diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-08-16 11:01:38 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-08-16 11:01:38 +0200 |
| commit | c1c40eaa24926273a6aa688e92e99d832aa1501e (patch) | |
| tree | d5d01686cd125e70d1702ac5bbc2660c71d90760 /src | |
| parent | 3b90e437e26013f5570d6c216b832c7bcd740712 (diff) | |
| download | anastasis-c1c40eaa24926273a6aa688e92e99d832aa1501e.tar.gz anastasis-c1c40eaa24926273a6aa688e92e99d832aa1501e.tar.bz2 anastasis-c1c40eaa24926273a6aa688e92e99d832aa1501e.zip | |
-preparations for sepa auth plugin
Diffstat (limited to 'src')
| -rw-r--r-- | src/authorization/anastasis_authorization_plugin.c | 17 | ||||
| -rw-r--r-- | src/authorization/anastasis_authorization_plugin_iban.c | 1 | ||||
| -rw-r--r-- | src/backend/anastasis-httpd_config.c | 6 | ||||
| -rw-r--r-- | src/backend/anastasis-httpd_truth.c | 14 | ||||
| -rw-r--r-- | src/backend/anastasis-httpd_truth_upload.c | 25 | ||||
| -rw-r--r-- | src/include/anastasis_authorization_lib.h | 6 | ||||
| -rw-r--r-- | src/include/anastasis_authorization_plugin.h | 12 | ||||
| -rw-r--r-- | src/include/anastasis_database_plugin.h | 4 | ||||
| -rw-r--r-- | src/stasis/plugin_anastasis_postgres.c | 18 |
9 files changed, 62 insertions, 41 deletions
diff --git a/src/authorization/anastasis_authorization_plugin.c b/src/authorization/anastasis_authorization_plugin.c index adb1c5b..da28f40 100644 --- a/src/authorization/anastasis_authorization_plugin.c +++ b/src/authorization/anastasis_authorization_plugin.c @@ -66,32 +66,25 @@ struct AuthPlugin */ char *lib_name; - /** - * Cost of using this plugin. - */ - struct TALER_Amount cost; }; struct ANASTASIS_AuthorizationPlugin * ANASTASIS_authorization_plugin_load ( const char *method, - const struct GNUNET_CONFIGURATION_Handle *AH_cfg, - struct TALER_Amount *cost) + const struct GNUNET_CONFIGURATION_Handle *AH_cfg) { struct ANASTASIS_AuthorizationPlugin *authorization; char *lib_name; char *sec_name; struct AuthPlugin *ap; char *currency; + struct TALER_Amount cost; for (ap = ap_head; NULL != ap; ap = ap->next) if (0 == strcmp (method, ap->name)) - { - *cost = ap->cost; return ap->authorization; - } if (GNUNET_OK != TALER_config_get_currency (AH_cfg, ¤cy)) @@ -104,7 +97,7 @@ ANASTASIS_authorization_plugin_load ( TALER_config_get_amount (AH_cfg, sec_name, "COST", - &ap->cost)) + &cost)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_WARNING, sec_name, @@ -117,7 +110,7 @@ ANASTASIS_authorization_plugin_load ( if (0 != strcasecmp (currency, - ap->cost.currency)) + cost.currency)) { GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, sec_name, @@ -144,13 +137,13 @@ ANASTASIS_authorization_plugin_load ( GNUNET_free (ap); return NULL; } + authorization->cost = cost; ap->name = GNUNET_strdup (method); ap->lib_name = lib_name; ap->authorization = authorization; GNUNET_CONTAINER_DLL_insert (ap_head, ap_tail, ap); - *cost = ap->cost; return authorization; } diff --git a/src/authorization/anastasis_authorization_plugin_iban.c b/src/authorization/anastasis_authorization_plugin_iban.c index 61e7f59..d1a71f9 100644 --- a/src/authorization/anastasis_authorization_plugin_iban.c +++ b/src/authorization/anastasis_authorization_plugin_iban.c @@ -553,6 +553,7 @@ libanastasis_plugin_authorization_iban_init (void *cls) return NULL; } plugin = GNUNET_new (struct ANASTASIS_AuthorizationPlugin); + plugin->payment_plugin_managed = true; plugin->code_validity_period = GNUNET_TIME_UNIT_MONTHS; plugin->code_rotation_period = GNUNET_TIME_UNIT_WEEKS; plugin->code_retransmission_frequency = GNUNET_TIME_UNIT_FOREVER_REL; diff --git a/src/backend/anastasis-httpd_config.c b/src/backend/anastasis-httpd_config.c index 89b82d0..d265f99 100644 --- a/src/backend/anastasis-httpd_config.c +++ b/src/backend/anastasis-httpd_config.c @@ -40,7 +40,6 @@ add_methods (void *cls, { json_t *method_arr = cls; struct ANASTASIS_AuthorizationPlugin *p; - struct TALER_Amount cost; json_t *method; if (0 != strncasecmp (section, @@ -54,8 +53,7 @@ add_methods (void *cls, return; section += strlen ("authorization-"); p = ANASTASIS_authorization_plugin_load (section, - AH_cfg, - &cost); + AH_cfg); if (NULL == p) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -67,7 +65,7 @@ add_methods (void *cls, GNUNET_JSON_pack_string ("type", section), TALER_JSON_pack_amount ("cost", - &cost)); + &p->cost)); GNUNET_assert ( 0 == json_array_append_new (method_arr, diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c index f69ff7b..ee0f2bf 100644 --- a/src/backend/anastasis-httpd_truth.c +++ b/src/backend/anastasis-httpd_truth.c @@ -1168,8 +1168,7 @@ AH_handler_truth_get ( { gc->authorization = ANASTASIS_authorization_plugin_load (method, - AH_cfg, - &gc->challenge_cost); + AH_cfg); if (NULL == gc->authorization) { MHD_RESULT ret; @@ -1184,6 +1183,7 @@ AH_handler_truth_get ( GNUNET_free (method); return ret; } + gc->challenge_cost = gc->authorization->cost; } else { @@ -1192,6 +1192,7 @@ AH_handler_truth_get ( GNUNET_free (method); } + if (! gc->authorization->payment_plugin_managed) { struct TALER_Amount zero_amount; @@ -1294,6 +1295,7 @@ AH_handler_truth_get ( uint64_t code; enum ANASTASIS_DB_CodeStatus cs; struct GNUNET_HashCode hc; + bool satisfied; rt = GNUNET_TIME_UNIT_FOREVER_ABS; qs = db->create_challenge_code (db->cls, @@ -1327,7 +1329,8 @@ AH_handler_truth_get ( &hc); cs = db->verify_challenge_code (db->cls, &gc->truth_uuid, - &hc); + &hc, + &satisfied); switch (cs) { case ANASTASIS_DB_CODE_STATUS_CHALLENGE_CODE_MISMATCH: @@ -1376,12 +1379,14 @@ AH_handler_truth_get ( if (gc->have_response) { enum ANASTASIS_DB_CodeStatus cs; + bool satisfied; GNUNET_free (decrypted_truth); GNUNET_free (truth_mime); cs = db->verify_challenge_code (db->cls, &gc->truth_uuid, - &challenge_response); + &challenge_response, + &satisfied); switch (cs) { case ANASTASIS_DB_CODE_STATUS_CHALLENGE_CODE_MISMATCH: @@ -1407,6 +1412,7 @@ AH_handler_truth_get ( TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, NULL); case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: + // FIXME: if ! satisfied don't do this... return return_key_share (&gc->truth_uuid, connection); } diff --git a/src/backend/anastasis-httpd_truth_upload.c b/src/backend/anastasis-httpd_truth_upload.c index 0fb9017..0781f73 100644 --- a/src/backend/anastasis-httpd_truth_upload.c +++ b/src/backend/anastasis-httpd_truth_upload.c @@ -670,22 +670,17 @@ AH_handler_truth_post ( } /* check method is supported */ + if ( (0 != strcmp ("question", + type)) && + (NULL == + ANASTASIS_authorization_plugin_load (type, + AH_cfg)) ) { - struct TALER_Amount dummy; - - if ( (0 != strcmp ("question", - type)) && - (NULL == - ANASTASIS_authorization_plugin_load (type, - AH_cfg, - &dummy)) ) - { - GNUNET_JSON_parse_free (spec); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_ANASTASIS_TRUTH_UPLOAD_METHOD_NOT_SUPPORTED, - type); - } + GNUNET_JSON_parse_free (spec); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_ANASTASIS_TRUTH_UPLOAD_METHOD_NOT_SUPPORTED, + type); } if (storage_years > ANASTASIS_MAX_YEARS_STORAGE) diff --git a/src/include/anastasis_authorization_lib.h b/src/include/anastasis_authorization_lib.h index 9bebe1a..e8eaf74 100644 --- a/src/include/anastasis_authorization_lib.h +++ b/src/include/anastasis_authorization_lib.h @@ -30,14 +30,12 @@ * * @param method name of the method to load * @param AH_cfg configuration to use - * @param[out] cost set to the cost for using the plugin during recovery - * @return #GNUNET_OK on success + * @return plugin handle on success */ struct ANASTASIS_AuthorizationPlugin * ANASTASIS_authorization_plugin_load ( const char *method, - const struct GNUNET_CONFIGURATION_Handle *AH_cfg, - struct TALER_Amount *cost); + const struct GNUNET_CONFIGURATION_Handle *AH_cfg); /** diff --git a/src/include/anastasis_authorization_plugin.h b/src/include/anastasis_authorization_plugin.h index b159aaa..a1006a7 100644 --- a/src/include/anastasis_authorization_plugin.h +++ b/src/include/anastasis_authorization_plugin.h @@ -97,6 +97,18 @@ struct ANASTASIS_AuthorizationPlugin void *cls; /** + * Cost to GET the /truth using this method. Set by the plugin's + * loader, not by the plugin itself. + */ + struct TALER_Amount cost; + + /** + * True if the payment is managed internally by the + * authorization plugin. + */ + bool payment_plugin_managed; + + /** * How long should a generated challenge be valid for this type of method. */ struct GNUNET_TIME_Relative code_validity_period; diff --git a/src/include/anastasis_database_plugin.h b/src/include/anastasis_database_plugin.h index 7ad47ca..069d0d9 100644 --- a/src/include/anastasis_database_plugin.h +++ b/src/include/anastasis_database_plugin.h @@ -584,13 +584,15 @@ struct ANASTASIS_DatabasePlugin * @param cls closure * @param truth_uuid identification of the challenge which the code corresponds to * @param hashed_code code which the user provided and wants to verify + * @param[out] satisfied set to true if the challenge is set to satisfied * @return transaction status */ enum ANASTASIS_DB_CodeStatus (*verify_challenge_code)( void *cls, const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid, - const struct GNUNET_HashCode *hashed_code); + const struct GNUNET_HashCode *hashed_code, + bool *satisfied); /** diff --git a/src/stasis/plugin_anastasis_postgres.c b/src/stasis/plugin_anastasis_postgres.c index 9d206c7..325bae8 100644 --- a/src/stasis/plugin_anastasis_postgres.c +++ b/src/stasis/plugin_anastasis_postgres.c @@ -1759,6 +1759,11 @@ struct CheckValidityContext bool valid; /** + * Set to true if a code matching @e hashed_code was set to 'satisfied' by the plugin. + */ + bool satisfied; + + /** * Set to true if we had a database failure. */ bool db_failure; @@ -1786,9 +1791,12 @@ check_valid_code (void *cls, for (unsigned int i = 0; i < num_results; i++) { uint64_t server_code; + uint8_t sat; struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_uint64 ("code", &server_code), + GNUNET_PQ_result_spec_auto_from_type ("satisfied", + &sat), GNUNET_PQ_result_spec_end }; @@ -1811,6 +1819,7 @@ check_valid_code (void *cls, cvc->hashed_code)) { cvc->valid = true; + cvc->satisfied = (0 != sat); } else { @@ -1844,13 +1853,15 @@ check_valid_code (void *cls, * @param cls closure * @param truth_uuid identification of the challenge which the code corresponds to * @param hashed_code code which the user provided and wants to verify + * @param[out] satisfied set to true if the challenge is set to satisfied * @return code validity status */ enum ANASTASIS_DB_CodeStatus postgres_verify_challenge_code ( void *cls, const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid, - const struct GNUNET_HashCode *hashed_code) + const struct GNUNET_HashCode *hashed_code, + bool *satisfied) { struct PostgresClosure *pg = cls; struct CheckValidityContext cvc = { @@ -1866,6 +1877,7 @@ postgres_verify_challenge_code ( }; enum GNUNET_DB_QueryStatus qs; + *satisfied = false; check_connection (pg); GNUNET_TIME_round_abs (&now); qs = GNUNET_PQ_eval_prepared_multi_select (pg->conn, @@ -1877,7 +1889,10 @@ postgres_verify_challenge_code ( (cvc.db_failure) ) return ANASTASIS_DB_CODE_STATUS_HARD_ERROR; if (cvc.valid) + { + *satisfied = cvc.satisfied; return ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED; + } if (0 == qs) return ANASTASIS_DB_CODE_STATUS_NO_RESULTS; return ANASTASIS_DB_CODE_STATUS_CHALLENGE_CODE_MISMATCH; @@ -2523,6 +2538,7 @@ libanastasis_plugin_db_postgres_init (void *cls) GNUNET_PQ_make_prepare ("challengecode_select", "SELECT " " code" + ",satisfied" " FROM anastasis_challengecode" " WHERE truth_uuid=$1" " AND expiration_date > $2" |