ouroboros - Ouroboros main repository

	Commit message (Collapse)	Author	Age	Files	Lines
*	irmd: Add flow authentication	Dimitri Staessens	12 days	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This adds initial implementation of peer authentication as part of flow allocation. If credentials are not provided, this will be accepted and logged as info that the flow is not authenticated. Certificates and keys are passed as .pem files. The key file should not be encrypted, else the IRMd will open a prompt for the password. The default location for these .pem files is in /etc/ouroboros/security. It is strongly recommended to make this directory only accessible to root. ├── security │ ├── cacert │ │ └── ca.root.o7s.crt.pem │ ├── client │ │ ├── <name> │ │ \| ├── crt.pem │ │ \| └── key.pem │ │ └── <name> \| \| ├──... \| \| │ ├── server │ │ ├── <name> │ │ \| ├── crt.pem │ │ \| └── key.pem │ │ └── <name> \| \| ├── ... \| \| │ └── untrusted │ └── sign.root.o7s.crt.pem Trusted root CA certificates go in the /cacert directory, untrusted certificates for signature verification go in the /untrusted directory. The IRMd will load these certificates at boot. The IRMd will look for certificates in the /client and /server directories. For each name a subdirectory can be added and the credentials in that directory are used to sign the OAP header for flows at flow_alloc() on the client side and flow_accept() on the server side. These defaults can be changed at build time using the following variables (in alphabetical order): OUROBOROS_CA_CRT_DIR /etc/ouroboros/security/cacert OUROBOROS_CLI_CRT_DIR /etc/ouroboros/security/client OUROBOROS_SECURITY_DIR /etc/ouroboros/security OUROBOROS_SRV_CRT_DIR /etc/ouroboros/security/server OUROBOROS_UNTRUSTED_DIR /etc/ouroboros/security/untrusted The directories for the names can also be configured at IRMd boot using the configuraton file and at runtime when a name is created using the "irm name create" CLI tool. The user needs to have permissions to access the keyfile and certificate when specifying the paths with the "irm name create" CLI tool. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
*	irmd: Resolve name when flow request arrives	Dimitri Staessens	2025-08-15	1	-4/+4
\| \| \| \| \| \| \| \| \| \| \|	This makes the IRMd a bit simpler, and we only need to do the lookup to resolve the name for a hash on the server side only once. The logging is also symmetric now: irmd(II): Allocating flow for 93317 to unicast.1. irmd(II): Flow request arrived for unicast.1. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
*	irmd: Revise IRMd internals	Dimitri Staessens	2024-02-19	1	-26/+15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This is a full revision of the IRMd internal implementation. The registry is now a proper subcomponent managing its own internal lock (a single mutex). Some tests are added for the registry and its data structures. Some macros for tests are added in <ouroboros/test.h>. Flow allocation is now more symmetric between the client side (alloc) and server size (accept). Each will create a flow in pending state (ALLOC_PENDING/ACCEPT_PENDING) that is potentially fulfilled by an IPCP using respond_alloc and respond_accept primitives. Deallocation is split in flow_dealloc (application side) and ipcp_flow_dealloc (IPCP side) to get the flow in DEALLOC_PENDING and DEALLOCATED state. Cleanup of failed flow allocation is now properly handled instead of relying on the sanitizer thread. The new sanitizer only needs to monitor crashed processes. On shutdown, the IRMd will now detect hanging processes and SIGKILL them and clean up their fuse mountpoints if needed. A lot of other things have been cleaned up and shuffled around a bit. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
*	include: Use common definition between lib and IRMd	Dimitri Staessens	2024-01-31	1	-9/+0
\| \| \| \| \| \| \| \|	Some definitions/enums were different between the library and IRMd (flow_state, ipcp_state). This moves them to common ground. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
*	build: Update licenses to 2024	Dimitri Staessens	2024-01-13	1	-1/+1
\| \| \| \| \| \| \|	Slow but steady. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
*	irmd: Move registry objects to their own sources	Dimitri Staessens	2023-03-21	1	-0/+83
	Rename internal data structures so it's clear that they are the IRMd representation of these objects for management purposes. Split functionality for these objects off and and move them to their own source files. Rename internal functions of the IRMd to reflect this, with some small refactoring. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>