diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_email.c | 3 | ||||
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_file.c | 2 | ||||
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_post.c | 3 | ||||
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_sms.c | 3 | ||||
-rw-r--r-- | src/backend/anastasis-httpd_policy_upload.c | 12 | ||||
-rw-r--r-- | src/backend/anastasis-httpd_truth.c | 102 | ||||
-rw-r--r-- | src/backend/anastasis-httpd_truth_upload.c | 12 | ||||
-rw-r--r-- | src/include/anastasis.h | 9 | ||||
-rw-r--r-- | src/include/anastasis_authorization_plugin.h | 2 | ||||
-rw-r--r-- | src/include/anastasis_service.h | 11 | ||||
-rw-r--r-- | src/lib/anastasis_recovery.c | 15 | ||||
-rw-r--r-- | src/reducer/anastasis_api_recovery_redux.c | 22 | ||||
-rw-r--r-- | src/restclient/anastasis_api_keyshare_lookup.c | 4 | ||||
-rw-r--r-- | src/testing/testing_api_cmd_keyshare_lookup.c | 2 | ||||
-rw-r--r-- | src/testing/testing_cmd_challenge_answer.c | 2 |
15 files changed, 189 insertions, 15 deletions
diff --git a/src/authorization/anastasis_authorization_plugin_email.c b/src/authorization/anastasis_authorization_plugin_email.c index 181b5db..c68e542 100644 --- a/src/authorization/anastasis_authorization_plugin_email.c +++ b/src/authorization/anastasis_authorization_plugin_email.c @@ -284,17 +284,20 @@ email_done_cb (void *cls, * I.e. start to send SMS or e-mail or launch video identification. * * @param as authorization state + * @param timeout how long do we have to produce a reply * @param connection HTTP client request (for queuing response, such as redirection to video portal) * @return state of the request */ static enum ANASTASIS_AUTHORIZATION_Result email_process (struct ANASTASIS_AUTHORIZATION_State *as, + struct GNUNET_TIME_Absolute timeout, struct MHD_Connection *connection) { MHD_RESULT mres; const char *mime; const char *lang; + (void) timeout; mime = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_ACCEPT); diff --git a/src/authorization/anastasis_authorization_plugin_file.c b/src/authorization/anastasis_authorization_plugin_file.c index 8ed7789..e8e53a0 100644 --- a/src/authorization/anastasis_authorization_plugin_file.c +++ b/src/authorization/anastasis_authorization_plugin_file.c @@ -139,11 +139,13 @@ file_start (void *cls, * I.e. start to send SMS or e-mail or launch video identification. * * @param as authorization state + * @param timeout how long do we have to produce a reply * @param connection HTTP client request (for queuing response, such as redirection to video portal) * @return state of the request */ static enum ANASTASIS_AUTHORIZATION_Result file_process (struct ANASTASIS_AUTHORIZATION_State *as, + struct GNUNET_TIME_Absolute timeout, struct MHD_Connection *connection) { const char *mime; diff --git a/src/authorization/anastasis_authorization_plugin_post.c b/src/authorization/anastasis_authorization_plugin_post.c index aeda956..bca4451 100644 --- a/src/authorization/anastasis_authorization_plugin_post.c +++ b/src/authorization/anastasis_authorization_plugin_post.c @@ -320,11 +320,13 @@ post_done_cb (void *cls, * I.e. start to send SMS or e-mail or launch video identification. * * @param as authorization state + * @param timeout how long do we have to produce a reply * @param connection HTTP client request (for queuing response, such as redirection to video portal) * @return state of the request */ static enum ANASTASIS_AUTHORIZATION_Result post_process (struct ANASTASIS_AUTHORIZATION_State *as, + struct GNUNET_TIME_Absolute timeout, struct MHD_Connection *connection) { const char *mime; @@ -349,6 +351,7 @@ post_process (struct ANASTASIS_AUTHORIZATION_State *as, GNUNET_JSON_spec_end () }; + (void) timeout; mime = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_ACCEPT); diff --git a/src/authorization/anastasis_authorization_plugin_sms.c b/src/authorization/anastasis_authorization_plugin_sms.c index 1e9eb59..05d7148 100644 --- a/src/authorization/anastasis_authorization_plugin_sms.c +++ b/src/authorization/anastasis_authorization_plugin_sms.c @@ -283,17 +283,20 @@ sms_done_cb (void *cls, * I.e. start to send SMS or e-mail or launch video identification. * * @param as authorization state + * @param timeout how long do we have to produce a reply * @param connection HTTP client request (for queuing response, such as redirection to video portal) * @return state of the request */ static enum ANASTASIS_AUTHORIZATION_Result sms_process (struct ANASTASIS_AUTHORIZATION_State *as, + struct GNUNET_TIME_Absolute timeout, struct MHD_Connection *connection) { MHD_RESULT mres; const char *mime; const char *lang; + (void) timeout; mime = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_ACCEPT); diff --git a/src/backend/anastasis-httpd_policy_upload.c b/src/backend/anastasis-httpd_policy_upload.c index 7d3ecb8..c36cc17 100644 --- a/src/backend/anastasis-httpd_policy_upload.c +++ b/src/backend/anastasis-httpd_policy_upload.c @@ -681,14 +681,16 @@ AH_handler_policy_post ( { const char *lens; unsigned long len; + char dummy; lens = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH); if ( (NULL == lens) || (1 != sscanf (lens, - "%lu", - &len)) ) + "%lu%c", + &len, + &dummy)) ) { GNUNET_break_op (0); return TALER_MHD_reply_with_error ( @@ -794,10 +796,12 @@ AH_handler_policy_post ( if (NULL != long_poll_timeout_ms) { unsigned int timeout; + char dummy; if (1 != sscanf (long_poll_timeout_ms, - "%u", - &timeout)) + "%u%c", + &timeout, + &dummy)) { GNUNET_break_op (0); return TALER_MHD_reply_with_error (connection, diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c index b9c0382..f69ff7b 100644 --- a/src/backend/anastasis-httpd_truth.c +++ b/src/backend/anastasis-httpd_truth.c @@ -125,7 +125,13 @@ struct GetContext struct MHD_Response *resp; /** - * How long do we wait at most for payment? + * Our entry in the #to_heap, or NULL. + */ + struct GNUNET_CONTAINER_HeapNode *hn; + + /** + * How long do we wait at most for payment or + * authorization? */ struct GNUNET_TIME_Absolute timeout; @@ -218,6 +224,55 @@ static struct GetContext *gc_head; */ static struct GetContext *gc_tail; +/** + * Heap for processing timeouts of requests. + */ +static struct GNUNET_CONTAINER_Heap *to_heap; + +/** + * Task running #do_timeout(). + */ +static struct GNUNET_SCHEDULER_Task *to_task; + + +/** + * Timeout requests that are past their due date. + * + * @param cls NULL + */ +static void +do_timeout (void *cls) +{ + struct GetContext *gc; + + (void) cls; + to_task = NULL; + while (NULL != + (gc = GNUNET_CONTAINER_heap_peek (to_heap))) + { + if (GNUNET_TIME_absolute_is_future (gc->timeout)) + break; + if (gc->suspended) + { + /* Test needed as we may have a "concurrent" + wakeup from another task that did not clear + this entry from the heap before the + response process concluded. */ + gc->suspended = false; + MHD_resume_connection (gc->connection); + } + GNUNET_assert (NULL != gc->hn); + gc->hn = NULL; + GNUNET_assert (gc == + GNUNET_CONTAINER_heap_remove_root (to_heap)); + } + if (NULL == gc) + return; + to_task = GNUNET_SCHEDULER_add_at (gc->timeout, + &do_timeout, + NULL); +} + void AH_truth_shutdown (void) @@ -271,6 +326,16 @@ AH_truth_shutdown (void) } } ANASTASIS_authorization_plugin_shutdown (); + if (NULL != to_task) + { + GNUNET_SCHEDULER_cancel (to_task); + to_task = NULL; + } + if (NULL != to_heap) + { + GNUNET_CONTAINER_heap_destroy (to_heap); + to_heap = NULL; + } } @@ -401,6 +466,12 @@ request_done (struct TM_HandlerContext *hc) gc); gc->in_list = false; } + if (NULL != gc->hn) + { + GNUNET_assert (gc == + GNUNET_CONTAINER_heap_remove_node (gc->hn)); + gc->hn = NULL; + } if (NULL != gc->as) { gc->authorization->cleanup (gc->as); @@ -829,6 +900,7 @@ run_authorization_process (struct MHD_Connection *connection, enum GNUNET_DB_QueryStatus qs; ret = gc->authorization->process (gc->as, + gc->timeout, connection); switch (ret) { @@ -853,7 +925,27 @@ run_authorization_process (struct MHD_Connection *connection, gc->as = NULL; return MHD_YES; case ANASTASIS_AUTHORIZATION_RES_SUSPENDED: - /* connection was suspended again, odd that this happens */ + /* connection was suspended */ + if (NULL == to_heap) + to_heap = GNUNET_CONTAINER_heap_create ( + GNUNET_CONTAINER_HEAP_ORDER_MIN); + gc->hn = GNUNET_CONTAINER_heap_insert (to_heap, + gc, + gc->timeout.abs_value_us); + gc->suspended = true; + if (NULL != to_task) + { + GNUNET_SCHEDULER_cancel (to_task); + to_task = NULL; + } + { + struct GetContext *rn; + + rn = GNUNET_CONTAINER_heap_peek (to_heap); + to_task = GNUNET_SCHEDULER_add_at (rn->timeout, + &do_timeout, + NULL); + } return MHD_YES; case ANASTASIS_AUTHORIZATION_RES_SUCCESS_REPLY_FAILED: /* Challenge sent successfully */ @@ -987,10 +1079,12 @@ AH_handler_truth_get ( if (NULL != long_poll_timeout_ms) { unsigned int timeout; + char dummy; if (1 != sscanf (long_poll_timeout_ms, - "%u", - &timeout)) + "%u%c", + &timeout, + &dummy)) { GNUNET_break_op (0); return TALER_MHD_reply_with_error (connection, diff --git a/src/backend/anastasis-httpd_truth_upload.c b/src/backend/anastasis-httpd_truth_upload.c index 451054f..0fb9017 100644 --- a/src/backend/anastasis-httpd_truth_upload.c +++ b/src/backend/anastasis-httpd_truth_upload.c @@ -522,7 +522,7 @@ AH_handler_truth_post ( struct ANASTASIS_CRYPTO_EncryptedKeyShareP keyshare_data; void *encrypted_truth; size_t encrypted_truth_size; - const char *truth_mime = ""; + const char *truth_mime = NULL; const char *type; enum GNUNET_DB_QueryStatus qs; uint32_t storage_years; @@ -594,10 +594,12 @@ AH_handler_truth_post ( if (NULL != long_poll_timeout_ms) { unsigned int timeout; + char dummy; if (1 != sscanf (long_poll_timeout_ms, - "%u", - &timeout)) + "%u%c", + &timeout, + &dummy)) { GNUNET_break_op (0); return TALER_MHD_reply_with_error (connection, @@ -779,7 +781,9 @@ AH_handler_truth_post ( qs = db->store_truth (db->cls, truth_uuid, &keyshare_data, - truth_mime, + (NULL == truth_mime) + ? "" + : truth_mime, encrypted_truth, encrypted_truth_size, type, diff --git a/src/include/anastasis.h b/src/include/anastasis.h index 0caaf4e..f9782fd 100644 --- a/src/include/anastasis.h +++ b/src/include/anastasis.h @@ -131,7 +131,14 @@ enum ANASTASIS_ChallengeStatus /** * The rate limit for solving the challenge was exceeded. */ - ANASTASIS_CHALLENGE_STATUS_RATE_LIMIT_EXCEEDED + ANASTASIS_CHALLENGE_STATUS_RATE_LIMIT_EXCEEDED, + + /** + * The user did not satisfy the (external) authentication + * challenge in time. The request should be repeated + * later and may then succeed. + */ + ANASTASIS_CHALLENGE_STATUS_AUTH_TIMEOUT }; diff --git a/src/include/anastasis_authorization_plugin.h b/src/include/anastasis_authorization_plugin.h index 5e93175..c2f2c03 100644 --- a/src/include/anastasis_authorization_plugin.h +++ b/src/include/anastasis_authorization_plugin.h @@ -163,11 +163,13 @@ struct ANASTASIS_AuthorizationPlugin * to a video identification site. * * @param as authorization state + * @param timeout how long do we have to produce a reply * @param connection HTTP client request (for queuing response, such as redirection to video portal) * @return state of the request */ enum ANASTASIS_AUTHORIZATION_Result (*process)(struct ANASTASIS_AUTHORIZATION_State *as, + struct GNUNET_TIME_Absolute timeout, struct MHD_Connection *connection); diff --git a/src/include/anastasis_service.h b/src/include/anastasis_service.h index 637e43b..a08f25b 100644 --- a/src/include/anastasis_service.h +++ b/src/include/anastasis_service.h @@ -466,9 +466,16 @@ enum ANASTASIS_KeyShareDownloadStatus /** * Too many attempts to solve the challenge were made in a short - * time. Try again laster. + * time. Try again later. */ - ANASTASIS_KSD_RATE_LIMIT_EXCEEDED + ANASTASIS_KSD_RATE_LIMIT_EXCEEDED, + + /** + * The user did not satisfy the (external) + * authentication check until the request timeout + * was reached. The client should try again later. + */ + ANASTASIS_KSD_AUTHENTICATION_TIMEOUT }; diff --git a/src/lib/anastasis_recovery.c b/src/lib/anastasis_recovery.c index 0d961aa..f65da8c 100644 --- a/src/lib/anastasis_recovery.c +++ b/src/lib/anastasis_recovery.c @@ -337,6 +337,21 @@ keyshare_lookup_cb (void *cls, &csr); return; } + case ANASTASIS_KSD_AUTHENTICATION_TIMEOUT: + { + struct ANASTASIS_ChallengeStartResponse csr = { + .cs = ANASTASIS_CHALLENGE_STATUS_AUTH_TIMEOUT, + .challenge = c, + .details.server_failure.ec + = dd->details.server_failure.ec, + .details.server_failure.http_status + = dd->details.server_failure.http_status + }; + + c->af (c->af_cls, + &csr); + return; + } } GNUNET_assert (NULL != dd); diff --git a/src/reducer/anastasis_api_recovery_redux.c b/src/reducer/anastasis_api_recovery_redux.c index aa3846f..fab3c24 100644 --- a/src/reducer/anastasis_api_recovery_redux.c +++ b/src/reducer/anastasis_api_recovery_redux.c @@ -679,6 +679,28 @@ answer_feedback_cb ( sctx->state); sctx_free (sctx); return; + case ANASTASIS_CHALLENGE_STATUS_AUTH_TIMEOUT: + { + json_t *err; + + err = GNUNET_JSON_PACK ( + GNUNET_JSON_pack_string ("state", + "authentication-timeout"), + GNUNET_JSON_pack_uint64 ("error_code", + TALER_EC_ANASTASIS_TRUTH_AUTH_TIMEOUT)); + GNUNET_assert (0 == + json_object_set_new (feedback, + uuid, + err)); + } + GNUNET_break_op (0); + set_state (sctx->state, + ANASTASIS_RECOVERY_STATE_CHALLENGE_SELECTING); + sctx->cb (sctx->cb_cls, + TALER_EC_NONE, + sctx->state); + sctx_free (sctx); + return; } GNUNET_break (0); ANASTASIS_redux_fail_ (sctx->cb, diff --git a/src/restclient/anastasis_api_keyshare_lookup.c b/src/restclient/anastasis_api_keyshare_lookup.c index 2d22c7d..6df00dd 100644 --- a/src/restclient/anastasis_api_keyshare_lookup.c +++ b/src/restclient/anastasis_api_keyshare_lookup.c @@ -228,6 +228,10 @@ handle_keyshare_lookup_finished (void *cls, /* Nothing really to verify */ kdd.status = ANASTASIS_KSD_TRUTH_UNKNOWN; break; + case MHD_HTTP_REQUEST_TIMEOUT: + /* Nothing really to verify */ + kdd.status = ANASTASIS_KSD_AUTHENTICATION_TIMEOUT; + break; case MHD_HTTP_GONE: /* Nothing really to verify */ kdd.status = ANASTASIS_KSD_TRUTH_UNKNOWN; diff --git a/src/testing/testing_api_cmd_keyshare_lookup.c b/src/testing/testing_api_cmd_keyshare_lookup.c index 2ed5a5e..c9f8e45 100644 --- a/src/testing/testing_api_cmd_keyshare_lookup.c +++ b/src/testing/testing_api_cmd_keyshare_lookup.c @@ -204,6 +204,8 @@ keyshare_lookup_cb (void *cls, break; case ANASTASIS_KSD_RATE_LIMIT_EXCEEDED: break; + case ANASTASIS_KSD_AUTHENTICATION_TIMEOUT: + break; } TALER_TESTING_interpreter_next (ksls->is); } diff --git a/src/testing/testing_cmd_challenge_answer.c b/src/testing/testing_cmd_challenge_answer.c index 8ca93b8..d7d11a1 100644 --- a/src/testing/testing_cmd_challenge_answer.c +++ b/src/testing/testing_cmd_challenge_answer.c @@ -237,6 +237,8 @@ challenge_answer_cb (void *af_cls, return; case ANASTASIS_CHALLENGE_STATUS_RATE_LIMIT_EXCEEDED: break; + case ANASTASIS_CHALLENGE_STATUS_AUTH_TIMEOUT: + break; } TALER_TESTING_interpreter_next (cs->is); } |