func RunSyncer(s Syncer, uid keybase1.UID, loggedIn bool, sr SessionReader) (err error) {
if uid.IsNil() {
return NotFoundError{"No UID given to syncer"}
}
// unnecessary for secret syncer, but possibly useful for tracker syncer.
s.Lock()
defer s.Unlock()
s.G().Log.Debug("+ Syncer.Load(%s)", uid)
defer func() {
s.G().Log.Debug("- Syncer.Load(%s) -> %s", uid, ErrToOk(err))
}()
if err = s.loadFromStorage(uid); err != nil {
return
}
if s.needsLogin() && !loggedIn {
s.G().Log.Debug("| Won't sync with server since we're not logged in")
return
}
if err = s.syncFromServer(uid, sr); err != nil {
return
}
if err = s.store(uid); err != nil {
return
}
return
}
func (m localUserMap) getLocalUser(uid keybase1.UID) (LocalUser, error) {
user, ok := m[uid]
if !ok {
return LocalUser{}, NoSuchUserError{uid.String()}
}
return user, nil
}
// CheckUIDAgainstCasedUsername takes the input string, does not convert toLower,
// and then hashes it to recover a UID. This is a workaround for some
// users whose UIDs were computed incorrectly.
func CheckUIDAgainstCasedUsername(uid keybase1.UID, username string) (err error) {
u2 := UsernameToUIDPreserveCase(username)
if uid.NotEqual(u2) {
err = UIDMismatchError{fmt.Sprintf("%s != %s (via %s)", uid, u2, username)}
}
return
}
func getUserCard(g *libkb.GlobalContext, uid keybase1.UID, useSession bool) (ret *keybase1.UserCard, err error) {
defer g.Trace("getUserCard", func() error { return err })()
arg := libkb.APIArg{
Endpoint: "user/card",
NeedSession: useSession,
Contextified: libkb.NewContextified(g),
Args: libkb.HTTPArgs{"uid": libkb.S{Val: uid.String()}},
}
var card card
if err = g.API.GetDecode(arg, &card); err != nil {
g.Log.Warning("error getting user/card for %s: %s\n", uid, err)
return nil, err
}
g.Log.Debug("user card: %+v", card)
ret = &keybase1.UserCard{
Following: card.FollowSummary.Following,
Followers: card.FollowSummary.Followers,
Uid: uid,
FullName: card.Profile.FullName,
Location: card.Profile.Location,
Bio: card.Profile.Bio,
Website: card.Profile.Website,
Twitter: card.Profile.Twitter,
YouFollowThem: card.YouFollowThem,
TheyFollowYou: card.TheyFollowYou,
}
return ret, nil
}
func LoadUserPlusKeys(g *GlobalContext, uid keybase1.UID, cacheOK bool) (keybase1.UserPlusKeys, error) {
var up keybase1.UserPlusKeys
if uid.IsNil() {
return up, fmt.Errorf("Nil UID")
}
arg := NewLoadUserArg(g)
arg.UID = uid
arg.PublicKeyOptional = true
u, err := LoadUser(arg)
if err != nil {
return up, err
}
if u == nil {
return up, fmt.Errorf("Nil user, nil error from LoadUser")
}
// export user to UserPlusKeys
up.Uid = u.GetUID()
up.Username = u.GetNormalizedName().String()
if u.GetComputedKeyFamily() != nil {
up.DeviceKeys = u.GetComputedKeyFamily().ExportDeviceKeys()
}
return up, nil
}
func (e *SaltpackSenderIdentify) identifySender(ctx *Context) (err error) {
defer e.G().Trace("SaltpackDecrypt::identifySender", func() error { return err })()
var lin bool
var uid keybase1.UID
if lin, uid, err = IsLoggedIn(e, ctx); err == nil && lin && uid.Equal(e.res.Uid) {
e.G().Log.Debug("| Sender is self")
e.res.SenderType = keybase1.SaltpackSenderType_SELF
return nil
}
iarg := keybase1.Identify2Arg{
Uid: e.res.Uid,
UseDelegateUI: !e.arg.interactive,
AlwaysBlock: e.arg.interactive,
ForceRemoteCheck: e.arg.forceRemoteCheck,
NoErrorOnTrackFailure: true,
Reason: e.arg.reason,
UserAssertion: e.arg.userAssertion,
}
eng := NewIdentify2WithUID(e.G(), &iarg)
if err = RunEngine(eng, ctx); err != nil {
return err
}
switch eng.getTrackType() {
case identify2NoTrack:
e.res.SenderType = keybase1.SaltpackSenderType_NOT_TRACKED
case identify2TrackOK:
e.res.SenderType = keybase1.SaltpackSenderType_TRACKING_OK
default:
e.res.SenderType = keybase1.SaltpackSenderType_TRACKING_BROKE
}
return nil
}
// NewRekeyPermissionError constructs a RekeyPermissionError for the given
// directory and user.
func NewRekeyPermissionError(ctx context.Context, config Config, dir *TlfHandle,
uid keybase1.UID) error {
dirname := dir.ToString(ctx, config)
if name, err2 := config.KBPKI().GetNormalizedUsername(ctx, uid); err2 == nil {
return RekeyPermissionError{string(name), dirname}
}
return RekeyPermissionError{uid.String(), dirname}
}
func (g *GlobalContext) GetMyUID() keybase1.UID {
var uid keybase1.UID
g.LoginState().LocalSession(func(s *Session) {
uid = s.GetUID()
}, "G - GetMyUID - GetUID")
if uid.Exists() {
return uid
}
return g.Env.GetUID()
}
func (mul *MerkleUserLeaf) MatchUser(u *User, uid keybase1.UID, nun NormalizedUsername) (err error) {
if mul.username != u.GetName() {
err = MerkleClashError{fmt.Sprintf("vs loaded object: username %s != %s", mul.username, u.GetName())}
} else if mul.uid.NotEqual(u.GetUID()) {
err = MerkleClientError{fmt.Sprintf("vs loaded object: UID %s != %s", mul.uid, u.GetUID())}
} else if !nun.IsNil() && !NewNormalizedUsername(mul.username).Eq(nun) {
err = MerkleClashError{fmt.Sprintf("vs given arg: username %s != %s", mul.username, nun)}
} else if uid.NotEqual(mul.uid) {
err = MerkleClashError{fmt.Sprintf("vs given arg: UID %s != %s", uid, mul.uid)}
}
return
}
func (mul *MerkleUserLeaf) MatchUser(u *User, uid keybase1.UID, un string) (err error) {
if mul.username != u.GetName() {
err = MerkleClashError{fmt.Sprintf("vs loaded object: username %s != %s", mul.username, u.GetName())}
} else if mul.uid.NotEqual(u.GetUID()) {
err = MerkleClientError{fmt.Sprintf("vs loaded object: UID %s != %s", mul.uid, u.GetUID())}
} else if len(un) > 0 && mul.username != un {
err = MerkleClashError{fmt.Sprintf("vs given arg: username %s != %s", mul.username, un)}
} else if uid.NotEqual(mul.uid) {
err = MerkleClashError{fmt.Sprintf("vs given arg: UID %s != %s", uid, mul.uid)}
}
return
}
// GetTLFCryptKeyServerHalfID implements the Crypto interface for CryptoCommon.
func (c *CryptoCommon) GetTLFCryptKeyServerHalfID(
user keybase1.UID, deviceKID keybase1.KID,
serverHalf TLFCryptKeyServerHalf) (TLFCryptKeyServerHalfID, error) {
key := serverHalf.data[:]
data := append(user.ToBytes(), deviceKID.ToBytes()...)
hmac, err := DefaultHMAC(key, data)
if err != nil {
return TLFCryptKeyServerHalfID{}, err
}
return TLFCryptKeyServerHalfID{
ID: hmac,
}, nil
}
func lookupMerkleLeaf(g *GlobalContext, uid keybase1.UID, local *User) (f *MerkleUserLeaf, err error) {
if uid.IsNil() {
err = fmt.Errorf("uid parameter for lookupMerkleLeaf empty")
return
}
q := NewHTTPArgs()
q.Add("uid", UIDArg(uid))
f, err = g.MerkleClient.LookupUser(q)
if err == nil && f == nil && local != nil {
err = fmt.Errorf("User not found in server Merkle tree")
}
return
}
func NewUserConfig(id keybase1.UID, name NormalizedUsername, salt []byte, dev keybase1.DeviceID) *UserConfig {
ret := &UserConfig{
ID: id.String(),
Name: name,
Salt: hex.EncodeToString(salt),
Device: nil,
importedID: id,
importedSalt: salt,
importedDeviceID: dev,
}
if dev.Exists() {
tmp := dev.String()
ret.Device = &tmp
}
return ret
}
func LoadUserPlusKeys(g *GlobalContext, uid keybase1.UID, cacheOK bool) (keybase1.UserPlusKeys, error) {
var up keybase1.UserPlusKeys
if uid.IsNil() {
return up, fmt.Errorf("Nil UID")
}
if cacheOK {
up, err := g.UserCache.Get(uid)
if err == nil {
return *up, nil
}
if err != nil {
// not going to bail on cache error, just log it:
if _, ok := err.(NotFoundError); !ok {
g.Log.Debug("UserCache Get error: %s", err)
}
}
}
arg := NewLoadUserArg(g)
arg.UID = uid
arg.PublicKeyOptional = true
u, err := LoadUser(arg)
if err != nil {
return up, err
}
if u == nil {
return up, fmt.Errorf("Nil user, nil error from LoadUser")
}
// export user to UserPlusKeys
up.Uid = u.GetUID()
up.Username = u.GetNormalizedName().String()
if u.GetComputedKeyFamily() != nil {
up.DeviceKeys = u.GetComputedKeyFamily().ExportDeviceKeys()
}
err = g.UserCache.Insert(&up)
if err != nil {
g.Log.Debug("UserCache Set error: %s", err)
}
return up, nil
}
func (u *userKeyAPI) GetUser(ctx context.Context, uid keybase1.UID) (
un libkb.NormalizedUsername, sibkeys, subkeys []keybase1.KID, err error) {
u.log.Debug("+ GetUser")
defer func() {
u.log.Debug("- GetUser -> %v", err)
}()
var ukr userKeyRes
err = u.api.GetDecode(libkb.APIArg{
Endpoint: "user/keys",
Args: libkb.HTTPArgs{
"uid": libkb.S{Val: uid.String()},
},
}, &ukr)
if err != nil {
return "", nil, nil, err
}
un = libkb.NewNormalizedUsername(ukr.Username)
return un, ukr.PublicKeys.Sibkeys, ukr.PublicKeys.Subkeys, nil
}
func LoadUserPlusKeys(g *GlobalContext, uid keybase1.UID) (keybase1.UserPlusKeys, error) {
var up keybase1.UserPlusKeys
if uid.IsNil() {
return up, fmt.Errorf("Nil UID")
}
arg := NewLoadUserArg(g)
arg.UID = uid
arg.PublicKeyOptional = true
u, err := LoadUser(arg)
if err != nil {
return up, err
}
if u == nil {
return up, fmt.Errorf("Nil user, nil error from LoadUser")
}
return u.ExportToUserPlusKeys(keybase1.Time(0)), nil
}
func (g *gregorHandler) auth(ctx context.Context, cli rpc.GenericClient) (err error) {
var token string
var uid keybase1.UID
// Check to see if we have been shutdown,
select {
case <-g.shutdownCh:
g.Debug("server is dead, not authenticating")
return errors.New("server is dead, not authenticating")
default:
// if we were going to block, then that means we are still alive
}
// Continue on and authenticate
aerr := g.G().LoginState().LocalSession(func(s *libkb.Session) {
token = s.GetToken()
uid = s.GetUID()
}, "gregor handler - login session")
if aerr != nil {
g.skipRetryConnect = true
return aerr
}
g.Debug("have session token")
g.Debug("authenticating")
ac := gregor1.AuthClient{Cli: cli}
auth, err := ac.AuthenticateSessionToken(ctx, gregor1.SessionToken(token))
if err != nil {
g.Debug("auth error: %s", err)
return err
}
g.Debug("auth result: %+v", auth)
if !bytes.Equal(auth.Uid, uid.ToBytes()) {
g.skipRetryConnect = true
return fmt.Errorf("auth result uid %x doesn't match session uid %q", auth.Uid, uid)
}
g.sessionID = auth.Sid
return nil
}
func (idt *IdentityTable) TrackChainLinkFor(username string, uid keybase1.UID) (*TrackChainLink, error) {
list, found := idt.tracks[username]
if !found {
return nil, nil
}
for i := len(list) - 1; i >= 0; i-- {
link := list[i]
if link.IsRevoked() {
// noop; continue on!
continue
}
uid2, err := link.GetTrackedUID()
if err != nil {
return nil, fmt.Errorf("Bad tracking statement for %s: %s", username, err)
}
if uid.NotEqual(uid2) {
return nil, fmt.Errorf("Bad UID in tracking statement for %s: %s != %s", username, uid, uid2)
}
return link, nil
}
return nil, nil
}
func DbKeyUID(t ObjType, uid keybase1.UID) DbKey {
return DbKey{Typ: t, Key: uid.String()}
}
func (e *UntrackEngine) loadThem() (them *libkb.User, remoteLink, localLink *libkb.TrackChainLink, err error) {
var rLink *libkb.TrackChainLink
trackMap := e.arg.Me.IDTable().GetTrackMap()
if links, ok := trackMap[e.arg.Username]; ok && (len(links) > 0) {
rLink = links[len(links)-1]
}
var uid keybase1.UID
uidTrusted := false
if rLink != nil {
if uid, err = rLink.GetTrackedUID(); err != nil {
return
}
uidTrusted = true
}
if uid.IsNil() {
res := libkb.ResolveUID(e.arg.Username)
if err = res.GetError(); err != nil {
return
}
// This is an untrusted uid.
uid = res.GetUID()
if uid.IsNil() {
err = libkb.NewUntrackError("Could not resolve uid for @%s", e.arg.Username)
return
}
}
lLink, err := libkb.LocalTrackChainLinkFor(e.arg.Me.GetUID(), uid, e.G())
if err != nil {
return
}
if rLink == nil && lLink == nil {
err = libkb.NewUntrackError("You are not tracking %s", e.arg.Username)
return
}
if !uidTrusted {
if lLink == nil {
err = libkb.NewUntrackError("Could not verify resolved uid for @%s", e.arg.Username)
return
}
var trackedUsername string
trackedUsername, err = lLink.GetTrackedUsername()
if err != nil {
return
}
if e.arg.Username != trackedUsername {
err = libkb.NewUntrackError("Username mismatch: expected @%s, got @%s", e.arg.Username, trackedUsername)
return
}
uidTrusted = true
}
them = libkb.NewUserThin(e.arg.Username, uid)
remoteLink = rLink
localLink = lLink
return
}
func UIDWrapper(uid keybase1.UID) *jsonw.Wrapper {
return jsonw.NewString(uid.String())
}
func UIDArg(uid keybase1.UID) HTTPValue {
return S{Val: uid.String()}
}
func (sc *SigChain) LoadFromServer(t *MerkleTriple, selfUID keybase1.UID) (dirtyTail *MerkleTriple, err error) {
low := sc.GetLastLoadedSeqno()
sc.loadedFromLinkOne = (low == Seqno(0) || low == Seqno(-1))
sc.G().Log.Debug("+ Load SigChain from server (uid=%s, low=%d)", sc.uid, low)
defer func() { sc.G().Log.Debug("- Loaded SigChain -> %s", ErrToOk(err)) }()
res, err := G.API.Get(APIArg{
Endpoint: "sig/get",
NeedSession: false,
Args: HTTPArgs{
"uid": UIDArg(sc.uid),
"low": I{int(low)},
},
})
if err != nil {
return
}
v := res.Body.AtKey("sigs")
var lim int
if lim, err = v.Len(); err != nil {
return
}
foundTail := false
sc.G().Log.Debug("| Got back %d new entries", lim)
var links []*ChainLink
var tail *ChainLink
for i := 0; i < lim; i++ {
var link *ChainLink
if link, err = ImportLinkFromServer(sc.G(), sc, v.AtIndex(i), selfUID); err != nil {
return
}
if link.GetSeqno() <= low {
continue
}
if selfUID.Equal(link.GetUID()) {
sc.G().Log.Debug("| Setting isOwnNewLinkFromServer=true for seqno %d", link.GetSeqno())
link.isOwnNewLinkFromServer = true
}
links = append(links, link)
if !foundTail && t != nil {
if foundTail, err = link.checkAgainstMerkleTree(t); err != nil {
return
}
}
tail = link
}
if t != nil && !foundTail {
err = NewServerChainError("Failed to reach (%s, %d) in server response",
t.LinkID, int(t.Seqno))
return
}
if tail != nil {
dirtyTail = tail.ToMerkleTriple()
// If we've stored a `last` and it's less than the one
// we just loaded, then nuke it.
if sc.localChainTail != nil && sc.localChainTail.Less(*dirtyTail) {
sc.G().Log.Debug("| Clear cached last (%d < %d)", sc.localChainTail.Seqno, dirtyTail.Seqno)
sc.localChainTail = nil
sc.localCki = nil
}
}
sc.chainLinks = append(sc.chainLinks, links...)
return
}
// VerifyTLFCryptKeyServerHalfID implements the Crypto interface for CryptoCommon.
func (c *CryptoCommon) VerifyTLFCryptKeyServerHalfID(serverHalfID TLFCryptKeyServerHalfID,
user keybase1.UID, deviceKID keybase1.KID, serverHalf TLFCryptKeyServerHalf) error {
key := serverHalf.data[:]
data := append(user.ToBytes(), deviceKID.ToBytes()...)
return serverHalfID.ID.Verify(key, data)
}