Example #1
0
func RunSyncer(s Syncer, uid keybase1.UID, loggedIn bool, sr SessionReader) (err error) {
	if uid.IsNil() {
		return NotFoundError{"No UID given to syncer"}
	}

	// unnecessary for secret syncer, but possibly useful for tracker syncer.
	s.Lock()
	defer s.Unlock()

	s.G().Log.Debug("+ Syncer.Load(%s)", uid)
	defer func() {
		s.G().Log.Debug("- Syncer.Load(%s) -> %s", uid, ErrToOk(err))
	}()

	if err = s.loadFromStorage(uid); err != nil {
		return
	}
	if s.needsLogin() && !loggedIn {
		s.G().Log.Debug("| Won't sync with server since we're not logged in")
		return
	}
	if err = s.syncFromServer(uid, sr); err != nil {
		return
	}
	if err = s.store(uid); err != nil {
		return
	}

	return
}
Example #2
0
func (m localUserMap) getLocalUser(uid keybase1.UID) (LocalUser, error) {
	user, ok := m[uid]
	if !ok {
		return LocalUser{}, NoSuchUserError{uid.String()}
	}
	return user, nil
}
Example #3
0
// CheckUIDAgainstCasedUsername takes the input string, does not convert toLower,
// and then hashes it to recover a UID. This is a workaround for some
// users whose UIDs were computed incorrectly.
func CheckUIDAgainstCasedUsername(uid keybase1.UID, username string) (err error) {
	u2 := UsernameToUIDPreserveCase(username)
	if uid.NotEqual(u2) {
		err = UIDMismatchError{fmt.Sprintf("%s != %s (via %s)", uid, u2, username)}
	}
	return
}
Example #4
0
func getUserCard(g *libkb.GlobalContext, uid keybase1.UID, useSession bool) (ret *keybase1.UserCard, err error) {
	defer g.Trace("getUserCard", func() error { return err })()

	arg := libkb.APIArg{
		Endpoint:     "user/card",
		NeedSession:  useSession,
		Contextified: libkb.NewContextified(g),
		Args:         libkb.HTTPArgs{"uid": libkb.S{Val: uid.String()}},
	}

	var card card

	if err = g.API.GetDecode(arg, &card); err != nil {
		g.Log.Warning("error getting user/card for %s: %s\n", uid, err)
		return nil, err
	}

	g.Log.Debug("user card: %+v", card)

	ret = &keybase1.UserCard{
		Following:     card.FollowSummary.Following,
		Followers:     card.FollowSummary.Followers,
		Uid:           uid,
		FullName:      card.Profile.FullName,
		Location:      card.Profile.Location,
		Bio:           card.Profile.Bio,
		Website:       card.Profile.Website,
		Twitter:       card.Profile.Twitter,
		YouFollowThem: card.YouFollowThem,
		TheyFollowYou: card.TheyFollowYou,
	}
	return ret, nil
}
Example #5
0
func LoadUserPlusKeys(g *GlobalContext, uid keybase1.UID, cacheOK bool) (keybase1.UserPlusKeys, error) {
	var up keybase1.UserPlusKeys
	if uid.IsNil() {
		return up, fmt.Errorf("Nil UID")
	}

	arg := NewLoadUserArg(g)
	arg.UID = uid
	arg.PublicKeyOptional = true
	u, err := LoadUser(arg)
	if err != nil {
		return up, err
	}
	if u == nil {
		return up, fmt.Errorf("Nil user, nil error from LoadUser")
	}

	// export user to UserPlusKeys
	up.Uid = u.GetUID()
	up.Username = u.GetNormalizedName().String()
	if u.GetComputedKeyFamily() != nil {
		up.DeviceKeys = u.GetComputedKeyFamily().ExportDeviceKeys()
	}

	return up, nil
}
func (e *SaltpackSenderIdentify) identifySender(ctx *Context) (err error) {
	defer e.G().Trace("SaltpackDecrypt::identifySender", func() error { return err })()

	var lin bool
	var uid keybase1.UID
	if lin, uid, err = IsLoggedIn(e, ctx); err == nil && lin && uid.Equal(e.res.Uid) {
		e.G().Log.Debug("| Sender is self")
		e.res.SenderType = keybase1.SaltpackSenderType_SELF
		return nil
	}

	iarg := keybase1.Identify2Arg{
		Uid:                   e.res.Uid,
		UseDelegateUI:         !e.arg.interactive,
		AlwaysBlock:           e.arg.interactive,
		ForceRemoteCheck:      e.arg.forceRemoteCheck,
		NoErrorOnTrackFailure: true,
		Reason:                e.arg.reason,
		UserAssertion:         e.arg.userAssertion,
	}
	eng := NewIdentify2WithUID(e.G(), &iarg)
	if err = RunEngine(eng, ctx); err != nil {
		return err
	}
	switch eng.getTrackType() {
	case identify2NoTrack:
		e.res.SenderType = keybase1.SaltpackSenderType_NOT_TRACKED
	case identify2TrackOK:
		e.res.SenderType = keybase1.SaltpackSenderType_TRACKING_OK
	default:
		e.res.SenderType = keybase1.SaltpackSenderType_TRACKING_BROKE
	}
	return nil
}
Example #7
0
// NewRekeyPermissionError constructs a RekeyPermissionError for the given
// directory and user.
func NewRekeyPermissionError(ctx context.Context, config Config, dir *TlfHandle,
	uid keybase1.UID) error {
	dirname := dir.ToString(ctx, config)
	if name, err2 := config.KBPKI().GetNormalizedUsername(ctx, uid); err2 == nil {
		return RekeyPermissionError{string(name), dirname}
	}
	return RekeyPermissionError{uid.String(), dirname}
}
Example #8
0
func (g *GlobalContext) GetMyUID() keybase1.UID {
	var uid keybase1.UID

	g.LoginState().LocalSession(func(s *Session) {
		uid = s.GetUID()
	}, "G - GetMyUID - GetUID")
	if uid.Exists() {
		return uid
	}

	return g.Env.GetUID()
}
Example #9
0
func (mul *MerkleUserLeaf) MatchUser(u *User, uid keybase1.UID, nun NormalizedUsername) (err error) {
	if mul.username != u.GetName() {
		err = MerkleClashError{fmt.Sprintf("vs loaded object: username %s != %s", mul.username, u.GetName())}
	} else if mul.uid.NotEqual(u.GetUID()) {
		err = MerkleClientError{fmt.Sprintf("vs loaded object: UID %s != %s", mul.uid, u.GetUID())}
	} else if !nun.IsNil() && !NewNormalizedUsername(mul.username).Eq(nun) {
		err = MerkleClashError{fmt.Sprintf("vs given arg: username %s != %s", mul.username, nun)}
	} else if uid.NotEqual(mul.uid) {
		err = MerkleClashError{fmt.Sprintf("vs given arg: UID %s != %s", uid, mul.uid)}
	}
	return
}
Example #10
0
func (mul *MerkleUserLeaf) MatchUser(u *User, uid keybase1.UID, un string) (err error) {
	if mul.username != u.GetName() {
		err = MerkleClashError{fmt.Sprintf("vs loaded object: username %s != %s", mul.username, u.GetName())}
	} else if mul.uid.NotEqual(u.GetUID()) {
		err = MerkleClientError{fmt.Sprintf("vs loaded object: UID %s != %s", mul.uid, u.GetUID())}
	} else if len(un) > 0 && mul.username != un {
		err = MerkleClashError{fmt.Sprintf("vs given arg: username %s != %s", mul.username, un)}
	} else if uid.NotEqual(mul.uid) {
		err = MerkleClashError{fmt.Sprintf("vs given arg: UID %s != %s", uid, mul.uid)}
	}
	return
}
Example #11
0
// GetTLFCryptKeyServerHalfID implements the Crypto interface for CryptoCommon.
func (c *CryptoCommon) GetTLFCryptKeyServerHalfID(
	user keybase1.UID, deviceKID keybase1.KID,
	serverHalf TLFCryptKeyServerHalf) (TLFCryptKeyServerHalfID, error) {
	key := serverHalf.data[:]
	data := append(user.ToBytes(), deviceKID.ToBytes()...)
	hmac, err := DefaultHMAC(key, data)
	if err != nil {
		return TLFCryptKeyServerHalfID{}, err
	}
	return TLFCryptKeyServerHalfID{
		ID: hmac,
	}, nil
}
Example #12
0
func lookupMerkleLeaf(g *GlobalContext, uid keybase1.UID, local *User) (f *MerkleUserLeaf, err error) {
	if uid.IsNil() {
		err = fmt.Errorf("uid parameter for lookupMerkleLeaf empty")
		return
	}
	q := NewHTTPArgs()
	q.Add("uid", UIDArg(uid))

	f, err = g.MerkleClient.LookupUser(q)
	if err == nil && f == nil && local != nil {
		err = fmt.Errorf("User not found in server Merkle tree")
	}
	return
}
Example #13
0
func NewUserConfig(id keybase1.UID, name NormalizedUsername, salt []byte, dev keybase1.DeviceID) *UserConfig {
	ret := &UserConfig{
		ID:               id.String(),
		Name:             name,
		Salt:             hex.EncodeToString(salt),
		Device:           nil,
		importedID:       id,
		importedSalt:     salt,
		importedDeviceID: dev,
	}
	if dev.Exists() {
		tmp := dev.String()
		ret.Device = &tmp
	}
	return ret
}
Example #14
0
func LoadUserPlusKeys(g *GlobalContext, uid keybase1.UID, cacheOK bool) (keybase1.UserPlusKeys, error) {
	var up keybase1.UserPlusKeys
	if uid.IsNil() {
		return up, fmt.Errorf("Nil UID")
	}

	if cacheOK {
		up, err := g.UserCache.Get(uid)
		if err == nil {
			return *up, nil
		}
		if err != nil {
			// not going to bail on cache error, just log it:
			if _, ok := err.(NotFoundError); !ok {
				g.Log.Debug("UserCache Get error: %s", err)
			}
		}
	}

	arg := NewLoadUserArg(g)
	arg.UID = uid
	arg.PublicKeyOptional = true
	u, err := LoadUser(arg)
	if err != nil {
		return up, err
	}
	if u == nil {
		return up, fmt.Errorf("Nil user, nil error from LoadUser")
	}

	// export user to UserPlusKeys
	up.Uid = u.GetUID()
	up.Username = u.GetNormalizedName().String()
	if u.GetComputedKeyFamily() != nil {
		up.DeviceKeys = u.GetComputedKeyFamily().ExportDeviceKeys()
	}

	err = g.UserCache.Insert(&up)
	if err != nil {
		g.Log.Debug("UserCache Set error: %s", err)
	}

	return up, nil
}
Example #15
0
func (u *userKeyAPI) GetUser(ctx context.Context, uid keybase1.UID) (
	un libkb.NormalizedUsername, sibkeys, subkeys []keybase1.KID, err error) {
	u.log.Debug("+ GetUser")
	defer func() {
		u.log.Debug("- GetUser -> %v", err)
	}()
	var ukr userKeyRes
	err = u.api.GetDecode(libkb.APIArg{
		Endpoint: "user/keys",
		Args: libkb.HTTPArgs{
			"uid": libkb.S{Val: uid.String()},
		},
	}, &ukr)
	if err != nil {
		return "", nil, nil, err
	}
	un = libkb.NewNormalizedUsername(ukr.Username)
	return un, ukr.PublicKeys.Sibkeys, ukr.PublicKeys.Subkeys, nil
}
Example #16
0
func LoadUserPlusKeys(g *GlobalContext, uid keybase1.UID) (keybase1.UserPlusKeys, error) {
	var up keybase1.UserPlusKeys
	if uid.IsNil() {
		return up, fmt.Errorf("Nil UID")
	}

	arg := NewLoadUserArg(g)
	arg.UID = uid
	arg.PublicKeyOptional = true
	u, err := LoadUser(arg)
	if err != nil {
		return up, err
	}
	if u == nil {
		return up, fmt.Errorf("Nil user, nil error from LoadUser")
	}

	return u.ExportToUserPlusKeys(keybase1.Time(0)), nil
}
Example #17
0
func (g *gregorHandler) auth(ctx context.Context, cli rpc.GenericClient) (err error) {
	var token string
	var uid keybase1.UID

	// Check to see if we have been shutdown,
	select {
	case <-g.shutdownCh:
		g.Debug("server is dead, not authenticating")
		return errors.New("server is dead, not authenticating")
	default:
		// if we were going to block, then that means we are still alive
	}

	// Continue on and authenticate
	aerr := g.G().LoginState().LocalSession(func(s *libkb.Session) {
		token = s.GetToken()
		uid = s.GetUID()
	}, "gregor handler - login session")
	if aerr != nil {
		g.skipRetryConnect = true
		return aerr
	}
	g.Debug("have session token")

	g.Debug("authenticating")
	ac := gregor1.AuthClient{Cli: cli}
	auth, err := ac.AuthenticateSessionToken(ctx, gregor1.SessionToken(token))
	if err != nil {
		g.Debug("auth error: %s", err)
		return err
	}

	g.Debug("auth result: %+v", auth)
	if !bytes.Equal(auth.Uid, uid.ToBytes()) {
		g.skipRetryConnect = true
		return fmt.Errorf("auth result uid %x doesn't match session uid %q", auth.Uid, uid)
	}
	g.sessionID = auth.Sid

	return nil
}
Example #18
0
func (idt *IdentityTable) TrackChainLinkFor(username string, uid keybase1.UID) (*TrackChainLink, error) {
	list, found := idt.tracks[username]
	if !found {
		return nil, nil
	}
	for i := len(list) - 1; i >= 0; i-- {
		link := list[i]
		if link.IsRevoked() {
			// noop; continue on!
			continue
		}
		uid2, err := link.GetTrackedUID()
		if err != nil {
			return nil, fmt.Errorf("Bad tracking statement for %s: %s", username, err)
		}
		if uid.NotEqual(uid2) {
			return nil, fmt.Errorf("Bad UID in tracking statement for %s: %s != %s", username, uid, uid2)
		}
		return link, nil
	}
	return nil, nil
}
Example #19
0
func DbKeyUID(t ObjType, uid keybase1.UID) DbKey {
	return DbKey{Typ: t, Key: uid.String()}
}
Example #20
0
func (e *UntrackEngine) loadThem() (them *libkb.User, remoteLink, localLink *libkb.TrackChainLink, err error) {
	var rLink *libkb.TrackChainLink
	trackMap := e.arg.Me.IDTable().GetTrackMap()
	if links, ok := trackMap[e.arg.Username]; ok && (len(links) > 0) {
		rLink = links[len(links)-1]
	}

	var uid keybase1.UID
	uidTrusted := false
	if rLink != nil {
		if uid, err = rLink.GetTrackedUID(); err != nil {
			return
		}
		uidTrusted = true
	}

	if uid.IsNil() {
		res := libkb.ResolveUID(e.arg.Username)
		if err = res.GetError(); err != nil {
			return
		}

		// This is an untrusted uid.
		uid = res.GetUID()
		if uid.IsNil() {
			err = libkb.NewUntrackError("Could not resolve uid for @%s", e.arg.Username)
			return
		}
	}

	lLink, err := libkb.LocalTrackChainLinkFor(e.arg.Me.GetUID(), uid, e.G())
	if err != nil {
		return
	}

	if rLink == nil && lLink == nil {
		err = libkb.NewUntrackError("You are not tracking %s", e.arg.Username)
		return
	}

	if !uidTrusted {
		if lLink == nil {
			err = libkb.NewUntrackError("Could not verify resolved uid for @%s", e.arg.Username)
			return
		}

		var trackedUsername string
		trackedUsername, err = lLink.GetTrackedUsername()
		if err != nil {
			return
		}

		if e.arg.Username != trackedUsername {
			err = libkb.NewUntrackError("Username mismatch: expected @%s, got @%s", e.arg.Username, trackedUsername)
			return
		}

		uidTrusted = true
	}

	them = libkb.NewUserThin(e.arg.Username, uid)
	remoteLink = rLink
	localLink = lLink
	return
}
Example #21
0
func UIDWrapper(uid keybase1.UID) *jsonw.Wrapper {
	return jsonw.NewString(uid.String())
}
Example #22
0
func UIDArg(uid keybase1.UID) HTTPValue {
	return S{Val: uid.String()}
}
Example #23
0
func (sc *SigChain) LoadFromServer(t *MerkleTriple, selfUID keybase1.UID) (dirtyTail *MerkleTriple, err error) {
	low := sc.GetLastLoadedSeqno()
	sc.loadedFromLinkOne = (low == Seqno(0) || low == Seqno(-1))

	sc.G().Log.Debug("+ Load SigChain from server (uid=%s, low=%d)", sc.uid, low)
	defer func() { sc.G().Log.Debug("- Loaded SigChain -> %s", ErrToOk(err)) }()

	res, err := G.API.Get(APIArg{
		Endpoint:    "sig/get",
		NeedSession: false,
		Args: HTTPArgs{
			"uid": UIDArg(sc.uid),
			"low": I{int(low)},
		},
	})

	if err != nil {
		return
	}

	v := res.Body.AtKey("sigs")
	var lim int
	if lim, err = v.Len(); err != nil {
		return
	}

	foundTail := false

	sc.G().Log.Debug("| Got back %d new entries", lim)

	var links []*ChainLink
	var tail *ChainLink

	for i := 0; i < lim; i++ {
		var link *ChainLink
		if link, err = ImportLinkFromServer(sc.G(), sc, v.AtIndex(i), selfUID); err != nil {
			return
		}
		if link.GetSeqno() <= low {
			continue
		}
		if selfUID.Equal(link.GetUID()) {
			sc.G().Log.Debug("| Setting isOwnNewLinkFromServer=true for seqno %d", link.GetSeqno())
			link.isOwnNewLinkFromServer = true
		}
		links = append(links, link)
		if !foundTail && t != nil {
			if foundTail, err = link.checkAgainstMerkleTree(t); err != nil {
				return
			}
		}
		tail = link
	}

	if t != nil && !foundTail {
		err = NewServerChainError("Failed to reach (%s, %d) in server response",
			t.LinkID, int(t.Seqno))
		return
	}

	if tail != nil {
		dirtyTail = tail.ToMerkleTriple()

		// If we've stored a `last` and it's less than the one
		// we just loaded, then nuke it.
		if sc.localChainTail != nil && sc.localChainTail.Less(*dirtyTail) {
			sc.G().Log.Debug("| Clear cached last (%d < %d)", sc.localChainTail.Seqno, dirtyTail.Seqno)
			sc.localChainTail = nil
			sc.localCki = nil
		}
	}

	sc.chainLinks = append(sc.chainLinks, links...)
	return
}
Example #24
0
// VerifyTLFCryptKeyServerHalfID implements the Crypto interface for CryptoCommon.
func (c *CryptoCommon) VerifyTLFCryptKeyServerHalfID(serverHalfID TLFCryptKeyServerHalfID,
	user keybase1.UID, deviceKID keybase1.KID, serverHalf TLFCryptKeyServerHalf) error {
	key := serverHalf.data[:]
	data := append(user.ToBytes(), deviceKID.ToBytes()...)
	return serverHalfID.ID.Verify(key, data)
}