commit 6e0c4d8602911518b1050549db141d659491caf8
parent 207015d38431c8e478730e57f7db893ca4578597
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Mon, 7 Jul 2025 15:24:28 +0200
v19/20: Deprecate external authentication method, add DISABLE_AUTHENTICATION config option
Diffstat:
5 files changed, 49 insertions(+), 9 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
@@ -159,6 +159,12 @@ struct GNUNET_CONTAINER_MultiHashMap *TMH_by_id_map;
int TMH_strict_v19;
/**
+ * #GNUNET_YES if authentication is disabled (For testing only!!).
+ * (Default is #GNUNET_NO)
+ */
+int TMH_auth_disabled;
+
+/**
* How long do we need to keep information on paid contracts on file for tax
* or other legal reasons? Used to block deletions for younger transaction
* data.
@@ -2671,7 +2677,7 @@ run (void *cls,
return;
}
- if (GNUNET_SYSERR !=
+ if (GNUNET_SYSERR ==
(TMH_strict_v19 = GNUNET_CONFIGURATION_get_value_yesno (cfg,
"merchant",
"STRICT_PROTOCOL_V19")))
@@ -2681,6 +2687,18 @@ run (void *cls,
"STRICT_PROTOCOL_V19");
TMH_strict_v19 = GNUNET_NO;
}
+ if (GNUNET_SYSERR ==
+ (TMH_auth_disabled = GNUNET_CONFIGURATION_get_value_yesno (cfg,
+ "merchant",
+ "DISABLE_AUTHENTICATION")))
+ {
+ TMH_auth_disabled = GNUNET_NO;
+ }
+ if (GNUNET_YES == TMH_auth_disabled)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "DANGEROUS: Endpoint Authentication disabled!");
+ }
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
"merchant",
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h
@@ -750,6 +750,18 @@ extern struct GNUNET_CONTAINER_MultiHashMap *TMH_by_id_map;
*/
extern struct GNUNET_TIME_Relative TMH_legal_expiration;
+/**
+ * #GNUNET_YES if protocol version 19 is strictly enforced.
+ * (Default is #GNUNET_NO)
+ */
+extern int TMH_strict_v19;
+
+/**
+ * #GNUNET_YES if authentication is disabled (For testing only!!).
+ * (Default is #GNUNET_NO)
+ */
+extern int TMH_auth_disabled;
+
/**
* Callback that frees an instances removing
diff --git a/src/backend/taler-merchant-httpd_helper.c b/src/backend/taler-merchant-httpd_helper.c
@@ -607,8 +607,13 @@ TMH_check_auth_config (struct MHD_Connection *connection,
{
GNUNET_break_op (0);
}
- else if (0 == strcmp (auth_method,
- "external"))
+ else if ((GNUNET_YES != TMH_strict_v19) &&
+ (0 == strcmp (auth_method,
+ "external")))
+ {
+ auth_wellformed = true;
+ }
+ else if (GNUNET_YES == TMH_auth_disabled)
{
auth_wellformed = true;
}
diff --git a/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c b/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
@@ -90,11 +90,11 @@ TMH_private_delete_instances_ID_token (const struct TMH_RequestHandler *rh,
TALER_EC_GENERIC_DB_STORE_FAILED,
"delete_login_token");
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
- /* No 404, as the login token must have existed
- when we got the request as it was accepted as
- valid. So we can only get here due to concurrent
- modification, and then the client should still
- simply see the success. Hence, fall-through */
+ /* No 404, as the login token must have existed
+ when we got the request as it was accepted as
+ valid. So we can only get here due to concurrent
+ modification, and then the client should still
+ simply see the success. Hence, fall-through */
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
return TALER_MHD_reply_static (connection,
MHD_HTTP_NO_CONTENT,
diff --git a/src/backend/taler-merchant-httpd_private-get-instances-ID.c b/src/backend/taler-merchant-httpd_private-get-instances-ID.c
@@ -64,7 +64,12 @@ get_instances_ID (struct TMH_MerchantInstance *mi,
GNUNET_JSON_pack_bool ("active",
wm->active))));
}
-
+ if (GNUNET_YES == TMH_strict_v19)
+ {
+ // When pre v19 is deprecated this if guard can be removed
+ // and the code below should never return "external"
+ GNUNET_assert (! GNUNET_is_zero (&mi->auth.auth_hash));
+ }
auth = GNUNET_JSON_PACK (
GNUNET_JSON_pack_string ("method",
GNUNET_is_zero (&mi->auth.auth_hash)
