Skip to content
This repository has been archived by the owner on Aug 2, 2022. It is now read-only.

Transactions should Explicitly Declare Required Authority Level #2

Closed
bytemaster opened this issue Apr 5, 2017 · 3 comments
Closed

Comments

@bytemaster
Copy link
Contributor

In BitShares and Steem the required authority is implicitly defined by the operation type and data contained within. Under EOS this is no longer the case, message types are dynamic and defined at run time.

The goal is to facilitate validating that a transaction has all required signatures for the declared authority without having to know how to read internals of messages.

struct transaction {
    ... header....
    vector<message> messages;
}

struct permission {
    account_id               account   
    permission_id_type permission; // owner, active, or custom...
}

struct signed_transaction : public transaction {
     vector<signature>   signatures;
     vector<permission> required_authority;
}

The blockchain can verify that the given signatures provide the required authority without having to execute scripts.

Before applying a message to a contract, the blockchain can look up the permission level required for the SENDER / TO pair and verify that the permission is in the required_authority set of the transaction.

nathanielhourt added a commit that referenced this issue Apr 11, 2017
Add structs and types to facilitate the explicitly declared authority
level described in issue #2.

May or may not be revisiting this to tweak it later... :P
@nathanielhourt
Copy link
Contributor

Relevant commit: 4e59a50

nathanielhourt added a commit that referenced this issue Jul 4, 2017
All transactions must declare a list of permissions they utilize. The
chain now checks that the signatures are present to satisfy these
permissions, at least theoretically (only partially tested). As the
transaction is evaluated and applied, the message handlers will check
that the required permissions were declared on the transaction.

Also, define the logic to check that an authority is satisfied (only this
part is tested so far)

TODO: Test that transactions are rejected if they do not bear sufficient
signatures
TODO: Make message handlers check the declared permissions are sufficient,
and reject the transaction if they are not.
nathanielhourt added a commit that referenced this issue Jul 27, 2017
As of now, almost all the ingredients are in place for authorizing
transactions. We check that the transaction bears signatures sufficient to
satisfy its declared authorizations, and as we execute the transaction,
we ensure that the declared authorizations are sufficient to satisfy the
authorizations required by executing the message handlers, and we ensure
that all of the transaction's declared authorizations were used.

What's not done:
 - Detecting/rejecting duplicate signatures and unnecessary signatures
 - Choosing the correct permission level when a message handler requires
an authorization

Choosing the correct permission level is the big ticket item. To
implement this, we need to implement a missing chunk of system contract
functionality, specifically around defining links from a user's
permissions tree to contracts and message types.
@nathanielhourt
Copy link
Contributor

Also TODO: create configuration option to disable all auth checking (for debugging)

@nathanielhourt
Copy link
Contributor

@bytemaster and I just discussed this, and realized it was a mistake to move authorizations to Transaction rather than Messages. I was thinking this would work such that when the contract code executed and asserted that joe has authorized the transaction, the chain would look up what permission level joe must use to approve the message being evaluated, then check that the transaction declared an authority sufficient to confer that permission.

This approach has two major shortcomings, however:

  • We can't look up what authority level joe is using until we're executing contracts, because we don't know until then which messages in the transaction joe is supposed to be authorizing
  • We must look up authority information in the database after messages have begun processing, which means that one message in the block could update authorities in a way that changes the validity/behavior of a later message in the block

Instead, we have decided to move the authorizations back from Transaction to Message. In this model, we can do all authority checks in full prior to processing any transactions: we scan the declared authorities declared by all messages in all transactions in the block before processing any messages. During this scan, we first check what authority level the declared user requires to execute the message type, and check that the declared authority level is at least as high as the required authority level. Next, we check that the transaction bears signatures to access the declared authority.

Later, when we execute the messages, and the handlers emit their require_authorization calls, we simply check that the required username is in the message's declared authorities list. When we finish processing the message, we check that all of the declared authorities got used. These are both very fast checks.

This solves both of our problems: we do all the authority database lookups prior to processing transactions (which may have parallelization advantages, since no writes to the database are possible at this time), and we get all authority checking out of the way prior to evaluating any transactions, which eliminates the possibility of one message updating authorities in a way that affects another message in the same block.

nathanielhourt added a commit that referenced this issue Aug 1, 2017
Remove the changes around moving authorizations from Message to
Transaction, as we decided this is not the best way to go. See details
at #2 (comment)
nathanielhourt added a commit that referenced this issue Aug 3, 2017
Remove the changes around moving authorizations from Message to
Transaction, as we decided this is not the best way to go. See details
at #2 (comment)
dmitrst pushed a commit to xdacco/eos that referenced this issue Jul 12, 2018
[EOS] Fix token amount issue
gleehokie pushed a commit that referenced this issue Dec 14, 2018
qianxiaofeng referenced this issue in eosiosg/eos Dec 29, 2018
* boscore basic improvement (#2)

* kafka_plugin code

* Automatic installation librdkafka/cppkafka

* Feature/ci

* Feature/48 kafka plugin

* add CMakeModules/FindCppkafka.cmake

* Production of block in time zone sequence

* P2p self discovery

* P2p self discovery

* add notify_plugin

* add api "get_block_detail"

* add free res limit and blklst code

* update free res limit and blklst code

* update res code

* update unittest code

* revert submodule version

* code typo

* update  blklist code

* update sync name list db object error code

* update  code

* update  index code

* Feature/5 ramdom

* Revert "Merge branch 'feature/5-ramdom' into 'develop'"

This reverts merge request !8

* adjust for setup BOSCore

* change description

* adjust the kafka plugin dependency be more special

* use boscore repository to improve security

* change version tag

* finish for docker/builder

* pass to build docker and update readme

* add actionseed, global action sequence (#5)

* delete renamed old file

* BOSCore v1.0.1-1.4.3

* restructure the version schema

* fix __gmpn_set_str error when build bos.contract

* prepare for the v1.0.1

* add README files

* update info
qianxiaofeng referenced this issue in eosiosg/eos Dec 29, 2018
* boscore basic improvement (#2)

* kafka_plugin code

* Automatic installation librdkafka/cppkafka

* Feature/ci

* Feature/48 kafka plugin

* add CMakeModules/FindCppkafka.cmake

* Production of block in time zone sequence

* P2p self discovery

* P2p self discovery

* add notify_plugin

* add api "get_block_detail"

* add free res limit and blklst code

* update free res limit and blklst code

* update res code

* update unittest code

* revert submodule version

* code typo

* update  blklist code

* update sync name list db object error code

* update  code

* update  index code

* Feature/5 ramdom

* Revert "Merge branch 'feature/5-ramdom' into 'develop'"

This reverts merge request !8

* adjust for setup BOSCore

* change description

* adjust the kafka plugin dependency be more special

* use boscore repository to improve security

* change version tag

* finish for docker/builder

* pass to build docker and update readme

* add actionseed, global action sequence (#5)

* delete renamed old file

* BOSCore v1.0.1-1.4.3

* restructure the version schema

* fix __gmpn_set_str error when build bos.contract

* prepare for the v1.0.1

* add README files

* update info

* prepare for v1.0.2
qianxiaofeng referenced this issue in eosiosg/eos Dec 29, 2018
* boscore basic improvement (#2)

* kafka_plugin code

* Automatic installation librdkafka/cppkafka

* Feature/ci

* Feature/48 kafka plugin

* add CMakeModules/FindCppkafka.cmake

* Production of block in time zone sequence

* P2p self discovery

* P2p self discovery

* add notify_plugin

* add api "get_block_detail"

* add free res limit and blklst code

* update free res limit and blklst code

* update res code

* update unittest code

* revert submodule version

* code typo

* update  blklist code

* update sync name list db object error code

* update  code

* update  index code

* Feature/5 ramdom

* Revert "Merge branch 'feature/5-ramdom' into 'develop'"

This reverts merge request !8

* adjust for setup BOSCore

* change description

* adjust the kafka plugin dependency be more special

* use boscore repository to improve security

* change version tag

* finish for docker/builder

* pass to build docker and update readme

* add actionseed, global action sequence (#5)

* delete renamed old file

* BOSCore v1.0.1-1.4.3

* restructure the version schema

* fix __gmpn_set_str error when build bos.contract

* prepare for the v1.0.1

* add README files

* update info

* prepare for v1.0.2

* merge v1.0.2 (#12)

* boscore basic improvement (#2)

* kafka_plugin code

* Automatic installation librdkafka/cppkafka

* Feature/ci

* Feature/48 kafka plugin

* add CMakeModules/FindCppkafka.cmake

* Production of block in time zone sequence

* P2p self discovery

* P2p self discovery

* add notify_plugin

* add api "get_block_detail"

* add free res limit and blklst code

* update free res limit and blklst code

* update res code

* update unittest code

* revert submodule version

* code typo

* update  blklist code

* update sync name list db object error code

* update  code

* update  index code

* Feature/5 ramdom

* Revert "Merge branch 'feature/5-ramdom' into 'develop'"

This reverts merge request !8

* adjust for setup BOSCore

* change description

* adjust the kafka plugin dependency be more special

* use boscore repository to improve security

* change version tag

* finish for docker/builder

* pass to build docker and update readme

* add actionseed, global action sequence (#5)

* delete renamed old file

* BOSCore v1.0.1-1.4.3

* restructure the version schema

* fix __gmpn_set_str error when build bos.contract

* prepare for the v1.0.1

* finish BOS basic functions

* add README files

* update info

* Release/1.0.x (#11)

* boscore basic improvement (#2)

* kafka_plugin code

* Automatic installation librdkafka/cppkafka

* Feature/ci

* Feature/48 kafka plugin

* add CMakeModules/FindCppkafka.cmake

* Production of block in time zone sequence

* P2p self discovery

* P2p self discovery

* add notify_plugin

* add api "get_block_detail"

* add free res limit and blklst code

* update free res limit and blklst code

* update res code

* update unittest code

* revert submodule version

* code typo

* update  blklist code

* update sync name list db object error code

* update  code

* update  index code

* Feature/5 ramdom

* Revert "Merge branch 'feature/5-ramdom' into 'develop'"

This reverts merge request !8

* adjust for setup BOSCore

* change description

* adjust the kafka plugin dependency be more special

* use boscore repository to improve security

* change version tag

* finish for docker/builder

* pass to build docker and update readme

* add actionseed, global action sequence (#5)

* delete renamed old file

* BOSCore v1.0.1-1.4.3

* restructure the version schema

* fix __gmpn_set_str error when build bos.contract

* prepare for the v1.0.1

* add README files

* update info

* readme for kafka & add time for action (#5)

* 重启 节点,黑名单 失效,fixes #7 (#8)

* restart sync list db

* recovery system account bos to eosio

* recovery system account bos to eosio

* recovery system account bos to eosio

* Fix/#3 notify plugin (#10)

* Add debug info

* comment log

* rm log for notify_plugin

* prepare for v1.0.2

* patch the EOSIO 1.5.1 security bug fixes

* prepare for v1.0.3

* adjust the slogon
terradacs referenced this issue in terradacs/beos-core Feb 26, 2019
Fix for issue #2 and #3. Fix for cmake issues with targets

See merge request blocktrades/beos-core!11
NorseGaud pushed a commit that referenced this issue Jul 30, 2019
# This is the 1st commit message:

various improvements

# This is the commit message #2:

new hash

# This is the commit message #3:

fix for script path

# This is the commit message #4:

fixes

# This is the commit message #5:

fixes

# This is the commit message #6:

fixes

# This is the commit message #7:

fixes

# This is the commit message #8:

fixes

# This is the commit message #9:

fixes

# This is the commit message #10:

fixes

# This is the commit message #11:

fixes

# This is the commit message #12:

fixes

# This is the commit message #13:

fixes

# This is the commit message #14:

fixes

# This is the commit message #15:

fixes

# This is the commit message #16:

fixes

# This is the commit message #17:

fixes

# This is the commit message #18:

fixes

# This is the commit message #19:

fixes

# This is the commit message #20:

fixes

# This is the commit message #21:

fixes

# This is the commit message #22:

fixes

# This is the commit message #23:

fixes

# This is the commit message #24:

fixes

# This is the commit message #25:

fixes

# This is the commit message #26:

testing

# This is the commit message #27:

testing

# This is the commit message #28:

testing

# This is the commit message #29:

testing

# This is the commit message #30:

testing

# This is the commit message #31:

testing

# This is the commit message #32:

testing

# This is the commit message #33:

testing

# This is the commit message #34:

testing

# This is the commit message #35:

testing

# This is the commit message #36:

testing

# This is the commit message #37:

testing

# This is the commit message #38:

testing

# This is the commit message #39:

testing

# This is the commit message #40:

testing

# This is the commit message #41:

testing

# This is the commit message #42:

testing

# This is the commit message #43:

testing

# This is the commit message #44:

fixes

# This is the commit message #45:

fixes

# This is the commit message #46:

fixes

# This is the commit message #47:

fixes

# This is the commit message #48:

fixes

# This is the commit message #49:

fixes

# This is the commit message #50:

fixes

# This is the commit message #51:

fixes

# This is the commit message #52:

fixes

# This is the commit message #53:

fixes

# This is the commit message #54:

fixes

# This is the commit message #55:

fixes

# This is the commit message #56:

fixes

# This is the commit message #57:

fixes

# This is the commit message #58:

fixes

# This is the commit message #59:

fixes

# This is the commit message #60:

fixes

# This is the commit message #61:

fixes

# This is the commit message #62:

fixes

# This is the commit message #63:

fixes

# This is the commit message #64:

fixes

# This is the commit message #65:

fixes

# This is the commit message #66:

fixes

# This is the commit message #67:

fixes

# This is the commit message #68:

fixes

# This is the commit message #69:

fixes

# This is the commit message #70:

fixes

# This is the commit message #71:

fixes

# This is the commit message #72:

fixes

# This is the commit message #73:

fixes

# This is the commit message #74:

fixes

# This is the commit message #75:

fixes

# This is the commit message #76:

fixes

# This is the commit message #77:

fixes

# This is the commit message #78:

fixes

# This is the commit message #79:

more testing

# This is the commit message #80:

testing

# This is the commit message #81:

fixes

# This is the commit message #82:

fixes

# This is the commit message #83:

fixes

# This is the commit message #84:

fixes

# This is the commit message #85:

fixes

# This is the commit message #86:

fixes

# This is the commit message #87:

fixes

# This is the commit message #88:

fixes

# This is the commit message #89:

fixes

# This is the commit message #90:

fixes

# This is the commit message #91:

fixes

# This is the commit message #92:

fixes

# This is the commit message #93:

propagate-environment for buildkite-agent

# This is the commit message #94:

propagate-environment for buildkite-agent

# This is the commit message #95:

propagate-environment for buildkite-agent

# This is the commit message #96:

propagate-environment for buildkite-agent

# This is the commit message #97:

fixes

# This is the commit message #98:

fixes

# This is the commit message #99:

fixes

# This is the commit message #100:

fixes

# This is the commit message #101:

fixes

# This is the commit message #102:

fixes

# This is the commit message #103:

fixes

# This is the commit message #104:

fixes

# This is the commit message #105:

fixes

# This is the commit message #106:

fixes

# This is the commit message #107:

fixes

# This is the commit message #108:

fixes

# This is the commit message #109:

fixes

# This is the commit message #110:

fixes

# This is the commit message #111:

fixes

# This is the commit message #112:

fixes

# This is the commit message #113:

fixes

# This is the commit message #114:

fixes

# This is the commit message #115:

fixes

# This is the commit message #116:

fixes

# This is the commit message #117:

fixes

# This is the commit message #118:

fixes

# This is the commit message #119:

fixes

# This is the commit message #120:

fixes

# This is the commit message #121:

fixes

# This is the commit message #122:

fixes

# This is the commit message #123:

fixes

# This is the commit message #124:

fixes

# This is the commit message #125:

fixes

# This is the commit message #126:

fixes

# This is the commit message #127:

fixes

# This is the commit message #128:

fixes

# This is the commit message #129:

fixes

# This is the commit message #130:

fixes

# This is the commit message #131:

fixes

# This is the commit message #132:

fixes

# This is the commit message #133:

fixes

# This is the commit message #134:

fixes

# This is the commit message #135:

fixes

# This is the commit message #136:

fixes

# This is the commit message #137:

fixes

# This is the commit message #138:

fixes

# This is the commit message #139:

fixes

# This is the commit message #140:

fixes

# This is the commit message #141:

fixes

# This is the commit message #142:

fixes

# This is the commit message #143:

fixes

# This is the commit message #144:

fixes

# This is the commit message #145:

fixes

# This is the commit message #146:

fixes

# This is the commit message #147:

fixes

# This is the commit message #148:

fixes

# This is the commit message #149:

fixes

# This is the commit message #150:

fixes

# This is the commit message #151:

fixes

# This is the commit message #152:

fixes

# This is the commit message #153:

testing

# This is the commit message #154:

fixes

# This is the commit message #155:

fixes

# This is the commit message #156:

fixes

# This is the commit message #157:

fixes

# This is the commit message #158:

fixes

# This is the commit message #159:

fixes

# This is the commit message #160:

fixes

# This is the commit message #161:

fixes

# This is the commit message #162:

fixes

# This is the commit message #163:

fixes

# This is the commit message #164:

fixes

# This is the commit message #165:

fixes

# This is the commit message #166:

fixes

# This is the commit message #167:

fixes

# This is the commit message #168:

fixes

# This is the commit message #169:

fixes

# This is the commit message #170:

fixes

# This is the commit message #171:

fixes

# This is the commit message #172:

fixes

# This is the commit message #173:

fixes

# This is the commit message #174:

fixes

# This is the commit message #175:

fixes

# This is the commit message #176:

fixes

# This is the commit message #177:

fixes

# This is the commit message #178:

fixes

# This is the commit message #179:

fixes

# This is the commit message #180:

fixes

# This is the commit message #181:

fixes

# This is the commit message #182:

fixes

# This is the commit message #183:

fixes

# This is the commit message #184:

fixes

# This is the commit message #185:

fixes

# This is the commit message #186:

fixes
cc32d9 referenced this issue in eos-amsterdam-rnd/wax2.0 Apr 14, 2020
heifner pushed a commit that referenced this issue Feb 28, 2022
shahabi8 pushed a commit that referenced this issue Mar 11, 2022
# This is the 1st commit message:

Update amazon_linux-2-pinned.dockerfile

# This is the commit message #2:

Update centos-7.7-pinned.dockerfile

# This is the commit message #3:

Update ubuntu-18.04-pinned.dockerfile

# This is the commit message #4:

Update ubuntu-20.04-pinned.dockerfile

# This is the commit message #5:

Update amazon_linux-2-unpinned.dockerfile

# This is the commit message #6:

Update centos-7.7-unpinned.dockerfile

# This is the commit message #7:

Update ubuntu-18.04-unpinned.dockerfile

# This is the commit message #8:

Update ubuntu-20.04-unpinned.dockerfile

# This is the commit message #9:

Update protocol.hpp

# This is the commit message #10:

Update net_plugin.cpp

# This is the commit message #11:

Update CMakeLists.txt
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants