-
Notifications
You must be signed in to change notification settings - Fork 3.8k
Advanced Permission Hierarchy #7
Comments
My attempt at describing this system: Accounts define a hierarchy of Authority Levels, which are simply named nodes on a tree which always has Owner->Active at the root. Here's an example authority hierarchy for an account used for trading on exchanges:
In the above hierarchy, a parent is able to do everything its children/grandchildren can do. Each node in the tree is an Authority structure, which has a threshhold of required approval weight, and a map of either keys to weight (such that a signature from that key conveys that much weight toward the threshold) or of an account-and-AuthorityLevel pair to weight (such that sufficient signatures to satisfy the specified Authority, or one of its parents, conveys that much weight toward the threshold). If enough weight is garnered to meet or exceed the threshold, the Authority is satisfied. In essence, the entire Authority Levels system is a way of defining which combination of keys convey what named levels of authority, but so far we haven't tied the named authorities to the actions they authorize, except for owner/active, which are used by core blockchain logic. Independently of these Authority Levels, accounts define a separate hierarchy of Permissions. For this, we can taken Dan's example of an account implementing an exchange smart contract:
Each node in the Permissions tree corresponds to a set of contract handlers, with the leaves often corresponding directly with handlers of a particular message type. Ultimately, the flat list of message types are all that is here; the hierarchy of permissions is just a categorization/grouping technique based on the observation that, frequently, permission to invoke several message types is granted all at once, so it may be convenient to group those types under a single name so they can all be granted at once. Finally, to establish the links between the Authority Levels and the Permissions, accounts specify pairings of their own Authority Levels to some account's Permissions. For instance, the account with the Authority Levels we mentioned earlier would probably create a link connecting his With these links defined, the account's @bytemaster Please review this for accuracy |
To reiterate: A node in the the Authority Levels tree is an Authority object, which specifies (more or less) which keys must sign to convey its authority level. A node in the Permissions tree is a set/group of message types, given a convenient name. This group-naming is specified by the account which provides/hosts the smart contract that evaluates messages of those types. This categorization does nothing to restrict privileges on its own; it is provided solely as a convenience to accounts wanting to define authority levels more granular than The message types a smart contract handles can be thought of as that contract's API: each message type represents a function call (i.e. CreateOrder, CancelOrder, etc) on the smart contract. To restrict certain smart contract actions to certain authority levels, a user account creates links from a Permission in the Permissions tree (restated: from a set of message types, or API calls) to an Authority in its Authority Levels tree. This link establishes that the linked Authority, or a higher one, is required to authorize a message sent by the user account, to the account which hosts the contract, with a type contained in the Permission (restated: the linked Authority or a higher one is required to make one of those API calls). |
The algorithm utilized by the blockchain to authorize messages in this system is as such: 1. Determine required Authority
2. Verify required Authority is satisfied
|
Current design: Keep the permission and message group trees discussed above Each At the beginning of the block, all messages in all transactions are validated, during which stage these declared authorities are checked to verify that (1) the declared authority is sufficient for the given message type and account declared, and (2) the signatures present are sufficient to satisfy that authority. To verify (1), we check if the account has defined a link from the message type to a permission in its permission tree. If a link is found, we follow it to find the required permission/authority. If no link is found, we move up to the next smallest grouping of message types, check if a link is found, and repeat until we either find a link, or reach the root of the contract's message type/group tree, in which case we default to requiring the user's active authority. Once the required authority is known, we verify that the message's declared authority is sufficient to satisfy it. |
It builds, but the tests are a complete mess. Also define some types and stuff for #7... Lost in the mix.
As of now, almost all the ingredients are in place for authorizing transactions. We check that the transaction bears signatures sufficient to satisfy its declared authorizations, and as we execute the transaction, we ensure that the declared authorizations are sufficient to satisfy the authorizations required by executing the message handlers, and we ensure that all of the transaction's declared authorizations were used. What's not done: - Detecting/rejecting duplicate signatures and unnecessary signatures - Choosing the correct permission level when a message handler requires an authorization Choosing the correct permission level is the big ticket item. To implement this, we need to implement a missing chunk of system contract functionality, specifically around defining links from a user's permissions tree to contracts and message types.
Relevant: #2 (comment) |
We now check authorization of transactions when they come in as pending, and again when we apply them in some block (either when generating the block or when applying it). When applying the transactions in a block, we check auth for all transactions in the block prior to processing any. To check auth, we first scan all of the declared authorizations, and check that the authorization is sufficient to grant permission for the given account to execute the given message type (TODO: look up the actual required permission level rather than just assuming it's 'active'); then, check that the transaction bears signatures to confer the declared authorization.
Require_authorization is now implemented so as the contract executes and asserts that a particular account approved the transaction, the chain asserts that this is so and throws if not. Also, update the tests, since the auth checks now bring to bear the rule that an account cannot be used in the same block that creates it. The tests now comply with this rule. TODO: - Check that all declared authorizations get required by the contract - Implement the mapping from user permissions to message types - Use mapping of permission to message type in lookup_minimum_permission
We now check authorization of transactions when they come in as pending, and again when we apply them in some block (either when generating the block or when applying it). When applying the transactions in a block, we check auth for all transactions in the block prior to processing any. To check auth, we first scan all of the declared authorizations, and check that the authorization is sufficient to grant permission for the given account to execute the given message type (TODO: look up the actual required permission level rather than just assuming it's 'active'); then, check that the transaction bears signatures to confer the declared authorization.
Require_authorization is now implemented so as the contract executes and asserts that a particular account approved the transaction, the chain asserts that this is so and throws if not. Also, update the tests, since the auth checks now bring to bear the rule that an account cannot be used in the same block that creates it. The tests now comply with this rule. TODO: - Check that all declared authorizations get required by the contract - Implement the mapping from user permissions to message types - Use mapping of permission to message type in lookup_minimum_permission
We now check authorization of transactions when they come in as pending, and again when we apply them in some block (either when generating the block or when applying it). When applying the transactions in a block, we check auth for all transactions in the block prior to processing any. To check auth, we first scan all of the declared authorizations, and check that the authorization is sufficient to grant permission for the given account to execute the given message type (TODO: look up the actual required permission level rather than just assuming it's 'active'); then, check that the transaction bears signatures to confer the declared authorization.
Require_authorization is now implemented so as the contract executes and asserts that a particular account approved the transaction, the chain asserts that this is so and throws if not. Also, update the tests, since the auth checks now bring to bear the rule that an account cannot be used in the same block that creates it. The tests now comply with this rule. TODO: - Check that all declared authorizations get required by the contract - Implement the mapping from user permissions to message types - Use mapping of permission to message type in lookup_minimum_permission
I want two things from AuthorityChecker that it wasn't doing yet: 1. I want it to track which of the provided keys were used, so I can reject transactions which bear more signatures than are necessary 2. To sign a transaction with no unnecessary keys, I want it to support taking a list of available public keys and an authority, then telling me which of those keys I should use to fully satisfy the authority, without having any unnecessary keys As an added bonus, having both of these operations handled by AuthorityChecker means that determining the set of keys needed to sign a transaction, and determining whether a transaction is properly signed, use the same code. :D
Progress on #7, upgrades to testing framework
Calling this issue resolved for now. There is not support for contract publishers to group message types, so users have to link to each message type specifically, and/or set a default permission for the contract. It is not clear that the grouping functionality is necessary or desirable at this point. See also #123 for relevant work. |
Move undo_state out of class
check BOOST_VERSION as part of the environment check
* boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * add README files * update info * prepare for v1.0.2 * merge v1.0.2 (#12) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * finish BOS basic functions * add README files * update info * Release/1.0.x (#11) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * add README files * update info * readme for kafka & add time for action (#5) * 重启 节点,黑名单 失效,fixes #7 (#8) * restart sync list db * recovery system account bos to eosio * recovery system account bos to eosio * recovery system account bos to eosio * Fix/#3 notify plugin (#10) * Add debug info * comment log * rm log for notify_plugin * prepare for v1.0.2 * patch the EOSIO 1.5.1 security bug fixes * prepare for v1.0.3 * adjust the slogon
Analyze failed regressions agains original eosio 1.4.2 ( EOSIO#7 ) See merge request blocktrades/beos-core!9
* state history plugin * bump version to 1.5.0-rc1 * Update README to reflect new package names * Change from 1.5.0 to 1.5.0-rc1 * Fix requires in spec file to resolve dependency resolution issues with rpms * Fix requires in spec file to resolve dependency resolution issues with rpms * Remove unneeded req_trx vector * Remove needless copy of signed_block. Only create pending_notify if needed. * Remove unused blk_buffer * separate out version suffix so that RPM packages produce an acceptable specfile * address PR review feedback * Make signed_block copy constructor private to avoid accidental copies. * add release suffix to doxygen cmake module * move signed_block instead of making copy * Avoid copy constructor for push_block * add release suffix to EOSIO_VERSION in tester cmake modules * Add which comment * Update tests for private signed_block copy constructor * Avoid making copies of signed_block * export the new bash vars * Use rvalue for signed_block * Update buildkite pipeline to use new queues * Update buildkite pipeline to use new queues * Special case msg_handler visit of signed_block to avoid hidden move from net_message * pass along trigger_send * Use move for rvalue * Added Mongo History API link * Added ZMQ Light History API * Added Chintai ZMQ Watcher * Added State History API * Stop the unix_server from listening in shutdown stage as well. * finish BOS basic functions * bump version to rc2 * update rpm names to match the real files * Fix deb package names in README * Fix package naming scheme for debs * Update LICENSE path * add a test that reduces the size of the producer set to validate that it does not create protocol level issues * promote rc2 to release * add missing release to deb packages * remove x86_64 arch dep specification on AMI2 build script I can't find any reason we need to explcitly request the x86_64 versions of packages for AMI2. Removing this apparently extraneous specification makes the build script "just work" on new ARM8 instances * Use 64-bit float printing of 128-bit floats on non x86_64 For platforms other then x86_64, have the 128-bit float console print API (printqf()) convert to a 64-bit float before printing. While this loses precision it’s enough to get the unit tests for printqf() working on ARM8, which actually was the only unit_test unit test that failed on that platform. * prebump to 1.6.0 and add develop suffix * Do not broadcast block if peer lib is larger than block number * Provide more efficient sha256_less * Simply by removing unused large_msg_notify * Remove unused node_transaction_state.packed_txn * Store serialized transaction as shared_ptr to minimize copies * Not possible for serialized_txn to be empty * Remove find_plugin overhead * Minimize shared_ptr copies * Use sha256_less for all sets/maps with ids * Add explicit constructors * Add accept_transaction that takes a packed_transaction_ptr to avoid copy * Pass id and packed_transaction by const& since never moved * Remove copy assignment operator. Remove used std::move. * Minimize packed_transaction copies. Store packed_transaction_ptr in transaction_metadata. * Cache chain_plugin lookup * Update tester for transaction_metadata packed_transaction_ptr * Remove packed_tansaction to net_message copy * Remove unused constructor * Explicitly disable copy/move construction * Remove inflight update of node_transaction_state as it is not needed * Remove connections for unused signals that only logged * Fix sync check for lib * add a test that verifies proposing an empty producer schedule does not break things * Allow disablement of net_plugin's listen socket Disable net_plugin's listen socket when p2p-listen-endpoint is empty. This is useful for security and for an easier way of running multiple nodeos without it conflicting when you don't actually need to service incoming connections. * More descriptive memo to distinguish from other transfers * Revert "Fix sync check for lib" This reverts commit 52a6f19. * Update the bios-boot-tutorial.py script and readme.md: 1. args.contracts_dir doesn't end in a forward slash, therefor when it is concatenated with a subpath, the subpath has to start with a forward slash; this pattern is present in other similar variables as well 2. system contract has to be initialized before it can be used (e.g. creating staked acconts) 3. commands list updated to include the new addition stepInitSystemContract 4. readme.md updated as well to reflect the current status of the script and requirements * Release/1.0.x (#11) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * add README files * update info * readme for kafka & add time for action (#5) * 重启 节点,黑名单 失效,fixes #7 (#8) * restart sync list db * recovery system account bos to eosio * recovery system account bos to eosio * recovery system account bos to eosio * Fix/#3 notify plugin (#10) * Add debug info * comment log * rm log for notify_plugin * README.md refactored - correcting spelling errors, and caps - better bash commands - simpler command line to launch the script - improved prerequisites - include steps to follow after prerequisites * Correct typos * Correct link format * Add eosio.cdt steps * merge v1.0.2 (#13) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * add README files * update info * prepare for v1.0.2 * Better name for eosio contracts directory * dummy checkin to trigger another build * Added scrit to support recursive search for files with FC_REFLECT or FC_REFLECT_ENUM to verify order and completeness. Supports comments with @swap to support different order from definition and @ignore to ignore a specific field for reflection. Still need to support FC_REFLECT_DERIVED. GH EOSIO#3127 * Added @ignore comment for field that is left out of reflect definition. GH EOSIO#3127 * Fixed pull request comments. * bump version to 1.5.1 * Consolidated Security Fixes for 1.5.1 - Only allow authorizations that are satisfiable by `eosio.code` for self-addressed deferred transactions - Only allow authorizations that are satisfiable by `eosio.code` OR on the parent action for self-addressed inline actions sent from direct actions - Only allow authorizations that are satisfiable by `eosio.code` for self-addressed inline actions sent from recipient handlers Co-authored-by: arhag <[email protected]> Co-authored-by: Bart Wyatt <[email protected]> * Peer review changes. Fix move. * Spelling correction * Spelling correction #2 * Remove unused max-implicit-request config * Switch interface from packed_transaction_ptr to transaction_metadata_ptr * Thread pool does not need to be optional * Add transaction_metadata create_signing_keys_future method * Start transaction signature earily in thread pool * Refactor packed_transaction for better encapsulation * Add transaction_metadata create_signing_keys_future method * Start transaction signature earily in thread pool * Update txn_test_gen_plugin to overlap transaction submit @taokayan * merge 1.0.3 to develop (#16) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * add README files * update info * prepare for v1.0.2 * merge v1.0.2 (#12) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * finish BOS basic functions * add README files * update info * Release/1.0.x (#11) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * add README files * update info * readme for kafka & add time for action (#5) * 重启 节点,黑名单 失效,fixes #7 (#8) * restart sync list db * recovery system account bos to eosio * recovery system account bos to eosio * recovery system account bos to eosio * Fix/#3 notify plugin (#10) * Add debug info * comment log * rm log for notify_plugin * prepare for v1.0.2 * patch the EOSIO 1.5.1 security bug fixes * prepare for v1.0.3 * adjust the slogon * Remove redundant signing_keys check * state history plugin: permission_object bug EOSIO#6495 * Add deadline to key recovery * Modify producer_plugin to have its own thead_pool instead of using chain-threads * Move thread_pool join/stop to plugin shutdown so that they are joined before application quit * Fix signature future deadline from starting too early * Fix overflow of deadline and deadline check * initial setup of billing CPU for signatures recovered earlier * Return 400 on get_block with uonexist block number. For issue 6374 * has_contract() : Determine whether to deploy the contract (#18) * fix issue 5488 * Fix comments and function names (#19) * Add action_trace.block_num index. Remove action_trace.trx_id index. * Fix return codes of build scripts so that buildkite can fail properly * Make recovery cache non-thread local and guard by mutex * Calculate cpu usage of signature recovery * Add signature-cpu-billable-pct option to chain_plugin * Add missing include of mutex * Assert signature-cpu-billable-pct is 0-100 * Fix capture of cpu_usage. move flat_set<public_key_type> into attribute * clear recovered_pub_keys to preserve previous behaviour * use `assign` instead of `resize`+`memcpy` to update `shared_blob` data Co-Authored-By: Kayan <[email protected]> * Add move into tuple creation * bump version to 1.6.0-rc1 * add explicitly defaulted move semantics * Store unpacked_trx as signed_transaction * get_uncached_id no longer needed for thread safety * get_raw_transaction no longer needed for thread safety * Remove cached signed_transaction since now cached in packed_transaction * Test should honor existing compression * Cleanup of packed_transaction interface. Fixes for comments on PR EOSIO#6471 * Update to fc with unpack verify * fc renamed reflector_verify to reflector_init * bump version to 1.5.2 * Update to latest fc with updated verify_init * Consolidated Security Fixes for 1.5.3 - Add missing implementation of dtor, copy ctor, etc for blob_types of fc::variant Co-Authored-By: Matt Witherspoon <[email protected]> * bump version to 1.5.3 * bump version to 1.6.0-rc2 * Consolidated Security Fixes for 1.6.0-rc2 - Add missing implementation of dtor, copy ctor, etc for blob_types of fc::variant Co-Authored-By: Matt Witherspoon <[email protected]> * update developer portal link update the getting started link to the latest version * fix tag version typo of cppkafka (EOSIO#24) * get_contract_code (EOSIO#26) * fixed #20Using greylist-account while starting nodeos for the first time throws exception (EOSIO#23) * restart sync list db * recovery system account bos to eosio * catch exception plugin initialize sync list before initialize database * fixed 'cleos system bidname info' cmd exec return could not parse uint64_t (EOSIO#30) * recovery system account bos to eosio * catch exception plugin initialize sync list before initialize database * fixed bidnameinfo could not parse uint64_t * prepare for 2.0.1 * adjust the location paramater * apply 1.5.3 patch * modify the location type * fix cmake error * Use https url for wabt submodule A user agent that doesn't respect hsts could potentially be coerced into downloading malicious sources for wabt via a mitm attack. Prevent this by using a https upstream like the other submodules already do * Add libtinfo5 dependency to deb package. Resolves EOSIO#6590 Also clean up unused variables and force control directory permissions to comply with Debian specifications regardless of umask. * fix aragument name error * Bump version to 1.6.0 * Consolidated Security Fixes for 1.6.0 - Force compilation support for c++ exceptions for the wabt submodule - Allow limiting the time a node will spend processing scheduled transactions Co-Authored-By: Matt Witherspoon <[email protected]> Co-Authored-By: Bart Wyatt <[email protected]> * Consolidated Security Fixes for 1.6.1 - net_plugin security fixes - Additional checktime calls to limit cpu usage - Limit memory usage in producer_plugin Co-Authored-By: Kevin Heifner <[email protected]> Co-Authored-By: Matt Witherspoon <[email protected]> Co-authored-by: Kayan <[email protected]> * Bump version to 1.6.1 * Fix boost 1.67 brew install The latest homebrew code balks at something in the old 1.67 package file. Fix the package file and store it locally in our repo for now. We try and pin the boost version because boost upgrades invalidate nodeos data files. * Set proper directory for baked in macOS LLVM_DIR Some users (including myself) were seeing llvm@4 unpacked to 4.0.1_1 instead of 4.0.1. Stuff unpacked to the Cellar directory appears to be a kind of implementation detail — /usr/local/opt is the proper place to reference here. * Add bk step to gather brew files for automatic update * Update version to 1.6.2 * add noninteractive option for build scripts * Limit assert message to 1024 chars * Don't unlink what we install via brew unlinking eveything we install makes no sense -- it means things like cmake aren't in the path any longer like the script expects. So don't do that any more. Unfortuately this old script requires that gettext be force linked. So implement that behavior explictly for now * Make sure python-devel is installed for amazon linux builds * fc version 1.6.x * merge missed code * merge missed code * merge missed code * prepare v2.0.2
* Remove unnecessary conversion of contractPath to empty path * enhance cleos multisig review to show proposed transaction ID and optionally show requested approvals EOSIO#6272 * add cleos multisig invalidate command to call eosio.msig::invalidate * state history plugin * fix GMP & secp256 linker order for EosioTesterBuild.cmake.in This is the same fix from pr EOSIO#6268 but for EosioTesterBuild.cmake.in too * state history plugin * bump version to 1.5.0-rc1 * Update README to reflect new package names * Change from 1.5.0 to 1.5.0-rc1 * Fix requires in spec file to resolve dependency resolution issues with rpms * Fix requires in spec file to resolve dependency resolution issues with rpms * Remove unneeded req_trx vector * Remove needless copy of signed_block. Only create pending_notify if needed. * Remove unused blk_buffer * separate out version suffix so that RPM packages produce an acceptable specfile * address PR review feedback * Make signed_block copy constructor private to avoid accidental copies. * add release suffix to doxygen cmake module * move signed_block instead of making copy * Avoid copy constructor for push_block * add release suffix to EOSIO_VERSION in tester cmake modules * Add which comment * Update tests for private signed_block copy constructor * Avoid making copies of signed_block * export the new bash vars * Use rvalue for signed_block * Update buildkite pipeline to use new queues * Update buildkite pipeline to use new queues * Special case msg_handler visit of signed_block to avoid hidden move from net_message * pass along trigger_send * Use move for rvalue * Added Mongo History API link * Added ZMQ Light History API * Added Chintai ZMQ Watcher * Added State History API * Stop the unix_server from listening in shutdown stage as well. * bump version to rc2 * update rpm names to match the real files * Fix deb package names in README * Fix package naming scheme for debs * Update LICENSE path * add a test that reduces the size of the producer set to validate that it does not create protocol level issues * promote rc2 to release * add missing release to deb packages * remove x86_64 arch dep specification on AMI2 build script I can't find any reason we need to explcitly request the x86_64 versions of packages for AMI2. Removing this apparently extraneous specification makes the build script "just work" on new ARM8 instances * Use 64-bit float printing of 128-bit floats on non x86_64 For platforms other then x86_64, have the 128-bit float console print API (printqf()) convert to a 64-bit float before printing. While this loses precision it’s enough to get the unit tests for printqf() working on ARM8, which actually was the only unit_test unit test that failed on that platform. * prebump to 1.6.0 and add develop suffix * Do not broadcast block if peer lib is larger than block number * Provide more efficient sha256_less * Simply by removing unused large_msg_notify * Remove unused node_transaction_state.packed_txn * Store serialized transaction as shared_ptr to minimize copies * Not possible for serialized_txn to be empty * Remove find_plugin overhead * Minimize shared_ptr copies * Use sha256_less for all sets/maps with ids * Add explicit constructors * Add accept_transaction that takes a packed_transaction_ptr to avoid copy * Pass id and packed_transaction by const& since never moved * Remove copy assignment operator. Remove used std::move. * Minimize packed_transaction copies. Store packed_transaction_ptr in transaction_metadata. * Cache chain_plugin lookup * Update tester for transaction_metadata packed_transaction_ptr * Remove packed_tansaction to net_message copy * Remove unused constructor * Explicitly disable copy/move construction * Remove inflight update of node_transaction_state as it is not needed * Remove connections for unused signals that only logged * Fix sync check for lib * add a test that verifies proposing an empty producer schedule does not break things * Allow disablement of net_plugin's listen socket Disable net_plugin's listen socket when p2p-listen-endpoint is empty. This is useful for security and for an easier way of running multiple nodeos without it conflicting when you don't actually need to service incoming connections. * More descriptive memo to distinguish from other transfers * Revert "Fix sync check for lib" This reverts commit 52a6f19. * Update the bios-boot-tutorial.py script and readme.md: 1. args.contracts_dir doesn't end in a forward slash, therefor when it is concatenated with a subpath, the subpath has to start with a forward slash; this pattern is present in other similar variables as well 2. system contract has to be initialized before it can be used (e.g. creating staked acconts) 3. commands list updated to include the new addition stepInitSystemContract 4. readme.md updated as well to reflect the current status of the script and requirements * README.md refactored - correcting spelling errors, and caps - better bash commands - simpler command line to launch the script - improved prerequisites - include steps to follow after prerequisites * Correct typos * Correct link format * Add eosio.cdt steps * merge v1.0.2 (#12) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * finish BOS basic functions * add README files * update info * Release/1.0.x (#11) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * add README files * update info * readme for kafka & add time for action (#5) * 重启 节点,黑名单 失效,fixes #7 (#8) * restart sync list db * recovery system account bos to eosio * recovery system account bos to eosio * recovery system account bos to eosio * Fix/#3 notify plugin (#10) * Add debug info * comment log * rm log for notify_plugin * prepare for v1.0.2 * Better name for eosio contracts directory * dummy checkin to trigger another build * Added scrit to support recursive search for files with FC_REFLECT or FC_REFLECT_ENUM to verify order and completeness. Supports comments with @swap to support different order from definition and @ignore to ignore a specific field for reflection. Still need to support FC_REFLECT_DERIVED. GH EOSIO#3127 * Added @ignore comment for field that is left out of reflect definition. GH EOSIO#3127 * Fixed pull request comments. * bump version to 1.5.1 * Consolidated Security Fixes for 1.5.1 - Only allow authorizations that are satisfiable by `eosio.code` for self-addressed deferred transactions - Only allow authorizations that are satisfiable by `eosio.code` OR on the parent action for self-addressed inline actions sent from direct actions - Only allow authorizations that are satisfiable by `eosio.code` for self-addressed inline actions sent from recipient handlers Co-authored-by: arhag <[email protected]> Co-authored-by: Bart Wyatt <[email protected]> * Peer review changes. Fix move. * Spelling correction * Spelling correction #2 * Remove unused max-implicit-request config * Switch interface from packed_transaction_ptr to transaction_metadata_ptr * Thread pool does not need to be optional * Add transaction_metadata create_signing_keys_future method * Start transaction signature earily in thread pool * Refactor packed_transaction for better encapsulation * Add transaction_metadata create_signing_keys_future method * Start transaction signature earily in thread pool * Update txn_test_gen_plugin to overlap transaction submit @taokayan * release v1.0.3 to master (#15) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * finish BOS basic functions * add README files * update info * Release/1.0.x (#11) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * add README files * update info * readme for kafka & add time for action (#5) * 重启 节点,黑名单 失效,fixes #7 (#8) * restart sync list db * recovery system account bos to eosio * recovery system account bos to eosio * recovery system account bos to eosio * Fix/#3 notify plugin (#10) * Add debug info * comment log * rm log for notify_plugin * prepare for v1.0.2 * merge v1.0.2 (#13) * boscore basic improvement (#2) * kafka_plugin code * Automatic installation librdkafka/cppkafka * Feature/ci * Feature/48 kafka plugin * add CMakeModules/FindCppkafka.cmake * Production of block in time zone sequence * P2p self discovery * P2p self discovery * add notify_plugin * add api "get_block_detail" * add free res limit and blklst code * update free res limit and blklst code * update res code * update unittest code * revert submodule version * code typo * update blklist code * update sync name list db object error code * update code * update index code * Feature/5 ramdom * Revert "Merge branch 'feature/5-ramdom' into 'develop'" This reverts merge request !8 * adjust for setup BOSCore * change description * adjust the kafka plugin dependency be more special * use boscore repository to improve security * change version tag * finish for docker/builder * pass to build docker and update readme * add actionseed, global action sequence (#5) * delete renamed old file * BOSCore v1.0.1-1.4.3 * restructure the version schema * fix __gmpn_set_str error when build bos.contract * prepare for the v1.0.1 * add README files * update info * prepare for v1.0.2 * patch the EOSIO 1.5.1 security bug fixes * prepare for v1.0.3 * adjust the slogon * Remove redundant signing_keys check * state history plugin: permission_object bug EOSIO#6495 * Add deadline to key recovery * Modify producer_plugin to have its own thead_pool instead of using chain-threads * Move thread_pool join/stop to plugin shutdown so that they are joined before application quit * Fix signature future deadline from starting too early * Fix overflow of deadline and deadline check * initial setup of billing CPU for signatures recovered earlier * Return 400 on get_block with uonexist block number. For issue 6374 * fix issue 5488 * Add action_trace.block_num index. Remove action_trace.trx_id index. * Fix return codes of build scripts so that buildkite can fail properly * Make recovery cache non-thread local and guard by mutex * Calculate cpu usage of signature recovery * Add signature-cpu-billable-pct option to chain_plugin * Add missing include of mutex * Assert signature-cpu-billable-pct is 0-100 * Fix capture of cpu_usage. move flat_set<public_key_type> into attribute * clear recovered_pub_keys to preserve previous behaviour * use `assign` instead of `resize`+`memcpy` to update `shared_blob` data Co-Authored-By: Kayan <[email protected]> * Add move into tuple creation * bump version to 1.6.0-rc1 * add explicitly defaulted move semantics * Store unpacked_trx as signed_transaction * get_uncached_id no longer needed for thread safety * get_raw_transaction no longer needed for thread safety * Remove cached signed_transaction since now cached in packed_transaction * Test should honor existing compression * Cleanup of packed_transaction interface. Fixes for comments on PR EOSIO#6471 * Update to fc with unpack verify * fc renamed reflector_verify to reflector_init * bump version to 1.5.2 * Update to latest fc with updated verify_init * Consolidated Security Fixes for 1.5.3 - Add missing implementation of dtor, copy ctor, etc for blob_types of fc::variant Co-Authored-By: Matt Witherspoon <[email protected]> * bump version to 1.5.3 * bump version to 1.6.0-rc2 * Consolidated Security Fixes for 1.6.0-rc2 - Add missing implementation of dtor, copy ctor, etc for blob_types of fc::variant Co-Authored-By: Matt Witherspoon <[email protected]> * update developer portal link update the getting started link to the latest version * prepare for 2.0.1 * adjust the location paramater * apply 1.5.3 patch * modify the location type * fix cmake error * Use https url for wabt submodule A user agent that doesn't respect hsts could potentially be coerced into downloading malicious sources for wabt via a mitm attack. Prevent this by using a https upstream like the other submodules already do * Add libtinfo5 dependency to deb package. Resolves EOSIO#6590 Also clean up unused variables and force control directory permissions to comply with Debian specifications regardless of umask. * fix aragument name error * merge v2.0.1 version (EOSIO#36) * Bump version to 1.6.0 * Consolidated Security Fixes for 1.6.0 - Force compilation support for c++ exceptions for the wabt submodule - Allow limiting the time a node will spend processing scheduled transactions Co-Authored-By: Matt Witherspoon <[email protected]> Co-Authored-By: Bart Wyatt <[email protected]> * Consolidated Security Fixes for 1.6.1 - net_plugin security fixes - Additional checktime calls to limit cpu usage - Limit memory usage in producer_plugin Co-Authored-By: Kevin Heifner <[email protected]> Co-Authored-By: Matt Witherspoon <[email protected]> Co-authored-by: Kayan <[email protected]> * Bump version to 1.6.1 * Fix boost 1.67 brew install The latest homebrew code balks at something in the old 1.67 package file. Fix the package file and store it locally in our repo for now. We try and pin the boost version because boost upgrades invalidate nodeos data files. * Set proper directory for baked in macOS LLVM_DIR Some users (including myself) were seeing llvm@4 unpacked to 4.0.1_1 instead of 4.0.1. Stuff unpacked to the Cellar directory appears to be a kind of implementation detail — /usr/local/opt is the proper place to reference here. * Add bk step to gather brew files for automatic update * Update version to 1.6.2 * add noninteractive option for build scripts * Limit assert message to 1024 chars * Don't unlink what we install via brew unlinking eveything we install makes no sense -- it means things like cmake aren't in the path any longer like the script expects. So don't do that any more. Unfortuately this old script requires that gettext be force linked. So implement that behavior explictly for now * Make sure python-devel is installed for amazon linux builds * fc version 1.6.x * merge missed code * merge missed code * merge missed code * prepare v2.0.2
# This is the 1st commit message: various improvements # This is the commit message #2: new hash # This is the commit message #3: fix for script path # This is the commit message #4: fixes # This is the commit message #5: fixes # This is the commit message #6: fixes # This is the commit message #7: fixes # This is the commit message #8: fixes # This is the commit message #9: fixes # This is the commit message #10: fixes # This is the commit message #11: fixes # This is the commit message #12: fixes # This is the commit message #13: fixes # This is the commit message #14: fixes # This is the commit message #15: fixes # This is the commit message #16: fixes # This is the commit message #17: fixes # This is the commit message #18: fixes # This is the commit message #19: fixes # This is the commit message #20: fixes # This is the commit message #21: fixes # This is the commit message #22: fixes # This is the commit message #23: fixes # This is the commit message #24: fixes # This is the commit message #25: fixes # This is the commit message #26: testing # This is the commit message #27: testing # This is the commit message #28: testing # This is the commit message #29: testing # This is the commit message #30: testing # This is the commit message #31: testing # This is the commit message #32: testing # This is the commit message #33: testing # This is the commit message #34: testing # This is the commit message #35: testing # This is the commit message #36: testing # This is the commit message #37: testing # This is the commit message #38: testing # This is the commit message #39: testing # This is the commit message #40: testing # This is the commit message #41: testing # This is the commit message #42: testing # This is the commit message #43: testing # This is the commit message #44: fixes # This is the commit message #45: fixes # This is the commit message #46: fixes # This is the commit message #47: fixes # This is the commit message #48: fixes # This is the commit message #49: fixes # This is the commit message #50: fixes # This is the commit message #51: fixes # This is the commit message #52: fixes # This is the commit message #53: fixes # This is the commit message #54: fixes # This is the commit message #55: fixes # This is the commit message #56: fixes # This is the commit message #57: fixes # This is the commit message #58: fixes # This is the commit message #59: fixes # This is the commit message #60: fixes # This is the commit message #61: fixes # This is the commit message #62: fixes # This is the commit message #63: fixes # This is the commit message #64: fixes # This is the commit message #65: fixes # This is the commit message #66: fixes # This is the commit message #67: fixes # This is the commit message #68: fixes # This is the commit message #69: fixes # This is the commit message #70: fixes # This is the commit message #71: fixes # This is the commit message #72: fixes # This is the commit message #73: fixes # This is the commit message #74: fixes # This is the commit message #75: fixes # This is the commit message #76: fixes # This is the commit message #77: fixes # This is the commit message #78: fixes # This is the commit message #79: more testing # This is the commit message #80: testing # This is the commit message #81: fixes # This is the commit message #82: fixes # This is the commit message #83: fixes # This is the commit message #84: fixes # This is the commit message #85: fixes # This is the commit message #86: fixes # This is the commit message #87: fixes # This is the commit message #88: fixes # This is the commit message #89: fixes # This is the commit message #90: fixes # This is the commit message #91: fixes # This is the commit message #92: fixes # This is the commit message #93: propagate-environment for buildkite-agent # This is the commit message #94: propagate-environment for buildkite-agent # This is the commit message #95: propagate-environment for buildkite-agent # This is the commit message #96: propagate-environment for buildkite-agent # This is the commit message #97: fixes # This is the commit message #98: fixes # This is the commit message #99: fixes # This is the commit message #100: fixes # This is the commit message #101: fixes # This is the commit message #102: fixes # This is the commit message #103: fixes # This is the commit message #104: fixes # This is the commit message #105: fixes # This is the commit message #106: fixes # This is the commit message #107: fixes # This is the commit message #108: fixes # This is the commit message #109: fixes # This is the commit message #110: fixes # This is the commit message #111: fixes # This is the commit message #112: fixes # This is the commit message #113: fixes # This is the commit message #114: fixes # This is the commit message #115: fixes # This is the commit message #116: fixes # This is the commit message #117: fixes # This is the commit message #118: fixes # This is the commit message #119: fixes # This is the commit message #120: fixes # This is the commit message #121: fixes # This is the commit message #122: fixes # This is the commit message #123: fixes # This is the commit message #124: fixes # This is the commit message #125: fixes # This is the commit message #126: fixes # This is the commit message #127: fixes # This is the commit message #128: fixes # This is the commit message #129: fixes # This is the commit message #130: fixes # This is the commit message #131: fixes # This is the commit message #132: fixes # This is the commit message #133: fixes # This is the commit message #134: fixes # This is the commit message #135: fixes # This is the commit message #136: fixes # This is the commit message #137: fixes # This is the commit message #138: fixes # This is the commit message #139: fixes # This is the commit message #140: fixes # This is the commit message #141: fixes # This is the commit message #142: fixes # This is the commit message #143: fixes # This is the commit message #144: fixes # This is the commit message #145: fixes # This is the commit message #146: fixes # This is the commit message #147: fixes # This is the commit message #148: fixes # This is the commit message #149: fixes # This is the commit message #150: fixes # This is the commit message #151: fixes # This is the commit message #152: fixes # This is the commit message #153: testing # This is the commit message #154: fixes # This is the commit message #155: fixes # This is the commit message #156: fixes # This is the commit message #157: fixes # This is the commit message #158: fixes # This is the commit message #159: fixes # This is the commit message #160: fixes # This is the commit message #161: fixes # This is the commit message #162: fixes # This is the commit message #163: fixes # This is the commit message #164: fixes # This is the commit message #165: fixes # This is the commit message #166: fixes # This is the commit message #167: fixes # This is the commit message #168: fixes # This is the commit message #169: fixes # This is the commit message #170: fixes # This is the commit message #171: fixes # This is the commit message #172: fixes # This is the commit message #173: fixes # This is the commit message #174: fixes # This is the commit message #175: fixes # This is the commit message #176: fixes # This is the commit message #177: fixes # This is the commit message #178: fixes # This is the commit message #179: fixes # This is the commit message #180: fixes # This is the commit message #181: fixes # This is the commit message #182: fixes # This is the commit message #183: fixes # This is the commit message #184: fixes # This is the commit message #185: fixes # This is the commit message #186: fixes
# This is the 1st commit message: Update amazon_linux-2-pinned.dockerfile # This is the commit message #2: Update centos-7.7-pinned.dockerfile # This is the commit message #3: Update ubuntu-18.04-pinned.dockerfile # This is the commit message #4: Update ubuntu-20.04-pinned.dockerfile # This is the commit message #5: Update amazon_linux-2-unpinned.dockerfile # This is the commit message #6: Update centos-7.7-unpinned.dockerfile # This is the commit message #7: Update ubuntu-18.04-unpinned.dockerfile # This is the commit message #8: Update ubuntu-20.04-unpinned.dockerfile # This is the commit message #9: Update protocol.hpp # This is the commit message #10: Update net_plugin.cpp # This is the commit message #11: Update CMakeLists.txt
Advanced Permission Infrastructure
EOS operates on the basis of pre-authenticated messages, but there is still a concept that all actions require a certain permission. Permissions are organized hierarchically. For example, in Steem an account has an owner, active, and posting permission. Owner can do everything, active can do everything exchange change owner, and posting can only make posts and vote.
Each permission in turn is defined as a dynamic, threshold multisig of the following authority structure:
Each account can define its own permission hierarchy using an number of named permissions each of which has a parent permission and an authority. This is a generalization of the system defined by Steem.
Contract Permission Hierarchy
Each contract can define its own permission hierarchy. By default there is a “Contract” level a per-message permission. But contracts can also group messages into an arbitrary permission hierarchy.
For Example:
A message is dispatched with a permission level of the sender which is evaluated by looking up the Authority structure on the sender and then recursively checking for signatures to verify the account has the authority.
Then we traverse the contract’s message authority tree from leaf permission on up.
For each level it checks the SenderAccount to see if it has an Authority specified for that level, if the sender has the authority specified, then checks to see if it was the authority on the message. If not it checks any parent-authority specified by the sender on up to active. If no match is found, then it goes to the next level up on the exchange permission tree.
The text was updated successfully, but these errors were encountered: