mirror of https://github.com/poanetwork/quorum.git
permission: Enabled QIP714Block to allow staggered migration of network for enabling new permissions
This commit is contained in:
parent
afb61f089c
commit
4280bdadac
|
@ -1309,10 +1309,6 @@ func checkAccount(fromAcct common.Address, toAcct *common.Address) error {
|
||||||
access := types.GetAcctAccess(fromAcct)
|
access := types.GetAcctAccess(fromAcct)
|
||||||
|
|
||||||
switch access {
|
switch access {
|
||||||
case types.FullAccess:
|
|
||||||
case types.ContractDeploy:
|
|
||||||
return nil
|
|
||||||
|
|
||||||
case types.ReadOnly:
|
case types.ReadOnly:
|
||||||
return errors.New("read only account. cannot transact")
|
return errors.New("read only account. cannot transact")
|
||||||
|
|
||||||
|
@ -1320,6 +1316,10 @@ func checkAccount(fromAcct common.Address, toAcct *common.Address) error {
|
||||||
if toAcct == nil {
|
if toAcct == nil {
|
||||||
return errors.New("account does not have contract create permissions")
|
return errors.New("account does not have contract create permissions")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
case types.FullAccess, types.ContractDeploy:
|
||||||
|
return nil
|
||||||
|
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -168,6 +168,7 @@ func NewAcctCache() *AcctCache {
|
||||||
var syncStarted = false
|
var syncStarted = false
|
||||||
|
|
||||||
var DefaultAccess = FullAccess
|
var DefaultAccess = FullAccess
|
||||||
|
var QIP714BlockReached = false
|
||||||
var networkAdminRole string
|
var networkAdminRole string
|
||||||
var orgAdminRole string
|
var orgAdminRole string
|
||||||
|
|
||||||
|
@ -190,10 +191,15 @@ func GetSyncStatus() bool {
|
||||||
return syncStarted
|
return syncStarted
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// sets the default access to Readonly upon QIP714Blokc
|
||||||
|
func SetDefaultAccess(){
|
||||||
|
DefaultAccess = ReadOnly
|
||||||
|
QIP714BlockReached = true
|
||||||
|
}
|
||||||
|
|
||||||
// sets default access to readonly and initializes the values for
|
// sets default access to readonly and initializes the values for
|
||||||
// network admin role and org admin role
|
// network admin role and org admin role
|
||||||
func SetDefaults(nwRoleId, oaRoleId string) {
|
func SetDefaults(nwRoleId, oaRoleId string) {
|
||||||
DefaultAccess = ReadOnly
|
|
||||||
networkAdminRole = nwRoleId
|
networkAdminRole = nwRoleId
|
||||||
orgAdminRole = oaRoleId
|
orgAdminRole = oaRoleId
|
||||||
}
|
}
|
||||||
|
@ -377,12 +383,12 @@ func GetAcctAccess(acctId common.Address) AccessType {
|
||||||
return DefaultAccess
|
return DefaultAccess
|
||||||
}
|
}
|
||||||
|
|
||||||
func ValidateNodeForTxn(enodeId string, from common.Address) bool {
|
func ValidateNodeForTxn(hexnodeId string, from common.Address) bool {
|
||||||
if enodeId == "" {
|
if !QIP714BlockReached || hexnodeId == ""{
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
passedEnodeId, err := enode.ParseV4(enodeId)
|
passedEnodeId, err := enode.ParseV4(hexnodeId)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -132,19 +132,19 @@ var (
|
||||||
//
|
//
|
||||||
// This configuration is intentionally not using keyed fields to force anyone
|
// This configuration is intentionally not using keyed fields to force anyone
|
||||||
// adding flags to the config to also have to set these fields.
|
// adding flags to the config to also have to set these fields.
|
||||||
AllEthashProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 50}
|
AllEthashProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 50, big.NewInt(0)}
|
||||||
|
|
||||||
// AllCliqueProtocolChanges contains every protocol change (EIPs) introduced
|
// AllCliqueProtocolChanges contains every protocol change (EIPs) introduced
|
||||||
// and accepted by the Ethereum core developers into the Clique consensus.
|
// and accepted by the Ethereum core developers into the Clique consensus.
|
||||||
//
|
//
|
||||||
// This configuration is intentionally not using keyed fields to force anyone
|
// This configuration is intentionally not using keyed fields to force anyone
|
||||||
// adding flags to the config to also have to set these fields.
|
// adding flags to the config to also have to set these fields.
|
||||||
AllCliqueProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, nil, &CliqueConfig{Period: 0, Epoch: 30000}, nil, false, 32, 32}
|
AllCliqueProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, nil, &CliqueConfig{Period: 0, Epoch: 30000}, nil, false, 32, 32, big.NewInt(0)}
|
||||||
|
|
||||||
TestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 32}
|
TestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 32, big.NewInt(0)}
|
||||||
TestRules = TestChainConfig.Rules(new(big.Int))
|
TestRules = TestChainConfig.Rules(new(big.Int))
|
||||||
|
|
||||||
QuorumTestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, nil, common.Hash{}, nil, nil, nil, nil, nil, new(EthashConfig), nil, nil, true, 64, 32}
|
QuorumTestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, nil, common.Hash{}, nil, nil, nil, nil, nil, new(EthashConfig), nil, nil, true, 64, 32, big.NewInt(0)}
|
||||||
)
|
)
|
||||||
|
|
||||||
// TrustedCheckpoint represents a set of post-processed trie roots (CHT and
|
// TrustedCheckpoint represents a set of post-processed trie roots (CHT and
|
||||||
|
@ -191,6 +191,10 @@ type ChainConfig struct {
|
||||||
IsQuorum bool `json:"isQuorum"`
|
IsQuorum bool `json:"isQuorum"`
|
||||||
TransactionSizeLimit uint64 `json:"txnSizeLimit"`
|
TransactionSizeLimit uint64 `json:"txnSizeLimit"`
|
||||||
MaxCodeSize uint64 `json:"maxCodeSize"`
|
MaxCodeSize uint64 `json:"maxCodeSize"`
|
||||||
|
// Quorum
|
||||||
|
//
|
||||||
|
// QIP714Block implements the permissions related changes
|
||||||
|
QIP714Block *big.Int `json:"qip714Block,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// EthashConfig is the consensus engine configs for proof-of-work based sealing.
|
// EthashConfig is the consensus engine configs for proof-of-work based sealing.
|
||||||
|
@ -304,6 +308,13 @@ func (c *ChainConfig) IsEWASM(num *big.Int) bool {
|
||||||
return isForked(c.EWASMBlock, num)
|
return isForked(c.EWASMBlock, num)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Quorum
|
||||||
|
//
|
||||||
|
// IsQIP714 returns whether num represents a block number where permissions is enabled
|
||||||
|
func (c *ChainConfig) IsQIP714(num *big.Int) bool {
|
||||||
|
return isForked(c.QIP714Block, num)
|
||||||
|
}
|
||||||
|
|
||||||
// GasTable returns the gas table corresponding to the current phase (homestead or homestead reprice).
|
// GasTable returns the gas table corresponding to the current phase (homestead or homestead reprice).
|
||||||
//
|
//
|
||||||
// The returned GasTable's fields shouldn't, under any circumstances, be changed.
|
// The returned GasTable's fields shouldn't, under any circumstances, be changed.
|
||||||
|
@ -375,6 +386,9 @@ func (c *ChainConfig) checkCompatible(newcfg *ChainConfig, head *big.Int, isQuor
|
||||||
if isForkIncompatible(c.EWASMBlock, newcfg.EWASMBlock, head) {
|
if isForkIncompatible(c.EWASMBlock, newcfg.EWASMBlock, head) {
|
||||||
return newCompatError("ewasm fork block", c.EWASMBlock, newcfg.EWASMBlock)
|
return newCompatError("ewasm fork block", c.EWASMBlock, newcfg.EWASMBlock)
|
||||||
}
|
}
|
||||||
|
if isForkIncompatible(c.QIP714Block, newcfg.QIP714Block, head) {
|
||||||
|
return newCompatError("permissions fork block", c.QIP714Block, newcfg.QIP714Block)
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/ethereum/go-ethereum/core"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"math/big"
|
"math/big"
|
||||||
"os"
|
"os"
|
||||||
|
@ -181,6 +182,7 @@ func (p *PermissionCtrl) AfterStart() error {
|
||||||
types.SetDefaults(p.permConfig.NwAdminRole, p.permConfig.OrgAdminRole)
|
types.SetDefaults(p.permConfig.NwAdminRole, p.permConfig.OrgAdminRole)
|
||||||
|
|
||||||
for _, f := range []func() error{
|
for _, f := range []func() error{
|
||||||
|
p.monitorQIP714Block, // monitor block number to activate new permissions controls
|
||||||
p.manageOrgPermissions, // monitor org management related events
|
p.manageOrgPermissions, // monitor org management related events
|
||||||
p.manageNodePermissions, // monitor org level node management events
|
p.manageNodePermissions, // monitor org level node management events
|
||||||
p.manageRolePermissions, // monitor org level role management events
|
p.manageRolePermissions, // monitor org level role management events
|
||||||
|
@ -275,6 +277,37 @@ func (p *PermissionCtrl) Stop() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// monitors org management related events happening via smart contracts
|
||||||
|
// and updates cache accordingly
|
||||||
|
func (p *PermissionCtrl) monitorQIP714Block() error {
|
||||||
|
// if QIP714block is not given, set the default access
|
||||||
|
// to readonly
|
||||||
|
if p.eth.ChainConfig().QIP714Block == nil {
|
||||||
|
types.SetDefaultAccess()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
//QIP714block is given, monitor block count
|
||||||
|
go func() {
|
||||||
|
chainHeadCh := make(chan core.ChainHeadEvent, 1)
|
||||||
|
headSub := p.eth.BlockChain().SubscribeChainHeadEvent(chainHeadCh)
|
||||||
|
defer headSub.Unsubscribe()
|
||||||
|
stopChan, stopSubscription := p.subscribeStopEvent()
|
||||||
|
defer stopSubscription.Unsubscribe()
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case head := <-chainHeadCh:
|
||||||
|
if p.eth.ChainConfig().IsQIP714(head.Block.Number()) {
|
||||||
|
types.SetDefaultAccess()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
case <-stopChan:
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// monitors org management related events happening via smart contracts
|
// monitors org management related events happening via smart contracts
|
||||||
// and updates cache accordingly
|
// and updates cache accordingly
|
||||||
func (p *PermissionCtrl) manageOrgPermissions() error {
|
func (p *PermissionCtrl) manageOrgPermissions() error {
|
||||||
|
|
Loading…
Reference in New Issue