diff options
Diffstat (limited to 'src/backend/anastasis-httpd_truth.c')
-rw-r--r-- | src/backend/anastasis-httpd_truth.c | 56 |
1 files changed, 19 insertions, 37 deletions
diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c index df105dd..613e27f 100644 --- a/src/backend/anastasis-httpd_truth.c +++ b/src/backend/anastasis-httpd_truth.c | |||
@@ -56,6 +56,7 @@ | |||
56 | */ | 56 | */ |
57 | #define INITIAL_RETRY_COUNTER 3 | 57 | #define INITIAL_RETRY_COUNTER 3 |
58 | 58 | ||
59 | |||
59 | struct GetContext | 60 | struct GetContext |
60 | { | 61 | { |
61 | 62 | ||
@@ -1289,6 +1290,8 @@ AH_handler_truth_get ( | |||
1289 | but check that the hash matches */ | 1290 | but check that the hash matches */ |
1290 | if (is_question) | 1291 | if (is_question) |
1291 | { | 1292 | { |
1293 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
1294 | "Handling security question challenge\n"); | ||
1292 | if (! gc->have_response) | 1295 | if (! gc->have_response) |
1293 | { | 1296 | { |
1294 | GNUNET_free (decrypted_truth); | 1297 | GNUNET_free (decrypted_truth); |
@@ -1306,6 +1309,7 @@ AH_handler_truth_get ( | |||
1306 | enum ANASTASIS_DB_CodeStatus cs; | 1309 | enum ANASTASIS_DB_CodeStatus cs; |
1307 | struct GNUNET_HashCode hc; | 1310 | struct GNUNET_HashCode hc; |
1308 | bool satisfied; | 1311 | bool satisfied; |
1312 | uint64_t dummy; | ||
1309 | 1313 | ||
1310 | rt = GNUNET_TIME_UNIT_FOREVER_ABS; | 1314 | rt = GNUNET_TIME_UNIT_FOREVER_ABS; |
1311 | qs = db->create_challenge_code (db->cls, | 1315 | qs = db->create_challenge_code (db->cls, |
@@ -1340,6 +1344,7 @@ AH_handler_truth_get ( | |||
1340 | cs = db->verify_challenge_code (db->cls, | 1344 | cs = db->verify_challenge_code (db->cls, |
1341 | &gc->truth_uuid, | 1345 | &gc->truth_uuid, |
1342 | &hc, | 1346 | &hc, |
1347 | &dummy, | ||
1343 | &satisfied); | 1348 | &satisfied); |
1344 | switch (cs) | 1349 | switch (cs) |
1345 | { | 1350 | { |
@@ -1390,11 +1395,13 @@ AH_handler_truth_get ( | |||
1390 | { | 1395 | { |
1391 | enum ANASTASIS_DB_CodeStatus cs; | 1396 | enum ANASTASIS_DB_CodeStatus cs; |
1392 | bool satisfied; | 1397 | bool satisfied; |
1398 | uint64_t code; | ||
1393 | 1399 | ||
1394 | GNUNET_free (truth_mime); | 1400 | GNUNET_free (truth_mime); |
1395 | cs = db->verify_challenge_code (db->cls, | 1401 | cs = db->verify_challenge_code (db->cls, |
1396 | &gc->truth_uuid, | 1402 | &gc->truth_uuid, |
1397 | &gc->challenge_response, | 1403 | &gc->challenge_response, |
1404 | &code, | ||
1398 | &satisfied); | 1405 | &satisfied); |
1399 | switch (cs) | 1406 | switch (cs) |
1400 | { | 1407 | { |
@@ -1415,15 +1422,14 @@ AH_handler_truth_get ( | |||
1415 | TALER_EC_GENERIC_DB_FETCH_FAILED, | 1422 | TALER_EC_GENERIC_DB_FETCH_FAILED, |
1416 | "verify_challenge_code"); | 1423 | "verify_challenge_code"); |
1417 | case ANASTASIS_DB_CODE_STATUS_NO_RESULTS: | 1424 | case ANASTASIS_DB_CODE_STATUS_NO_RESULTS: |
1418 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1425 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
1419 | "No challenge known (challenge is invalidated after %u requests)\n", | 1426 | "Response code unknown (possibly expired). Testing if we may provide a new one.\n"); |
1420 | INITIAL_RETRY_COUNTER); | 1427 | gc->have_response = false; |
1421 | GNUNET_free (decrypted_truth); | 1428 | break; |
1422 | return TALER_MHD_reply_with_error (connection, | ||
1423 | MHD_HTTP_TOO_MANY_REQUESTS, | ||
1424 | TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, | ||
1425 | NULL); | ||
1426 | case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: | 1429 | case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: |
1430 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
1431 | "Response code valid (%s)\n", | ||
1432 | satisfied ? "satisfied" : "unsatisfied"); | ||
1427 | if (satisfied) | 1433 | if (satisfied) |
1428 | { | 1434 | { |
1429 | GNUNET_free (decrypted_truth); | 1435 | GNUNET_free (decrypted_truth); |
@@ -1431,43 +1437,19 @@ AH_handler_truth_get ( | |||
1431 | connection); | 1437 | connection); |
1432 | } | 1438 | } |
1433 | /* continue with authorization plugin below */ | 1439 | /* continue with authorization plugin below */ |
1434 | { | 1440 | gc->code = code; |
1435 | enum GNUNET_DB_QueryStatus qs; | ||
1436 | |||
1437 | qs = db->get_unlimited_challenge_code ( | ||
1438 | db->cls, | ||
1439 | &gc->truth_uuid, | ||
1440 | gc->authorization->code_rotation_period, | ||
1441 | gc->authorization->code_validity_period, | ||
1442 | &gc->code); | ||
1443 | switch (qs) | ||
1444 | { | ||
1445 | case GNUNET_DB_STATUS_HARD_ERROR: | ||
1446 | case GNUNET_DB_STATUS_SOFT_ERROR: | ||
1447 | case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: | ||
1448 | GNUNET_break (0); | ||
1449 | GNUNET_free (decrypted_truth); | ||
1450 | return TALER_MHD_reply_with_error (gc->connection, | ||
1451 | MHD_HTTP_INTERNAL_SERVER_ERROR, | ||
1452 | TALER_EC_GENERIC_DB_FETCH_FAILED, | ||
1453 | "create_challenge_code"); | ||
1454 | case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: | ||
1455 | /* challenge code was stored successfully*/ | ||
1456 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
1457 | "Got challenge code\n"); | ||
1458 | break; | ||
1459 | } | ||
1460 | } | ||
1461 | break; | 1441 | break; |
1462 | default: | 1442 | default: |
1463 | GNUNET_break (0); | 1443 | GNUNET_break (0); |
1464 | return MHD_NO; | 1444 | return MHD_NO; |
1465 | } | 1445 | } |
1466 | } | 1446 | } |
1467 | else | 1447 | if (! gc->have_response) |
1468 | { | 1448 | { |
1469 | /* Not security question and no answer: use plugin to check if | 1449 | /* Not security question and no answer: use plugin to check if |
1470 | decrypted truth is a valid challenge! */ | 1450 | decrypted truth is a valid challenge! */ |
1451 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
1452 | "No challenge provided, creating fresh challenge\n"); | ||
1471 | { | 1453 | { |
1472 | enum GNUNET_GenericReturnValue ret; | 1454 | enum GNUNET_GenericReturnValue ret; |
1473 | 1455 | ||
@@ -1502,7 +1484,7 @@ AH_handler_truth_get ( | |||
1502 | &gc->truth_uuid, | 1484 | &gc->truth_uuid, |
1503 | gc->authorization->code_rotation_period, | 1485 | gc->authorization->code_rotation_period, |
1504 | gc->authorization->code_validity_period, | 1486 | gc->authorization->code_validity_period, |
1505 | INITIAL_RETRY_COUNTER, | 1487 | gc->authorization->retry_counter, |
1506 | &transmission_date, | 1488 | &transmission_date, |
1507 | &gc->code); | 1489 | &gc->code); |
1508 | switch (qs) | 1490 | switch (qs) |