[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-grid5k] 02/189: fixes
From: |
gnunet |
Subject: |
[taler-grid5k] 02/189: fixes |
Date: |
Thu, 28 Apr 2022 10:46:12 +0200 |
This is an automated email from the git hooks/post-receive script.
marco-boss pushed a commit to branch master
in repository grid5k.
commit d7ccc0c2ceba1b8a427e9cc8605056887a19c3af
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Thu Feb 17 21:45:42 2022 +0100
fixes
---
experiment/scripts/database.sh | 4 +-
experiment/scripts/run.sh | 5 +-
experiment/scripts/setup.sh | 2 +-
sql/exchange-0001.sql | 143 ++++++++++++++++++++++++++++++++++++++---
4 files changed, 140 insertions(+), 14 deletions(-)
diff --git a/experiment/scripts/database.sh b/experiment/scripts/database.sh
index bb4c5a6..c0f749b 100755
--- a/experiment/scripts/database.sh
+++ b/experiment/scripts/database.sh
@@ -19,7 +19,7 @@ function setup_disks() {
mount /dev/sdb /mnt/sdb || true
if [ ! -L /var/lib/postgresql/${POSTGRES_VERSION}/main/pg_xlog ]; then
rm -rf /mnt/sdb/pg_xlog || true
- mv /var/lib/postgresql/${POSTGRES_VERSION}/main/pg_wal/ /mnt/sdb
+ mv /var/lib/postgresql/${POSTGRES_VERSION}/main/pg_xlog/ /mnt/sdb
ln -s /mnt/sdb/pg_xlog
/var/lib/postgresql/${POSTGRES_VERSION}/main/pg_xlog
chown -R postgres:postgres
/var/lib/postgresql/${POSTGRES_VERSION}/main/pg_xlog
fi
@@ -220,7 +220,7 @@ EOF
case ${1} in
init)
setup_config
- setup_disks
+ #setup_disks
#setup_ram_storage
init_db
setup_pgbouncer
diff --git a/experiment/scripts/run.sh b/experiment/scripts/run.sh
index 0f31bd3..e858ad9 100644
--- a/experiment/scripts/run.sh
+++ b/experiment/scripts/run.sh
@@ -57,13 +57,12 @@ elif [[ "${HOSTNAME}" =~ ${PROXY_HOSTS} ]]; then
elif [[ "${HOSTNAME}" =~ ${DNS_HOSTS} ]]; then
set_host dns
setup_log
-elif [[ "${HOSTNAME}" =~ ${WALLER_HOSTS} ]]; then
+elif [[ "${HOSTNAME}" =~ ${WALLET_HOSTS} ]]; then
set_host wallet
set_ddn "${WALLET_DOMAIN//\*/${HOST}}"
enable_netdelay ${PROXY_DOMAIN}
setup_log
exec ~/scripts/wallet.sh init
- ;;
-
+fi
exit 0
diff --git a/experiment/scripts/setup.sh b/experiment/scripts/setup.sh
index 3bd76c2..826ce50 100644
--- a/experiment/scripts/setup.sh
+++ b/experiment/scripts/setup.sh
@@ -32,7 +32,7 @@ function parse_experiment_nodes() {
cat ~/nodes.json | \
jq --arg NODE ${NODE}.* -r 'map(select(.node | test($NODE)) | .host) |
join("|")'
)
- echo "${NODE^^}_HOSTS=${NODES_STR}" >> ~/.env
+ echo "${NODE^^}_HOSTS=\"${NODES_STR}\"" >> ~/.env
echo "NUM_${NODE^^}S=$(echo ${NODES_STR} | awk -F '|' '{print NF}')" >>
~/.env
done
diff --git a/sql/exchange-0001.sql b/sql/exchange-0001.sql
index 43c4a16..8ea4f43 100644
--- a/sql/exchange-0001.sql
+++ b/sql/exchange-0001.sql
@@ -1,6 +1,6 @@
--
-- This file is part of TALER
--- Copyright (C) 2014--2021 Taler Systems SA
+-- Copyright (C) 2014--2022 Taler Systems SA
--
-- TALER is free software; you can redistribute it and/or modify it under the
-- terms of the GNU General Public License as published by the Free Software
@@ -25,7 +25,7 @@ CREATE TABLE IF NOT EXISTS denominations
(denominations_serial BIGSERIAL UNIQUE
,denom_pub_hash BYTEA PRIMARY KEY CHECK (LENGTH(denom_pub_hash)=64)
,denom_type INT4 NOT NULL DEFAULT (1) -- 1 == RSA (for now, remove default
later!)
- ,age_restrictions INT4 NOT NULL DEFAULT (0)
+ ,age_mask INT4 NOT NULL DEFAULT (0)
,denom_pub BYTEA NOT NULL
,master_sig BYTEA NOT NULL CHECK (LENGTH(master_sig)=64)
,valid_from INT8 NOT NULL
@@ -47,7 +47,7 @@ COMMENT ON TABLE denominations
IS 'Main denominations table. All the valid denominations the exchange knows
about.';
COMMENT ON COLUMN denominations.denom_type
IS 'determines cipher type for blind signatures used with this denomination;
0 is for RSA';
-COMMENT ON COLUMN denominations.age_restrictions
+COMMENT ON COLUMN denominations.age_mask
IS 'bitmask with the age restrictions that are being used for this
denomination; 0 if denomination does not support the use of age restrictions';
COMMENT ON COLUMN denominations.denominations_serial
IS 'needed for exchange-auditor replication logic';
@@ -196,7 +196,7 @@ CREATE INDEX IF NOT EXISTS
reserves_close_by_reserve_pub_index
CREATE TABLE IF NOT EXISTS reserves_out
(reserve_out_serial_id BIGSERIAL -- UNIQUE
- ,h_blind_ev BYTEA PRIMARY KEY CHECK (LENGTH(h_blind_ev)=64)
+ ,h_blind_ev BYTEA CHECK (LENGTH(h_blind_ev)=64) -- UNIQUE
,denominations_serial INT8 NOT NULL REFERENCES denominations
(denominations_serial)
,denom_sig BYTEA NOT NULL
,reserve_uuid INT8 NOT NULL -- REFERENCES reserves (reserve_uuid) ON DELETE
CASCADE
@@ -342,6 +342,7 @@ CREATE TABLE IF NOT EXISTS refresh_commitments
(melt_serial_id BIGSERIAL -- UNIQUE
,rc BYTEA PRIMARY KEY CHECK (LENGTH(rc)=64)
,old_coin_pub BYTEA NOT NULL REFERENCES known_coins (coin_pub) ON DELETE
CASCADE
+ ,h_age_commitment BYTEA CHECK(LENGTH(h_age_commitment)=32)
,old_coin_sig BYTEA NOT NULL CHECK(LENGTH(old_coin_sig)=64)
,amount_with_fee_val INT8 NOT NULL
,amount_with_fee_frac INT4 NOT NULL
@@ -356,6 +357,8 @@ COMMENT ON COLUMN refresh_commitments.rc
IS 'Commitment made by the client, hash over the various client inputs in
the cut-and-choose protocol';
COMMENT ON COLUMN refresh_commitments.old_coin_pub
IS 'Coin being melted in the refresh process.';
+COMMENT ON COLUMN refresh_commitments.h_age_commitment
+ IS '(optional) age commitment that was involved in the minting process of
the coin, may be NULL.';
CREATE TABLE IF NOT EXISTS refresh_commitments_default
PARTITION OF refresh_commitments
FOR VALUES WITH (MODULUS 1, REMAINDER 0);
@@ -744,6 +747,23 @@ COMMENT ON COLUMN wire_accounts.last_change
-- and is of no concern to the auditor
+CREATE TABLE IF NOT EXISTS cs_nonce_locks
+ (cs_nonce_lock_serial_id BIGSERIAL -- UNIQUE
+ ,nonce BYTEA PRIMARY KEY CHECK (LENGTH(nonce)=32)
+ ,op_hash BYTEA NOT NULL CHECK (LENGTH(op_hash)=64)
+ ,max_denomination_serial INT8 NOT NULL
+ )
+ PARTITION BY HASH (nonce);
+COMMENT ON TABLE cs_nonce_locks
+ IS 'ensures a Clause Schnorr client nonce is locked for use with an
operation identified by a hash';
+COMMENT ON COLUMN cs_nonce_locks.nonce
+ IS 'actual nonce submitted by the client';
+COMMENT ON COLUMN cs_nonce_locks.op_hash
+ IS 'hash (RC for refresh, blind coin hash for withdraw) the nonce may be
used with';
+COMMENT ON COLUMN cs_nonce_locks.max_denomination_serial
+ IS 'Maximum number of a CS denomination serial the nonce could be used with,
for GC';
+
+
CREATE TABLE IF NOT EXISTS work_shards
(shard_serial_id BIGSERIAL UNIQUE
,last_attempt INT8 NOT NULL
@@ -812,6 +832,7 @@ CREATE INDEX IF NOT EXISTS
revolving_work_shards_by_job_name_active_last_attempt
CREATE OR REPLACE FUNCTION exchange_do_withdraw(
+ IN cs_nonce BYTEA,
IN amount_val INT8,
IN amount_frac INT4,
IN h_denom_pub BYTEA,
@@ -838,12 +859,13 @@ DECLARE
reserve_frac INT4;
BEGIN
-- Shards: reserves by reserve_pub (SELECT)
--- reserves_out (INSERT, with CONFLICT detection) by h_blind_ev
+-- reserves_out (INSERT, with CONFLICT detection) by wih
-- reserves by reserve_pub (UPDATE)
-- reserves_in by reserve_pub (SELECT)
-- wire_targets by wire_target_serial_id
-SELECT denominations_serial INTO denom_serial
+SELECT denominations_serial
+ INTO denom_serial
FROM denominations
WHERE denom_pub_hash=h_denom_pub;
@@ -859,6 +881,7 @@ THEN
RETURN;
END IF;
+
SELECT
current_balance_val
,current_balance_frac
@@ -879,7 +902,7 @@ THEN
balance_ok=FALSE;
kycok=FALSE;
account_uuid=0;
- ruuid=0;
+ ruuid=2;
RETURN;
END IF;
@@ -954,6 +977,44 @@ WHERE
reserve_found=TRUE;
balance_ok=TRUE;
+
+
+-- Special actions needed for a CS withdraw?
+IF NOT NULL cs_nonce
+THEN
+ -- Cache CS signature to prevent replays in the future
+ -- (and check if cached signature exists at the same time).
+ INSERT INTO cs_nonce_locks
+ (nonce
+ ,max_denomination_serial
+ ,op_hash)
+ VALUES
+ (cs_nonce
+ ,denom_serial
+ ,h_coin_envelope)
+ ON CONFLICT DO NOTHING;
+
+ IF NOT FOUND
+ THEN
+ -- See if the existing entry is identical.
+ SELECT 1
+ FROM cs_nonce_locks
+ WHERE nonce=cs_nonce
+ AND op_hash=h_coin_envelope;
+ IF NOT FOUND
+ THEN
+ reserve_found=FALSE;
+ balance_ok=FALSE;
+ kycok=FALSE;
+ account_uuid=0;
+ ruuid=1; -- FIXME: return error message more nicely!
+ ASSERT false, 'nonce reuse attempted by client';
+ END IF;
+ END IF;
+END IF;
+
+
+
-- Obtain KYC status based on the last wire transfer into
-- this reserve. FIXME: likely not adequate for reserves that got P2P
transfers!
SELECT
@@ -967,9 +1028,10 @@ SELECT
WHERE reserve_pub=rpub
LIMIT 1; -- limit 1 should not be required (without p2p transfers)
+
END $$;
-COMMENT ON FUNCTION exchange_do_withdraw(INT8, INT4, BYTEA, BYTEA, BYTEA,
BYTEA, BYTEA, INT8, INT8)
+COMMENT ON FUNCTION exchange_do_withdraw(BYTEA, INT8, INT4, BYTEA, BYTEA,
BYTEA, BYTEA, BYTEA, INT8, INT8)
IS 'Checks whether the reserve has sufficient balance for a withdraw
operation (or the request is repeated and was previously approved) and if so
updates the database with the result';
@@ -1190,6 +1252,7 @@ END $$;
CREATE OR REPLACE FUNCTION exchange_do_melt(
+ IN in_cs_rms BYTEA,
IN in_amount_with_fee_val INT8,
IN in_amount_with_fee_frac INT4,
IN in_rc BYTEA,
@@ -1203,6 +1266,8 @@ CREATE OR REPLACE FUNCTION exchange_do_melt(
OUT out_noreveal_index INT4)
LANGUAGE plpgsql
AS $$
+DECLARE
+ denom_max INT8;
BEGIN
-- Shards: INSERT refresh_commitments (by rc)
-- (rare:) SELECT refresh_commitments (by old_coin_pub) -- crosses shards!
@@ -1300,6 +1365,56 @@ THEN
RETURN;
END IF;
+
+
+-- Special actions needed for a CS melt?
+IF NOT NULL in_cs_rms
+THEN
+ -- Get maximum denominations serial value in
+ -- existence, this will determine how long the
+ -- nonce will be locked.
+ SELECT
+ denominations_serial
+ INTO
+ denom_max
+ FROM denominations
+ ORDER BY denominations_serial DESC
+ LIMIT 1;
+
+ -- Cache CS signature to prevent replays in the future
+ -- (and check if cached signature exists at the same time).
+ INSERT INTO cs_nonce_locks
+ (nonce
+ ,max_denomination_serial
+ ,op_hash)
+ VALUES
+ (cs_rms
+ ,denom_serial
+ ,in_rc)
+ ON CONFLICT DO NOTHING;
+
+ IF NOT FOUND
+ THEN
+ -- Record exists, make sure it is the same
+ SELECT 1
+ FROM cs_nonce_locks
+ WHERE nonce=cs_rms
+ AND op_hash=in_rc;
+
+ IF NOT FOUND
+ THEN
+ -- Nonce reuse detected
+ out_balance_ok=FALSE;
+ out_zombie_bad=FALSE;
+ out_noreveal_index=42; -- FIXME: return error message more nicely!
+ ASSERT false, 'nonce reuse attempted by client';
+ END IF;
+ END IF;
+END IF;
+
+
+
+
-- Everything fine, return success!
out_balance_ok=TRUE;
out_noreveal_index=in_noreveal_index;
@@ -1773,6 +1888,8 @@ DECLARE
deposit_min INT8; -- minimum deposit still alive
DECLARE
reserve_out_min INT8; -- minimum reserve_out still alive
+DECLARE
+ denom_min INT8; -- minimum denomination still alive
BEGIN
DELETE FROM prewire
@@ -1868,6 +1985,16 @@ DELETE FROM refunds
DELETE FROM aggregation_tracking
WHERE deposit_serial_id < deposit_min;
+SELECT
+ denominations_serial
+ INTO
+ denom_min
+ FROM denominations
+ ORDER BY denominations_serial ASC
+ LIMIT 1;
+
+DELETE FROM cs_nonce_locks
+ WHERE max_denomination_serial <= denom_min;
END $$;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-grid5k] 28/189: fixes, (continued)
- [taler-grid5k] 28/189: fixes, gnunet, 2022/04/28
- [taler-grid5k] 53/189: fix, gnunet, 2022/04/28
- [taler-grid5k] 23/189: update persistance script, gnunet, 2022/04/28
- [taler-grid5k] 41/189: lower slow query duration, gnunet, 2022/04/28
- [taler-grid5k] 33/189: try adding index, gnunet, 2022/04/28
- [taler-grid5k] 34/189: typo, gnunet, 2022/04/28
- [taler-grid5k] 60/189: change cache dir, gnunet, 2022/04/28
- [taler-grid5k] 56/189: try to fix wallet build, gnunet, 2022/04/28
- [taler-grid5k] 71/189: further improve performance of log analysis, gnunet, 2022/04/28
- [taler-grid5k] 01/189: add sharding/partitioning, gnunet, 2022/04/28
- [taler-grid5k] 02/189: fixes,
gnunet <=
- [taler-grid5k] 13/189: fix comments, gnunet, 2022/04/28
- [taler-grid5k] 31/189: try with explicit analyze as nested does not work, gnunet, 2022/04/28
- [taler-grid5k] 61/189: fix, gnunet, 2022/04/28
- [taler-grid5k] 32/189: undo explain, gnunet, 2022/04/28
- [taler-grid5k] 45/189: ramdom 0-20 deposit, dont log uri params in nginx, disable seqscan, gnunet, 2022/04/28
- [taler-grid5k] 35/189: add index on known_coins to try to fix recoup_by_reserve, gnunet, 2022/04/28
- [taler-grid5k] 49/189: keepalive in nginx, gnunet, 2022/04/28
- [taler-grid5k] 46/189: add request size to nginx, gnunet, 2022/04/28
- [taler-grid5k] 12/189: don't shard wire_out, gnunet, 2022/04/28
- [taler-grid5k] 17/189: still not working with aggregator, gnunet, 2022/04/28