[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: introduce TALER_OS_init() to saf
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: introduce TALER_OS_init() to safely handle static linkage |
|
Date: |
Sun, 08 Aug 2021 16:45:35 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new b58605a7 introduce TALER_OS_init() to safely handle static linkage
b58605a7 is described below
commit b58605a79d955d97f3df8381a4df156d04d3f9cc
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Aug 8 16:45:32 2021 +0200
introduce TALER_OS_init() to safely handle static linkage
---
.../taler/conf.d/exchange-business.conf | 4 ++++
.../{response-202012.tex => response-202109.tex} | 20 +++++++++++++++++++-
src/auditor/taler-auditor-dbinit.c | 8 ++++----
src/auditor/taler-auditor-httpd.c | 1 +
src/auditor/taler-auditor-sync.c | 1 +
src/bank-lib/bank_api_admin.c | 5 +++++
src/bank-lib/fakebank.c | 4 ++--
src/exchange-tools/taler-auditor-offline.c | 8 ++++----
src/exchange-tools/taler-exchange-dbinit.c | 8 ++++----
src/exchange-tools/taler-exchange-offline.c | 1 +
src/exchange/taler-exchange-aggregator.c | 1 +
src/exchange/taler-exchange-closer.c | 1 +
src/exchange/taler-exchange-httpd.c | 1 +
src/exchange/taler-exchange-transfer.c | 1 +
src/exchange/taler-exchange-wirewatch.c | 1 +
src/include/taler_util.h | 7 +++++++
src/util/taler-exchange-secmod-eddsa.c | 2 +-
src/util/taler-exchange-secmod-rsa.c | 2 +-
18 files changed, 59 insertions(+), 17 deletions(-)
diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
index 6958d668..554852a1 100644
--- a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
+++ b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
@@ -26,6 +26,10 @@ BASE_URL =
enable_credit = yes
enable_debit = yes
+
+# Account identifier in the form of an RFC-8905 payto:// URI.
+# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
+# Make sure to URL-encode spaces in $NAME!
payto_uri =
# Credentials to access the account are in a separate
diff --git a/doc/audit/response-202012.tex b/doc/audit/response-202109.tex
similarity index 94%
rename from doc/audit/response-202012.tex
rename to doc/audit/response-202109.tex
index 90bd5954..43ed6a63 100644
--- a/doc/audit/response-202012.tex
+++ b/doc/audit/response-202109.tex
@@ -4,7 +4,7 @@
%\topmargin=-0.2in
\usepackage[ansinew]{inputenc}
-\usepackage{makeidx,amsmath,amssymb,exscale,multicol,epsfig,graphics}
+\usepackage{makeidx,amsmath,amssymb,exscale,multicol,epsfig,graphics,url}
\begin{document}
\pagestyle{headings}
@@ -138,6 +138,12 @@ use callbacks {\em excessively}. Rewriting the code in
another language
may indeed make this part easier to understand, alas would have other
disadvantages as pointed out previously.
+{\bf Update:} We introduced additional functions to replace
+variadic calls to functions that cannot be type-checked by
+the compiler (like libjansson's {\tt json\_pack()}) with
+type-safe versions (like the new {\tt GNUNET\_JSON\_PACK()}).
+
+
\subsection{Initializing structs with memset}
Using {\tt memset()} first prevents compiler (or valgrind) warnings about
@@ -241,6 +247,11 @@ the interaction with offline key signing mechanism. The
remaining disk accesses
quite fundamental configuration data (which ports to bind to, configuration to
access the database, etc.), and of course the program logic itself.
+{\bf Update:} We have also restructured the configuration such that only
+the {\tt taler-exchange-transfer} and {\tt taler-exchange-wirewatch} programs
+need to have access to the more sensitive bank account configuration data,
+and so that these processes can run as a separate user.
+
\subsection{Avoid dlopen}
@@ -270,4 +281,11 @@ provided on a best-effort basis. Fortunately, even a
best-effort append-only
transaction log would serve to limit the financial damage incurred by the
exchange in an active database compromise scenario.
+{\bf Update:} We have tightened the installation instructions for the
+Taler exchange to guide users towards a more restricted Postgres setup,
+tightening which components of the Exchange need what level of access
+to the exchange database.
+
+
+
\end{document}
diff --git a/src/auditor/taler-auditor-dbinit.c
b/src/auditor/taler-auditor-dbinit.c
index fe5e5310..ab97b739 100644
--- a/src/auditor/taler-auditor-dbinit.c
+++ b/src/auditor/taler-auditor-dbinit.c
@@ -136,14 +136,14 @@ main (int argc,
};
enum GNUNET_GenericReturnValue ret;
- /* force linker to link against libtalerutil; if we do
- not do this, the linker may "optimize" libtalerutil
- away and skip #TALER_OS_init(), which we do need */
- (void) TALER_project_data_default ();
if (GNUNET_OK !=
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ /* force linker to link against libtalerutil; if we do
+ not do this, the linker may "optimize" libtalerutil
+ away and skip #TALER_OS_init(), which we do need */
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-auditor-dbinit",
diff --git a/src/auditor/taler-auditor-httpd.c
b/src/auditor/taler-auditor-httpd.c
index da17e769..57165ef0 100644
--- a/src/auditor/taler-auditor-httpd.c
+++ b/src/auditor/taler-auditor-httpd.c
@@ -571,6 +571,7 @@ main (int argc,
int fh = -1;
enum TALER_MHD_GlobalOptions go;
+ TALER_OS_init ();
{
int ret;
diff --git a/src/auditor/taler-auditor-sync.c b/src/auditor/taler-auditor-sync.c
index ad55d7cc..79135230 100644
--- a/src/auditor/taler-auditor-sync.c
+++ b/src/auditor/taler-auditor-sync.c
@@ -593,6 +593,7 @@ main (int argc,
GNUNET_GETOPT_OPTION_END
};
+ TALER_OS_init ();
TALER_gcrypt_init (); /* must trigger initialization manually at this point!
*/
{
int ret;
diff --git a/src/bank-lib/bank_api_admin.c b/src/bank-lib/bank_api_admin.c
index 2a8559b2..702b3187 100644
--- a/src/bank-lib/bank_api_admin.c
+++ b/src/bank-lib/bank_api_admin.c
@@ -129,6 +129,11 @@ handle_admin_add_incoming_finished (void *cls,
We should pass the JSON reply to the application */
ec = TALER_JSON_get_error_code (j);
break;
+ case MHD_HTTP_CONFLICT:
+ /* Nothign to verify, we used the same wire subject
+ twice? */
+ ec = TALER_JSON_get_error_code (j);
+ break;
case MHD_HTTP_INTERNAL_SERVER_ERROR:
/* Server had an internal issue; we should retry, but this API
leaves this to the application */
diff --git a/src/bank-lib/fakebank.c b/src/bank-lib/fakebank.c
index 0e726e77..8c5a90fe 100644
--- a/src/bank-lib/fakebank.c
+++ b/src/bank-lib/fakebank.c
@@ -824,7 +824,7 @@ make_admin_transfer (
if (NULL != t)
{
/* duplicate reserve public key not allowed */
- GNUNET_break (0);
+ GNUNET_break_op (0);
return GNUNET_NO;
}
@@ -1074,7 +1074,7 @@ handle_admin_add_incoming (struct TALER_FAKEBANK_Handle
*h,
GNUNET_free (debit);
if (GNUNET_OK != ret)
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Reserve public key not unique\n");
return TALER_MHD_reply_with_error (
connection,
diff --git a/src/exchange-tools/taler-auditor-offline.c
b/src/exchange-tools/taler-auditor-offline.c
index 0fbd82ba..45bf271b 100644
--- a/src/exchange-tools/taler-auditor-offline.c
+++ b/src/exchange-tools/taler-auditor-offline.c
@@ -1454,14 +1454,14 @@ main (int argc,
};
enum GNUNET_GenericReturnValue ret;
- /* force linker to link against libtalerutil; if we do
- not do this, the linker may "optimize" libtalerutil
- away and skip #TALER_OS_init(), which we do need */
- (void) TALER_project_data_default ();
if (GNUNET_OK !=
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ /* force linker to link against libtalerutil; if we do
+ not do this, the linker may "optimize" libtalerutil
+ away and skip #TALER_OS_init(), which we do need */
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-auditor-offline",
diff --git a/src/exchange-tools/taler-exchange-dbinit.c
b/src/exchange-tools/taler-exchange-dbinit.c
index 3f5542b2..42794b35 100644
--- a/src/exchange-tools/taler-exchange-dbinit.c
+++ b/src/exchange-tools/taler-exchange-dbinit.c
@@ -120,14 +120,14 @@ main (int argc,
};
enum GNUNET_GenericReturnValue ret;
- /* force linker to link against libtalerutil; if we do
- not do this, the linker may "optimize" libtalerutil
- away and skip #TALER_OS_init(), which we do need */
- (void) TALER_project_data_default ();
if (GNUNET_OK !=
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ /* force linker to link against libtalerutil; if we do
+ not do this, the linker may "optimize" libtalerutil
+ away and skip #TALER_OS_init(), which we do need */
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-dbinit",
diff --git a/src/exchange-tools/taler-exchange-offline.c
b/src/exchange-tools/taler-exchange-offline.c
index 020c1140..4558f00b 100644
--- a/src/exchange-tools/taler-exchange-offline.c
+++ b/src/exchange-tools/taler-exchange-offline.c
@@ -3456,6 +3456,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-offline",
diff --git a/src/exchange/taler-exchange-aggregator.c
b/src/exchange/taler-exchange-aggregator.c
index a2ea65c3..5da0a809 100644
--- a/src/exchange/taler-exchange-aggregator.c
+++ b/src/exchange/taler-exchange-aggregator.c
@@ -1013,6 +1013,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-aggregator",
diff --git a/src/exchange/taler-exchange-closer.c
b/src/exchange/taler-exchange-closer.c
index d14bedac..89e43999 100644
--- a/src/exchange/taler-exchange-closer.c
+++ b/src/exchange/taler-exchange-closer.c
@@ -547,6 +547,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-closer",
diff --git a/src/exchange/taler-exchange-httpd.c
b/src/exchange/taler-exchange-httpd.c
index ca058f0b..d0d8b953 100644
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@@ -1669,6 +1669,7 @@ main (int argc,
int fh = -1;
enum TALER_MHD_GlobalOptions go;
+ TALER_OS_init ();
ret = GNUNET_GETOPT_run ("taler-exchange-httpd",
options,
argc, argv);
diff --git a/src/exchange/taler-exchange-transfer.c
b/src/exchange/taler-exchange-transfer.c
index a242547b..56794343 100644
--- a/src/exchange/taler-exchange-transfer.c
+++ b/src/exchange/taler-exchange-transfer.c
@@ -559,6 +559,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-transfer",
diff --git a/src/exchange/taler-exchange-wirewatch.c
b/src/exchange/taler-exchange-wirewatch.c
index 6e40fc00..cc99e42c 100644
--- a/src/exchange/taler-exchange-wirewatch.c
+++ b/src/exchange/taler-exchange-wirewatch.c
@@ -768,6 +768,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-wirewatch",
diff --git a/src/include/taler_util.h b/src/include/taler_util.h
index 59824a52..79e24779 100644
--- a/src/include/taler_util.h
+++ b/src/include/taler_util.h
@@ -174,6 +174,13 @@ const struct GNUNET_OS_ProjectData *
TALER_project_data_default (void);
+/**
+ * Initialize libtalerutil.
+ */
+void
+TALER_OS_init (void);
+
+
/**
* URL-encode a string according to rfc3986.
*
diff --git a/src/util/taler-exchange-secmod-eddsa.c
b/src/util/taler-exchange-secmod-eddsa.c
index 5ca50f06..dc2d35d1 100644
--- a/src/util/taler-exchange-secmod-eddsa.c
+++ b/src/util/taler-exchange-secmod-eddsa.c
@@ -1680,7 +1680,7 @@ main (int argc,
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
- GNUNET_OS_init (TALER_project_data_default ());
+ TALER_OS_init ();
now = now_tmp = GNUNET_TIME_absolute_get ();
ret = GNUNET_PROGRAM_run (argc, argv,
"taler-exchange-secmod-eddsa",
diff --git a/src/util/taler-exchange-secmod-rsa.c
b/src/util/taler-exchange-secmod-rsa.c
index 35bd7890..2aabaddc 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -2081,7 +2081,7 @@ main (int argc,
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
- GNUNET_OS_init (TALER_project_data_default ());
+ TALER_OS_init ();
now = now_tmp = GNUNET_TIME_absolute_get ();
ret = GNUNET_PROGRAM_run (argc, argv,
"taler-exchange-secmod-rsa",
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: introduce TALER_OS_init() to safely handle static linkage,
gnunet <=