From 01a094683c841b9bf345b8eca2407522eaa37e8d Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sat, 6 Mar 2021 12:55:12 +0100
Subject: clean up auth override logic

---
 src/backend/taler-merchant-httpd.c                 | 32 ++++++++++++----------
 src/backend/taler-merchant-httpd.h                 |  5 ++++
 ...merchant-httpd_private-post-instances-ID-auth.c |  3 ++
 .../taler-merchant-httpd_private-post-instances.c  |  2 ++
 4 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index 721221a0..bc82ee95 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -158,7 +158,8 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
 /**
  * Initial authorization token.
  */
-static char *default_auth;
+char *TMH_default_auth;
+
 
 /**
  * Holds data needed to determine when to resume a connection for
@@ -1574,14 +1575,14 @@ url_handler (void *cls,
       /* use 'default' */
       use_default = true;
       hc->instance = TMH_lookup_instance (NULL);
-      if ( (NULL != default_auth) &&
+      if ( (NULL != TMH_default_auth) &&
            (NULL != hc->instance) )
       {
         /* Override default instance access control */
-        TMH_compute_auth (default_auth,
+        TMH_compute_auth (TMH_default_auth,
                           &hc->instance->auth.auth_salt,
                           &hc->instance->auth.auth_hash);
-        GNUNET_free (default_auth);
+        GNUNET_free (TMH_default_auth);
       }
     }
     if (NULL != hc->instance)
@@ -1748,18 +1749,21 @@ url_handler (void *cls,
     /* If we have not even a default instance AND no override
        credentials, THEN we accept anything (no access control) */
     auth_ok = ( (NULL == TMH_lookup_instance (NULL)) &&
-                (NULL == default_auth) );
-    /* Are the credentials provided OK for CLI override? */
-    auth_ok |= ( (NULL != default_auth) &&
-                 (NULL != auth) &&
-                 (0 == strcmp (auth,
-                               default_auth)) );
+                (NULL == TMH_default_auth) );
     /* Check against selected instance, if we have one */
     if (NULL != hc->instance)
-      auth_ok |= (GNUNET_OK ==
+      auth_ok |= (! auth_malformed) &&
+                 (GNUNET_OK ==
                   TMH_check_auth (auth,
                                   &hc->instance->auth.auth_salt,
                                   &hc->instance->auth.auth_hash));
+    else /* Are the credentials provided OK for CLI override? */
+      auth_ok |= ( (use_default) &&
+                   (NULL != TMH_default_auth) &&
+                   (NULL != auth) &&
+                   (! auth_malformed) &&
+                   (0 == strcmp (auth,
+                                 TMH_default_auth)) );
     if (! auth_ok)
     {
       if (auth_malformed)
@@ -1908,8 +1912,8 @@ run (void *cls,
   (void) cfgfile;
   tok = getenv ("TALER_MERCHANT_TOKEN");
   if ( (NULL != tok) &&
-       (NULL == default_auth) )
-    default_auth = GNUNET_strdup (tok);
+       (NULL == TMH_default_auth) )
+    TMH_default_auth = GNUNET_strdup (tok);
   cfg = config;
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Starting taler-merchant-httpd\n");
@@ -2064,7 +2068,7 @@ main (int argc,
                                  "auth",
                                  "TOKEN",
                                  "use TOKEN to initially authenticate access to the default instance (you can also set the TALER_MERCHANT_TOKEN environment variable instead)",
-                                 &default_auth),
+                                 &TMH_default_auth),
     GNUNET_GETOPT_OPTION_END
   };
 
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h
index 7cb3c836..eb6d67c6 100644
--- a/src/backend/taler-merchant-httpd.h
+++ b/src/backend/taler-merchant-httpd.h
@@ -417,6 +417,11 @@ extern struct GNUNET_CONTAINER_MultiHashMap *TMH_by_id_map;
  */
 extern struct GNUNET_TIME_Relative TMH_legal_expiration;
 
+/**
+ * Initial authorization token.
+ */
+extern char *TMH_default_auth;
+
 
 /**
  * Kick MHD to run now, to be called after MHD_resume_connection().
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
index 084310bb..a6e1326c 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
@@ -151,6 +151,9 @@ retry:
     /* Finally, also update our running process */
     mi->auth = ias;
   }
+  if (0 == strcmp (mi->settings.id,
+                   "default"))
+    GNUNET_free (TMH_default_auth); /* clear after it was manually set */
   return TALER_MHD_reply_static (connection,
                                  MHD_HTTP_NO_CONTENT,
                                  NULL,
diff --git a/src/backend/taler-merchant-httpd_private-post-instances.c b/src/backend/taler-merchant-httpd_private-post-instances.c
index 88a51a26..d251a9d0 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances.c
@@ -504,6 +504,8 @@ retry:
                    TMH_add_instance (mi));
   }
   GNUNET_JSON_parse_free (spec);
+  GNUNET_free (TMH_default_auth); /* clear it: user just either created default
+                                     instance or it should already be NULL */
   return TALER_MHD_reply_static (connection,
                                  MHD_HTTP_NO_CONTENT,
                                  NULL,
-- 
cgit v1.2.3