Project

General

Profile

Actions

Bug #2063

closed

CommandValidator uses deprecated CommandInterestValidator

Added by Junxiao Shi about 10 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Management
Target version:
Start date:
10/13/2014
Due date:
% Done:

100%

Estimated time:
6.00 h

Description

nfd::CommandValidator uses deprecated ndn::util::CommandInterestValidator.
This usage shall be replaced with a suitable non-deprecated subclass of Validator.

In addition, test cases should use KeyChain::sign instead of CommandInterestGenerator.


Files

dispatcher.graffle (5.88 KB) dispatcher.graffle Yanbiao Li, 10/19/2016 01:58 PM

Related issues 7 (1 open6 closed)

Related to NFD - Bug #3639: FATAL authorization rejected when default key is ECDSAClosed06/02/2016

Actions
Blocked by ndn-cxx - Feature #2065: ValidatorRegex: verify signed InterestAbandonedYingdi Yu

Actions
Blocked by ndn-cxx - Feature #2124: Validator: make Face optionalClosedYingdi Yu

Actions
Blocked by ndn-cxx - Feature #2376: CommandInterestValidatorClosedJunxiao Shi

Actions
Blocks NFD - Feature #2856: Confine registered prefix within identityNew

Actions
Blocked by ndn-cxx - Bug #3723: Validator::verifySignature(const Interest&, const PublicKey&) throws if Signature TLV is invalidClosedJunxiao Shi08/07/2016

Actions
Blocks NFD - Bug #3821: CommandAuthenticator denial-of-serviceClosed

Actions
Actions #1

Updated by Junxiao Shi about 10 years ago

  • Blocks Task #2008: Delete deprecated Command Interest functions added
Actions #2

Updated by Anonymous about 10 years ago

Glancing through the code, it seems that this is a major change on NFD's side. Correct me if I'm wrong, but I think this requires completely changing the authorizations section of the configuration file and re-writing how NFD validates things.

NFD's CommandValidator currently handles the authorizations section parsing and interacts with the (deprecated) CommandInterestValidator through a simple addInterestRule API that allows it to associate privileges with identities. However, ValidatorConfig provides no such API and only supports loading what appears to be be a full configuration file at a time.

We might also lose the ability to detect invalid config file privileges. Currently managers use CommandValidator::addSupportedPrivilege to inform the CommandValidator::onConfig of what strings are valid privileges.

My thinking is:

  1. re-write authorizations section as something ValidatorConfig expects (not sure of what this means at the moment)
  2. Removing parsing code from CommandValidator::onConfig in favor of invoking `Validator::load
  3. Various re-workings/cleanup (this probably touches a lot)

Is this an accurate assessment?

Actions #3

Updated by Alex Afanasyev about 10 years ago

I will be against using ValidatorConfig for validation of fib, faces, and strategy-choice (unless somebody can prove that it is needed).

However, there is another method that doesn't require CommandValidator. Yingdi can correct me, but I believe ValidatorRegex may have exactly the same functionality. If not, then we simply would keep CommandValidator, but we'll need to rename it to something like "ValidatorSimple" or something.

Actions #4

Updated by Junxiao Shi about 10 years ago

  • Description updated (diff)

ValidatorConfig is recommended in CommandInterestValidator as the replacement, but it's unsuitable for NFD Management because it depends on ndn::Face which is unavailable.

Actions #5

Updated by Junxiao Shi about 10 years ago

  • Blocked by Feature #2065: ValidatorRegex: verify signed Interest added
Actions #6

Updated by Junxiao Shi about 10 years ago

Actions #7

Updated by Junxiao Shi over 9 years ago

Actions #8

Updated by Alex Afanasyev almost 9 years ago

  • Target version changed from v0.3 to v0.4
Actions #9

Updated by Alex Afanasyev almost 9 years ago

  • Target version changed from v0.4 to v0.5
Actions #10

Updated by Junxiao Shi over 8 years ago

  • Blocks Feature #2856: Confine registered prefix within identity added
Actions #11

Updated by Junxiao Shi over 8 years ago

  • Status changed from New to In Progress
  • Assignee set to Junxiao Shi
Actions #12

Updated by Junxiao Shi over 8 years ago

My idea is:

Relive ndn::security::CommandInterestValidator from https://gerrit.named-data.net/2035, but as a subclass of Validator.

Similar to nfd::tools::nfd_status::NfdIdCollector, it would be a Validator that chains up to an inner validator.
It delegates trust model validation to the inner validator, but checks the uniqueness and sequence of timestamps.

Unlike abandoned Change 2035, ndn::security::CommandInterestValidator is not restricted to use with ValidatorConfig, and ValidatorConfig will not be weakened.

Then, nfd::CommandValidator class is replaced with an CommandAuthenticator class.
This class will not have Validator API. Instead, it has a method to return a ndn::mgmt::Authorization function for each ControlCommand which does the following:

  1. Based on management module and command verb, find out what signing certificates are allowed.
  2. Check whether the Interest is signed by one of these certificates. If not, reject.
  3. Pass the Interest to the ndn::security::CommandInterestValidator (shared among all ndn::mgmt::Authorization functions). If timestamp is bad, reject.
  4. Finally, verify the signature with Validator::verifySignature static method.

The benefit of this design is that it takes advantage of the management module and command verb information that is already known from the ndn::mgmt::Dispatcher, because every Dispatcher::addControlCommand can have a distinct ndn::mgmt::Authorization callback, so that those information can kept with std::bind.

The inner validator when constructing ndn::security::CommandInterestValidator is simply a ValidatorNull.

Actions #13

Updated by Junxiao Shi over 8 years ago

  • Description updated (diff)

At 20160721 call Alex agrees with note-12 idea.

ndn::security::CommandInterestValidator might need a better name.

Actions #14

Updated by Junxiao Shi over 8 years ago

  • Related to Bug #3639: FATAL authorization rejected when default key is ECDSA added
Actions #15

Updated by Junxiao Shi over 8 years ago

  • % Done changed from 0 to 20
  • Estimated time changed from 3.00 h to 6.00 h

https://gerrit.named-data.net/3033 patchset1 has CommandAuthenticator class.
I'll add test cases in the next patchset.

Then, I'll create a second commit to use CommandAuthenticator in managers, and a third commit to delete CommandValidator.

Actions #16

Updated by Junxiao Shi over 8 years ago

  • % Done changed from 20 to 40

https://gerrit.named-data.net/3033 patchset2 adds test cases for CommandAuthenticator.

Actions #17

Updated by Junxiao Shi over 8 years ago

  • Blocked by Bug #3723: Validator::verifySignature(const Interest&, const PublicKey&) throws if Signature TLV is invalid added
Actions #18

Updated by Junxiao Shi over 8 years ago

  • % Done changed from 40 to 50

https://gerrit.named-data.net/3110 changes ManagerBase::authorize pure virtual function to ManagerBase::makeAuthorization, so that NfdManagerBase::makeAuthorization can later be changed to invoke CommandAuthenticator::makeAuthorization.

Actions #19

Updated by Junxiao Shi over 8 years ago

  • % Done changed from 50 to 80

https://gerrit.named-data.net/3116 changes NfdManagerBase::makeAuthorization to use CommandAuthenticator.

Actions #20

Updated by Junxiao Shi over 8 years ago

  • Status changed from In Progress to Code review
  • % Done changed from 80 to 100

https://gerrit.named-data.net/3119 deletes CommandValidator and completes this issue.

Actions #21

Updated by Junxiao Shi over 8 years ago

  • Status changed from Code review to Closed
Actions #22

Updated by Junxiao Shi about 8 years ago

  • Status changed from Closed to Feedback

I also need to update NFD devguide.

Actions #23

Updated by Junxiao Shi about 8 years ago

  • Blocks deleted (Task #2008: Delete deprecated Command Interest functions)
Actions #24

Updated by Junxiao Shi about 8 years ago

  • Blocks Bug #3821: CommandAuthenticator denial-of-service added
Actions #25

Updated by Junxiao Shi about 8 years ago

  • Status changed from Feedback to Resolved

nfd-docs:commit:8a24cf224ea527739e1e9157670049ff50b2c0a7 replaces Command Validator section with Command Authenticator section.

There's a typo in mgmt-manager-dispatch.pdf, and I'm waiting for Yanbiao to upload the source file so I can change it.

Actions #27

Updated by Junxiao Shi about 8 years ago

  • Status changed from Resolved to Closed

Unfortunately I do not have proper software to open dispatcher.graffle, so I'll keep the figure as is. The file is checked into the repository.

Actions #28

Updated by Alex Afanasyev about 8 years ago

Can you mention what is the typo, so I can fix it?

Actions #29

Updated by Junxiao Shi about 8 years ago

what is the typo?

Authorzation => Authorization
ParametersValidate => ValidateParameters
StatusDataset should not have Authorization, or it cannot reject

Actions

Also available in: Atom PDF