From e4c9657ab991d8289c694638bed40ad85d80da9d Mon Sep 17 00:00:00 2001 From: David Rowe Date: Thu, 23 Jul 2020 16:08:09 +1200 Subject: [PATCH 1/5] Initial auxiliary groups code --- domain-server/src/DomainGatekeeper.cpp | 50 +++++++++++++++++++--- domain-server/src/DomainGatekeeper.h | 3 +- libraries/networking/src/NodePermissions.h | 7 +++ 3 files changed, 53 insertions(+), 7 deletions(-) diff --git a/domain-server/src/DomainGatekeeper.cpp b/domain-server/src/DomainGatekeeper.cpp index 09a0446468..59a17d3ba9 100644 --- a/domain-server/src/DomainGatekeeper.cpp +++ b/domain-server/src/DomainGatekeeper.cpp @@ -142,8 +142,11 @@ void DomainGatekeeper::processConnectRequestPacket(QSharedPointer_settingsManager.getAllKnownGroupNames().contains(group)) { + userPerms |= _server->_settingsManager.getPermissionsForGroup(group, QUuid()); +//#ifdef WANT_DEBUG + qDebug() << "| user-permissions: auxiliary user " << verifiedAuxliaryUsername << "is in group:" << group << "so:" << userPerms; +//#endif + + } + } + + userPerms.setVerifiedAuxiliaryUserName(verifiedAuxliaryUsername); + userPerms.setVerifiedAuxiliaryUserGroups(verifiedAuxiliaryUserGroups); + } + if (verifiedUsername.isEmpty()) { userPerms |= _server->_settingsManager.getStandardPermissionsForName(NodePermissions::standardNameAnonymous); #ifdef WANT_DEBUG @@ -275,6 +295,8 @@ void DomainGatekeeper::updateNodePermissions() { // the id and the username in NodePermissions will often be the same, but id is set before // authentication and verifiedUsername is only set once they user's key has been confirmed. QString verifiedUsername = node->getPermissions().getVerifiedUserName(); + QString verifiedAuxiliaryUsername = node->getPermissions().getVerifiedAuxiliaryUserName(); + QStringList verifiedAuxiliaryUserGroups = node->getPermissions().getVerifiedAuxiliaryUserGroups(); NodePermissions userPerms(NodePermissionsKey(verifiedUsername, 0)); if (node->getPermissions().isAssignment) { @@ -309,7 +331,9 @@ void DomainGatekeeper::updateNodePermissions() { sendingAddress == QHostAddress::LocalHost); } - userPerms = setPermissionsForUser(isLocalUser, verifiedUsername, connectingAddr.getAddress(), hardwareAddress, machineFingerprint); + userPerms = setPermissionsForUser(isLocalUser, verifiedUsername, verifiedAuxiliaryUsername, + verifiedAuxiliaryUserGroups, connectingAddr.getAddress(), + hardwareAddress, machineFingerprint); } node->setPermissions(userPerms); @@ -434,8 +458,22 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect } } - userPerms = setPermissionsForUser(isLocalUser, verifiedUsername, nodeConnection.senderSockAddr.getAddress(), - nodeConnection.hardwareAddress, nodeConnection.machineFingerprint); + // Auxiliary user name and groups may be provided by an external authentication service. + // This is enabled in the server settings by ... #######: TODO: What server name or tag to set in the server's settings? + QString verifiedAuxiliaryUsername; + QStringList verifiedAuxiliaryUserGroups; + + // #######: TODO: Obtain auxiliary login's user name and auxiliary groups if server tags indicate that this is required. + // May already have auxiliary login's user name, in which case groups should probably be re-obtained to + // ensure that they're up to date. + + // #######: TODO: Delete this development code. + verifiedAuxiliaryUsername = "a@b.c"; + verifiedAuxiliaryUserGroups = QString("test-group").toLower().split(" "); + + userPerms = setPermissionsForUser(isLocalUser, verifiedUsername, verifiedAuxiliaryUsername, verifiedAuxiliaryUserGroups, + nodeConnection.senderSockAddr.getAddress(), nodeConnection.hardwareAddress, + nodeConnection.machineFingerprint); if (!userPerms.can(NodePermissions::Permission::canConnectToDomain)) { sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.", @@ -1029,7 +1067,7 @@ void DomainGatekeeper::refreshGroupsCache() { updateNodePermissions(); -#if WANT_DEBUG +#ifdef WANT_DEBUG _server->_settingsManager.debugDumpGroupsState(); #endif } diff --git a/domain-server/src/DomainGatekeeper.h b/domain-server/src/DomainGatekeeper.h index 92b400882e..0fb9a8e36a 100644 --- a/domain-server/src/DomainGatekeeper.h +++ b/domain-server/src/DomainGatekeeper.h @@ -120,7 +120,8 @@ private: QSet _domainOwnerFriends; // keep track of friends of the domain owner QSet _inFlightGroupMembershipsRequests; // keep track of which we've already asked for - NodePermissions setPermissionsForUser(bool isLocalUser, QString verifiedUsername, const QHostAddress& senderAddress, + NodePermissions setPermissionsForUser(bool isLocalUser, QString verifiedUsername, QString verifiedAuxliaryUsername, + QStringList verifiedAuxiliaryUserGroups, const QHostAddress& senderAddress, const QString& hardwareAddress, const QUuid& machineFingerprint); void getGroupMemberships(const QString& username); diff --git a/libraries/networking/src/NodePermissions.h b/libraries/networking/src/NodePermissions.h index 583c1b29ac..ebbe2104c7 100644 --- a/libraries/networking/src/NodePermissions.h +++ b/libraries/networking/src/NodePermissions.h @@ -51,6 +51,11 @@ public: void setVerifiedUserName(QString userName) { _verifiedUserName = userName.toLower(); } const QString& getVerifiedUserName() const { return _verifiedUserName; } + void setVerifiedAuxiliaryUserName(QString userName) { _verifiedAuxiliaryUserName = userName.toLower(); } + const QString& getVerifiedAuxiliaryUserName() const { return _verifiedAuxiliaryUserName; } + void setVerifiedAuxiliaryUserGroups(QStringList userGroups) { _verifiedAuxiliaryUserGroups = userGroups; } + const QStringList& getVerifiedAuxiliaryUserGroups() const { return _verifiedAuxiliaryUserGroups; } + void setGroupID(QUuid groupID) { _groupID = groupID; if (!groupID.isNull()) { _groupIDSet = true; }} QUuid getGroupID() const { return _groupID; } bool isGroup() const { return _groupIDSet; } @@ -99,6 +104,8 @@ protected: QString _id; QUuid _rankID { QUuid() }; // 0 unless this is for a group QString _verifiedUserName; + QString _verifiedAuxiliaryUserName; + QStringList _verifiedAuxiliaryUserGroups; bool _groupIDSet { false }; QUuid _groupID; From 07504232a9cb3ec29905f579b9dcdc7637c06bd5 Mon Sep 17 00:00:00 2001 From: David Rowe Date: Fri, 24 Jul 2020 08:43:40 +1200 Subject: [PATCH 2/5] Move new connection refused reason to end to maintain compatability --- libraries/networking/src/DomainHandler.h | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libraries/networking/src/DomainHandler.h b/libraries/networking/src/DomainHandler.h index 1f97327ab0..3bfd742d3a 100644 --- a/libraries/networking/src/DomainHandler.h +++ b/libraries/networking/src/DomainHandler.h @@ -177,9 +177,9 @@ public: * You could not be logged into the domain. * * - * NotAuthorized + * NotAuthorizedMetaverse * 3 - * You are not authorized to connect to the domain. + * You are not authorized to connect to the domain per your metaverse login. * * * TooManyUsers @@ -191,6 +191,11 @@ public: * 5 * Connecting to the domain timed out. * + * + * NotAuthorizedDomain + * 6 + * You are not authorized to connect to the domain per your domain login. + * * * * @typedef {number} Window.ConnectionRefusedReason @@ -200,9 +205,9 @@ public: ProtocolMismatch, LoginError, NotAuthorizedMetaverse, - NotAuthorizedDomain, TooManyUsers, - TimedOut + TimedOut, + NotAuthorizedDomain }; public slots: From 2e9355da587ea1baa44c1e6f3ce9b7dcd4ffaf08 Mon Sep 17 00:00:00 2001 From: David Rowe Date: Fri, 24 Jul 2020 11:13:41 +1200 Subject: [PATCH 3/5] Distinguish not logged into metaverse vs domain --- domain-server/src/DomainGatekeeper.cpp | 10 +++++----- libraries/networking/src/DomainHandler.cpp | 4 ++-- libraries/networking/src/DomainHandler.h | 12 +++++++++--- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/domain-server/src/DomainGatekeeper.cpp b/domain-server/src/DomainGatekeeper.cpp index 0ec39c10fa..21a308c793 100644 --- a/domain-server/src/DomainGatekeeper.cpp +++ b/domain-server/src/DomainGatekeeper.cpp @@ -600,15 +600,15 @@ bool DomainGatekeeper::verifyUserSignature(const QString& username, return true; } else { - // we only send back a LoginError if this wasn't an "optimistic" key + // we only send back a LoginErrorMetaverse if this wasn't an "optimistic" key // (a key that we hoped would work but is probably stale) if (!senderSockAddr.isNull() && !isOptimisticKey) { - qDebug() << "Error decrypting username signature for" << username << "- denying connection."; + qDebug() << "Error decrypting metaverse username signature for" << username << "- denying connection."; sendConnectionDeniedPacket("Error decrypting username signature.", senderSockAddr, - DomainHandler::ConnectionRefusedReason::LoginError); + DomainHandler::ConnectionRefusedReason::LoginErrorMetaverse); } else if (!senderSockAddr.isNull()) { - qDebug() << "Error decrypting username signature for" << username << "with optimisitic key -" + qDebug() << "Error decrypting metaverse username signature for" << username << "with optimistic key -" << "re-requesting public key and delaying connection"; } @@ -622,7 +622,7 @@ bool DomainGatekeeper::verifyUserSignature(const QString& username, if (!senderSockAddr.isNull()) { qDebug() << "Couldn't convert data to RSA key for" << username << "- denying connection."; sendConnectionDeniedPacket("Couldn't convert data to RSA key.", senderSockAddr, - DomainHandler::ConnectionRefusedReason::LoginError); + DomainHandler::ConnectionRefusedReason::LoginErrorMetaverse); } } } else { diff --git a/libraries/networking/src/DomainHandler.cpp b/libraries/networking/src/DomainHandler.cpp index cd6af03e47..1ad371721f 100644 --- a/libraries/networking/src/DomainHandler.cpp +++ b/libraries/networking/src/DomainHandler.cpp @@ -492,7 +492,7 @@ void DomainHandler::processICEResponsePacket(QSharedPointer mes bool DomainHandler::reasonSuggestsMetaverseLogin(ConnectionRefusedReason reasonCode) { switch (reasonCode) { - case ConnectionRefusedReason::LoginError: + case ConnectionRefusedReason::LoginErrorMetaverse: case ConnectionRefusedReason::NotAuthorizedMetaverse: return true; @@ -507,7 +507,7 @@ bool DomainHandler::reasonSuggestsMetaverseLogin(ConnectionRefusedReason reasonC bool DomainHandler::reasonSuggestsDomainLogin(ConnectionRefusedReason reasonCode) { switch (reasonCode) { - case ConnectionRefusedReason::LoginError: + case ConnectionRefusedReason::LoginErrorDomain: case ConnectionRefusedReason::NotAuthorizedDomain: return true; diff --git a/libraries/networking/src/DomainHandler.h b/libraries/networking/src/DomainHandler.h index 3bfd742d3a..5bbaac18c5 100644 --- a/libraries/networking/src/DomainHandler.h +++ b/libraries/networking/src/DomainHandler.h @@ -172,9 +172,9 @@ public: * The communications protocols of the domain and your Interface are not the same. * * - * LoginError + * LoginErrorMetaverse * 2 - * You could not be logged into the domain. + * You could not be logged into the domain per your metaverse login. * * * NotAuthorizedMetaverse @@ -192,6 +192,11 @@ public: * Connecting to the domain timed out. * * + * LoginErrorDomain + * 2 + * You could not be logged into the domain per your domain login. + * + * * NotAuthorizedDomain * 6 * You are not authorized to connect to the domain per your domain login. @@ -203,10 +208,11 @@ public: enum class ConnectionRefusedReason : uint8_t { Unknown, ProtocolMismatch, - LoginError, + LoginErrorMetaverse, NotAuthorizedMetaverse, TooManyUsers, TimedOut, + LoginErrorDomain, NotAuthorizedDomain }; From 6d310eb999ed32b6c853f41545c8d8771bbe2199 Mon Sep 17 00:00:00 2001 From: David Rowe Date: Fri, 24 Jul 2020 21:22:00 +1200 Subject: [PATCH 4/5] Generate "NotAuthorizedDomain" condition --- domain-server/src/DomainGatekeeper.cpp | 105 ++++++++++++++++++++----- domain-server/src/DomainGatekeeper.h | 10 ++- libraries/networking/src/NodeList.cpp | 16 ++++ 3 files changed, 112 insertions(+), 19 deletions(-) diff --git a/domain-server/src/DomainGatekeeper.cpp b/domain-server/src/DomainGatekeeper.cpp index 93e5ece0f6..9766307f5e 100644 --- a/domain-server/src/DomainGatekeeper.cpp +++ b/domain-server/src/DomainGatekeeper.cpp @@ -89,10 +89,12 @@ void DomainGatekeeper::processConnectRequestPacket(QSharedPointersecond); } else if (!STATICALLY_ASSIGNED_NODES.contains(nodeConnection.nodeType)) { QByteArray usernameSignature; + QByteArray domainUsernameSignature; if (message->getBytesLeftToRead() > 0) { // read username from packet @@ -101,10 +103,20 @@ void DomainGatekeeper::processConnectRequestPacket(QSharedPointergetBytesLeftToRead() > 0) { // read user signature from packet packetStream >> usernameSignature; + + if (message->getBytesLeftToRead() > 0) { + // Read domain username from packet. + packetStream >> domainUsername; + + if (message->getBytesLeftToRead() > 0) { + // Read domain signature from packet. + packetStream >> domainUsernameSignature; + } + } } } - node = processAgentConnectRequest(nodeConnection, username, usernameSignature); + node = processAgentConnectRequest(nodeConnection, username, usernameSignature, domainUsername, domainUsernameSignature); } if (node) { @@ -416,7 +428,9 @@ const QString MAXIMUM_USER_CAPACITY_REDIRECT_LOCATION = "security.maximum_user_c SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnectionData& nodeConnection, const QString& username, - const QByteArray& usernameSignature) { + const QByteArray& usernameSignature, + const QString& domainUsername, + const QByteArray& domainUsernameSignature) { auto limitedNodeList = DependencyManager::get(); @@ -443,7 +457,9 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect #ifdef WANT_DEBUG qDebug() << "stalling login because we have no username-signature:" << username; #endif - return SharedNodePointer(); + if (!domainHasLogin() || domainUsername.isEmpty()) { + return SharedNodePointer(); + } } else if (verifyUserSignature(username, usernameSignature, nodeConnection.senderSockAddr)) { // they sent us a username and the signature verifies it getGroupMemberships(username); @@ -451,6 +467,41 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect } else { // they sent us a username, but it didn't check out requestUserPublicKey(username); +#ifdef WANT_DEBUG + qDebug() << "stalling login because signature verification failed:" << username; +#endif + if (!domainHasLogin() || domainUsername.isEmpty()) { + return SharedNodePointer(); + } + } + } + + // The domain may have its own users and groups. + QString verifiedDomainUsername; + QStringList verifiedDomainUserGroups; + if (domainHasLogin() && !domainUsername.isEmpty()) { + if (domainUsernameSignature.isEmpty()) { + // User is attempting to prove their domain identity. + + // ####### TODO: OAuth2 corollary of metaverse code, above. + + return SharedNodePointer(); + } else if (verifyDomainUserSignature(domainUsername, domainUsernameSignature, nodeConnection.senderSockAddr)) { + // User's domain identity is confirmed. + + // ####### TODO: Get user's domain group memberships (WordPress roles) from domain. + // This may already be provided at the same time as the "verify" call to the domain API. + // If it isn't, need to initiate getting them then handle their receipt along the lines of the + // metaverse code, above. + verifiedDomainUserGroups = QString("test-group").toLower().split(" "); + + verifiedDomainUsername = domainUsername.toLower(); + + } else { + // User's identity didn't check out. + + // ####### TODO: OAuth2 corollary of metaverse code, above. + #ifdef WANT_DEBUG qDebug() << "stalling login because signature verification failed:" << username; #endif @@ -458,26 +509,18 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect } } - // Auxiliary user name and groups may be provided by an external authentication service. - // This is enabled in the server settings by ... #######: TODO: What server name or tag to set in the server's settings? - QString verifiedAuxiliaryUsername; - QStringList verifiedAuxiliaryUserGroups; - - // #######: TODO: Obtain auxiliary login's user name and auxiliary groups if server tags indicate that this is required. - // May already have auxiliary login's user name, in which case groups should probably be re-obtained to - // ensure that they're up to date. - - // #######: TODO: Delete this development code. - verifiedAuxiliaryUsername = "a@b.c"; - verifiedAuxiliaryUserGroups = QString("test-group").toLower().split(" "); - - userPerms = setPermissionsForUser(isLocalUser, verifiedUsername, verifiedAuxiliaryUsername, verifiedAuxiliaryUserGroups, + userPerms = setPermissionsForUser(isLocalUser, verifiedUsername, verifiedDomainUsername, verifiedDomainUserGroups, nodeConnection.senderSockAddr.getAddress(), nodeConnection.hardwareAddress, nodeConnection.machineFingerprint); if (!userPerms.can(NodePermissions::Permission::canConnectToDomain)) { - sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.", + if (domainHasLogin() && !domainUsername.isEmpty()) { + sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.", + nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::NotAuthorizedDomain); + } else { + sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.", nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::NotAuthorizedMetaverse); + } #ifdef WANT_DEBUG qDebug() << "stalling login due to permissions:" << username; #endif @@ -673,6 +716,21 @@ bool DomainGatekeeper::verifyUserSignature(const QString& username, return false; } +bool DomainGatekeeper::verifyDomainUserSignature(const QString& domainUsername, + const QByteArray& domainUsernameSignature, + const HifiSockAddr& senderSockAddr) { + + // ####### TODO: Verify via domain OAuth2. + bool success = true; + if (success) { + return true; + } + + sendConnectionDeniedPacket("Error decrypting domain username signature.", senderSockAddr, + DomainHandler::ConnectionRefusedReason::LoginErrorDomain); + return false; +} + bool DomainGatekeeper::isWithinMaxCapacity() { // find out what our maximum capacity is QVariant maximumUserCapacityVariant = @@ -1072,6 +1130,17 @@ void DomainGatekeeper::refreshGroupsCache() { #endif } +bool DomainGatekeeper::domainHasLogin() { + // The domain may have its own users and groups. This is enabled in the server settings by ... + // ####### TODO: Use a particular string in the server name or set a particular tag in the server's settings? + // Or add a new server setting? + + // ####### TODO: Also configure URL for getting user's group memberships, in the server's settings? + + // ####### TODO + return true; +} + void DomainGatekeeper::initLocalIDManagement() { std::uniform_int_distribution sixteenBitRand; std::random_device randomDevice; diff --git a/domain-server/src/DomainGatekeeper.h b/domain-server/src/DomainGatekeeper.h index 0fb9a8e36a..ac80a10301 100644 --- a/domain-server/src/DomainGatekeeper.h +++ b/domain-server/src/DomainGatekeeper.h @@ -76,11 +76,17 @@ private: const PendingAssignedNodeData& pendingAssignment); SharedNodePointer processAgentConnectRequest(const NodeConnectionData& nodeConnection, const QString& username, - const QByteArray& usernameSignature); + const QByteArray& usernameSignature, + const QString& domainUsername, + const QByteArray& domainUsernameSignature); SharedNodePointer addVerifiedNodeFromConnectRequest(const NodeConnectionData& nodeConnection); bool verifyUserSignature(const QString& username, const QByteArray& usernameSignature, const HifiSockAddr& senderSockAddr); + + bool verifyDomainUserSignature(const QString& domainUsername, const QByteArray& domainUsernameSignature, + const HifiSockAddr& senderSockAddr); + bool isWithinMaxCapacity(); bool shouldAllowConnectionFromNode(const QString& username, const QByteArray& usernameSignature, @@ -128,6 +134,8 @@ private: // void getIsGroupMember(const QString& username, const QUuid groupID); void getDomainOwnerFriendsList(); + bool domainHasLogin(); + // Local ID management. void initLocalIDManagement(); using UUIDToLocalID = std::unordered_map ; diff --git a/libraries/networking/src/NodeList.cpp b/libraries/networking/src/NodeList.cpp index 2c584b1c48..977d2e2dfe 100644 --- a/libraries/networking/src/NodeList.cpp +++ b/libraries/networking/src/NodeList.cpp @@ -474,6 +474,22 @@ void NodeList::sendDomainServerCheckIn() { if (requiresUsernameSignature && accountManager->getAccountInfo().hasPrivateKey()) { const QByteArray& usernameSignature = accountManager->getAccountInfo().getUsernameSignature(connectionToken); packetStream << usernameSignature; + } else { + packetStream << QString(""); // Placeholder in case have domainUsername. + } + } else { + packetStream << QString(""); // Placeholder in case have domainUsername. + } + + // ####### TODO: Send domain username and signature if domain has these and aren't logged in. + // ####### If get into difficulties, could perhaps send domain's username and signature instead of metaverse. + bool domainLoginIsConnected = false; + if (!domainLoginIsConnected) { + if (true) { + packetStream << QString("a@b.c"); + if (true) { + packetStream << QString("signature"); + } } } From 0b667e34a2f30f12646f209107f30062022a4e88 Mon Sep 17 00:00:00 2001 From: David Rowe Date: Fri, 24 Jul 2020 22:02:23 +1200 Subject: [PATCH 5/5] Regularize naming --- domain-server/src/DomainGatekeeper.cpp | 22 +++++++++++----------- domain-server/src/DomainGatekeeper.h | 4 ++-- libraries/networking/src/NodeList.cpp | 1 + libraries/networking/src/NodePermissions.h | 12 ++++++------ 4 files changed, 20 insertions(+), 19 deletions(-) diff --git a/domain-server/src/DomainGatekeeper.cpp b/domain-server/src/DomainGatekeeper.cpp index 9766307f5e..ea7f0d2d91 100644 --- a/domain-server/src/DomainGatekeeper.cpp +++ b/domain-server/src/DomainGatekeeper.cpp @@ -155,8 +155,8 @@ void DomainGatekeeper::processConnectRequestPacket(QSharedPointer_settingsManager.getAllKnownGroupNames().contains(group)) { userPerms |= _server->_settingsManager.getPermissionsForGroup(group, QUuid()); //#ifdef WANT_DEBUG - qDebug() << "| user-permissions: auxiliary user " << verifiedAuxliaryUsername << "is in group:" << group << "so:" << userPerms; + qDebug() << "| user-permissions: domain user " << verifiedDomainUserName << "is in group:" << group << "so:" << userPerms; //#endif } } - userPerms.setVerifiedAuxiliaryUserName(verifiedAuxliaryUsername); - userPerms.setVerifiedAuxiliaryUserGroups(verifiedAuxiliaryUserGroups); + userPerms.setVerifiedDomainUserName(verifiedDomainUserName); + userPerms.setVerifiedDomainUserGroups(verifiedDomainUserGroups); } if (verifiedUsername.isEmpty()) { @@ -307,8 +307,8 @@ void DomainGatekeeper::updateNodePermissions() { // the id and the username in NodePermissions will often be the same, but id is set before // authentication and verifiedUsername is only set once they user's key has been confirmed. QString verifiedUsername = node->getPermissions().getVerifiedUserName(); - QString verifiedAuxiliaryUsername = node->getPermissions().getVerifiedAuxiliaryUserName(); - QStringList verifiedAuxiliaryUserGroups = node->getPermissions().getVerifiedAuxiliaryUserGroups(); + QString verifiedDomainUserName = node->getPermissions().getVerifiedDomainUserName(); + QStringList verifiedDomainUserGroups = node->getPermissions().getVerifiedDomainUserGroups(); NodePermissions userPerms(NodePermissionsKey(verifiedUsername, 0)); if (node->getPermissions().isAssignment) { @@ -343,8 +343,8 @@ void DomainGatekeeper::updateNodePermissions() { sendingAddress == QHostAddress::LocalHost); } - userPerms = setPermissionsForUser(isLocalUser, verifiedUsername, verifiedAuxiliaryUsername, - verifiedAuxiliaryUserGroups, connectingAddr.getAddress(), + userPerms = setPermissionsForUser(isLocalUser, verifiedUsername, verifiedDomainUserName, + verifiedDomainUserGroups, connectingAddr.getAddress(), hardwareAddress, machineFingerprint); } diff --git a/domain-server/src/DomainGatekeeper.h b/domain-server/src/DomainGatekeeper.h index ac80a10301..fcf8e5aede 100644 --- a/domain-server/src/DomainGatekeeper.h +++ b/domain-server/src/DomainGatekeeper.h @@ -126,8 +126,8 @@ private: QSet _domainOwnerFriends; // keep track of friends of the domain owner QSet _inFlightGroupMembershipsRequests; // keep track of which we've already asked for - NodePermissions setPermissionsForUser(bool isLocalUser, QString verifiedUsername, QString verifiedAuxliaryUsername, - QStringList verifiedAuxiliaryUserGroups, const QHostAddress& senderAddress, + NodePermissions setPermissionsForUser(bool isLocalUser, QString verifiedUsername, QString verifiedDomainUsername, + QStringList verifiedDomainUserGroups, const QHostAddress& senderAddress, const QString& hardwareAddress, const QUuid& machineFingerprint); void getGroupMemberships(const QString& username); diff --git a/libraries/networking/src/NodeList.cpp b/libraries/networking/src/NodeList.cpp index 977d2e2dfe..63c2e9c902 100644 --- a/libraries/networking/src/NodeList.cpp +++ b/libraries/networking/src/NodeList.cpp @@ -379,6 +379,7 @@ void NodeList::sendDomainServerCheckIn() { if (domainPacketType == PacketType::DomainConnectRequest) { #if (PR_BUILD || DEV_BUILD) + // ####### if (_shouldSendNewerVersion) { domainPacket->setVersion(versionForPacketType(domainPacketType) + 1); } diff --git a/libraries/networking/src/NodePermissions.h b/libraries/networking/src/NodePermissions.h index ebbe2104c7..2b681eb7ee 100644 --- a/libraries/networking/src/NodePermissions.h +++ b/libraries/networking/src/NodePermissions.h @@ -51,10 +51,10 @@ public: void setVerifiedUserName(QString userName) { _verifiedUserName = userName.toLower(); } const QString& getVerifiedUserName() const { return _verifiedUserName; } - void setVerifiedAuxiliaryUserName(QString userName) { _verifiedAuxiliaryUserName = userName.toLower(); } - const QString& getVerifiedAuxiliaryUserName() const { return _verifiedAuxiliaryUserName; } - void setVerifiedAuxiliaryUserGroups(QStringList userGroups) { _verifiedAuxiliaryUserGroups = userGroups; } - const QStringList& getVerifiedAuxiliaryUserGroups() const { return _verifiedAuxiliaryUserGroups; } + void setVerifiedDomainUserName(QString userName) { _verifiedDomainUserName = userName.toLower(); } + const QString& getVerifiedDomainUserName() const { return _verifiedDomainUserName; } + void setVerifiedDomainUserGroups(QStringList userGroups) { _verifiedDomainUserGroups = userGroups; } + const QStringList& getVerifiedDomainUserGroups() const { return _verifiedDomainUserGroups; } void setGroupID(QUuid groupID) { _groupID = groupID; if (!groupID.isNull()) { _groupIDSet = true; }} QUuid getGroupID() const { return _groupID; } @@ -104,8 +104,8 @@ protected: QString _id; QUuid _rankID { QUuid() }; // 0 unless this is for a group QString _verifiedUserName; - QString _verifiedAuxiliaryUserName; - QStringList _verifiedAuxiliaryUserGroups; + QString _verifiedDomainUserName; + QStringList _verifiedDomainUserGroups; bool _groupIDSet { false }; QUuid _groupID;