diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-04-13 22:04:37 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-04-13 22:04:37 +0200 |
commit | e3e3b0637264b6cbccf9c69b4546429187faa8e7 (patch) | |
tree | d588fe4ba00b39efd35ad435b64ca002369c90b4 /src/backend | |
parent | 1398cca51c44709cd990fc7ed7b854b802004a97 (diff) | |
download | anastasis-e3e3b0637264b6cbccf9c69b4546429187faa8e7.tar.gz anastasis-e3e3b0637264b6cbccf9c69b4546429187faa8e7.tar.bz2 anastasis-e3e3b0637264b6cbccf9c69b4546429187faa8e7.zip |
-get IBAN test to pass again
Diffstat (limited to 'src/backend')
-rw-r--r-- | src/backend/anastasis-httpd_truth-challenge.c | 4 | ||||
-rw-r--r-- | src/backend/anastasis-httpd_truth-solve.c | 112 |
2 files changed, 97 insertions, 19 deletions
diff --git a/src/backend/anastasis-httpd_truth-challenge.c b/src/backend/anastasis-httpd_truth-challenge.c index 9d2429d..30379a7 100644 --- a/src/backend/anastasis-httpd_truth-challenge.c +++ b/src/backend/anastasis-httpd_truth-challenge.c @@ -911,7 +911,9 @@ run_authorization_process (struct MHD_Connection *connection, case ANASTASIS_AUTHORIZATION_CRES_SUCCESS: /* Challenge sent successfully */ GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Authorization request sent successfully\n"); + "Authorization request %llu for %s sent successfully\n", + (unsigned long long) gc->code, + TALER_B2S (&gc->truth_uuid)); qs = db->mark_challenge_sent (db->cls, &gc->payment_identifier, &gc->truth_uuid, diff --git a/src/backend/anastasis-httpd_truth-solve.c b/src/backend/anastasis-httpd_truth-solve.c index 5e72e42..8133cc9 100644 --- a/src/backend/anastasis-httpd_truth-solve.c +++ b/src/backend/anastasis-httpd_truth-solve.c @@ -755,6 +755,8 @@ return_key_share ( static void gc_suspended (struct SolveContext *gc) { + GNUNET_assert (NULL == gc->hn); + GNUNET_assert (! gc->suspended); gc->suspended = true; if (NULL == AH_to_heap) AH_to_heap = GNUNET_CONTAINER_heap_create ( @@ -885,6 +887,8 @@ rate_limit (struct SolveContext *gc) ? GNUNET_NO : GNUNET_SYSERR; } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Using intentionally wrong answer to produce rate-limiting\n"); /* decrement trial counter */ ANASTASIS_hash_answer (code + 1, /* always use wrong answer */ &hc); @@ -968,8 +972,8 @@ handle_security_question (struct SolveContext *gc, /** * Handle special case of an answer being directly checked by the - * plugin and not by our database. Rate limits answers against brute - * forcing. + * plugin and not by our database. Also ensures that the + * request is rate-limited. * * @param[in,out] gc request to handle * @param decrypted_truth hash to check against @@ -983,11 +987,11 @@ direct_validation (struct SolveContext *gc, { /* Non-random code, call plugin directly! */ enum ANASTASIS_AUTHORIZATION_SolveResult aar; - enum GNUNET_GenericReturnValue res; + enum GNUNET_GenericReturnValue ret; - res = rate_limit (gc); - if (GNUNET_OK != res) - return (GNUNET_NO == res) ? MHD_YES : MHD_NO; + ret = rate_limit (gc); + if (GNUNET_OK != ret) + return (GNUNET_NO == ret) ? MHD_YES : MHD_NO; gc->as = gc->authorization->start (gc->authorization->cls, &AH_trigger_daemon, NULL, @@ -1012,7 +1016,7 @@ direct_validation (struct SolveContext *gc, "solve method not implemented for authorization method"); } aar = gc->authorization->solve (gc->as, - GNUNET_TIME_UNIT_ZERO_ABS, + gc->timeout, &gc->challenge_response, gc->connection); switch (aar) @@ -1020,6 +1024,74 @@ direct_validation (struct SolveContext *gc, case ANASTASIS_AUTHORIZATION_SRES_FAILED: return MHD_YES; case ANASTASIS_AUTHORIZATION_SRES_SUSPENDED: + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Suspending request handling\n"); + gc_suspended (gc); + return MHD_YES; + case ANASTASIS_AUTHORIZATION_SRES_FAILED_REPLY_FAILED: + return MHD_NO; + case ANASTASIS_AUTHORIZATION_SRES_FINISHED: + return return_key_share (&gc->truth_uuid, + gc->connection); + } + GNUNET_break (0); + return MHD_NO; +} + + +/** + * Handle special case of an answer being checked + * by the plugin asynchronously (IBAN) after we inverted + * the hash using the database. + * + * @param[in,out] gc request to handle + * @param code validation code provided by the client + * @param decrypted_truth hash to check against + * @param decrypted_truth_size number of bytes in @a decrypted_truth + * @return MHD status code + */ +static MHD_RESULT +iban_validation (struct SolveContext *gc, + uint64_t code, + const void *decrypted_truth, + size_t decrypted_truth_size) +{ + enum ANASTASIS_AUTHORIZATION_SolveResult aar; + + gc->as = gc->authorization->start (gc->authorization->cls, + &AH_trigger_daemon, + NULL, + &gc->truth_uuid, + code, + decrypted_truth, + decrypted_truth_size); + if (NULL == gc->as) + { + GNUNET_break (0); + return TALER_MHD_reply_with_error (gc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_ANASTASIS_TRUTH_AUTHORIZATION_START_FAILED, + NULL); + } + if (NULL == gc->authorization->solve) + { + GNUNET_break (0); + return TALER_MHD_reply_with_error (gc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_ANASTASIS_TRUTH_AUTHORIZATION_START_FAILED, + "solve method not implemented for authorization method"); + } + aar = gc->authorization->solve (gc->as, + gc->timeout, + &gc->challenge_response, + gc->connection); + switch (aar) + { + case ANASTASIS_AUTHORIZATION_SRES_FAILED: + return MHD_YES; + case ANASTASIS_AUTHORIZATION_SRES_SUSPENDED: + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Suspending request handling\n"); gc_suspended (gc); return MHD_YES; case ANASTASIS_AUTHORIZATION_SRES_FAILED_REPLY_FAILED: @@ -1121,7 +1193,6 @@ AH_handler_truth_solve ( GNUNET_assert (! gc->suspended); return run_authorization_process (connection, gc); - } /* We get here if the async check for payment said this request was indeed paid! */ @@ -1353,9 +1424,11 @@ AH_handler_truth_solve ( if (GNUNET_TIME_absolute_is_past (gc->timeout)) { GNUNET_free (decrypted_truth); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Timeout with user provided code\n"); return TALER_MHD_reply_with_error (connection, MHD_HTTP_FORBIDDEN, - TALER_EC_ANASTASIS_TRUTH_AUTH_TIMEOUT, + TALER_EC_ANASTASIS_IBAN_MISSING_TRANSFER, "timeout awaiting validation"); } res = direct_validation (gc, @@ -1391,21 +1464,24 @@ AH_handler_truth_solve ( "verify_challenge_code"); case ANASTASIS_DB_CODE_STATUS_NO_RESULTS: GNUNET_free (decrypted_truth); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Specified challenge code %s was not issued\n", + GNUNET_h2s (&gc->challenge_response)); return TALER_MHD_reply_with_error (connection, - MHD_HTTP_NOT_FOUND, + MHD_HTTP_FORBIDDEN, TALER_EC_ANASTASIS_TRUTH_CHALLENGE_UNKNOWN, - NULL); + "specific challenge code was not issued"); case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Response code valid (%s)\n", - satisfied ? "satisfied" : "unsatisfied"); if (! satisfied) { + MHD_RESULT res; + + res = iban_validation (gc, + code, + decrypted_truth, + decrypted_truth_size); GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_NOT_FOUND, - TALER_EC_ANASTASIS_TRUTH_CHALLENGE_UNKNOWN, - NULL); + return res; } GNUNET_free (decrypted_truth); return return_key_share (&gc->truth_uuid, |