlog.Errorf("Failed to SaveACL:%v", err)
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	306	return verror2.Make(ErrOperationFailed, nil)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	307	}
				308	if err = writer.Close(); err != nil {
				309	vlog.Errorf("Failed to Close() SigningWriteCloser:%v", err)
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	310	return verror2.Make(ErrOperationFailed, nil)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	311	}
				312	if err := os.Rename(data.Name(), aclFile); err != nil {
				313	return err
				314	}
				315	if err := os.Rename(sig.Name(), sigFile); err != nil {
				316	return err
				317	}
				318	return nil
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	319	}
				320
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	321	func (d *dispatcher) setACL(principal security.Principal, acl access.TaggedACLMap, etag string, writeToFile bool) error {
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	322	d.mu.Lock()
				323	defer d.mu.Unlock()
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	324	aclFile, sigFile, devicedata := d.getACLFilePaths()
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	325
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	326	if len(etag) > 0 && etag != d.etag {
				327	return verror.Make(access.ErrBadEtag, fmt.Sprintf("etag mismatch in:%s vers:%s", etag, d.etag))
				328	}
				329	if writeToFile {
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	330	if err := writeACLs(principal, aclFile, sigFile, devicedata, acl); err != nil {
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	331	return err
				332	}
				333	}
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	334
				335	etag, err := computeEtag(acl)
				336	if err != nil {
				337	return err
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	338	}
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	339	auth, err := access.TaggedACLAuthorizer(acl, access.TypicalTagType())
				340	if err != nil {
				341	return err
				342	}
				343	d.acl, d.etag, d.auth = acl, etag, auth
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	344	return nil
Jiri Simsa	5293dcb	2014-05-10 09:56:38 -0700	[diff] [blame]	345	}
				346
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	347	func (d *dispatcher) getACL() (acl access.TaggedACLMap, etag string, err error) {
Gautham	6fe61e5	2014-09-16 13:58:17 -0700	[diff] [blame]	348	d.mu.RLock()
				349	defer d.mu.RUnlock()
				350	return d.acl, d.etag, nil
				351	}
				352
Jiri Simsa	5293dcb	2014-05-10 09:56:38 -0700	[diff] [blame]	353	// DISPATCHER INTERFACE IMPLEMENTATION
Robin Thellend	a02fe8f	2014-11-19 09:58:29 -0800	[diff] [blame]	354	func (d *dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	355	components := strings.Split(suffix, "/")
				356	for i := 0; i < len(components); i++ {
				357	if len(components[i]) == 0 {
				358	components = append(components[:i], components[i+1:]...)
				359	i--
				360	}
				361	}
				362	if len(components) == 0 {
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	363	return ipc.ChildrenGlobberInvoker(deviceSuffix, appsSuffix), d.auth, nil
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	364	}
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	365	// The implementation of the device manager is split up into several
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	366	// invokers, which are instantiated depending on the receiver name
				367	// prefix.
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	368	switch components[0] {
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	369	case deviceSuffix:
Bogdan Caprita	a456f47	2014-12-10 10:18:03 -0800	[diff] [blame]	370	receiver := device.DeviceServer(&deviceService{
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	371	callback: d.internal.callback,
				372	updating: d.internal.updating,
				373	config: d.config,
Gautham	82bb995	2014-08-28 14:11:51 -0700	[diff] [blame]	374	disp: d,
Robert Kroeger	362ff89	2014-09-29 14:23:47 -0700	[diff] [blame]	375	uat: d.uat,
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	376	})
Cosmos Nicolaou	710daa2	2014-11-11 19:39:18 -0800	[diff] [blame]	377	return receiver, d.auth, nil
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	378	case appsSuffix:
Robin Thellend	8a0f04f	2014-11-17 10:40:24 -0800	[diff] [blame]	379	// Requests to apps///*/logs are handled locally by LogFileService.
Robin Thellend	b9dd9bb	2014-10-29 13:54:08 -0700	[diff] [blame]	380	// Requests to apps///*/pprof are proxied to the apps' __debug/pprof object.
				381	// Requests to apps///*/stats are proxied to the apps' __debug/stats object.
Robin Thellend	9bc8fcb	2014-11-17 10:23:04 -0800	[diff] [blame]	382	// Everything else is handled by the Application server.
Robin Thellend	ac7128c	2014-11-11 09:58:28 -0800	[diff] [blame]	383	if len(components) >= 5 {
Robin Thellend	4c5266e	2014-10-27 13:19:29 -0700	[diff] [blame]	384	appInstanceDir, err := instanceDir(d.config.Root, components[1:4])
				385	if err != nil {
				386	return nil, nil, err
				387	}
Robin Thellend	b9dd9bb	2014-10-29 13:54:08 -0700	[diff] [blame]	388	switch kind := components[4]; kind {
				389	case "logs":
				390	logsDir := filepath.Join(appInstanceDir, "logs")
				391	suffix := naming.Join(components[5:]...)
Robin Thellend	8a0f04f	2014-11-17 10:40:24 -0800	[diff] [blame]	392	return logsimpl.NewLogFileService(logsDir, suffix), d.auth, nil
Robin Thellend	b9dd9bb	2014-10-29 13:54:08 -0700	[diff] [blame]	393	case "pprof", "stats":
				394	info, err := loadInstanceInfo(appInstanceDir)
				395	if err != nil {
				396	return nil, nil, err
				397	}
				398	if !instanceStateIs(appInstanceDir, started) {
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	399	return nil, nil, verror2.Make(ErrInvalidSuffix, nil)
Robin Thellend	b9dd9bb	2014-10-29 13:54:08 -0700	[diff] [blame]	400	}
Robin Thellend	b9dd9bb	2014-10-29 13:54:08 -0700	[diff] [blame]	401	var sigStub signatureStub
				402	if kind == "pprof" {
Todd Wang	702385a	2014-11-07 01:54:08 -0800	[diff] [blame]	403	sigStub = pprof.PProfServer(nil)
Robin Thellend	b9dd9bb	2014-10-29 13:54:08 -0700	[diff] [blame]	404	} else {
Todd Wang	702385a	2014-11-07 01:54:08 -0800	[diff] [blame]	405	sigStub = stats.StatsServer(nil)
Robin Thellend	b9dd9bb	2014-10-29 13:54:08 -0700	[diff] [blame]	406	}
				407	suffix := naming.Join("__debug", naming.Join(components[4:]...))
				408	remote := naming.JoinAddressName(info.AppCycleMgrName, suffix)
Matt Rosencrantz	5180d16	2014-12-03 13:48:40 -0800	[diff] [blame]	409	invoker := &proxyInvoker{
				410	remote: remote,
				411	access: access.Debug,
				412	sigStub: sigStub,
				413	}
				414	return invoker, d.auth, nil
Robin Thellend	b9dd9bb	2014-10-29 13:54:08 -0700	[diff] [blame]	415	}
Robin Thellend	4c5266e	2014-10-27 13:19:29 -0700	[diff] [blame]	416	}
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	417	deviceACLs, _, err := d.getACL()
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	418	if err != nil {
				419	return nil, nil, err
				420	}
Bogdan Caprita	a456f47	2014-12-10 10:18:03 -0800	[diff] [blame]	421	receiver := device.ApplicationServer(&appService{
Bogdan Caprita	7f49167	2014-11-13 14:51:08 -0800	[diff] [blame]	422	callback: d.internal.callback,
				423	config: d.config,
				424	suffix: components[1:],
				425	uat: d.uat,
				426	locks: d.locks,
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	427	deviceACL: deviceACLs,
Bogdan Caprita	7f49167	2014-11-13 14:51:08 -0800	[diff] [blame]	428	securityAgent: d.internal.securityAgent,
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	429	})
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	430	appSpecificAuthorizer, err := newAppSpecificAuthorizer(d.auth, d.config, components[1:])
				431	if err != nil {
				432	return nil, nil, err
				433	}
Cosmos Nicolaou	710daa2	2014-11-11 19:39:18 -0800	[diff] [blame]	434	return receiver, appSpecificAuthorizer, nil
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	435	case configSuffix:
				436	if len(components) != 2 {
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	437	return nil, nil, verror2.Make(ErrInvalidSuffix, nil)
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	438	}
Bogdan Caprita	a456f47	2014-12-10 10:18:03 -0800	[diff] [blame]	439	receiver := idevice.ConfigServer(&configService{
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	440	callback: d.internal.callback,
				441	suffix: components[1],
				442	})
Bogdan Caprita	b9501d1	2014-10-10 15:02:03 -0700	[diff] [blame]	443	// The nil authorizer ensures that only principals blessed by
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	444	// the device manager can talk back to it. All apps started by
				445	// the device manager should fall in that category.
Bogdan Caprita	b9501d1	2014-10-10 15:02:03 -0700	[diff] [blame]	446	//
				447	// TODO(caprita,rjkroege): We should further refine this, by
				448	// only allowing the app to update state referring to itself
				449	// (and not other apps).
Cosmos Nicolaou	710daa2	2014-11-11 19:39:18 -0800	[diff] [blame]	450	return receiver, nil, nil
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	451	default:
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	452	return nil, nil, verror2.Make(ErrInvalidSuffix, nil)
Bogdan Caprita	4d67c04	2014-08-19 10:41:19 -0700	[diff] [blame]	453	}
Jiri Simsa	24e87aa	2014-06-09 09:27:34 -0700	[diff] [blame]	454	}
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	455
				456	func newAppSpecificAuthorizer(sec security.Authorizer, config *config.State, suffix []string) (security.Authorizer, error) {
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	457	// TODO(rjkroege): This does not support <appname>.Start() to start all
				458	// instances. Correct this.
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	459
Bogdan Caprita	2b21936	2014-12-09 17:03:33 -0800	[diff] [blame]	460	// If we are attempting a method invocation against "apps/", we use the
				461	// device-manager wide ACL.
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	462	if len(suffix) == 0 \|\| len(suffix) == 1 {
				463	return sec, nil
				464	}
				465	// Otherwise, we require a per-installation and per-instance ACL file.
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	466	if len(suffix) == 2 {
				467	p, err := installationDirCore(suffix, config.Root)
				468	if err != nil {
				469	vlog.Errorf("newAppSpecificAuthorizer failed: %v", err)
				470	return nil, err
				471	}
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	472	return access.TaggedACLAuthorizerFromFile(path.Join(p, "acls", "data"), access.TypicalTagType())
				473	}
				474	if len(suffix) > 2 {
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	475	p, err := instanceDir(config.Root, suffix[0:3])
				476	if err != nil {
				477	vlog.Errorf("newAppSpecificAuthorizer failed: %v", err)
				478	return nil, err
				479	}
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	480	return access.TaggedACLAuthorizerFromFile(path.Join(p, "acls", "data"), access.TypicalTagType())
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	481	}
Todd Wang	34ed4c6	2014-11-26 15:15:52 -0800	[diff] [blame]	482	return nil, verror2.Make(ErrInvalidSuffix, nil)
Robert Kroeger	acc778b	2014-11-03 17:17:21 -0800	[diff] [blame]	483	}
Asim Shankar	6888519	2014-11-26 12:48:35 -0800	[diff] [blame]	484
				485	// allowEveryone implements the authorization policy that allows all principals
				486	// access.
				487	type allowEveryone struct{}
				488
Robin Thellend	888f8cf	2014-12-15 16:19:10 -0800	[diff] [blame^]	489	func (allowEveryone) Authorize(ctx security.Context) error {
				490	vlog.Infof("Device manager is unclaimed. Allow %q.%s() from %q.", ctx.Suffix(), ctx.Method(), ctx.RemoteBlessings())
				491	return nil
				492	}