Commit Graph

528 Commits

Author SHA1 Message Date
Joe Bryan
b0d2db25b5 fine: narrows error message scope on bad responses 2023-05-24 13:00:48 -04:00
fang
2b9d603951
ames: turn all pending %boons into %losts
This was the behavior prior to d8e11b6, except that we now correctly include
the new %boon in the transformation also.
2023-05-24 14:07:29 +02:00
yosoyubik
f6101569f5 ames: skip corks if pending acks for naxplanations 2023-05-24 12:35:38 +02:00
fang
d8e11b68c2
ames: correctly %lose a %boon we crashed on
Previously, if we noticed %boon handling had caused a crash, we would
transform any existing %boons into %losts, but still emit a new %boon
for the message we ostensibly crashed on.

Now, we make sure to just directly send a %lost if sending the %boon
caused a crash. We drop the existing-moves transformation entirely,
assuming it to vestigial.
2023-05-23 22:10:17 +02:00
yosoyubik
3554ab895d ames: remove num-live from pump-metrics 2023-05-23 06:48:15 +02:00
yosoyubik
e440a443e5 ames: don't no-op if getting %ack on nack bone 2023-05-22 17:53:20 +02:00
yosoyubik
1921fd277c ames: add comment 2023-05-22 17:38:31 +02:00
Josh Lehman
799c49f873
Merge branch 'develop' into i/6103/abet-pure 2023-05-22 08:37:32 -07:00
Tinnus Napbus
de51f74dc2 gall: implement local provenance 2023-05-23 01:12:09 +12:00
yosoyubik
89da6d433b ames: fix incorrect handling of acks in |pack 2023-05-22 15:05:18 +02:00
jose
7df931b375
Merge branch 'develop' into i/6103/abet-pure 2023-05-22 13:23:02 +02:00
yosoyubik
a765954cee ames: don't get ship-state in +enqueue-alien-todo
ship-state is retrieved in +send-blob only for sponsors of the ship
2023-05-22 12:49:00 +02:00
yosoyubik
7d153ba99a ames: fix no-op if getting %ack on nack-trace bone 2023-05-22 12:14:53 +02:00
yosoyubik
66b92800e3 ames: don't retrieve ship-state in +send-blob 2023-05-22 11:41:32 +02:00
yosoyubik
b427f1c321 ames: early abet in |fi after route update
Continuation of https://github.com/urbit/urbit/pull/6593
2023-05-22 10:58:50 +02:00
fang
8579b6c952
eyre: eauth, cross-ship authentication
aka "mirage" aka "eyre oauth"

With Eyre now supporting both local identity authentication, and fake
guest identities, the logical next step is to support authentication
with real non-local identities. Here, we implement that, building on top
of the groundwork laid by #6561.

The primary change is adding a %real case to Eyre's $identity type, and
implementing an http<->ames<->ames handshaking protocol into Eyre for
negotiating approval of login attempts made by unauthenticated HTTP
clients.

The authentication flow, where a "visitor" logs into a "~host" as their
own "~client" identity can be described in brief as follows:
1) Visitor makes an HTTP request saying they are ~client.
2) ~host tells ~client, over Ames, about its own public-facing hostname.
3) ~client responds with its own public-facing hostname.
4) ~host forwards the visitor to ~client's eauth page.
5) Visitor, there already logged in as ~client, approves the login
   attempt.
6) ~client shares a secret with ~host over Ames, and forwards the
   visitor to ~host's eauth page, including the secret in the request.
7) ~host sees that the secrets received over Ames and HTTP match, and
   gives the visitor a new session token, identifying them as ~client.

The negotiating of hostnames/URLs via Ames is crucial to keeping this
handshake sequence secure.

Discovering a ship's public-facing hostname happens when successful
local logins are made by reading out the Host header from the request.
Users may hard-code a value to override this.

Each eauth login attempt comes with a unique nonce. Both the host and
client track the lifetime of these. The corresponding Ames flow (which
goes from ~host -> ~client) is corked when the login attempt gets
aborted, or its associated session expires.

The logout functionality has been updated to let clients ask to be
logged out of sessions on other ships.
2023-05-18 23:13:15 +02:00
Joe Bryan
15440d3dda ames: add %rift to %stir 2023-05-17 16:51:12 -04:00
Philip Monk
8cba74630f ames: bugfixes 2023-05-16 23:05:17 -07:00
yosoyubik
42c22bf4f3 ames: on-take-wake no-op if not path for keen 2023-05-10 17:18:31 +02:00
yosoyubik
b154c62fdc ames, tests: remove extraneous comments 2023-05-09 11:43:54 +02:00
yosoyubik
f53fee723a ames: defer mutual calls between |pump and |sink
|pump and |sink call into each other in three places
related to nacks and naxplanations (sending a nack,
notifying the |pump of a naxplanation, or dropping a
nack from the |sink). This intra calls are making implicit
updates to more parts of the state than the core should
manage. To avoid that we emit a move to %arvo, encoded
as an %ames plea, to handle that in the next event.
2023-05-08 15:28:13 +02:00
yosoyubik
6213e0bbb3 ames: move +bind-duct to peer-core 2023-05-05 13:06:17 +02:00
yosoyubik
df47808047 Merge branch 'develop' into i/6103/abet-pure 2023-05-05 09:53:01 +02:00
~wicrum-wicrun
c1e14bdbf5 ames: use +pry:mop and +del:mop instead of virtualizing 2023-05-02 17:07:14 +02:00
~wicrum-wicrun
c03c3dc13b ames: migration uses +tap:deq instead of +dip-left:deq 2023-05-02 17:01:53 +02:00
~wicrum-wicrun
ecaf70bc00 ames,lull,zuse: move +pha and +deq into ames to not pollute kelvin code 2023-05-02 16:26:59 +02:00
~wicrum-wicrun
ded0b75914 ames,lull: .wan.keen uses fragment as mop key 2023-05-02 16:25:51 +02:00
~wicrum-wicrun
d7a2c53df8 lull,ames: use mop instead of pha in .wan.keens 2023-05-02 15:17:25 +02:00
yosoyubik
4728ee68c6 Revert "Revert "ames: make +abet pure""
This reverts commit d214fad1bd.

https://github.com/urbit/urbit/pull/6403 got closed, probably due to its
previous inclusion in the Remote Scry PR, so we reopen it (as a draft).
2023-04-27 14:42:34 +02:00
Joe Bryan
517df2aebd ames: fix fine error printf 2023-04-25 10:14:42 -04:00
Joe Bryan
5dfc8e3c5d arvo: restructures |mass, switches to %x //whey 2023-04-24 16:21:41 -04:00
~wicrum-wicrun
673803fe0b ames: use $spar 2023-04-24 19:10:05 +02:00
~wicrum-wicrun
dafa1cc030 lull,ames: reference +mop in $packet-pump-size 2023-04-24 19:10:05 +02:00
yosoyubik
66a7b7b1c2 ames: make fi-send take a blob 2023-04-24 18:54:36 +02:00
yosoyubik
d43e684bae ames: rename @uxmeow as $yowl 2023-04-24 18:54:36 +02:00
Joe Bryan
8f43d9674d ames: removes stale comments, dead code 2023-04-24 12:53:29 -04:00
Joe Bryan
cf8a887b80 arvo: rebinds and uses $omen 2023-04-24 12:52:33 -04:00
Joe Bryan
2ece07f096 ames: %fine requests are always for public data 2023-04-24 12:36:53 -04:00
yosoyubik
714d0b13f1 ames: remove sigpam 2023-04-24 17:00:41 +02:00
~wicrum-wicrun
641326ad36 ames,lull: remove .siz from $meow 2023-04-24 16:23:09 +02:00
yosoyubik
bf0a4a3327 ames: fix upgrade from state 4&5 2023-04-24 11:44:24 +02:00
Joe Bryan
d2d1412c3a ames: replace (empty) signatures with tag byte in fine requests (wail) 2023-04-23 01:09:53 -04:00
yosoyubik
599eb6231b ames: rename etch-keen to etch-wail 2023-04-22 20:26:08 +02:00
Ted Blackman
f3655a8662 ames: re-enable life&rift check on fine requests 2023-04-22 11:30:17 -04:00
yosoyubik
5bbd727f18 Merge branch 'develop' into i/5788/remote-scry 2023-04-22 16:07:44 +02:00
yosoyubik
64a1680e2c ames: don't crash if waking up on a strange wire
This was a regression introduced in 8e54f7fcc3
the previous behavior was not to crash so we
restore it here
2023-04-22 13:47:15 +02:00
yosoyubik
2bcfd7599a ames: fix %fine tests to account for updated %tune 2023-04-21 17:54:01 +02:00
Joe Bryan
4d84131464 ames: refactors %tune, supercedes %miss 2023-04-21 10:43:30 -04:00
~wicrum-wicrun
6746687ade ames: print fine errors instead of propagating 2023-04-20 22:32:16 +02:00
~wicrum-wicrun
b92e4c4238 ames: get dat from etched body 2023-04-20 18:52:01 +02:00
~wicrum-wicrun
953e6f5861 ames: set signature in fine requests to all zeroes 2023-04-20 18:12:29 +02:00
yosoyubik
bee09fe5e1 ames: in %larva +load always set cached-state 2023-04-19 16:23:01 +02:00
yosoyubik
873de61269 ames: give %miss to all listeners on %keen cancel
%spider will send a %yawn task to ames if a thread fails
or stops. if the thread is done, it will delete the scry
from its state without notifying %ames
2023-04-19 11:03:11 +02:00
Joe Bryan
51effc6be9 ames: add (disabled) rift/life verification 2023-04-19 00:50:13 -04:00
Joe Bryan
846276f85a ames: refactors $sign and $note 2023-04-19 00:50:13 -04:00
Joe Bryan
80a1cf626c ames: cleanup comments/whitespace 2023-04-18 10:34:47 -04:00
Joe Bryan
c864f95598 ames: drop %pine 2023-04-18 10:25:45 -04:00
yosoyubik
5c838a42a7 ames: use fi-emit for %fine gifts 2023-04-18 05:31:23 +02:00
Joe Bryan
790a0de292 ames: fix move clobbering in +fi-done 2023-04-17 18:29:44 -04:00
Joe Bryan
2cb0a06976 ames: fix build, bypassing alias 2023-04-17 16:08:01 -04:00
yosoyubik
03b3d0b3f4 tests: fix /tests/sys/fine 2023-04-17 16:41:53 +02:00
yosoyubik
296815e097 ames: remove keen-id from remote scry state
TODO: udpate /~debug frontend
2023-04-17 16:22:57 +02:00
yosoyubik
c062d7c2b0 ames: handle error for hearing fine responses
WIP the error is not propagated to the listeners (TODO error gift?)
2023-04-17 15:06:28 +02:00
yosoyubik
0987cddd7e ames: add /fine/ducts/[path] scry endpoint 2023-04-17 14:22:20 +02:00
yosoyubik
1d91bb5e33 ames: first pass a %fine unit tests 2023-04-17 14:15:35 +02:00
pkova
24f7f3549f ames: properly migrate old %snub tasks 2023-04-14 20:41:57 +03:00
yosoyubik
69a5c5e6df ames: factor out is-corked logic into a gate 2023-04-14 09:12:16 +02:00
yosoyubik
898ed99863 ames: no-op on naxplanation acks for corked bones 2023-04-13 08:53:01 +02:00
~wicrum-wicrun
97c8e3833d ames: emit %miss on failed signature verification 2023-04-12 15:04:59 +02:00
yosoyubik
4840b2aed2 ames: simplify reset timer 2023-04-11 14:24:05 +02:00
yosoyubik
48a60d602c ames: reset timer for naxplanation on corked bones 2023-04-09 08:13:21 +02:00
yosoyubik
98a5ab9035 ames: fix handling of fine tasks for aliens 2023-04-08 06:34:10 +02:00
yosoyubik
538b0e920e Merge branch 'develop' into i/5788/remote-scry 2023-04-07 19:24:08 +02:00
yosoyubik
8744b1f4db ames: revert min tro to ~m2 2023-04-07 19:10:26 +02:00
Ted Blackman
eddbe86d69 ames: fix syntax error 2023-04-06 11:58:34 -04:00
yosoyubik
2da5431ec2 ames: add minimal verbosity for |fine
This can be set with |ames-verb %fin. We might want to extend this
with a more granular logging system, probably similar to current ames
2023-04-06 13:44:45 +02:00
yosoyubik
9f45741a9a ames: use +update-qos:pe in fine core 2023-04-06 13:44:45 +02:00
yosoyubik
1c2b7667b1 ames: use |fi for remote scry |fine core 2023-04-06 13:44:45 +02:00
Ted Blackman
66678acd3e ames: ping faster to sponsors 2023-04-05 11:59:06 -04:00
~wicrum-wicrun
db2ac2fa65 ames: update gall scries to use %x instead of %a 2023-04-05 16:23:38 +02:00
yosoyubik
d137d78465 ames: remove |fi core
The entry point arms of |fi are moved to the |pe core and
|ke is now called directly so we avoid doing e.g. abed:ke:fi:peer
2023-04-05 10:27:47 +02:00
yosoyubik
08170068b0 ames: send a nack if there is not case for %pine
If the publisher can't produce a case for a given path,
it nacks the plea sent by the requester, that will then
produce a %miss to the vane that initiated the scry
2023-04-04 15:00:08 +02:00
yosoyubik
d7df6bcce3 ames: fix pattern match check when sinking a %pine 2023-04-04 10:59:28 +02:00
midden-fabler
d8ad34f0fc update scry path listing 2023-04-04 03:06:22 -04:00
midden-fabler
bacbfd71ac add last-contact scry endpoint 2023-04-04 02:50:09 -04:00
yosoyubik
06a1f9aa27 ames: refactor unused on-pine flow for publishers 2023-04-04 08:28:43 +02:00
yosoyubik
920c208a60 ames: fix on-pine 2023-04-03 12:48:16 +02:00
yosoyubik
dbac58827e spider: clean up remote scries on thread-done 2023-04-03 09:40:56 +02:00
yosoyubik
6c06fa16fa spider: support tracking/canceling scry requests
(%spider only tracks scry requests started by the -keen thread)
2023-04-03 09:18:51 +02:00
yosoyubik
d406344081 lull, ames: add %wham to cancel all scry requests
(we might want to add permissioning to restrict who can send %whams)
2023-04-01 09:20:49 +02:00
yosoyubik
55dffb59e7 ames: add all=? flag to fine %yawn task
if all=& in |yawn, it will delete all listeners ducts,
without notifying them about it, which seems bad,
so we migh adress that separatedly.

Also, it might be cleaner to have a separate task instead of
a flag, to have two paths for "remove me" and "remove all",
this way there won't be an option for a listener to remove all
others, and that will have to be handled explicitly.
2023-03-31 15:45:51 +02:00
yosoyubik
8387a28bd2 ames: use %$ to handle /pine pleas
Sending a %pine plea to an old publisher will result in
a crash because it:
- (pre remote-scry) handles only %cork pleas with %$ as the vane
- (pre GRQF) it doesn't handle %$ as the recipient vane
2023-03-31 11:37:05 +02:00
yosoyubik
8e54f7fcc3 ames: fix parsing fine timer wire 2023-03-28 13:40:10 +02:00
yosoyubik
f34e472bdd ames: fix faulty +abed, one more time 2023-03-28 12:35:23 +02:00
yosoyubik
c9124e9fd0 ames: fix faulty bunted state in +abed 2023-03-25 16:58:03 +01:00
yosoyubik
140e5d2b5f ames: reorder |keen arms 2023-03-24 13:59:29 +01:00
yosoyubik
3269192b29 ames: remove mu/mi-trace 2023-03-24 12:44:20 +01:00
yosoyubik
ce02fecc41 ames: use +abed properly for |mi and |mu 2023-03-24 12:14:31 +01:00
~wicrum-wicrun
d76057cac7 ames: handle remote scry requests for gall data 2023-03-23 18:51:19 +01:00
yosoyubik
439184fa7c ames: add +abed arms to peer-core 2023-03-23 12:54:22 +01:00