diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-02-02 15:07:24 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-02-02 15:07:24 +0100 |
commit | 068433c5e7c99866a58d6be146fe25b36bb4d5b8 (patch) | |
tree | ff7b102d567a96c0bd83b38b6e5e22b5d8d67168 /src/backend/taler-merchant-httpd.c | |
parent | 96726fd5ab6dc067af4957c3d1826f9fd2745c95 (diff) | |
download | merchant-068433c5e7c99866a58d6be146fe25b36bb4d5b8.tar.gz merchant-068433c5e7c99866a58d6be146fe25b36bb4d5b8.tar.bz2 merchant-068433c5e7c99866a58d6be146fe25b36bb4d5b8.zip |
add rudimentary test logic for #6731
Diffstat (limited to 'src/backend/taler-merchant-httpd.c')
-rw-r--r-- | src/backend/taler-merchant-httpd.c | 128 |
1 files changed, 70 insertions, 58 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c index 4290668d..f787385c 100644 --- a/src/backend/taler-merchant-httpd.c +++ b/src/backend/taler-merchant-httpd.c @@ -66,13 +66,6 @@ #include "taler-merchant-httpd_statics.h" #include "taler-merchant-httpd_templating.h" -/** - * Required prefix for the authorization header as per RFC 8959. - * (Follows RFC 6750 albeit technically violates RFC 7235, but - * Mark Nottingham thinks this should be fixed by revising HTTP - * spec (https://github.com/httpwg/http-core/issues/733)) - */ -#define RFC_8959_PREFIX "Bearer secret-token:" /** * Backlog for listen operation on unix-domain sockets. @@ -193,6 +186,8 @@ TMH_check_auth (const char *token, if (GNUNET_is_zero (hash)) return GNUNET_OK; + if (NULL == token) + return GNUNET_SYSERR; GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (&val, sizeof (val), @@ -1520,57 +1515,6 @@ url_handler (void *cls, } } - /* Access control for private handlers */ - if (use_private) - { - const char *auth; - - auth = MHD_lookup_connection_value (connection, - MHD_HEADER_KIND, - MHD_HTTP_HEADER_AUTHORIZATION); - if (NULL != auth) - { - if (0 != strncasecmp (auth, - RFC_8959_PREFIX, - strlen (RFC_8959_PREFIX))) - { - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_UNAUTHORIZED, - TALER_EC_GENERIC_PARAMETER_MALFORMED, - "'" RFC_8959_PREFIX - "' prefix missing in 'Authorization' header"); - } - auth += strlen (RFC_8959_PREFIX); - } - if (NULL == hc->instance) - { - /* maybe before default instance is even created? - Check against 'default_auth' */ - if ( (NULL != default_auth) && - (0 != strcmp (auth, - default_auth)) ) - { - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_UNAUTHORIZED, - TALER_EC_MERCHANT_GENERIC_UNAUTHORIZED, - "Command-line authentication override is in effect"); - } - } - else - { - if (GNUNET_OK != - TMH_check_auth (auth, - &hc->instance->settings.auth_salt, - &hc->instance->settings.auth_hash)) - { - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_UNAUTHORIZED, - TALER_EC_MERCHANT_GENERIC_UNAUTHORIZED, - "Check 'Authentication' header"); - } - } - } - if (0 == strcmp (url, "")) url = "/"; /* code below does not like empty string */ @@ -1680,6 +1624,74 @@ url_handler (void *cls, } /* At this point, we must have found a handler */ GNUNET_assert (NULL != hc->rh); + + /* Access control for private handlers */ + if (use_private) + { + const char *auth; + struct TMH_MerchantInstance *def_instance; + bool auth_ok; + + /* PATCHing an instance can alternatively be checked against + the default instance */ + def_instance = TMH_lookup_instance (NULL); + auth = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + MHD_HTTP_HEADER_AUTHORIZATION); + if (NULL != auth) + { + if (0 != strncasecmp (auth, + RFC_8959_PREFIX, + strlen (RFC_8959_PREFIX))) + { + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_UNAUTHORIZED, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "'" RFC_8959_PREFIX + "' prefix missing in 'Authorization' header"); + } + auth += strlen (RFC_8959_PREFIX); + } + + /* Are the credentials provided OK for the default instance? + Check against CLI override and default instance. */ + auth_ok = ( (NULL == default_auth) || + ( (NULL != auth) && + (0 == strcmp (auth, + default_auth)) ) ); + /* If we have no default instance, authentication is satisfied EVEN + if the 'default_auth' is NULL; otherwise, only if the default_auth + matched OR the auth_hash matched */ + if ( (NULL != def_instance) && + (NULL == default_auth) ) + auth_ok = (GNUNET_OK == + TMH_check_auth (auth, + &def_instance->settings.auth_salt, + &def_instance->settings.auth_hash)); + /* Only permit 'default' auth if we are either working with + the default instance OR patching/deleting an instance OR have no instance */ + if ( (hc->rh->handler != &TMH_private_patch_instances_ID) && + (hc->rh->handler != &TMH_private_delete_instances_ID) && + ( (NULL != hc->instance) || + (def_instance != hc->instance) ) ) + auth_ok = false; + + /* Check against selected instance if we have one */ + if (NULL != hc->instance) + auth_ok |= (GNUNET_OK == + TMH_check_auth (auth, + &hc->instance->settings.auth_salt, + &hc->instance->settings.auth_hash)); + if (! auth_ok) + { + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_UNAUTHORIZED, + TALER_EC_MERCHANT_GENERIC_UNAUTHORIZED, + "Check 'Authentication' header"); + } + } + + if ( (NULL == hc->instance) && (GNUNET_YES != hc->rh->skip_instance) ) return TALER_MHD_reply_with_error (connection, |