poanetwork
/
quorum
mirror of https://github.com/poanetwork/quorum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

permission: Enabled QIP714Block to allow staggered migration of network for enabling new permissions

This commit is contained in:
vsmk98 2019-09-26 15:38:45 +08:00
parent afb61f089c
commit 4280bdadac
4 changed files with 65 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/tx_pool.go
View File

@ -1309,10 +1309,6 @@ func checkAccount(fromAcct common.Address, toAcct *common.Address) error {
access := types.GetAcctAccess(fromAcct) access := types.GetAcctAccess(fromAcct)
switch access { switch access {
case types.FullAccess:
case types.ContractDeploy:
return nil
case types.ReadOnly: case types.ReadOnly:
return errors.New("read only account. cannot transact") return errors.New("read only account. cannot transact")
@ -1320,6 +1316,10 @@ func checkAccount(fromAcct common.Address, toAcct *common.Address) error {
if toAcct == nil { if toAcct == nil {
return errors.New("account does not have contract create permissions") return errors.New("account does not have contract create permissions")
} }
case types.FullAccess, types.ContractDeploy:
return nil
} }
return nil return nil
} }

14
core/types/permissions_cache.go
View File

@ -168,6 +168,7 @@ func NewAcctCache() *AcctCache {
var syncStarted = false var syncStarted = false
var DefaultAccess = FullAccess var DefaultAccess = FullAccess
var QIP714BlockReached = false
var networkAdminRole string var networkAdminRole string
var orgAdminRole string var orgAdminRole string
@ -190,10 +191,15 @@ func GetSyncStatus() bool {
return syncStarted return syncStarted
} }
// sets the default access to Readonly upon QIP714Blokc
func SetDefaultAccess(){
DefaultAccess = ReadOnly
QIP714BlockReached = true
}
// sets default access to readonly and initializes the values for // sets default access to readonly and initializes the values for
// network admin role and org admin role // network admin role and org admin role
func SetDefaults(nwRoleId, oaRoleId string) { func SetDefaults(nwRoleId, oaRoleId string) {
DefaultAccess = ReadOnly
networkAdminRole = nwRoleId networkAdminRole = nwRoleId
orgAdminRole = oaRoleId orgAdminRole = oaRoleId
} }
@ -377,12 +383,12 @@ func GetAcctAccess(acctId common.Address) AccessType {
return DefaultAccess return DefaultAccess
} }
func ValidateNodeForTxn(enodeId string, from common.Address) bool { func ValidateNodeForTxn(hexnodeId string, from common.Address) bool {
if enodeId == "" { if !QIP714BlockReached || hexnodeId == ""{
return true return true
} }
passedEnodeId, err := enode.ParseV4(enodeId) passedEnodeId, err := enode.ParseV4(hexnodeId)
if err != nil { if err != nil {
return false return false
} }

22
params/config.go
View File

@ -132,19 +132,19 @@ var (
// //
// This configuration is intentionally not using keyed fields to force anyone // This configuration is intentionally not using keyed fields to force anyone
// adding flags to the config to also have to set these fields. // adding flags to the config to also have to set these fields.
AllEthashProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 50} AllEthashProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 50, big.NewInt(0)}
// AllCliqueProtocolChanges contains every protocol change (EIPs) introduced // AllCliqueProtocolChanges contains every protocol change (EIPs) introduced
// and accepted by the Ethereum core developers into the Clique consensus. // and accepted by the Ethereum core developers into the Clique consensus.
// //
// This configuration is intentionally not using keyed fields to force anyone // This configuration is intentionally not using keyed fields to force anyone
// adding flags to the config to also have to set these fields. // adding flags to the config to also have to set these fields.
AllCliqueProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, nil, &CliqueConfig{Period: 0, Epoch: 30000}, nil, false, 32, 32} AllCliqueProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, nil, &CliqueConfig{Period: 0, Epoch: 30000}, nil, false, 32, 32, big.NewInt(0)}
TestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 32} TestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 32, big.NewInt(0)}
TestRules = TestChainConfig.Rules(new(big.Int)) TestRules = TestChainConfig.Rules(new(big.Int))
QuorumTestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, nil, common.Hash{}, nil, nil, nil, nil, nil, new(EthashConfig), nil, nil, true, 64, 32} QuorumTestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, nil, common.Hash{}, nil, nil, nil, nil, nil, new(EthashConfig), nil, nil, true, 64, 32, big.NewInt(0)}
) )
// TrustedCheckpoint represents a set of post-processed trie roots (CHT and // TrustedCheckpoint represents a set of post-processed trie roots (CHT and
@ -191,6 +191,10 @@ type ChainConfig struct {
IsQuorum bool `json:"isQuorum"` IsQuorum bool `json:"isQuorum"`
TransactionSizeLimit uint64 `json:"txnSizeLimit"` TransactionSizeLimit uint64 `json:"txnSizeLimit"`
MaxCodeSize uint64 `json:"maxCodeSize"` MaxCodeSize uint64 `json:"maxCodeSize"`
// Quorum
//
// QIP714Block implements the permissions related changes
QIP714Block *big.Int `json:"qip714Block,omitempty"`
} }
// EthashConfig is the consensus engine configs for proof-of-work based sealing. // EthashConfig is the consensus engine configs for proof-of-work based sealing.
@ -304,6 +308,13 @@ func (c *ChainConfig) IsEWASM(num *big.Int) bool {
return isForked(c.EWASMBlock, num) return isForked(c.EWASMBlock, num)
} }
// Quorum
//
// IsQIP714 returns whether num represents a block number where permissions is enabled
func (c *ChainConfig) IsQIP714(num *big.Int) bool {
return isForked(c.QIP714Block, num)
}
// GasTable returns the gas table corresponding to the current phase (homestead or homestead reprice). // GasTable returns the gas table corresponding to the current phase (homestead or homestead reprice).
// //
// The returned GasTable's fields shouldn't, under any circumstances, be changed. // The returned GasTable's fields shouldn't, under any circumstances, be changed.
@ -375,6 +386,9 @@ func (c *ChainConfig) checkCompatible(newcfg *ChainConfig, head *big.Int, isQuor
if isForkIncompatible(c.EWASMBlock, newcfg.EWASMBlock, head) { if isForkIncompatible(c.EWASMBlock, newcfg.EWASMBlock, head) {
return newCompatError("ewasm fork block", c.EWASMBlock, newcfg.EWASMBlock) return newCompatError("ewasm fork block", c.EWASMBlock, newcfg.EWASMBlock)
} }
if isForkIncompatible(c.QIP714Block, newcfg.QIP714Block, head) {
return newCompatError("permissions fork block", c.QIP714Block, newcfg.QIP714Block)
}
return nil return nil
} }

33
permission/permission.go
View File

@ -4,6 +4,7 @@ import (
"crypto/ecdsa" "crypto/ecdsa"
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/ethereum/go-ethereum/core"
"io/ioutil" "io/ioutil"
"math/big" "math/big"
"os" "os"
@ -181,6 +182,7 @@ func (p *PermissionCtrl) AfterStart() error {
types.SetDefaults(p.permConfig.NwAdminRole, p.permConfig.OrgAdminRole) types.SetDefaults(p.permConfig.NwAdminRole, p.permConfig.OrgAdminRole)
for _, f := range []func() error{ for _, f := range []func() error{
p.monitorQIP714Block, // monitor block number to activate new permissions controls
p.manageOrgPermissions, // monitor org management related events p.manageOrgPermissions, // monitor org management related events
p.manageNodePermissions, // monitor org level node management events p.manageNodePermissions, // monitor org level node management events
p.manageRolePermissions, // monitor org level role management events p.manageRolePermissions, // monitor org level role management events
@ -275,6 +277,37 @@ func (p *PermissionCtrl) Stop() error {
return nil return nil
} }
// monitors org management related events happening via smart contracts
// and updates cache accordingly
func (p *PermissionCtrl) monitorQIP714Block() error {
// if QIP714block is not given, set the default access
// to readonly
if p.eth.ChainConfig().QIP714Block == nil {
types.SetDefaultAccess()
return nil
}
//QIP714block is given, monitor block count
go func() {
chainHeadCh := make(chan core.ChainHeadEvent, 1)
headSub := p.eth.BlockChain().SubscribeChainHeadEvent(chainHeadCh)
defer headSub.Unsubscribe()
stopChan, stopSubscription := p.subscribeStopEvent()
defer stopSubscription.Unsubscribe()
for {
select {
case head := <-chainHeadCh:
if p.eth.ChainConfig().IsQIP714(head.Block.Number()) {
types.SetDefaultAccess()
return
}
case <-stopChan:
return
}
}
}()
return nil
}
// monitors org management related events happening via smart contracts // monitors org management related events happening via smart contracts
// and updates cache accordingly // and updates cache accordingly
func (p *PermissionCtrl) manageOrgPermissions() error { func (p *PermissionCtrl) manageOrgPermissions() error {