From d94a0fe2f979348b45289b66b1cb5f72c3c3e76c Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 16 Aug 2021 16:44:00 +0200 Subject: -modify plugins to set 'satisfied' bit --- src/backend/anastasis-httpd_truth.c | 154 +++++++++++++++++++----------------- 1 file changed, 82 insertions(+), 72 deletions(-) (limited to 'src/backend') diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c index 8fb1aee..0b0d22f 100644 --- a/src/backend/anastasis-httpd_truth.c +++ b/src/backend/anastasis-httpd_truth.c @@ -1383,7 +1383,6 @@ AH_handler_truth_get ( enum ANASTASIS_DB_CodeStatus cs; bool satisfied; - GNUNET_free (decrypted_truth); GNUNET_free (truth_mime); cs = db->verify_challenge_code (db->cls, &gc->truth_uuid, @@ -1394,6 +1393,7 @@ AH_handler_truth_get ( case ANASTASIS_DB_CODE_STATUS_CHALLENGE_CODE_MISMATCH: GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Provided response does not match our stored challenge\n"); + GNUNET_free (decrypted_truth); return TALER_MHD_reply_with_error (connection, MHD_HTTP_FORBIDDEN, TALER_EC_ANASTASIS_TRUTH_CHALLENGE_FAILED, @@ -1401,6 +1401,7 @@ AH_handler_truth_get ( case ANASTASIS_DB_CODE_STATUS_HARD_ERROR: case ANASTASIS_DB_CODE_STATUS_SOFT_ERROR: GNUNET_break (0); + GNUNET_free (decrypted_truth); return TALER_MHD_reply_with_error (gc->connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, @@ -1409,91 +1410,100 @@ AH_handler_truth_get ( GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No challenge known (challenge is invalidated after %u requests)\n", INITIAL_RETRY_COUNTER); + GNUNET_free (decrypted_truth); return TALER_MHD_reply_with_error (connection, MHD_HTTP_TOO_MANY_REQUESTS, TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, NULL); case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: - // FIXME: if ! satisfied don't do this... - return return_key_share (&gc->truth_uuid, - connection); - } - GNUNET_break (0); - return MHD_NO; - } - - /* Not security question and no answer: use plugin to check if - decrypted truth is a valid challenge! */ - { - enum GNUNET_GenericReturnValue ret; - - ret = gc->authorization->validate (gc->authorization->cls, - connection, - truth_mime, - decrypted_truth, - decrypted_truth_size); - GNUNET_free (truth_mime); - switch (ret) - { - case GNUNET_OK: - /* data valid, continued below */ + if (satisfied) + { + GNUNET_free (decrypted_truth); + return return_key_share (&gc->truth_uuid, + connection); + } + /* continue with authorization plugin below */ break; - case GNUNET_NO: - /* data invalid, reply was queued */ - GNUNET_free (decrypted_truth); - return MHD_YES; - case GNUNET_SYSERR: - /* data invalid, reply was NOT queued */ - GNUNET_free (decrypted_truth); + default: + GNUNET_break (0); return MHD_NO; } } - - /* Setup challenge and begin authorization process */ + else { - struct GNUNET_TIME_Absolute transmission_date; - enum GNUNET_DB_QueryStatus qs; - - qs = db->create_challenge_code (db->cls, - &gc->truth_uuid, - gc->authorization->code_rotation_period, - gc->authorization->code_validity_period, - INITIAL_RETRY_COUNTER, - &transmission_date, - &gc->code); - switch (qs) + /* Not security question and no answer: use plugin to check if + decrypted truth is a valid challenge! */ { - case GNUNET_DB_STATUS_HARD_ERROR: - case GNUNET_DB_STATUS_SOFT_ERROR: - GNUNET_break (0); - GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (gc->connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "store_challenge_code"); - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - /* 0 == retry_counter of existing challenge => rate limit exceeded */ - GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_TOO_MANY_REQUESTS, - TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, - NULL); - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - /* challenge code was stored successfully*/ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Created fresh challenge\n"); - break; + enum GNUNET_GenericReturnValue ret; + + ret = gc->authorization->validate (gc->authorization->cls, + connection, + truth_mime, + decrypted_truth, + decrypted_truth_size); + GNUNET_free (truth_mime); + switch (ret) + { + case GNUNET_OK: + /* data valid, continued below */ + break; + case GNUNET_NO: + /* data invalid, reply was queued */ + GNUNET_free (decrypted_truth); + return MHD_YES; + case GNUNET_SYSERR: + /* data invalid, reply was NOT queued */ + GNUNET_free (decrypted_truth); + return MHD_NO; + } } - if (GNUNET_TIME_absolute_get_duration (transmission_date).rel_value_us < - gc->authorization->code_retransmission_frequency.rel_value_us) + /* Setup challenge and begin authorization process */ { - /* Too early for a retransmission! */ - GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (gc->connection, - MHD_HTTP_ALREADY_REPORTED, - TALER_EC_ANASTASIS_TRUTH_CHALLENGE_ACTIVE, - NULL); + struct GNUNET_TIME_Absolute transmission_date; + enum GNUNET_DB_QueryStatus qs; + + qs = db->create_challenge_code (db->cls, + &gc->truth_uuid, + gc->authorization->code_rotation_period, + gc->authorization->code_validity_period, + INITIAL_RETRY_COUNTER, + &transmission_date, + &gc->code); + switch (qs) + { + case GNUNET_DB_STATUS_HARD_ERROR: + case GNUNET_DB_STATUS_SOFT_ERROR: + GNUNET_break (0); + GNUNET_free (decrypted_truth); + return TALER_MHD_reply_with_error (gc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "store_challenge_code"); + case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: + /* 0 == retry_counter of existing challenge => rate limit exceeded */ + GNUNET_free (decrypted_truth); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_TOO_MANY_REQUESTS, + TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, + NULL); + case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: + /* challenge code was stored successfully*/ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Created fresh challenge\n"); + break; + } + + if (GNUNET_TIME_absolute_get_duration (transmission_date).rel_value_us < + gc->authorization->code_retransmission_frequency.rel_value_us) + { + /* Too early for a retransmission! */ + GNUNET_free (decrypted_truth); + return TALER_MHD_reply_with_error (gc->connection, + MHD_HTTP_ALREADY_REPORTED, + TALER_EC_ANASTASIS_TRUTH_CHALLENGE_ACTIVE, + NULL); + } } } -- cgit v1.2.3