aboutsummaryrefslogtreecommitdiff
path: root/src/backend/anastasis-httpd_truth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/anastasis-httpd_truth.c')
-rw-r--r--src/backend/anastasis-httpd_truth.c56
1 files changed, 19 insertions, 37 deletions
diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c
index df105dd..613e27f 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -56,6 +56,7 @@
56 */ 56 */
57#define INITIAL_RETRY_COUNTER 3 57#define INITIAL_RETRY_COUNTER 3
58 58
59
59struct GetContext 60struct GetContext
60{ 61{
61 62
@@ -1289,6 +1290,8 @@ AH_handler_truth_get (
1289 but check that the hash matches */ 1290 but check that the hash matches */
1290 if (is_question) 1291 if (is_question)
1291 { 1292 {
1293 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1294 "Handling security question challenge\n");
1292 if (! gc->have_response) 1295 if (! gc->have_response)
1293 { 1296 {
1294 GNUNET_free (decrypted_truth); 1297 GNUNET_free (decrypted_truth);
@@ -1306,6 +1309,7 @@ AH_handler_truth_get (
1306 enum ANASTASIS_DB_CodeStatus cs; 1309 enum ANASTASIS_DB_CodeStatus cs;
1307 struct GNUNET_HashCode hc; 1310 struct GNUNET_HashCode hc;
1308 bool satisfied; 1311 bool satisfied;
1312 uint64_t dummy;
1309 1313
1310 rt = GNUNET_TIME_UNIT_FOREVER_ABS; 1314 rt = GNUNET_TIME_UNIT_FOREVER_ABS;
1311 qs = db->create_challenge_code (db->cls, 1315 qs = db->create_challenge_code (db->cls,
@@ -1340,6 +1344,7 @@ AH_handler_truth_get (
1340 cs = db->verify_challenge_code (db->cls, 1344 cs = db->verify_challenge_code (db->cls,
1341 &gc->truth_uuid, 1345 &gc->truth_uuid,
1342 &hc, 1346 &hc,
1347 &dummy,
1343 &satisfied); 1348 &satisfied);
1344 switch (cs) 1349 switch (cs)
1345 { 1350 {
@@ -1390,11 +1395,13 @@ AH_handler_truth_get (
1390 { 1395 {
1391 enum ANASTASIS_DB_CodeStatus cs; 1396 enum ANASTASIS_DB_CodeStatus cs;
1392 bool satisfied; 1397 bool satisfied;
1398 uint64_t code;
1393 1399
1394 GNUNET_free (truth_mime); 1400 GNUNET_free (truth_mime);
1395 cs = db->verify_challenge_code (db->cls, 1401 cs = db->verify_challenge_code (db->cls,
1396 &gc->truth_uuid, 1402 &gc->truth_uuid,
1397 &gc->challenge_response, 1403 &gc->challenge_response,
1404 &code,
1398 &satisfied); 1405 &satisfied);
1399 switch (cs) 1406 switch (cs)
1400 { 1407 {
@@ -1415,15 +1422,14 @@ AH_handler_truth_get (
1415 TALER_EC_GENERIC_DB_FETCH_FAILED, 1422 TALER_EC_GENERIC_DB_FETCH_FAILED,
1416 "verify_challenge_code"); 1423 "verify_challenge_code");
1417 case ANASTASIS_DB_CODE_STATUS_NO_RESULTS: 1424 case ANASTASIS_DB_CODE_STATUS_NO_RESULTS:
1418 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1425 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1419 "No challenge known (challenge is invalidated after %u requests)\n", 1426 "Response code unknown (possibly expired). Testing if we may provide a new one.\n");
1420 INITIAL_RETRY_COUNTER); 1427 gc->have_response = false;
1421 GNUNET_free (decrypted_truth); 1428 break;
1422 return TALER_MHD_reply_with_error (connection,
1423 MHD_HTTP_TOO_MANY_REQUESTS,
1424 TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
1425 NULL);
1426 case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: 1429 case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED:
1430 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1431 "Response code valid (%s)\n",
1432 satisfied ? "satisfied" : "unsatisfied");
1427 if (satisfied) 1433 if (satisfied)
1428 { 1434 {
1429 GNUNET_free (decrypted_truth); 1435 GNUNET_free (decrypted_truth);
@@ -1431,43 +1437,19 @@ AH_handler_truth_get (
1431 connection); 1437 connection);
1432 } 1438 }
1433 /* continue with authorization plugin below */ 1439 /* continue with authorization plugin below */
1434 { 1440 gc->code = code;
1435 enum GNUNET_DB_QueryStatus qs;
1436
1437 qs = db->get_unlimited_challenge_code (
1438 db->cls,
1439 &gc->truth_uuid,
1440 gc->authorization->code_rotation_period,
1441 gc->authorization->code_validity_period,
1442 &gc->code);
1443 switch (qs)
1444 {
1445 case GNUNET_DB_STATUS_HARD_ERROR:
1446 case GNUNET_DB_STATUS_SOFT_ERROR:
1447 case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
1448 GNUNET_break (0);
1449 GNUNET_free (decrypted_truth);
1450 return TALER_MHD_reply_with_error (gc->connection,
1451 MHD_HTTP_INTERNAL_SERVER_ERROR,
1452 TALER_EC_GENERIC_DB_FETCH_FAILED,
1453 "create_challenge_code");
1454 case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
1455 /* challenge code was stored successfully*/
1456 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1457 "Got challenge code\n");
1458 break;
1459 }
1460 }
1461 break; 1441 break;
1462 default: 1442 default:
1463 GNUNET_break (0); 1443 GNUNET_break (0);
1464 return MHD_NO; 1444 return MHD_NO;
1465 } 1445 }
1466 } 1446 }
1467 else 1447 if (! gc->have_response)
1468 { 1448 {
1469 /* Not security question and no answer: use plugin to check if 1449 /* Not security question and no answer: use plugin to check if
1470 decrypted truth is a valid challenge! */ 1450 decrypted truth is a valid challenge! */
1451 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1452 "No challenge provided, creating fresh challenge\n");
1471 { 1453 {
1472 enum GNUNET_GenericReturnValue ret; 1454 enum GNUNET_GenericReturnValue ret;
1473 1455
@@ -1502,7 +1484,7 @@ AH_handler_truth_get (
1502 &gc->truth_uuid, 1484 &gc->truth_uuid,
1503 gc->authorization->code_rotation_period, 1485 gc->authorization->code_rotation_period,
1504 gc->authorization->code_validity_period, 1486 gc->authorization->code_validity_period,
1505 INITIAL_RETRY_COUNTER, 1487 gc->authorization->retry_counter,
1506 &transmission_date, 1488 &transmission_date,
1507 &gc->code); 1489 &gc->code);
1508 switch (qs) 1490 switch (qs)