diff options
Diffstat (limited to 'src/backend/anastasis-httpd_truth.c')
-rw-r--r-- | src/backend/anastasis-httpd_truth.c | 56 |
1 files changed, 19 insertions, 37 deletions
diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c index df105dd..613e27f 100644 --- a/src/backend/anastasis-httpd_truth.c +++ b/src/backend/anastasis-httpd_truth.c @@ -56,6 +56,7 @@ */ #define INITIAL_RETRY_COUNTER 3 + struct GetContext { @@ -1289,6 +1290,8 @@ AH_handler_truth_get ( but check that the hash matches */ if (is_question) { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Handling security question challenge\n"); if (! gc->have_response) { GNUNET_free (decrypted_truth); @@ -1306,6 +1309,7 @@ AH_handler_truth_get ( enum ANASTASIS_DB_CodeStatus cs; struct GNUNET_HashCode hc; bool satisfied; + uint64_t dummy; rt = GNUNET_TIME_UNIT_FOREVER_ABS; qs = db->create_challenge_code (db->cls, @@ -1340,6 +1344,7 @@ AH_handler_truth_get ( cs = db->verify_challenge_code (db->cls, &gc->truth_uuid, &hc, + &dummy, &satisfied); switch (cs) { @@ -1390,11 +1395,13 @@ AH_handler_truth_get ( { enum ANASTASIS_DB_CodeStatus cs; bool satisfied; + uint64_t code; GNUNET_free (truth_mime); cs = db->verify_challenge_code (db->cls, &gc->truth_uuid, &gc->challenge_response, + &code, &satisfied); switch (cs) { @@ -1415,15 +1422,14 @@ AH_handler_truth_get ( TALER_EC_GENERIC_DB_FETCH_FAILED, "verify_challenge_code"); case ANASTASIS_DB_CODE_STATUS_NO_RESULTS: - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "No challenge known (challenge is invalidated after %u requests)\n", - INITIAL_RETRY_COUNTER); - GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_TOO_MANY_REQUESTS, - TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, - NULL); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Response code unknown (possibly expired). Testing if we may provide a new one.\n"); + gc->have_response = false; + break; case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Response code valid (%s)\n", + satisfied ? "satisfied" : "unsatisfied"); if (satisfied) { GNUNET_free (decrypted_truth); @@ -1431,43 +1437,19 @@ AH_handler_truth_get ( connection); } /* continue with authorization plugin below */ - { - enum GNUNET_DB_QueryStatus qs; - - qs = db->get_unlimited_challenge_code ( - db->cls, - &gc->truth_uuid, - gc->authorization->code_rotation_period, - gc->authorization->code_validity_period, - &gc->code); - switch (qs) - { - case GNUNET_DB_STATUS_HARD_ERROR: - case GNUNET_DB_STATUS_SOFT_ERROR: - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - GNUNET_break (0); - GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (gc->connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "create_challenge_code"); - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - /* challenge code was stored successfully*/ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Got challenge code\n"); - break; - } - } + gc->code = code; break; default: GNUNET_break (0); return MHD_NO; } } - else + if (! gc->have_response) { /* Not security question and no answer: use plugin to check if decrypted truth is a valid challenge! */ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "No challenge provided, creating fresh challenge\n"); { enum GNUNET_GenericReturnValue ret; @@ -1502,7 +1484,7 @@ AH_handler_truth_get ( &gc->truth_uuid, gc->authorization->code_rotation_period, gc->authorization->code_validity_period, - INITIAL_RETRY_COUNTER, + gc->authorization->retry_counter, &transmission_date, &gc->code); switch (qs) |