From cf4b6ebd6de3370da4b16d2f1ef19a2a3d3d0b12 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 2 Mar 2022 23:39:26 +0100 Subject: push new /truth/ API through the entire implementation --- src/restclient/Makefile.am | 1 - src/restclient/anastasis_api_curl_defaults.c | 12 +++++++ src/restclient/anastasis_api_truth_challenge.c | 50 +++++++++++++++++++------- src/restclient/anastasis_api_truth_solve.c | 2 +- 4 files changed, 51 insertions(+), 14 deletions(-) (limited to 'src/restclient') diff --git a/src/restclient/Makefile.am b/src/restclient/Makefile.am index b2e9d0b..9bee2dd 100644 --- a/src/restclient/Makefile.am +++ b/src/restclient/Makefile.am @@ -22,7 +22,6 @@ libanastasisrest_la_SOURCES = \ anastasis_api_truth_challenge.c \ anastasis_api_truth_solve.c \ anastasis_api_truth_store.c \ - anastasis_api_keyshare_lookup.c \ anastasis_api_curl_defaults.c anastasis_api_curl_defaults.h libanastasisrest_la_LIBADD = \ -lgnunetcurl \ diff --git a/src/restclient/anastasis_api_curl_defaults.c b/src/restclient/anastasis_api_curl_defaults.c index e052517..33665e0 100644 --- a/src/restclient/anastasis_api_curl_defaults.c +++ b/src/restclient/anastasis_api_curl_defaults.c @@ -42,5 +42,17 @@ ANASTASIS_curl_easy_get_ (const char *url) curl_easy_setopt (eh, CURLOPT_TCP_FASTOPEN, 1L)); + /* limit MAXREDIRS to 5 as a simple security measure against + a potential infinite loop caused by a malicious target */ + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_MAXREDIRS, + 5L)); + /* Enable compression (using whatever curl likes), see + https://curl.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html */ + GNUNET_break (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_ACCEPT_ENCODING, + "")); return eh; } diff --git a/src/restclient/anastasis_api_truth_challenge.c b/src/restclient/anastasis_api_truth_challenge.c index 92916d6..911eba6 100644 --- a/src/restclient/anastasis_api_truth_challenge.c +++ b/src/restclient/anastasis_api_truth_challenge.c @@ -123,6 +123,7 @@ handle_truth_challenge_finished (void *cls, { const char *ct; const char *tan_hint = NULL; + const char *filename = NULL; json_t *wire_details = NULL; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_string ( @@ -131,6 +132,9 @@ handle_truth_challenge_finished (void *cls, GNUNET_JSON_spec_mark_optional ( GNUNET_JSON_spec_string ("tan_address_hint", &tan_hint)), + GNUNET_JSON_spec_mark_optional ( + GNUNET_JSON_spec_string ("filename", + &filename)), GNUNET_JSON_spec_mark_optional ( GNUNET_JSON_spec_json ("wire_details", &wire_details)), @@ -152,19 +156,34 @@ handle_truth_challenge_finished (void *cls, { tcd.details.success.cs = ANASTASIS_CS_TAN_SENT; tcd.details.success.details.tan_address_hint = tan_hint; + break; + } + if ( (0 == strcmp (ct, + "FILE_WRITTEN")) && + (NULL != filename) ) + { + tcd.details.success.cs = ANASTASIS_CS_FILE_WRITTEN; + tcd.details.success.details.challenge_filename = filename; + break; } - else if ( (0 == strcmp (ct, - "WIRE_FUNDS")) && - (NULL != wire_details) ) + if ( (0 == strcmp (ct, + "IBAN_WIRE")) && + (NULL != wire_details) ) { struct GNUNET_JSON_Specification ispec[] = { GNUNET_JSON_spec_string ( - "target_account", - &tcd.details.success.details.wire_funds.target_payto), + "credit_iban", + &tcd.details.success.details.wire_funds.target_iban), + GNUNET_JSON_spec_uint64 ( + "answer_code", + &tcd.details.success.details.wire_funds.answer_code), + GNUNET_JSON_spec_string ( + "business_name", + &tcd.details.success.details.wire_funds.target_business_name), GNUNET_JSON_spec_string ( - "sender_hint", - &tcd.details.success.details.wire_funds.sender_hint), - TALER_JSON_spec_amount_any ("amount", + "wire_transfer_subject", + &tcd.details.success.details.wire_funds.wire_transfer_subject), + TALER_JSON_spec_amount_any ("challenge_amount", &tcd.details.success.details.wire_funds. amount), GNUNET_JSON_spec_end () @@ -188,6 +207,12 @@ handle_truth_challenge_finished (void *cls, ANASTASIS_truth_challenge_cancel (tco); return; } + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unexpected challenge type `%s'\n", + ct); + tcd.http_status = 0; + tcd.ec = TALER_EC_GENERIC_REPLY_MALFORMED; + break; } case MHD_HTTP_BAD_REQUEST: /* This should never happen, either us or the anastasis server is buggy @@ -409,10 +434,11 @@ ANASTASIS_truth_challenge ( curl_easy_setopt (eh, CURLOPT_HEADERDATA, tco)); - tco->job = GNUNET_CURL_job_add (ctx, - eh, - &handle_truth_challenge_finished, - tco); + tco->job = GNUNET_CURL_job_add2 (ctx, + eh, + tco->ctx.headers, + &handle_truth_challenge_finished, + tco); return tco; } diff --git a/src/restclient/anastasis_api_truth_solve.c b/src/restclient/anastasis_api_truth_solve.c index 376fc74..971e917 100644 --- a/src/restclient/anastasis_api_truth_solve.c +++ b/src/restclient/anastasis_api_truth_solve.c @@ -427,7 +427,7 @@ ANASTASIS_truth_solve ( tso)); tso->job = GNUNET_CURL_job_add_raw (ctx, eh, - NULL, + tso->ctx.headers, &handle_truth_solve_finished, tso); return tso; -- cgit v1.2.3