From 5662be894e517c0424dcc59127d0c62776510ee7 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Fri, 17 Oct 2014 20:26:18 +0100
Subject: Bump database version number.

---
 synapse/storage/__init__.py         |  2 +-
 synapse/storage/schema/delta/v6.sql | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 synapse/storage/schema/delta/v6.sql

(limited to 'synapse')

diff --git a/synapse/storage/__init__.py b/synapse/storage/__init__.py
index c8e0efb18f..3aa6345a7f 100644
--- a/synapse/storage/__init__.py
+++ b/synapse/storage/__init__.py
@@ -64,7 +64,7 @@ SCHEMAS = [
 
 # Remember to update this number every time an incompatible change is made to
 # database schema files, so the users will be informed on server restarts.
-SCHEMA_VERSION = 5
+SCHEMA_VERSION = 6
 
 
 class _RollbackButIsFineException(Exception):
diff --git a/synapse/storage/schema/delta/v6.sql b/synapse/storage/schema/delta/v6.sql
new file mode 100644
index 0000000000..9bf2068d84
--- /dev/null
+++ b/synapse/storage/schema/delta/v6.sql
@@ -0,0 +1,31 @@
+/* Copyright 2014 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+CREATE TABLE IF NOT EXISTS server_tls_certificates(
+  server_name TEXT, -- Server name.
+  fingerprint TEXT, -- Certificate fingerprint.
+  from_server TEXT, -- Which key server the certificate was fetched from.
+  ts_added_ms INTEGER, -- When the certifcate was added.
+  tls_certificate BLOB, -- DER encoded x509 certificate.
+  CONSTRAINT uniqueness UNIQUE (server_name, fingerprint)
+);
+
+CREATE TABLE IF NOT EXISTS server_signature_keys(
+  server_name TEXT, -- Server name.
+  key_id TEXT, -- Key version.
+  from_server TEXT, -- Which key server the key was fetched form.
+  ts_added_ms INTEGER, -- When the key was added.
+  verify_key BLOB, -- NACL verification key.
+  CONSTRAINT uniqueness UNIQUE (server_name, key_id)
+);
-- 
cgit 1.4.1


From 71e6a94af76dbaea592b66c2c065f19f9ef57cb0 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Fri, 17 Oct 2014 20:26:26 +0100
Subject: Bump version and changelog

---
 CHANGES.rst         | 13 ++++++++++---
 UPGRADE.rst         |  5 -----
 VERSION             |  2 +-
 synapse/__init__.py |  2 +-
 4 files changed, 12 insertions(+), 10 deletions(-)

(limited to 'synapse')

diff --git a/CHANGES.rst b/CHANGES.rst
index 5b05900daf..dab9285f3b 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,6 +1,13 @@
-Changes in latest
-=================
-This breaks federation becuase of signing
+Changes in synpase 0.4.0 (2014-10-17)
+=====================================
+This server includes changes to the federation protocol that is not backwards
+compatible.
+
+The Matrix specification has been moved to a seperate git repository.
+
+Homeserver:
+ * Sign federation transactions.
+ * Rename timestamp keys in PDUs.
 
 Changes in synapse 0.3.4 (2014-09-25)
 =====================================
diff --git a/UPGRADE.rst b/UPGRADE.rst
index 2ae9254ecf..713fb9ae83 100644
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -1,8 +1,3 @@
-Upgrading to latest
-===================
-This breaks federation between old and new servers due to signing of
-transactions.
-
 Upgrading to v0.3.0
 ===================
 
diff --git a/VERSION b/VERSION
index 42045acae2..1d0ba9ea18 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.3.4
+0.4.0
diff --git a/synapse/__init__.py b/synapse/__init__.py
index a340a5db66..979eac08a7 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a synapse home server.
 """
 
-__version__ = "0.3.4"
+__version__ = "0.4.0"
-- 
cgit 1.4.1


From 3187b5ba2db51dc4bac0d20a67f0b6193b45e8cb Mon Sep 17 00:00:00 2001
From: Mark Haines <mark.haines@matrix.org>
Date: Fri, 17 Oct 2014 20:56:21 +0100
Subject: add log line for checking verifying signatures

---
 synapse/crypto/keyring.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'synapse')

diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index 015f76ebe3..2440d604c3 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -38,6 +38,7 @@ class Keyring(object):
 
     @defer.inlineCallbacks
     def verify_json_for_server(self, server_name, json_object):
+        logger.debug("Verifying for %s", server_name)
         key_ids = signature_ids(json_object, server_name)
         if not key_ids:
             raise SynapseError(
-- 
cgit 1.4.1


From cd198dfea8083132137f6c4df5129fd7bb5f7a1e Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Fri, 17 Oct 2014 20:58:47 +0100
Subject: More log lines.

---
 synapse/federation/transport.py | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

(limited to 'synapse')

diff --git a/synapse/federation/transport.py b/synapse/federation/transport.py
index 755eee8cf6..81529baee6 100644
--- a/synapse/federation/transport.py
+++ b/synapse/federation/transport.py
@@ -256,10 +256,14 @@ class TransportLayer(object):
     def _with_authentication(self, handler):
         @defer.inlineCallbacks
         def new_handler(request, *args, **kwargs):
-            (origin, content) = yield self._authenticate_request(request)
-            response = yield handler(
-                origin, content, request.args, *args, **kwargs
-            )
+            try:
+                (origin, content) = yield self._authenticate_request(request)
+                response = yield handler(
+                    origin, content, request.args, *args, **kwargs
+                )
+            except:
+                logger.exception("_authenticate_request failed")
+                raise
             defer.returnValue(response)
         return new_handler
 
@@ -392,9 +396,13 @@ class TransportLayer(object):
             defer.returnValue((400, {"error": "Invalid transaction"}))
             return
 
-        code, response = yield self.received_handler.on_incoming_transaction(
-            transaction_data
-        )
+        try:
+            code, response = yield self.received_handler.on_incoming_transaction(
+                transaction_data
+            )
+        except:
+            logger.exception("on_incoming_transaction failed")
+            raise
 
         defer.returnValue((code, response))
 
-- 
cgit 1.4.1


From ac9345b47a7c963850369e0a8ad63ed6aaba0795 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Fri, 17 Oct 2014 21:00:58 +0100
Subject: Check that we have auth headers and fail nicely

---
 synapse/federation/transport.py | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'synapse')

diff --git a/synapse/federation/transport.py b/synapse/federation/transport.py
index 81529baee6..e7517cac4d 100644
--- a/synapse/federation/transport.py
+++ b/synapse/federation/transport.py
@@ -238,6 +238,11 @@ class TransportLayer(object):
 
         auth_headers = request.requestHeaders.getRawHeaders(b"Authorization")
 
+        if not auth_headers:
+            raise SynapseError(
+                401, "Missing Authorization headers", Codes.UNAUTHORIZED,
+            )
+
         for auth in auth_headers:
             if auth.startswith("X-Matrix"):
                 (origin, key, sig) = parse_auth_header(auth)
-- 
cgit 1.4.1