From ee9c010c374cd346621c4303b3924500dfd51916 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 13 Dec 2018 14:11:03 +0000 Subject: [PATCH 1/5] Document the checks made for incoming PDUs --- specification/server_server_api.rst | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index b8eaf715..a3fb9ee0 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -334,8 +334,22 @@ Authorization of PDUs ~~~~~~~~~~~~~~~~~~~~~ Whenever a server receives an event from a remote server, the receiving server -must check that the event is allowed by the authorization rules. These rules -depend on the state of the room at that event. +must ensure that the event: + +1. Is a valid event, otherwise it is dropped +2. Passes signature checks, otherwise it is dropped. +3. Passes hash checks, otherwise it is redacted before being processed + further. +4. Passes authorization rules based on the event's auth events, otherwise it + is rejected. +5. Passes authorization rules based on the state at the event, otherwise it + is rejected. +6. Passes auth rules based on the current state of the room, otherwise it + is "soft failed". + +Further details of these checks, and how to handle failures, are described +below. + Definitions +++++++++++ From cac150d5673df80b3b6067695db4fc572f0a58d1 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Fri, 14 Dec 2018 13:13:06 +0000 Subject: [PATCH 2/5] Fix up wording Co-Authored-By: erikjohnston --- specification/server_server_api.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index a3fb9ee0..58a6c271 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -336,7 +336,7 @@ Authorization of PDUs Whenever a server receives an event from a remote server, the receiving server must ensure that the event: -1. Is a valid event, otherwise it is dropped +1. Is a valid event, otherwise it is dropped. 2. Passes signature checks, otherwise it is dropped. 3. Passes hash checks, otherwise it is redacted before being processed further. @@ -344,7 +344,7 @@ must ensure that the event: is rejected. 5. Passes authorization rules based on the state at the event, otherwise it is rejected. -6. Passes auth rules based on the current state of the room, otherwise it +6. Passes authorization rules based on the current state of the room, otherwise it is "soft failed". Further details of these checks, and how to handle failures, are described From c93bdcc59cf234122e567699c0680e7a9f2cd2ce Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 14 Dec 2018 13:14:18 +0000 Subject: [PATCH 3/5] Fix up headings --- specification/server_server_api.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index 58a6c271..607f1ee3 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -330,8 +330,8 @@ following subset of the room state: {{definition_ss_pdu}} -Authorization of PDUs -~~~~~~~~~~~~~~~~~~~~~ +Checks performed on receipt of a PDU +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Whenever a server receives an event from a remote server, the receiving server must ensure that the event: @@ -371,8 +371,8 @@ Target User .. _`authorization rules`: -Rules -+++++ +Authorization rules ++++++++++++++++++++ The rules governing whether an event is authorized depend solely on the state of the room at the point in the room graph at which the new event is to From be625254b14ad3188cfd02b0e7cfbc1b40e81b32 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 14 Dec 2018 13:18:52 +0000 Subject: [PATCH 4/5] Fix up wording about auth rules to not lie --- specification/server_server_api.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index 607f1ee3..a968819c 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -374,9 +374,9 @@ Target User Authorization rules +++++++++++++++++++ -The rules governing whether an event is authorized depend solely on the -state of the room at the point in the room graph at which the new event is to -be inserted. The types of state events that affect authorization are: +The rules governing whether an event is authorized depends on a set of state. A +given event is checked multiple times against different sets of state, as +specified above. The types of state events that affect authorization are: - ``m.room.create`` - ``m.room.member`` From 39df8291e93e5e00d4ccddd304dc39631b4a449e Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 14 Dec 2018 13:22:20 +0000 Subject: [PATCH 5/5] Add TODO --- specification/server_server_api.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index a968819c..c7ed6da3 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -350,6 +350,10 @@ must ensure that the event: Further details of these checks, and how to handle failures, are described below. +.. TODO: + Flesh this out a bit more, and probably change the doc to group the various + checks in one place, rather than have them spread out. + Definitions +++++++++++