taler-merchant-httpd_post-challenge-ID.c (20162B)
1 /* 2 This file is part of TALER 3 (C) 2025 Taler Systems SA 4 5 TALER is free software; you can redistribute it and/or modify 6 it under the terms of the GNU Affero General Public License as 7 published by the Free Software Foundation; either version 3, 8 or (at your option) any later version. 9 10 TALER is distributed in the hope that it will be useful, but 11 WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 GNU General Public License for more details. 14 15 You should have received a copy of the GNU General Public 16 License along with TALER; see the file COPYING. If not, 17 see <http://www.gnu.org/licenses/> 18 */ 19 20 /** 21 * @file src/backend/taler-merchant-httpd_post-challenge-ID.c 22 * @brief endpoint to trigger sending MFA challenge 23 * @author Christian Grothoff 24 */ 25 #include "platform.h" 26 #include "taler-merchant-httpd.h" 27 #include "taler-merchant-httpd_mfa.h" 28 #include "taler-merchant-httpd_post-challenge-ID.h" 29 #include "merchant-database/lookup_mfa_challenge.h" 30 #include "merchant-database/update_mfa_challenge.h" 31 32 33 /** 34 * How many attempts do we allow per solution at most? Note that 35 * this is just for the API, the value must also match the 36 * database logic in create_mfa_challenge. 37 */ 38 #define MAX_SOLUTIONS 3 39 40 41 /** 42 * How long is an OTP code valid? 43 */ 44 #define OTP_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30) 45 46 47 /** 48 * Internal state for MFA processing. 49 */ 50 struct MfaState 51 { 52 53 /** 54 * Kept in a DLL. 55 */ 56 struct MfaState *next; 57 58 /** 59 * Kept in a DLL. 60 */ 61 struct MfaState *prev; 62 63 /** 64 * HTTP request we are handling. 65 */ 66 struct TMH_HandlerContext *hc; 67 68 /** 69 * Challenge code. 70 */ 71 char *code; 72 73 /** 74 * When does @e code expire? 75 */ 76 struct GNUNET_TIME_Absolute expiration_date; 77 78 /** 79 * When may we transmit a new code? 80 */ 81 struct GNUNET_TIME_Absolute retransmission_date; 82 83 /** 84 * Handle to the helper process. 85 */ 86 struct GNUNET_Process *child; 87 88 /** 89 * Handle to wait for @e child 90 */ 91 struct GNUNET_ChildWaitHandle *cwh; 92 93 /** 94 * Address where to send the challenge. 95 */ 96 char *required_address; 97 98 /** 99 * Message to send. 100 */ 101 char *msg; 102 103 /** 104 * Instance the challenge is for. 105 */ 106 char *instance_id; 107 108 /** 109 * Offset of transmission in msg. 110 */ 111 size_t msg_off; 112 113 /** 114 * ID of our challenge. 115 */ 116 uint64_t challenge_id; 117 118 /** 119 * Salted hash over the request body. 120 */ 121 struct TALER_MERCHANT_MFA_BodyHash h_body; 122 123 /** 124 * Channel to use for the challenge. 125 */ 126 enum TALER_MERCHANT_MFA_Channel channel; 127 128 enum 129 { 130 MFA_PHASE_PARSE = 0, 131 MFA_PHASE_LOOKUP, 132 MFA_PHASE_SENDING, 133 MFA_PHASE_SUSPENDING, 134 MFA_PHASE_SENT, 135 MFA_PHASE_RETURN_YES, 136 MFA_PHASE_RETURN_NO, 137 138 } phase; 139 140 141 /** 142 * #GNUNET_NO if the @e connection was not suspended, 143 * #GNUNET_YES if the @e connection was suspended, 144 * #GNUNET_SYSERR if @e connection was resumed to as 145 * part of #THM_mfa_done during shutdown. 146 */ 147 enum GNUNET_GenericReturnValue suspended; 148 149 /** 150 * Type of critical operation being authorized. 151 */ 152 enum TALER_MERCHANT_MFA_CriticalOperation op; 153 154 /** 155 * Set to true if sending worked. 156 */ 157 bool send_ok; 158 }; 159 160 161 /** 162 * Kept in a DLL. 163 */ 164 static struct MfaState *mfa_head; 165 166 /** 167 * Kept in a DLL. 168 */ 169 static struct MfaState *mfa_tail; 170 171 172 /** 173 * Clean up @a mfa process. 174 * 175 * @param[in] cls the `struct MfaState` to clean up 176 */ 177 static void 178 mfa_context_cleanup (void *cls) 179 { 180 struct MfaState *mfa = cls; 181 182 GNUNET_CONTAINER_DLL_remove (mfa_head, 183 mfa_tail, 184 mfa); 185 if (NULL != mfa->cwh) 186 { 187 GNUNET_wait_child_cancel (mfa->cwh); 188 mfa->cwh = NULL; 189 } 190 if (NULL != mfa->child) 191 { 192 GNUNET_break (GNUNET_OK == 193 GNUNET_process_kill (mfa->child, 194 SIGKILL)); 195 GNUNET_break (GNUNET_OK == 196 GNUNET_process_wait (mfa->child, 197 true, 198 NULL, 199 NULL)); 200 GNUNET_process_destroy (mfa->child); 201 mfa->child = NULL; 202 } 203 GNUNET_free (mfa->required_address); 204 GNUNET_free (mfa->msg); 205 GNUNET_free (mfa->instance_id); 206 GNUNET_free (mfa->code); 207 GNUNET_free (mfa); 208 } 209 210 211 void 212 TMH_challenge_done () 213 { 214 for (struct MfaState *mfa = mfa_head; 215 NULL != mfa; 216 mfa = mfa->next) 217 { 218 if (GNUNET_YES == mfa->suspended) 219 { 220 mfa->suspended = GNUNET_SYSERR; 221 MHD_resume_connection (mfa->hc->connection); 222 } 223 } 224 } 225 226 227 /** 228 * Send the given @a response for the @a mfa request. 229 * 230 * @param[in,out] mfa process to generate an error response for 231 * @param response_code response code to use 232 * @param[in] response response data to send back 233 */ 234 static void 235 respond_to_challenge_with_response (struct MfaState *mfa, 236 unsigned int response_code, 237 struct MHD_Response *response) 238 { 239 enum MHD_Result res; 240 241 res = MHD_queue_response (mfa->hc->connection, 242 response_code, 243 response); 244 MHD_destroy_response (response); 245 mfa->phase = (MHD_NO == res) 246 ? MFA_PHASE_RETURN_NO 247 : MFA_PHASE_RETURN_YES; 248 } 249 250 251 /** 252 * Generate an error for @a mfa. 253 * 254 * @param[in,out] mfa process to generate an error response for 255 * @param http_status HTTP status of the response 256 * @param ec Taler error code to return 257 * @param hint hint to return, can be NULL 258 */ 259 static void 260 respond_with_error (struct MfaState *mfa, 261 unsigned int http_status, 262 enum TALER_ErrorCode ec, 263 const char *hint) 264 { 265 respond_to_challenge_with_response ( 266 mfa, 267 http_status, 268 TALER_MHD_make_error (ec, 269 hint)); 270 } 271 272 273 /** 274 * Challenge code transmission complete. Continue based on the result. 275 * 276 * @param[in,out] mfa process to send the challenge for 277 */ 278 static void 279 phase_sent (struct MfaState *mfa) 280 { 281 enum GNUNET_DB_QueryStatus qs; 282 283 if (! mfa->send_ok) 284 { 285 respond_with_error (mfa, 286 MHD_HTTP_BAD_GATEWAY, 287 TALER_EC_MERCHANT_TAN_MFA_HELPER_EXEC_FAILED, 288 "process exited with error"); 289 return; 290 } 291 qs = TALER_MERCHANTDB_update_mfa_challenge (TMH_db, 292 mfa->challenge_id, 293 mfa->code, 294 MAX_SOLUTIONS, 295 mfa->expiration_date, 296 mfa->retransmission_date); 297 switch (qs) 298 { 299 case GNUNET_DB_STATUS_HARD_ERROR: 300 GNUNET_break (0); 301 respond_with_error (mfa, 302 MHD_HTTP_INTERNAL_SERVER_ERROR, 303 TALER_EC_GENERIC_DB_COMMIT_FAILED, 304 "update_mfa_challenge"); 305 return; 306 case GNUNET_DB_STATUS_SOFT_ERROR: 307 GNUNET_break (0); 308 respond_with_error (mfa, 309 MHD_HTTP_INTERNAL_SERVER_ERROR, 310 TALER_EC_GENERIC_DB_SOFT_FAILURE, 311 "update_mfa_challenge"); 312 return; 313 case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: 314 GNUNET_break (0); 315 respond_with_error (mfa, 316 MHD_HTTP_INTERNAL_SERVER_ERROR, 317 TALER_EC_GENERIC_DB_INVARIANT_FAILURE, 318 "no results on INSERT, but success?"); 319 return; 320 case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: 321 break; 322 } 323 { 324 struct MHD_Response *response; 325 326 response = 327 TALER_MHD_make_json_steal ( 328 GNUNET_JSON_PACK ( 329 GNUNET_JSON_pack_timestamp ( 330 "solve_expiration", 331 GNUNET_TIME_absolute_to_timestamp ( 332 mfa->expiration_date)), 333 GNUNET_JSON_pack_timestamp ( 334 "earliest_retransmission", 335 GNUNET_TIME_absolute_to_timestamp ( 336 mfa->retransmission_date)))); 337 respond_to_challenge_with_response ( 338 mfa, 339 MHD_HTTP_OK, 340 response); 341 } 342 } 343 344 345 /** 346 * Function called when our SMS helper has terminated. 347 * 348 * @param cls our `struct ANASTASIS_AUHTORIZATION_State` 349 * @param type type of the process 350 * @param exit_code status code of the process 351 */ 352 static void 353 transmission_done_cb (void *cls, 354 enum GNUNET_OS_ProcessStatusType type, 355 long unsigned int exit_code) 356 { 357 struct MfaState *mfa = cls; 358 359 mfa->cwh = NULL; 360 if (NULL != mfa->child) 361 { 362 GNUNET_process_destroy (mfa->child); 363 mfa->child = NULL; 364 } 365 mfa->send_ok = ( (GNUNET_OS_PROCESS_EXITED == type) && 366 (0 == exit_code) ); 367 if (! mfa->send_ok) 368 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 369 "MFA helper failed with status %d/%u\n", 370 (int) type, 371 (unsigned int) exit_code); 372 mfa->phase = MFA_PHASE_SENT; 373 GNUNET_assert (GNUNET_YES == mfa->suspended); 374 mfa->suspended = GNUNET_NO; 375 MHD_resume_connection (mfa->hc->connection); 376 TALER_MHD_daemon_trigger (); 377 } 378 379 380 /** 381 * Resolve a binary name via PATH. 382 * 383 * Needed because the GNUnet process helpers to not support 384 * an execp equivalent at present. 385 * 386 * @param binary_name name to search for 387 * @returns resolved path or NULL if not found 388 */ 389 static char * 390 resolve_path (const char *binary_name) 391 { 392 char *path_env; 393 char full_path[2048]; 394 char *dir; 395 char *path_copy; 396 397 if (NULL != strchr (binary_name, 398 '/')) 399 { 400 /* Already a full path, do not search. */ 401 return GNUNET_strdup (binary_name); 402 } 403 path_env = getenv ("PATH"); 404 if (path_env == NULL) 405 return NULL; 406 /* Duplicate PATH because strtok modifies the string it parses */ 407 path_copy = GNUNET_strdup (path_env); 408 dir = strtok (path_copy, ":"); 409 while (dir != NULL) 410 { 411 snprintf (full_path, 412 sizeof(full_path), 413 "%s/%s", 414 dir, 415 binary_name); 416 if (0 == access (full_path, 417 X_OK)) 418 { 419 GNUNET_free (path_copy); 420 return GNUNET_strdup (full_path); 421 } 422 dir = strtok (NULL, ":"); 423 } 424 GNUNET_free (path_copy); 425 return NULL; 426 } 427 428 429 /** 430 * Setup challenge code for @a mfa and send it to the 431 * @a required_address; on success. 432 * 433 * @param[in,out] mfa process to send the challenge for 434 */ 435 static void 436 phase_send_challenge (struct MfaState *mfa) 437 { 438 const char *prog = NULL; 439 char *binary_path = NULL; 440 unsigned long long challenge_num; 441 char **cmd_argv = NULL; 442 443 challenge_num = (unsigned long long) 444 GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_NONCE, 445 1000 * 1000 * 100); 446 GNUNET_asprintf (&mfa->code, 447 "%04llu-%04llu", 448 challenge_num / 10000, 449 challenge_num % 10000); 450 switch (mfa->channel) 451 { 452 case TALER_MERCHANT_MFA_CHANNEL_NONE: 453 GNUNET_assert (0); 454 break; 455 case TALER_MERCHANT_MFA_CHANNEL_SMS: 456 mfa->expiration_date 457 = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_UNIT_HOURS); 458 mfa->retransmission_date 459 = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_UNIT_HOURS); 460 prog = TMH_helper_sms; 461 break; 462 case TALER_MERCHANT_MFA_CHANNEL_EMAIL: 463 mfa->expiration_date 464 = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_UNIT_HOURS); 465 mfa->retransmission_date 466 = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_UNIT_HOURS); 467 prog = TMH_helper_email; 468 break; 469 case TALER_MERCHANT_MFA_CHANNEL_TOTP: 470 mfa->expiration_date 471 = GNUNET_TIME_relative_to_absolute (OTP_TIMEOUT); 472 mfa->retransmission_date 473 = GNUNET_TIME_relative_to_absolute (OTP_TIMEOUT); 474 respond_with_error (mfa, 475 MHD_HTTP_NOT_IMPLEMENTED, 476 TALER_EC_GENERIC_FEATURE_NOT_IMPLEMENTED, 477 "#10327"); 478 goto done; 479 } 480 if (NULL == prog) 481 { 482 respond_with_error ( 483 mfa, 484 MHD_HTTP_INTERNAL_SERVER_ERROR, 485 TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, 486 TALER_MERCHANT_MFA_channel_to_string (mfa->channel)); 487 goto done; 488 } 489 { 490 /* Start child process and feed pipe */ 491 struct GNUNET_DISK_PipeHandle *p; 492 struct GNUNET_DISK_FileHandle *pipe_stdin; 493 const char *extra_args[] = { 494 mfa->required_address, 495 NULL, 496 }; 497 498 cmd_argv = TALER_words_split (prog, 499 extra_args); 500 501 GNUNET_assert (NULL != cmd_argv[0]); 502 503 p = GNUNET_DISK_pipe (GNUNET_DISK_PF_BLOCKING_RW); 504 if (NULL == p) 505 { 506 respond_with_error (mfa, 507 MHD_HTTP_INTERNAL_SERVER_ERROR, 508 TALER_EC_GENERIC_ALLOCATION_FAILURE, 509 "pipe"); 510 goto done; 511 } 512 mfa->child = GNUNET_process_create (GNUNET_OS_INHERIT_STD_ERR); 513 GNUNET_assert (GNUNET_OK == 514 GNUNET_process_set_options ( 515 mfa->child, 516 GNUNET_process_option_inherit_rpipe (p, 517 STDIN_FILENO))); 518 binary_path = resolve_path (cmd_argv[0]); 519 if ( (NULL == binary_path) || 520 (GNUNET_OK != 521 GNUNET_process_run_command_argv (mfa->child, 522 binary_path, 523 (const char **) cmd_argv)) ) 524 { 525 GNUNET_process_destroy (mfa->child); 526 mfa->child = NULL; 527 GNUNET_break (GNUNET_OK == 528 GNUNET_DISK_pipe_close (p)); 529 respond_with_error (mfa, 530 MHD_HTTP_BAD_GATEWAY, 531 TALER_EC_MERCHANT_TAN_MFA_HELPER_EXEC_FAILED, 532 "exec"); 533 goto done; 534 } 535 536 pipe_stdin = GNUNET_DISK_pipe_detach_end (p, 537 GNUNET_DISK_PIPE_END_WRITE); 538 GNUNET_assert (NULL != pipe_stdin); 539 GNUNET_break (GNUNET_OK == 540 GNUNET_DISK_pipe_close (p)); 541 GNUNET_asprintf (&mfa->msg, 542 "%s is your security code.\n" 543 "Do not share your code with anyone.\n\n" 544 "Authorizes: %s\n" 545 "Login: %s\n\n" 546 "Expires: %s (%s).\n", 547 mfa->code, 548 TALER_MERCHANT_MFA_co2s (mfa->op), 549 mfa->instance_id, 550 GNUNET_TIME_absolute2s ( 551 mfa->expiration_date), 552 GNUNET_TIME_relative2s ( 553 GNUNET_TIME_absolute_get_remaining ( 554 mfa->expiration_date), 555 true)); 556 { 557 const char *off = mfa->msg; 558 size_t left = strlen (off); 559 560 while (0 != left) 561 { 562 ssize_t ret; 563 564 ret = GNUNET_DISK_file_write (pipe_stdin, 565 off, 566 left); 567 if (ret <= 0) 568 { 569 respond_with_error (mfa, 570 MHD_HTTP_BAD_GATEWAY, 571 TALER_EC_MERCHANT_TAN_MFA_HELPER_EXEC_FAILED, 572 "write"); 573 goto done; 574 } 575 mfa->msg_off += ret; 576 off += ret; 577 left -= ret; 578 } 579 GNUNET_DISK_file_close (pipe_stdin); 580 } 581 } 582 mfa->phase = MFA_PHASE_SUSPENDING; 583 done: 584 GNUNET_free (binary_path); 585 TALER_words_destroy (cmd_argv); 586 } 587 588 589 /** 590 * Lookup challenge in DB. 591 * 592 * @param[in,out] mfa process to parse data for 593 */ 594 static void 595 phase_lookup (struct MfaState *mfa) 596 { 597 enum GNUNET_DB_QueryStatus qs; 598 uint32_t retry_counter; 599 struct GNUNET_TIME_Absolute confirmation_date; 600 struct GNUNET_TIME_Absolute retransmission_date; 601 struct TALER_MERCHANT_MFA_BodySalt salt; 602 603 qs = TALER_MERCHANTDB_lookup_mfa_challenge (TMH_db, 604 mfa->challenge_id, 605 &mfa->h_body, 606 &salt, 607 &mfa->required_address, 608 &mfa->op, 609 &confirmation_date, 610 &retransmission_date, 611 &retry_counter, 612 &mfa->channel, 613 &mfa->instance_id); 614 switch (qs) 615 { 616 case GNUNET_DB_STATUS_HARD_ERROR: 617 GNUNET_break (0); 618 respond_with_error (mfa, 619 MHD_HTTP_INTERNAL_SERVER_ERROR, 620 TALER_EC_GENERIC_DB_COMMIT_FAILED, 621 "lookup_mfa_challenge"); 622 return; 623 case GNUNET_DB_STATUS_SOFT_ERROR: 624 GNUNET_break (0); 625 respond_with_error (mfa, 626 MHD_HTTP_INTERNAL_SERVER_ERROR, 627 TALER_EC_GENERIC_DB_SOFT_FAILURE, 628 "lookup_mfa_challenge"); 629 return; 630 case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: 631 GNUNET_break_op (0); 632 respond_with_error (mfa, 633 MHD_HTTP_NOT_FOUND, 634 TALER_EC_MERCHANT_TAN_CHALLENGE_UNKNOWN, 635 mfa->hc->infix); 636 return; 637 case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: 638 break; 639 } 640 if (! GNUNET_TIME_absolute_is_future (confirmation_date)) 641 { 642 /* was already solved */ 643 respond_with_error (mfa, 644 MHD_HTTP_GONE, 645 TALER_EC_MERCHANT_TAN_CHALLENGE_SOLVED, 646 NULL); 647 return; 648 } 649 if (GNUNET_TIME_absolute_is_future (retransmission_date)) 650 { 651 /* too early to try again */ 652 respond_with_error (mfa, 653 MHD_HTTP_TOO_MANY_REQUESTS, 654 TALER_EC_MERCHANT_TAN_TOO_EARLY, 655 GNUNET_TIME_absolute2s (retransmission_date)); 656 return; 657 } 658 mfa->phase++; 659 } 660 661 662 /** 663 * Parse challenge request. 664 * 665 * @param[in,out] mfa process to parse data for 666 */ 667 static void 668 phase_parse (struct MfaState *mfa) 669 { 670 struct TMH_HandlerContext *hc = mfa->hc; 671 enum GNUNET_GenericReturnValue ret; 672 673 ret = TMH_mfa_parse_challenge_id (hc, 674 hc->infix, 675 &mfa->challenge_id, 676 &mfa->h_body); 677 if (GNUNET_OK != ret) 678 { 679 mfa->phase = (GNUNET_NO == ret) 680 ? MFA_PHASE_RETURN_YES 681 : MFA_PHASE_RETURN_NO; 682 return; 683 } 684 mfa->phase++; 685 } 686 687 688 enum MHD_Result 689 TMH_post_challenge_ID (const struct TMH_RequestHandler *rh, 690 struct MHD_Connection *connection, 691 struct TMH_HandlerContext *hc) 692 { 693 struct MfaState *mfa = hc->ctx; 694 695 if (NULL == mfa) 696 { 697 mfa = GNUNET_new (struct MfaState); 698 mfa->hc = hc; 699 hc->ctx = mfa; 700 hc->cc = &mfa_context_cleanup; 701 GNUNET_CONTAINER_DLL_insert (mfa_head, 702 mfa_tail, 703 mfa); 704 } 705 706 while (1) 707 { 708 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 709 "Processing /challenge in phase %d\n", 710 (int) mfa->phase); 711 switch (mfa->phase) 712 { 713 case MFA_PHASE_PARSE: 714 phase_parse (mfa); 715 break; 716 case MFA_PHASE_LOOKUP: 717 phase_lookup (mfa); 718 break; 719 case MFA_PHASE_SENDING: 720 phase_send_challenge (mfa); 721 break; 722 case MFA_PHASE_SUSPENDING: 723 mfa->cwh = GNUNET_wait_child (mfa->child, 724 &transmission_done_cb, 725 mfa); 726 if (NULL == mfa->cwh) 727 { 728 respond_with_error (mfa, 729 MHD_HTTP_INTERNAL_SERVER_ERROR, 730 TALER_EC_GENERIC_ALLOCATION_FAILURE, 731 "GNUNET_wait_child"); 732 continue; 733 } 734 mfa->suspended = GNUNET_YES; 735 MHD_suspend_connection (hc->connection); 736 return MHD_YES; 737 case MFA_PHASE_SENT: 738 phase_sent (mfa); 739 break; 740 case MFA_PHASE_RETURN_YES: 741 return MHD_YES; 742 case MFA_PHASE_RETURN_NO: 743 GNUNET_break (0); 744 return MHD_NO; 745 } 746 } 747 }