diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-08-16 16:44:00 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-08-16 16:44:00 +0200 |
commit | d94a0fe2f979348b45289b66b1cb5f72c3c3e76c (patch) | |
tree | cd909fd72847ef6e7c399ddea1a2b3ce27efcb9e /src | |
parent | 349d37ea1398901daddb11d5c28b8148e393ccb7 (diff) | |
download | anastasis-d94a0fe2f979348b45289b66b1cb5f72c3c3e76c.tar.gz anastasis-d94a0fe2f979348b45289b66b1cb5f72c3c3e76c.tar.bz2 anastasis-d94a0fe2f979348b45289b66b1cb5f72c3c3e76c.zip |
-modify plugins to set 'satisfied' bit
Diffstat (limited to 'src')
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_email.c | 17 | ||||
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_file.c | 17 | ||||
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_post.c | 18 | ||||
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_sms.c | 17 | ||||
-rw-r--r-- | src/backend/anastasis-httpd_truth.c | 154 |
5 files changed, 146 insertions, 77 deletions
diff --git a/src/authorization/anastasis_authorization_plugin_email.c b/src/authorization/anastasis_authorization_plugin_email.c index 22a7824..3d42aa3 100644 --- a/src/authorization/anastasis_authorization_plugin_email.c +++ b/src/authorization/anastasis_authorization_plugin_email.c @@ -24,6 +24,8 @@ #include <taler/taler_json_lib.h> #include <regex.h> #include "anastasis_util_lib.h" +#include <gnunet/gnunet_db_lib.h> +#include "anastasis_database_lib.h" /** @@ -248,7 +250,20 @@ email_start (void *cls, { struct Email_Context *ctx = cls; struct ANASTASIS_AUTHORIZATION_State *as; - + enum GNUNET_DB_QueryStatus qs; + + /* If the user can show this challenge code, this + plugin is already happy (no additional + requirements), so mark this challenge as + already satisfied from the start. */ + qs = ctx->ac->db->mark_challenge_code_satisfied (ctx->ac->db->cls, + truth_uuid, + code); + if (qs <= 0) + { + GNUNET_break (0); + return NULL; + } as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State); as->trigger = trigger; as->trigger_cls = trigger_cls; diff --git a/src/authorization/anastasis_authorization_plugin_file.c b/src/authorization/anastasis_authorization_plugin_file.c index 38939a0..db9dc67 100644 --- a/src/authorization/anastasis_authorization_plugin_file.c +++ b/src/authorization/anastasis_authorization_plugin_file.c @@ -21,6 +21,8 @@ #include "platform.h" #include "anastasis_authorization_plugin.h" #include <taler/taler_mhd_lib.h> +#include <gnunet/gnunet_db_lib.h> +#include "anastasis_database_lib.h" /** @@ -125,7 +127,20 @@ file_start (void *cls, { const struct ANASTASIS_AuthorizationContext *ac = cls; struct ANASTASIS_AUTHORIZATION_State *as; - + enum GNUNET_DB_QueryStatus qs; + + /* If the user can show this challenge code, this + plugin is already happy (no additional + requirements), so mark this challenge as + already satisfied from the start. */ + qs = ac->db->mark_challenge_code_satisfied (ac->db->cls, + truth_uuid, + code); + if (qs <= 0) + { + GNUNET_break (0); + return NULL; + } as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State); as->cls = cls; as->truth_uuid = *truth_uuid; diff --git a/src/authorization/anastasis_authorization_plugin_post.c b/src/authorization/anastasis_authorization_plugin_post.c index dddd273..30cea88 100644 --- a/src/authorization/anastasis_authorization_plugin_post.c +++ b/src/authorization/anastasis_authorization_plugin_post.c @@ -24,7 +24,8 @@ #include <taler/taler_json_lib.h> #include <jansson.h> #include "anastasis_util_lib.h" - +#include <gnunet/gnunet_db_lib.h> +#include "anastasis_database_lib.h" /** * Saves the State of a authorization plugin. @@ -277,7 +278,20 @@ post_start (void *cls, struct PostContext *ctx = cls; struct ANASTASIS_AUTHORIZATION_State *as; json_error_t error; - + enum GNUNET_DB_QueryStatus qs; + + /* If the user can show this challenge code, this + plugin is already happy (no additional + requirements), so mark this challenge as + already satisfied from the start. */ + qs = ctx->ac->db->mark_challenge_code_satisfied (ctx->ac->db->cls, + truth_uuid, + code); + if (qs <= 0) + { + GNUNET_break (0); + return NULL; + } as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State); as->trigger = trigger; as->trigger_cls = trigger_cls; diff --git a/src/authorization/anastasis_authorization_plugin_sms.c b/src/authorization/anastasis_authorization_plugin_sms.c index b780c68..df398fd 100644 --- a/src/authorization/anastasis_authorization_plugin_sms.c +++ b/src/authorization/anastasis_authorization_plugin_sms.c @@ -24,6 +24,8 @@ #include <taler/taler_json_lib.h> #include <regex.h> #include "anastasis_util_lib.h" +#include <gnunet/gnunet_db_lib.h> +#include "anastasis_database_lib.h" /** @@ -247,7 +249,20 @@ sms_start (void *cls, { struct SMS_Context *ctx = cls; struct ANASTASIS_AUTHORIZATION_State *as; - + enum GNUNET_DB_QueryStatus qs; + + /* If the user can show this challenge code, this + plugin is already happy (no additional + requirements), so mark this challenge as + already satisfied from the start. */ + qs = ctx->ac->db->mark_challenge_code_satisfied (ctx->ac->db->cls, + truth_uuid, + code); + if (qs <= 0) + { + GNUNET_break (0); + return NULL; + } as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State); as->trigger = trigger; as->trigger_cls = trigger_cls; diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c index 8fb1aee..0b0d22f 100644 --- a/src/backend/anastasis-httpd_truth.c +++ b/src/backend/anastasis-httpd_truth.c @@ -1383,7 +1383,6 @@ AH_handler_truth_get ( enum ANASTASIS_DB_CodeStatus cs; bool satisfied; - GNUNET_free (decrypted_truth); GNUNET_free (truth_mime); cs = db->verify_challenge_code (db->cls, &gc->truth_uuid, @@ -1394,6 +1393,7 @@ AH_handler_truth_get ( case ANASTASIS_DB_CODE_STATUS_CHALLENGE_CODE_MISMATCH: GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Provided response does not match our stored challenge\n"); + GNUNET_free (decrypted_truth); return TALER_MHD_reply_with_error (connection, MHD_HTTP_FORBIDDEN, TALER_EC_ANASTASIS_TRUTH_CHALLENGE_FAILED, @@ -1401,6 +1401,7 @@ AH_handler_truth_get ( case ANASTASIS_DB_CODE_STATUS_HARD_ERROR: case ANASTASIS_DB_CODE_STATUS_SOFT_ERROR: GNUNET_break (0); + GNUNET_free (decrypted_truth); return TALER_MHD_reply_with_error (gc->connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, @@ -1409,91 +1410,100 @@ AH_handler_truth_get ( GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No challenge known (challenge is invalidated after %u requests)\n", INITIAL_RETRY_COUNTER); + GNUNET_free (decrypted_truth); return TALER_MHD_reply_with_error (connection, MHD_HTTP_TOO_MANY_REQUESTS, TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, NULL); case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: - // FIXME: if ! satisfied don't do this... - return return_key_share (&gc->truth_uuid, - connection); - } - GNUNET_break (0); - return MHD_NO; - } - - /* Not security question and no answer: use plugin to check if - decrypted truth is a valid challenge! */ - { - enum GNUNET_GenericReturnValue ret; - - ret = gc->authorization->validate (gc->authorization->cls, - connection, - truth_mime, - decrypted_truth, - decrypted_truth_size); - GNUNET_free (truth_mime); - switch (ret) - { - case GNUNET_OK: - /* data valid, continued below */ + if (satisfied) + { + GNUNET_free (decrypted_truth); + return return_key_share (&gc->truth_uuid, + connection); + } + /* continue with authorization plugin below */ break; - case GNUNET_NO: - /* data invalid, reply was queued */ - GNUNET_free (decrypted_truth); - return MHD_YES; - case GNUNET_SYSERR: - /* data invalid, reply was NOT queued */ - GNUNET_free (decrypted_truth); + default: + GNUNET_break (0); return MHD_NO; } } - - /* Setup challenge and begin authorization process */ + else { - struct GNUNET_TIME_Absolute transmission_date; - enum GNUNET_DB_QueryStatus qs; - - qs = db->create_challenge_code (db->cls, - &gc->truth_uuid, - gc->authorization->code_rotation_period, - gc->authorization->code_validity_period, - INITIAL_RETRY_COUNTER, - &transmission_date, - &gc->code); - switch (qs) + /* Not security question and no answer: use plugin to check if + decrypted truth is a valid challenge! */ { - case GNUNET_DB_STATUS_HARD_ERROR: - case GNUNET_DB_STATUS_SOFT_ERROR: - GNUNET_break (0); - GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (gc->connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "store_challenge_code"); - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - /* 0 == retry_counter of existing challenge => rate limit exceeded */ - GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_TOO_MANY_REQUESTS, - TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, - NULL); - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - /* challenge code was stored successfully*/ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Created fresh challenge\n"); - break; + enum GNUNET_GenericReturnValue ret; + + ret = gc->authorization->validate (gc->authorization->cls, + connection, + truth_mime, + decrypted_truth, + decrypted_truth_size); + GNUNET_free (truth_mime); + switch (ret) + { + case GNUNET_OK: + /* data valid, continued below */ + break; + case GNUNET_NO: + /* data invalid, reply was queued */ + GNUNET_free (decrypted_truth); + return MHD_YES; + case GNUNET_SYSERR: + /* data invalid, reply was NOT queued */ + GNUNET_free (decrypted_truth); + return MHD_NO; + } } - if (GNUNET_TIME_absolute_get_duration (transmission_date).rel_value_us < - gc->authorization->code_retransmission_frequency.rel_value_us) + /* Setup challenge and begin authorization process */ { - /* Too early for a retransmission! */ - GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (gc->connection, - MHD_HTTP_ALREADY_REPORTED, - TALER_EC_ANASTASIS_TRUTH_CHALLENGE_ACTIVE, - NULL); + struct GNUNET_TIME_Absolute transmission_date; + enum GNUNET_DB_QueryStatus qs; + + qs = db->create_challenge_code (db->cls, + &gc->truth_uuid, + gc->authorization->code_rotation_period, + gc->authorization->code_validity_period, + INITIAL_RETRY_COUNTER, + &transmission_date, + &gc->code); + switch (qs) + { + case GNUNET_DB_STATUS_HARD_ERROR: + case GNUNET_DB_STATUS_SOFT_ERROR: + GNUNET_break (0); + GNUNET_free (decrypted_truth); + return TALER_MHD_reply_with_error (gc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "store_challenge_code"); + case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: + /* 0 == retry_counter of existing challenge => rate limit exceeded */ + GNUNET_free (decrypted_truth); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_TOO_MANY_REQUESTS, + TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, + NULL); + case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: + /* challenge code was stored successfully*/ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Created fresh challenge\n"); + break; + } + + if (GNUNET_TIME_absolute_get_duration (transmission_date).rel_value_us < + gc->authorization->code_retransmission_frequency.rel_value_us) + { + /* Too early for a retransmission! */ + GNUNET_free (decrypted_truth); + return TALER_MHD_reply_with_error (gc->connection, + MHD_HTTP_ALREADY_REPORTED, + TALER_EC_ANASTASIS_TRUTH_CHALLENGE_ACTIVE, + NULL); + } } } |