From c9dc2bcd9be7f25820db62205c47f0eaacf86c9e Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 May 2020 16:47:55 +0100 Subject: [PATCH] Correct invite signing --- federationsender/federationsender.go | 4 +++- federationsender/producers/roomserver.go | 8 +++++++- roomserver/internal/input.go | 16 ++-------------- roomserver/internal/input_events.go | 18 +++++++++--------- 4 files changed, 21 insertions(+), 25 deletions(-) diff --git a/federationsender/federationsender.go b/federationsender/federationsender.go index 9e31699b3..8e2f256dc 100644 --- a/federationsender/federationsender.go +++ b/federationsender/federationsender.go @@ -43,7 +43,9 @@ func SetupFederationSenderComponent( logrus.WithError(err).Panic("failed to connect to federation sender db") } - roomserverProducer := producers.NewRoomserverProducer(rsAPI, base.Cfg.Matrix.ServerName) + roomserverProducer := producers.NewRoomserverProducer( + rsAPI, base.Cfg.Matrix.ServerName, base.Cfg.Matrix.KeyID, base.Cfg.Matrix.PrivateKey, + ) statistics := &types.Statistics{} queues := queue.NewOutgoingQueues( diff --git a/federationsender/producers/roomserver.go b/federationsender/producers/roomserver.go index 48aeed8cc..76fedf537 100644 --- a/federationsender/producers/roomserver.go +++ b/federationsender/producers/roomserver.go @@ -16,6 +16,7 @@ package producers import ( "context" + "crypto/ed25519" "github.com/matrix-org/dendrite/roomserver/api" "github.com/matrix-org/gomatrixserverlib" @@ -25,15 +26,20 @@ import ( type RoomserverProducer struct { InputAPI api.RoomserverInternalAPI serverName gomatrixserverlib.ServerName + keyID gomatrixserverlib.KeyID + privateKey ed25519.PrivateKey } // NewRoomserverProducer creates a new RoomserverProducer func NewRoomserverProducer( rsAPI api.RoomserverInternalAPI, serverName gomatrixserverlib.ServerName, + keyID gomatrixserverlib.KeyID, privateKey ed25519.PrivateKey, ) *RoomserverProducer { return &RoomserverProducer{ InputAPI: rsAPI, serverName: serverName, + keyID: keyID, + privateKey: privateKey, } } @@ -43,7 +49,7 @@ func NewRoomserverProducer( func (c *RoomserverProducer) SendInviteResponse( ctx context.Context, res gomatrixserverlib.RespInviteV2, roomVersion gomatrixserverlib.RoomVersion, ) (string, error) { - ev := res.Event.Headered(roomVersion) + ev := res.Event.Sign(string(c.serverName), c.keyID, c.privateKey).Headered(roomVersion) ire := api.InputRoomEvent{ Kind: api.KindNew, Event: ev, diff --git a/roomserver/internal/input.go b/roomserver/internal/input.go index a10bd8015..16f6d6bba 100644 --- a/roomserver/internal/input.go +++ b/roomserver/internal/input.go @@ -54,27 +54,15 @@ func (r *RoomserverInternalAPI) InputRoomEvents( ctx context.Context, request *api.InputRoomEventsRequest, response *api.InputRoomEventsResponse, -) error { +) (err error) { // We lock as processRoomEvent can only be called once at a time r.mutex.Lock() defer r.mutex.Unlock() for i := range request.InputInviteEvents { - if event, err := processInviteEvent(ctx, r.DB, r, request.InputInviteEvents[i]); err != nil { + if err = processInviteEvent(ctx, r.DB, r, request.InputInviteEvents[i]); err != nil { return err - } else { - // If the room is one that we know about then append the invite - // event to the list of room events to process. - if nid, err := r.DB.RoomNIDExcludingStubs(ctx, event.RoomID()); err == nil && nid > 0 { - request.InputRoomEvents = append(request.InputRoomEvents, api.InputRoomEvent{ - Kind: api.KindNew, - Event: *event, - AuthEventIDs: event.AuthEventIDs(), - SendAsServer: string(r.Cfg.Matrix.ServerName), - }) - } } } - var err error for i := range request.InputRoomEvents { if response.EventID, err = processRoomEvent(ctx, r.DB, r, request.InputRoomEvents[i]); err != nil { return err diff --git a/roomserver/internal/input_events.go b/roomserver/internal/input_events.go index 0021c5a50..6da63716c 100644 --- a/roomserver/internal/input_events.go +++ b/roomserver/internal/input_events.go @@ -134,9 +134,9 @@ func processInviteEvent( db storage.Database, ow OutputRoomEventWriter, input api.InputInviteEvent, -) (returned *gomatrixserverlib.HeaderedEvent, err error) { +) (err error) { if input.Event.StateKey() == nil { - return nil, fmt.Errorf("invite must be a state event") + return fmt.Errorf("invite must be a state event") } roomID := input.Event.RoomID() @@ -151,7 +151,7 @@ func processInviteEvent( updater, err := db.MembershipUpdater(ctx, roomID, targetUserID, input.RoomVersion) if err != nil { - return nil, err + return err } succeeded := false defer func() { @@ -189,7 +189,7 @@ func processInviteEvent( // For now we will implement option 2. Since in the abesence of a retry // mechanism it will be equivalent to option 1, and we don't have a // signalling mechanism to implement option 3. - return nil, nil + return nil } event := input.Event.Unwrap() @@ -199,7 +199,7 @@ func processInviteEvent( // most likely to be if the event came in over federation) then use // that. if err = event.SetUnsignedField("invite_room_state", input.InviteRoomState); err != nil { - return nil, err + return err } } else { // There's no invite room state, so let's have a go at building it @@ -208,22 +208,22 @@ func processInviteEvent( // the invite room state, if we don't then we just fail quietly. if irs, ierr := buildInviteStrippedState(ctx, db, input); ierr == nil { if err = event.SetUnsignedField("invite_room_state", irs); err != nil { - return nil, err + return err } } } outputUpdates, err := updateToInviteMembership(updater, &event, nil, input.Event.RoomVersion) if err != nil { - return nil, err + return err } if err = ow.WriteOutputEvents(roomID, outputUpdates); err != nil { - return nil, err + return err } succeeded = true - return &input.Event, nil + return nil } func buildInviteStrippedState(