summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-03-06 12:55:12 +0100
committerChristian Grothoff <christian@grothoff.org>2021-03-06 12:55:12 +0100
commit01a094683c841b9bf345b8eca2407522eaa37e8d (patch)
treee7d69779d6398af4a00b2bc53d843763f619aec7
parent8e540b3b516ccc098c40806efd01f3a211044482 (diff)
downloadmerchant-01a094683c841b9bf345b8eca2407522eaa37e8d.tar.gz
merchant-01a094683c841b9bf345b8eca2407522eaa37e8d.tar.bz2
merchant-01a094683c841b9bf345b8eca2407522eaa37e8d.zip
clean up auth override logic
-rw-r--r--src/backend/taler-merchant-httpd.c32
-rw-r--r--src/backend/taler-merchant-httpd.h5
-rw-r--r--src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c3
-rw-r--r--src/backend/taler-merchant-httpd_private-post-instances.c2
4 files changed, 28 insertions, 14 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index 721221a0..bc82ee95 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -158,7 +158,8 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
/**
* Initial authorization token.
*/
-static char *default_auth;
+char *TMH_default_auth;
+
/**
* Holds data needed to determine when to resume a connection for
@@ -1574,14 +1575,14 @@ url_handler (void *cls,
/* use 'default' */
use_default = true;
hc->instance = TMH_lookup_instance (NULL);
- if ( (NULL != default_auth) &&
+ if ( (NULL != TMH_default_auth) &&
(NULL != hc->instance) )
{
/* Override default instance access control */
- TMH_compute_auth (default_auth,
+ TMH_compute_auth (TMH_default_auth,
&hc->instance->auth.auth_salt,
&hc->instance->auth.auth_hash);
- GNUNET_free (default_auth);
+ GNUNET_free (TMH_default_auth);
}
}
if (NULL != hc->instance)
@@ -1748,18 +1749,21 @@ url_handler (void *cls,
/* If we have not even a default instance AND no override
credentials, THEN we accept anything (no access control) */
auth_ok = ( (NULL == TMH_lookup_instance (NULL)) &&
- (NULL == default_auth) );
- /* Are the credentials provided OK for CLI override? */
- auth_ok |= ( (NULL != default_auth) &&
- (NULL != auth) &&
- (0 == strcmp (auth,
- default_auth)) );
+ (NULL == TMH_default_auth) );
/* Check against selected instance, if we have one */
if (NULL != hc->instance)
- auth_ok |= (GNUNET_OK ==
+ auth_ok |= (! auth_malformed) &&
+ (GNUNET_OK ==
TMH_check_auth (auth,
&hc->instance->auth.auth_salt,
&hc->instance->auth.auth_hash));
+ else /* Are the credentials provided OK for CLI override? */
+ auth_ok |= ( (use_default) &&
+ (NULL != TMH_default_auth) &&
+ (NULL != auth) &&
+ (! auth_malformed) &&
+ (0 == strcmp (auth,
+ TMH_default_auth)) );
if (! auth_ok)
{
if (auth_malformed)
@@ -1908,8 +1912,8 @@ run (void *cls,
(void) cfgfile;
tok = getenv ("TALER_MERCHANT_TOKEN");
if ( (NULL != tok) &&
- (NULL == default_auth) )
- default_auth = GNUNET_strdup (tok);
+ (NULL == TMH_default_auth) )
+ TMH_default_auth = GNUNET_strdup (tok);
cfg = config;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Starting taler-merchant-httpd\n");
@@ -2064,7 +2068,7 @@ main (int argc,
"auth",
"TOKEN",
"use TOKEN to initially authenticate access to the default instance (you can also set the TALER_MERCHANT_TOKEN environment variable instead)",
- &default_auth),
+ &TMH_default_auth),
GNUNET_GETOPT_OPTION_END
};
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h
index 7cb3c836..eb6d67c6 100644
--- a/src/backend/taler-merchant-httpd.h
+++ b/src/backend/taler-merchant-httpd.h
@@ -417,6 +417,11 @@ extern struct GNUNET_CONTAINER_MultiHashMap *TMH_by_id_map;
*/
extern struct GNUNET_TIME_Relative TMH_legal_expiration;
+/**
+ * Initial authorization token.
+ */
+extern char *TMH_default_auth;
+
/**
* Kick MHD to run now, to be called after MHD_resume_connection().
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
index 084310bb..a6e1326c 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
@@ -151,6 +151,9 @@ retry:
/* Finally, also update our running process */
mi->auth = ias;
}
+ if (0 == strcmp (mi->settings.id,
+ "default"))
+ GNUNET_free (TMH_default_auth); /* clear after it was manually set */
return TALER_MHD_reply_static (connection,
MHD_HTTP_NO_CONTENT,
NULL,
diff --git a/src/backend/taler-merchant-httpd_private-post-instances.c b/src/backend/taler-merchant-httpd_private-post-instances.c
index 88a51a26..d251a9d0 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances.c
@@ -504,6 +504,8 @@ retry:
TMH_add_instance (mi));
}
GNUNET_JSON_parse_free (spec);
+ GNUNET_free (TMH_default_auth); /* clear it: user just either created default
+ instance or it should already be NULL */
return TALER_MHD_reply_static (connection,
MHD_HTTP_NO_CONTENT,
NULL,