-modify plugins to set 'satisfied' bit

author: Christian Grothoff <christian@grothoff.org> 2021-08-16 16:44:00 +0200
committer: Christian Grothoff <christian@grothoff.org> 2021-08-16 16:44:00 +0200
commit: d94a0fe2f979348b45289b66b1cb5f72c3c3e76c (patch)
tree: cd909fd72847ef6e7c399ddea1a2b3ce27efcb9e /src/backend
parent: 349d37ea1398901daddb11d5c28b8148e393ccb7 (diff)
download: anastasis-d94a0fe2f979348b45289b66b1cb5f72c3c3e76c.tar.gz
anastasis-d94a0fe2f979348b45289b66b1cb5f72c3c3e76c.tar.bz2
anastasis-d94a0fe2f979348b45289b66b1cb5f72c3c3e76c.zip
1 files changed, 82 insertions, 72 deletions
diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c
index 8fb1aee..0b0d22f 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -1383,7 +1383,6 @@ AH_handler_truth_get (
     enum ANASTASIS_DB_CodeStatus cs;
     bool satisfied;
 
-    GNUNET_free (decrypted_truth);
     GNUNET_free (truth_mime);
     cs = db->verify_challenge_code (db->cls,
                                     &gc->truth_uuid,
@@ -1394,6 +1393,7 @@ AH_handler_truth_get (
     case ANASTASIS_DB_CODE_STATUS_CHALLENGE_CODE_MISMATCH:
       GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                   "Provided response does not match our stored challenge\n");
+      GNUNET_free (decrypted_truth);
       return TALER_MHD_reply_with_error (connection,
                                          MHD_HTTP_FORBIDDEN,
                                          TALER_EC_ANASTASIS_TRUTH_CHALLENGE_FAILED,
@@ -1401,6 +1401,7 @@ AH_handler_truth_get (
     case ANASTASIS_DB_CODE_STATUS_HARD_ERROR:
     case ANASTASIS_DB_CODE_STATUS_SOFT_ERROR:
       GNUNET_break (0);
+      GNUNET_free (decrypted_truth);
       return TALER_MHD_reply_with_error (gc->connection,
                                          MHD_HTTP_INTERNAL_SERVER_ERROR,
                                          TALER_EC_GENERIC_DB_FETCH_FAILED,
@@ -1409,91 +1410,100 @@ AH_handler_truth_get (
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "No challenge known (challenge is invalidated after %u requests)\n",
                   INITIAL_RETRY_COUNTER);
+      GNUNET_free (decrypted_truth);
       return TALER_MHD_reply_with_error (connection,
                                          MHD_HTTP_TOO_MANY_REQUESTS,
                                          TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
                                          NULL);
     case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED:
-      // FIXME: if ! satisfied don't do this...
-      return return_key_share (&gc->truth_uuid,
-                               connection);
-    }
-    GNUNET_break (0);
-    return MHD_NO;
-  }
-
-  /* Not security question and no answer: use plugin to check if
-     decrypted truth is a valid challenge! */
-  {
-    enum GNUNET_GenericReturnValue ret;
-
-    ret = gc->authorization->validate (gc->authorization->cls,
-                                       connection,
-                                       truth_mime,
-                                       decrypted_truth,
-                                       decrypted_truth_size);
-    GNUNET_free (truth_mime);
-    switch (ret)
-    {
-    case GNUNET_OK:
-      /* data valid, continued below */
+      if (satisfied)
+      {
+        GNUNET_free (decrypted_truth);
+        return return_key_share (&gc->truth_uuid,
+                                 connection);
+      }
+      /* continue with authorization plugin below */
       break;
-    case GNUNET_NO:
-      /* data invalid, reply was queued */
-      GNUNET_free (decrypted_truth);
-      return MHD_YES;
-    case GNUNET_SYSERR:
-      /* data invalid, reply was NOT queued */
-      GNUNET_free (decrypted_truth);
+    default:
+      GNUNET_break (0);
       return MHD_NO;
     }
   }
-
-  /* Setup challenge and begin authorization process */
+  else
   {
-    struct GNUNET_TIME_Absolute transmission_date;
-    enum GNUNET_DB_QueryStatus qs;
-
-    qs = db->create_challenge_code (db->cls,
-                                    &gc->truth_uuid,
-                                    gc->authorization->code_rotation_period,
-                                    gc->authorization->code_validity_period,
-                                    INITIAL_RETRY_COUNTER,
-                                    &transmission_date,
-                                    &gc->code);
-    switch (qs)
+    /* Not security question and no answer: use plugin to check if
+       decrypted truth is a valid challenge! */
     {
-    case GNUNET_DB_STATUS_HARD_ERROR:
-    case GNUNET_DB_STATUS_SOFT_ERROR:
-      GNUNET_break (0);
-      GNUNET_free (decrypted_truth);
-      return TALER_MHD_reply_with_error (gc->connection,
-                                         MHD_HTTP_INTERNAL_SERVER_ERROR,
-                                         TALER_EC_GENERIC_DB_FETCH_FAILED,
-                                         "store_challenge_code");
-    case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
-      /* 0 == retry_counter of existing challenge => rate limit exceeded */
-      GNUNET_free (decrypted_truth);
-      return TALER_MHD_reply_with_error (connection,
-                                         MHD_HTTP_TOO_MANY_REQUESTS,
-                                         TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
-                                         NULL);
-    case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
-      /* challenge code was stored successfully*/
-      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                  "Created fresh challenge\n");
-      break;
+      enum GNUNET_GenericReturnValue ret;
+
+      ret = gc->authorization->validate (gc->authorization->cls,
+                                         connection,
+                                         truth_mime,
+                                         decrypted_truth,
+                                         decrypted_truth_size);
+      GNUNET_free (truth_mime);
+      switch (ret)
+      {
+      case GNUNET_OK:
+        /* data valid, continued below */
+        break;
+      case GNUNET_NO:
+        /* data invalid, reply was queued */
+        GNUNET_free (decrypted_truth);
+        return MHD_YES;
+      case GNUNET_SYSERR:
+        /* data invalid, reply was NOT queued */
+        GNUNET_free (decrypted_truth);
+        return MHD_NO;
+      }
     }
 
-    if (GNUNET_TIME_absolute_get_duration (transmission_date).rel_value_us <
-        gc->authorization->code_retransmission_frequency.rel_value_us)
+    /* Setup challenge and begin authorization process */
     {
-      /* Too early for a retransmission! */
-      GNUNET_free (decrypted_truth);
-      return TALER_MHD_reply_with_error (gc->connection,
-                                         MHD_HTTP_ALREADY_REPORTED,
-                                         TALER_EC_ANASTASIS_TRUTH_CHALLENGE_ACTIVE,
-                                         NULL);
+      struct GNUNET_TIME_Absolute transmission_date;
+      enum GNUNET_DB_QueryStatus qs;
+
+      qs = db->create_challenge_code (db->cls,
+                                      &gc->truth_uuid,
+                                      gc->authorization->code_rotation_period,
+                                      gc->authorization->code_validity_period,
+                                      INITIAL_RETRY_COUNTER,
+                                      &transmission_date,
+                                      &gc->code);
+      switch (qs)
+      {
+      case GNUNET_DB_STATUS_HARD_ERROR:
+      case GNUNET_DB_STATUS_SOFT_ERROR:
+        GNUNET_break (0);
+        GNUNET_free (decrypted_truth);
+        return TALER_MHD_reply_with_error (gc->connection,
+                                           MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                           TALER_EC_GENERIC_DB_FETCH_FAILED,
+                                           "store_challenge_code");
+      case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+        /* 0 == retry_counter of existing challenge => rate limit exceeded */
+        GNUNET_free (decrypted_truth);
+        return TALER_MHD_reply_with_error (connection,
+                                           MHD_HTTP_TOO_MANY_REQUESTS,
+                                           TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
+                                           NULL);
+      case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
+        /* challenge code was stored successfully*/
+        GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                    "Created fresh challenge\n");
+        break;
+      }
+
+      if (GNUNET_TIME_absolute_get_duration (transmission_date).rel_value_us <
+          gc->authorization->code_retransmission_frequency.rel_value_us)
+      {
+        /* Too early for a retransmission! */
+        GNUNET_free (decrypted_truth);
+        return TALER_MHD_reply_with_error (gc->connection,
+                                           MHD_HTTP_ALREADY_REPORTED,
+                                           TALER_EC_ANASTASIS_TRUTH_CHALLENGE_ACTIVE,
+                                           NULL);
+      }
     }
   }
author	Christian Grothoff <christian@grothoff.org>	2021-08-16 16:44:00 +0200
committer	Christian Grothoff <christian@grothoff.org>	2021-08-16 16:44:00 +0200
commit	d94a0fe2f979348b45289b66b1cb5f72c3c3e76c (patch)
tree	cd909fd72847ef6e7c399ddea1a2b3ce27efcb9e /src/backend
parent	349d37ea1398901daddb11d5c28b8148e393ccb7 (diff)
download	anastasis-d94a0fe2f979348b45289b66b1cb5f72c3c3e76c.tar.gz anastasis-d94a0fe2f979348b45289b66b1cb5f72c3c3e76c.tar.bz2 anastasis-d94a0fe2f979348b45289b66b1cb5f72c3c3e76c.zip