challenger

OAuth 2.0-based authentication service that validates user can receive messages at a certain address
Log | Files | Refs | Submodules | README | LICENSE
commit 57c388a9f1c37fa4bfae6cfced33c684c22eabb3
parent 9a761b9a7cbed45c10d20bdc33f5e5d5ffdf4274
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sat, 24 Aug 2024 15:55:39 +0200

implement #9114:

Diffstat:

Msrc/challenger/challenger-admin.c | 64+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-


Msrc/challengerdb/Makefile.am | 1+


Msrc/challengerdb/plugin_challengerdb_postgres.c | 3+++


Msrc/include/challenger_database_plugin.h | 144++++++++++++++++++++++++++++++++++++++++++++-----------------------------------


4 files changed, 147 insertions(+), 65 deletions(-)

diff --git a/src/challenger/challenger-admin.c b/src/challenger/challenger-admin.c
@@ -36,6 +36,11 @@ static int global_ret;
 static char *client_secret;
 
 /**
+ * -m option: client ID
+ */
+static char *client_id;
+
+/**
  * -d option: delete client
  */
 static int del_flag;
@@ -83,6 +88,13 @@ run (void *cls,
   {
     enum GNUNET_DB_QueryStatus qs;
 
+    if (NULL != client_id)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "'-m' and '-d' options cannot be used at the same time\n");
+      global_ret = EXIT_INVALIDARGUMENT;
+      goto cleanup;
+    }
     qs = plugin->client_delete (plugin->cls,
                                 redirect_uri);
     switch (qs)
@@ -102,6 +114,50 @@ run (void *cls,
                   "Client deleted\n");
       break;
     }
+    goto cleanup;
+  }
+  if (NULL != client_id)
+  {
+    enum GNUNET_DB_QueryStatus qs;
+    unsigned long long row_id;
+    char dummy;
+
+    if (1 !=
+        sscanf (client_id,
+                "%llu%c",
+                &row_id,
+                &dummy))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "CLIENT_ID must be a positive number\n");
+      global_ret = EXIT_INVALIDARGUMENT;
+      goto cleanup;
+    }
+
+    qs = plugin->client_modify (plugin->cls,
+                                row_id,
+                                redirect_uri,
+                                client_secret);
+    switch (qs)
+    {
+    case GNUNET_DB_STATUS_SOFT_ERROR:
+    case GNUNET_DB_STATUS_HARD_ERROR:
+      GNUNET_break (0);
+      global_ret = EXIT_FAILURE;
+      goto cleanup;
+    case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                  "Client %llu not found.\n",
+                  row_id);
+      global_ret = EXIT_FAILURE;
+      goto cleanup;
+    case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
+      if (! be_quiet)
+        fprintf (stdout,
+                 "Client modified.\n");
+      break;
+    }
+    goto cleanup;
   }
   if (NULL != client_secret)
   {
@@ -135,6 +191,7 @@ run (void *cls,
                  (unsigned long long) row_id);
       break;
     }
+    goto cleanup;
   }
 cleanup:
   CHALLENGER_DB_plugin_unload (plugin);
@@ -163,6 +220,11 @@ main (int argc,
                                "delete",
                                "delete client",
                                &del_flag),
+    GNUNET_GETOPT_option_string ('m',
+                                 "modify-client",
+                                 "CLIENT_ID",
+                                 "modify existing client to use the given secret and redirect URL",
+                                 &client_id),
     GNUNET_GETOPT_option_flag ('q',
                                "quiet",
                                "be less verbose in the output",
@@ -179,7 +241,7 @@ main (int argc,
   GNUNET_OS_init (CHALLENGER_project_data_default ());
   ret = GNUNET_PROGRAM_run (argc, argv,
                             "challenger-admin CLIENT_REDIRECT_URI",
-                            "Tool to add or remove clients from challenger",
+                            "Tool to add, modify or remove clients from challenger",
                             options,
                             &run, NULL);
   if (GNUNET_SYSERR == ret)
diff --git a/src/challengerdb/Makefile.am b/src/challengerdb/Makefile.am
@@ -74,6 +74,7 @@ libchallengerdb_la_LDFLAGS = \
 
 libchallenger_plugin_db_postgres_la_SOURCES = \
   pg_client_add.h pg_client_add.c \
+  pg_client_modify.h pg_client_modify.c \
   pg_client_delete.h pg_client_delete.c \
   pg_client_check.h pg_client_check.c \
   pg_info_get_token.h pg_info_get_token.c \
diff --git a/src/challengerdb/plugin_challengerdb_postgres.c b/src/challengerdb/plugin_challengerdb_postgres.c
@@ -27,6 +27,7 @@
 #include "challenger_database_lib.h"
 #include "pg_helper.h"
 #include "pg_client_add.h"
+#include "pg_client_modify.h"
 #include "pg_client_delete.h"
 #include "pg_info_get_token.h"
 #include "pg_token_add_token.h"
@@ -390,6 +391,8 @@ libchallenger_plugin_db_postgres_init (void *cls)
     = &postgres_rollback;
   plugin->client_add
     = &CH_PG_client_add;
+  plugin->client_modify
+    = &CH_PG_client_modify;
   plugin->client_delete
     = &CH_PG_client_delete;
   plugin->client_check
diff --git a/src/include/challenger_database_plugin.h b/src/include/challenger_database_plugin.h
@@ -81,7 +81,7 @@ struct CHALLENGER_DatabasePlugin
    * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
    */
   enum GNUNET_GenericReturnValue
-  (*drop_tables)(void *cls);
+    (*drop_tables)(void *cls);
 
 
   /**
@@ -91,7 +91,7 @@ struct CHALLENGER_DatabasePlugin
    * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
    */
   enum GNUNET_GenericReturnValue
-  (*create_tables)(void *cls);
+    (*create_tables)(void *cls);
 
 
   /**
@@ -105,7 +105,7 @@ struct CHALLENGER_DatabasePlugin
    *         #GNUNET_SYSERR on hard errors
    */
   enum GNUNET_GenericReturnValue
-  (*preflight)(void *cls);
+    (*preflight)(void *cls);
 
 
   /**
@@ -117,8 +117,8 @@ struct CHALLENGER_DatabasePlugin
    * @return #GNUNET_OK on success
    */
   enum GNUNET_GenericReturnValue
-  (*begin_transaction)(void *cls,
-                       const char *name);
+    (*begin_transaction)(void *cls,
+                         const char *name);
 
 
   /**
@@ -128,7 +128,7 @@ struct CHALLENGER_DatabasePlugin
    * @return transaction status code
    */
   enum GNUNET_DB_QueryStatus
-  (*commit_transaction)(void *cls);
+    (*commit_transaction)(void *cls);
 
 
   /**
@@ -148,8 +148,8 @@ struct CHALLENGER_DatabasePlugin
    * @return transaction status
    */
   enum GNUNET_DB_QueryStatus
-  (*gc)(void *cls,
-        struct GNUNET_TIME_Absolute expire);
+    (*gc)(void *cls,
+          struct GNUNET_TIME_Absolute expire);
 
 
   /**
@@ -162,10 +162,26 @@ struct CHALLENGER_DatabasePlugin
    * @return transaction status
    */
   enum GNUNET_DB_QueryStatus
-  (*client_add)(void *cls,
-                const char *client_url,
-                const char *client_secret,
-                uint64_t *client_id);
+    (*client_add)(void *cls,
+                  const char *client_url,
+                  const char *client_secret,
+                  uint64_t *client_id);
+
+
+  /**
+   * Modify client in the list of authorized clients.
+   *
+   * @param cls
+   * @param client_id the client ID on success
+   * @param client_url URL of the client
+   * @param client_secret authorization secret for the client, NULL to not modify the secret
+   * @return transaction status
+   */
+  enum GNUNET_DB_QueryStatus
+    (*client_modify)(void *cls,
+                     uint64_t client_id,
+                     const char *client_url,
+                     const char *client_secret);
 
   /**
    * Delete client from the list of authorized clients.
@@ -175,8 +191,8 @@ struct CHALLENGER_DatabasePlugin
    * @return transaction status
    */
   enum GNUNET_DB_QueryStatus
-  (*client_delete)(void *cls,
-                   const char *client_url);
+    (*client_delete)(void *cls,
+                     const char *client_url);
 
 
   /**
@@ -192,11 +208,11 @@ struct CHALLENGER_DatabasePlugin
    * @return transaction status
    */
   enum GNUNET_DB_QueryStatus
-  (*client_check)(void *cls,
-                  uint64_t client_id,
-                  const char *client_secret,
-                  uint32_t counter_increment,
-                  char **client_url);
+    (*client_check)(void *cls,
+                    uint64_t client_id,
+                    const char *client_secret,
+                    uint32_t counter_increment,
+                    char **client_url);
 
 
   /**
@@ -211,10 +227,10 @@ struct CHALLENGER_DatabasePlugin
    * @return transaction status
    */
   enum GNUNET_DB_QueryStatus
-  (*setup_nonce)(void *cls,
-                 uint64_t client_id,
-                 const struct CHALLENGER_ValidationNonceP *nonce,
-                 struct GNUNET_TIME_Absolute expiration_time);
+    (*setup_nonce)(void *cls,
+                   uint64_t client_id,
+                   const struct CHALLENGER_ValidationNonceP *nonce,
+                   struct GNUNET_TIME_Absolute expiration_time);
 
 
   /**
@@ -241,18 +257,18 @@ struct CHALLENGER_DatabasePlugin
    *   #GNUNET_DB_STATUS_HARD_ERROR on failure
    */
   enum GNUNET_DB_QueryStatus
-  (*authorize_start)(void *cls,
-                     const struct CHALLENGER_ValidationNonceP *nonce,
-                     uint64_t client_id,
-                     const char *client_scope,
-                     const char *client_state,
-                     const char *client_redirect_uri,
-                     json_t **last_address,
-                     uint32_t *address_attempts_left,
-                     uint32_t *pin_transmissions_left,
-                     uint32_t *auth_attempts_left,
-                     bool *solved,
-                     struct GNUNET_TIME_Absolute *last_tx_time);
+    (*authorize_start)(void *cls,
+                       const struct CHALLENGER_ValidationNonceP *nonce,
+                       uint64_t client_id,
+                       const char *client_scope,
+                       const char *client_state,
+                       const char *client_redirect_uri,
+                       json_t **last_address,
+                       uint32_t *address_attempts_left,
+                       uint32_t *pin_transmissions_left,
+                       uint32_t *auth_attempts_left,
+                       bool *solved,
+                       struct GNUNET_TIME_Absolute *last_tx_time);
 
 
   /**
@@ -279,7 +295,7 @@ struct CHALLENGER_DatabasePlugin
    *   #GNUNET_DB_STATUS_HARD_ERROR on failure
    */
   enum GNUNET_DB_QueryStatus
-  (*challenge_set_address_and_pin)(
+    (*challenge_set_address_and_pin)(
     void *cls,
     const struct CHALLENGER_ValidationNonceP *nonce,
     const json_t *address,
@@ -314,17 +330,17 @@ struct CHALLENGER_DatabasePlugin
    *   #GNUNET_DB_STATUS_HARD_ERROR on failure
    */
   enum GNUNET_DB_QueryStatus
-  (*validate_solve_pin)(void *cls,
-                        const struct CHALLENGER_ValidationNonceP *nonce,
-                        uint32_t new_pin,
-                        bool *solved,
-                        bool *exhausted,
-                        bool *no_challenge,
-                        char **state,
-                        uint32_t *addr_left,
-                        uint32_t *auth_attempts_left,
-                        uint32_t *pin_transmissions_left,
-                        char **client_redirect_uri);
+    (*validate_solve_pin)(void *cls,
+                          const struct CHALLENGER_ValidationNonceP *nonce,
+                          uint32_t new_pin,
+                          bool *solved,
+                          bool *exhausted,
+                          bool *no_challenge,
+                          char **state,
+                          uint32_t *addr_left,
+                          uint32_t *auth_attempts_left,
+                          uint32_t *pin_transmissions_left,
+                          char **client_redirect_uri);
 
 
   /**
@@ -345,13 +361,13 @@ struct CHALLENGER_DatabasePlugin
    *   #GNUNET_DB_STATUS_HARD_ERROR on failure
    */
   enum GNUNET_DB_QueryStatus
-  (*validation_get)(void *cls,
-                    const struct CHALLENGER_ValidationNonceP *nonce,
-                    char **client_secret,
-                    json_t **address,
-                    char **client_scope,
-                    char **client_state,
-                    char **client_redirect_uri);
+    (*validation_get)(void *cls,
+                      const struct CHALLENGER_ValidationNonceP *nonce,
+                      char **client_secret,
+                      json_t **address,
+                      char **client_scope,
+                      char **client_state,
+                      char **client_redirect_uri);
 
 
   /**
@@ -365,11 +381,11 @@ struct CHALLENGER_DatabasePlugin
    * @return transaction status
    */
   enum GNUNET_DB_QueryStatus
-  (*token_add_token)(void *cls,
-                     const struct CHALLENGER_ValidationNonceP *nonce,
-                     const struct CHALLENGER_AccessTokenP *grant,
-                     struct GNUNET_TIME_Relative grant_expiration,
-                     struct GNUNET_TIME_Relative address_expiration);
+    (*token_add_token)(void *cls,
+                       const struct CHALLENGER_ValidationNonceP *nonce,
+                       const struct CHALLENGER_AccessTokenP *grant,
+                       struct GNUNET_TIME_Relative grant_expiration,
+                       struct GNUNET_TIME_Relative address_expiration);
 
 
   /**
@@ -383,11 +399,11 @@ struct CHALLENGER_DatabasePlugin
    * @return transaction status
    */
   enum GNUNET_DB_QueryStatus
-  (*info_get_token)(void *cls,
-                    const struct CHALLENGER_AccessTokenP *grant,
-                    uint64_t *rowid,
-                    json_t **address,
-                    struct GNUNET_TIME_Timestamp *address_expiration);
+    (*info_get_token)(void *cls,
+                      const struct CHALLENGER_AccessTokenP *grant,
+                      uint64_t *rowid,
+                      json_t **address,
+                      struct GNUNET_TIME_Timestamp *address_expiration);
 
 
 };