From 9dded1aec4e5e62dce29ac86bc486112c7bff60d Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 31 Jan 2021 12:52:04 +0100 Subject: extend merchant backend DB to support storing authentication data for #6731 --- src/backenddb/Makefile.am | 4 +++- src/backenddb/drop0002.sql | 32 +++++++++++++++++++++++++++ src/backenddb/merchant-0002.sql | 35 ++++++++++++++++++++++++++++++ src/backenddb/plugin_merchantdb_postgres.c | 32 ++++++++++++++++++++++++--- src/include/taler_merchantdb_plugin.h | 13 ++++++++++- 5 files changed, 111 insertions(+), 5 deletions(-) create mode 100644 src/backenddb/drop0002.sql create mode 100644 src/backenddb/merchant-0002.sql diff --git a/src/backenddb/Makefile.am b/src/backenddb/Makefile.am index f808e150..6c428fdc 100644 --- a/src/backenddb/Makefile.am +++ b/src/backenddb/Makefile.am @@ -13,7 +13,9 @@ sqldir = $(prefix)/share/taler/sql/merchant/ sql_DATA = \ merchant-0000.sql \ merchant-0001.sql \ - drop0001.sql + merchant-0002.sql \ + drop0001.sql \ + drop0002.sql if HAVE_POSTGRESQL if HAVE_GNUNETPQ diff --git a/src/backenddb/drop0002.sql b/src/backenddb/drop0002.sql new file mode 100644 index 00000000..a90a4304 --- /dev/null +++ b/src/backenddb/drop0002.sql @@ -0,0 +1,32 @@ +-- +-- This file is part of TALER +-- Copyright (C) 2021 Taler Systems SA +-- +-- TALER is free software; you can redistribute it and/or modify it under the +-- terms of the GNU General Public License as published by the Free Software +-- Foundation; either version 3, or (at your option) any later version. +-- +-- TALER is distributed in the hope that it will be useful, but WITHOUT ANY +-- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +-- A PARTICULAR PURPOSE. See the GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License along with +-- TALER; see the file COPYING. If not, see +-- + +-- Everything in one big transaction +BEGIN; + +-- This script DROPs all of the tables we create, including the +-- versioning schema! +-- +-- Unlike the other SQL files, it SHOULD be updated to reflect the +-- latest requirements for dropping tables. + +-- Drops for 0002.sql + +-- Unregister patch (0002.sql) +SELECT _v.unregister_patch('merchant-0002'); + +-- And we're out of here... +COMMIT; diff --git a/src/backenddb/merchant-0002.sql b/src/backenddb/merchant-0002.sql new file mode 100644 index 00000000..528b5f6d --- /dev/null +++ b/src/backenddb/merchant-0002.sql @@ -0,0 +1,35 @@ +-- +-- This file is part of TALER +-- Copyright (C) 2021 Taler Systems SA +-- +-- TALER is free software; you can redistribute it and/or modify it under the +-- terms of the GNU General Public License as published by the Free Software +-- Foundation; either version 3, or (at your option) any later version. +-- +-- TALER is distributed in the hope that it will be useful, but WITHOUT ANY +-- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +-- A PARTICULAR PURPOSE. See the GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License along with +-- TALER; see the file COPYING. If not, see +-- + +-- Everything in one big transaction +BEGIN; + +-- Check patch versioning is in place. +SELECT _v.register_patch('merchant-0002', NULL, NULL); + + +-- need serial IDs on various tables for exchange-auditor replication +ALTER TABLE merchant_instances + ADD COLUMN auth_hash BYTEA CHECK(LENGTH(auth_hash)=64), + ADD COLUMN auth_salt BYTEA CHECK(LENGTH(auth_salt)=32); +COMMENT ON COLUMN merchant_instances.auth_hash + IS 'hash used for merchant back office Authorization, NULL for no check'; +COMMENT ON COLUMN merchant_instances.auth_salt + IS 'salt to use when hashing Authorization header before comparing with auth_hash'; + + +-- Complete transaction +COMMIT; diff --git a/src/backenddb/plugin_merchantdb_postgres.c b/src/backenddb/plugin_merchantdb_postgres.c index babc47ca..4506c57e 100644 --- a/src/backenddb/plugin_merchantdb_postgres.c +++ b/src/backenddb/plugin_merchantdb_postgres.c @@ -484,11 +484,21 @@ lookup_instances_cb (void *cls, for (unsigned int i = 0; i < num_results; i++) { + bool no_auth; + bool no_salt; struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_uint64 ("merchant_serial", &lic->instance_serial), GNUNET_PQ_result_spec_auto_from_type ("merchant_pub", &lic->merchant_pub), + GNUNET_PQ_result_spec_allow_null ( + GNUNET_PQ_result_spec_auto_from_type ("auth_hash", + &lic->is.auth_hash), + &no_auth), + GNUNET_PQ_result_spec_allow_null ( + GNUNET_PQ_result_spec_auto_from_type ("auth_salt", + &lic->is.auth_salt), + &no_salt), GNUNET_PQ_result_spec_string ("merchant_id", &lic->is.id), GNUNET_PQ_result_spec_string ("merchant_name", @@ -514,6 +524,12 @@ lookup_instances_cb (void *cls, GNUNET_PQ_query_param_end }; + memset (&lic->is.auth_salt, + 0, + sizeof (lic->is.auth_salt)); + memset (&lic->is.auth_hash, + 0, + sizeof (lic->is.auth_hash)); if (GNUNET_OK != GNUNET_PQ_extract_result (result, rs, @@ -599,6 +615,8 @@ postgres_insert_instance (void *cls, struct PostgresClosure *pg = cls; struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_auto_from_type (merchant_pub), + GNUNET_PQ_query_param_auto_from_type (&is->auth_hash), + GNUNET_PQ_query_param_auto_from_type (&is->auth_salt), GNUNET_PQ_query_param_string (is->id), GNUNET_PQ_query_param_string (is->name), TALER_PQ_query_param_json (is->address), @@ -736,6 +754,8 @@ postgres_update_instance (void *cls, GNUNET_PQ_query_param_relative_time ( &is->default_wire_transfer_delay), GNUNET_PQ_query_param_relative_time (&is->default_pay_delay), + GNUNET_PQ_query_param_auto_from_type (&is->auth_hash), + GNUNET_PQ_query_param_auto_from_type (&is->auth_salt), GNUNET_PQ_query_param_end }; @@ -6024,6 +6044,8 @@ postgres_connect (void *cls) "SELECT" " merchant_serial" ",merchant_pub" + ",auth_hash" + ",auth_salt" ",merchant_id" ",merchant_name" ",address" @@ -6041,6 +6063,8 @@ postgres_connect (void *cls) GNUNET_PQ_make_prepare ("insert_instance", "INSERT INTO merchant_instances" "(merchant_pub" + ",auth_hash" + ",auth_salt" ",merchant_id" ",merchant_name" ",address" @@ -6053,8 +6077,8 @@ postgres_connect (void *cls) ",default_wire_transfer_delay" ",default_pay_delay)" "VALUES" - "($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)", - 12), + "($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14)", + 14), /* for postgres_insert_instance() */ GNUNET_PQ_make_prepare ("insert_keys", "INSERT INTO merchant_keys" @@ -6102,8 +6126,10 @@ postgres_connect (void *cls) ",default_wire_fee_amortization=$9" ",default_wire_transfer_delay=$10" ",default_pay_delay=$11" + ",auth_hash=$12" + ",auth_salt=$13" " WHERE merchant_id = $1", - 11), + 13), /* for postgres_inactivate_account() */ GNUNET_PQ_make_prepare ("inactivate_account", "UPDATE merchant_accounts SET" diff --git a/src/include/taler_merchantdb_plugin.h b/src/include/taler_merchantdb_plugin.h index 2d64ce43..7d7bd9dc 100644 --- a/src/include/taler_merchantdb_plugin.h +++ b/src/include/taler_merchantdb_plugin.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2020 Taler Systems SA + Copyright (C) 2014-2021 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software @@ -118,6 +118,17 @@ struct TALER_MERCHANTDB_InstanceSettings */ struct GNUNET_TIME_Relative default_pay_delay; + /** + * Hash used for authentication. All zero if authentication is off. + */ + struct GNUNET_HashCode auth_hash; + + /** + * Salt used to hash the "Authentication" header, the result must then + * match the @e auth_hash. + */ + struct GNUNET_ShortHashCode auth_salt; + }; -- cgit v1.2.3