[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: -modify plugins to set 'satisfi
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: -modify plugins to set 'satisfied' bit |
|
Date: |
Mon, 16 Aug 2021 16:44:02 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new d94a0fe -modify plugins to set 'satisfied' bit
d94a0fe is described below
commit d94a0fe2f979348b45289b66b1cb5f72c3c3e76c
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Aug 16 16:44:00 2021 +0200
-modify plugins to set 'satisfied' bit
---
.../anastasis_authorization_plugin_email.c | 17 ++-
.../anastasis_authorization_plugin_file.c | 17 ++-
.../anastasis_authorization_plugin_post.c | 18 ++-
.../anastasis_authorization_plugin_sms.c | 17 ++-
src/backend/anastasis-httpd_truth.c | 154 +++++++++++----------
5 files changed, 146 insertions(+), 77 deletions(-)
diff --git a/src/authorization/anastasis_authorization_plugin_email.c
b/src/authorization/anastasis_authorization_plugin_email.c
index 22a7824..3d42aa3 100644
--- a/src/authorization/anastasis_authorization_plugin_email.c
+++ b/src/authorization/anastasis_authorization_plugin_email.c
@@ -24,6 +24,8 @@
#include <taler/taler_json_lib.h>
#include <regex.h>
#include "anastasis_util_lib.h"
+#include <gnunet/gnunet_db_lib.h>
+#include "anastasis_database_lib.h"
/**
@@ -248,7 +250,20 @@ email_start (void *cls,
{
struct Email_Context *ctx = cls;
struct ANASTASIS_AUTHORIZATION_State *as;
-
+ enum GNUNET_DB_QueryStatus qs;
+
+ /* If the user can show this challenge code, this
+ plugin is already happy (no additional
+ requirements), so mark this challenge as
+ already satisfied from the start. */
+ qs = ctx->ac->db->mark_challenge_code_satisfied (ctx->ac->db->cls,
+ truth_uuid,
+ code);
+ if (qs <= 0)
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State);
as->trigger = trigger;
as->trigger_cls = trigger_cls;
diff --git a/src/authorization/anastasis_authorization_plugin_file.c
b/src/authorization/anastasis_authorization_plugin_file.c
index 38939a0..db9dc67 100644
--- a/src/authorization/anastasis_authorization_plugin_file.c
+++ b/src/authorization/anastasis_authorization_plugin_file.c
@@ -21,6 +21,8 @@
#include "platform.h"
#include "anastasis_authorization_plugin.h"
#include <taler/taler_mhd_lib.h>
+#include <gnunet/gnunet_db_lib.h>
+#include "anastasis_database_lib.h"
/**
@@ -125,7 +127,20 @@ file_start (void *cls,
{
const struct ANASTASIS_AuthorizationContext *ac = cls;
struct ANASTASIS_AUTHORIZATION_State *as;
-
+ enum GNUNET_DB_QueryStatus qs;
+
+ /* If the user can show this challenge code, this
+ plugin is already happy (no additional
+ requirements), so mark this challenge as
+ already satisfied from the start. */
+ qs = ac->db->mark_challenge_code_satisfied (ac->db->cls,
+ truth_uuid,
+ code);
+ if (qs <= 0)
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State);
as->cls = cls;
as->truth_uuid = *truth_uuid;
diff --git a/src/authorization/anastasis_authorization_plugin_post.c
b/src/authorization/anastasis_authorization_plugin_post.c
index dddd273..30cea88 100644
--- a/src/authorization/anastasis_authorization_plugin_post.c
+++ b/src/authorization/anastasis_authorization_plugin_post.c
@@ -24,7 +24,8 @@
#include <taler/taler_json_lib.h>
#include <jansson.h>
#include "anastasis_util_lib.h"
-
+#include <gnunet/gnunet_db_lib.h>
+#include "anastasis_database_lib.h"
/**
* Saves the State of a authorization plugin.
@@ -277,7 +278,20 @@ post_start (void *cls,
struct PostContext *ctx = cls;
struct ANASTASIS_AUTHORIZATION_State *as;
json_error_t error;
-
+ enum GNUNET_DB_QueryStatus qs;
+
+ /* If the user can show this challenge code, this
+ plugin is already happy (no additional
+ requirements), so mark this challenge as
+ already satisfied from the start. */
+ qs = ctx->ac->db->mark_challenge_code_satisfied (ctx->ac->db->cls,
+ truth_uuid,
+ code);
+ if (qs <= 0)
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State);
as->trigger = trigger;
as->trigger_cls = trigger_cls;
diff --git a/src/authorization/anastasis_authorization_plugin_sms.c
b/src/authorization/anastasis_authorization_plugin_sms.c
index b780c68..df398fd 100644
--- a/src/authorization/anastasis_authorization_plugin_sms.c
+++ b/src/authorization/anastasis_authorization_plugin_sms.c
@@ -24,6 +24,8 @@
#include <taler/taler_json_lib.h>
#include <regex.h>
#include "anastasis_util_lib.h"
+#include <gnunet/gnunet_db_lib.h>
+#include "anastasis_database_lib.h"
/**
@@ -247,7 +249,20 @@ sms_start (void *cls,
{
struct SMS_Context *ctx = cls;
struct ANASTASIS_AUTHORIZATION_State *as;
-
+ enum GNUNET_DB_QueryStatus qs;
+
+ /* If the user can show this challenge code, this
+ plugin is already happy (no additional
+ requirements), so mark this challenge as
+ already satisfied from the start. */
+ qs = ctx->ac->db->mark_challenge_code_satisfied (ctx->ac->db->cls,
+ truth_uuid,
+ code);
+ if (qs <= 0)
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State);
as->trigger = trigger;
as->trigger_cls = trigger_cls;
diff --git a/src/backend/anastasis-httpd_truth.c
b/src/backend/anastasis-httpd_truth.c
index 8fb1aee..0b0d22f 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -1383,7 +1383,6 @@ AH_handler_truth_get (
enum ANASTASIS_DB_CodeStatus cs;
bool satisfied;
- GNUNET_free (decrypted_truth);
GNUNET_free (truth_mime);
cs = db->verify_challenge_code (db->cls,
&gc->truth_uuid,
@@ -1394,6 +1393,7 @@ AH_handler_truth_get (
case ANASTASIS_DB_CODE_STATUS_CHALLENGE_CODE_MISMATCH:
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Provided response does not match our stored challenge\n");
+ GNUNET_free (decrypted_truth);
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_FORBIDDEN,
TALER_EC_ANASTASIS_TRUTH_CHALLENGE_FAILED,
@@ -1401,6 +1401,7 @@ AH_handler_truth_get (
case ANASTASIS_DB_CODE_STATUS_HARD_ERROR:
case ANASTASIS_DB_CODE_STATUS_SOFT_ERROR:
GNUNET_break (0);
+ GNUNET_free (decrypted_truth);
return TALER_MHD_reply_with_error (gc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
@@ -1409,91 +1410,100 @@ AH_handler_truth_get (
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"No challenge known (challenge is invalidated after %u
requests)\n",
INITIAL_RETRY_COUNTER);
+ GNUNET_free (decrypted_truth);
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_TOO_MANY_REQUESTS,
TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
NULL);
case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED:
- // FIXME: if ! satisfied don't do this...
- return return_key_share (&gc->truth_uuid,
- connection);
- }
- GNUNET_break (0);
- return MHD_NO;
- }
-
- /* Not security question and no answer: use plugin to check if
- decrypted truth is a valid challenge! */
- {
- enum GNUNET_GenericReturnValue ret;
-
- ret = gc->authorization->validate (gc->authorization->cls,
- connection,
- truth_mime,
- decrypted_truth,
- decrypted_truth_size);
- GNUNET_free (truth_mime);
- switch (ret)
- {
- case GNUNET_OK:
- /* data valid, continued below */
+ if (satisfied)
+ {
+ GNUNET_free (decrypted_truth);
+ return return_key_share (&gc->truth_uuid,
+ connection);
+ }
+ /* continue with authorization plugin below */
break;
- case GNUNET_NO:
- /* data invalid, reply was queued */
- GNUNET_free (decrypted_truth);
- return MHD_YES;
- case GNUNET_SYSERR:
- /* data invalid, reply was NOT queued */
- GNUNET_free (decrypted_truth);
+ default:
+ GNUNET_break (0);
return MHD_NO;
}
}
-
- /* Setup challenge and begin authorization process */
+ else
{
- struct GNUNET_TIME_Absolute transmission_date;
- enum GNUNET_DB_QueryStatus qs;
-
- qs = db->create_challenge_code (db->cls,
- &gc->truth_uuid,
- gc->authorization->code_rotation_period,
- gc->authorization->code_validity_period,
- INITIAL_RETRY_COUNTER,
- &transmission_date,
- &gc->code);
- switch (qs)
+ /* Not security question and no answer: use plugin to check if
+ decrypted truth is a valid challenge! */
{
- case GNUNET_DB_STATUS_HARD_ERROR:
- case GNUNET_DB_STATUS_SOFT_ERROR:
- GNUNET_break (0);
- GNUNET_free (decrypted_truth);
- return TALER_MHD_reply_with_error (gc->connection,
- MHD_HTTP_INTERNAL_SERVER_ERROR,
- TALER_EC_GENERIC_DB_FETCH_FAILED,
- "store_challenge_code");
- case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
- /* 0 == retry_counter of existing challenge => rate limit exceeded */
- GNUNET_free (decrypted_truth);
- return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_TOO_MANY_REQUESTS,
- TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
- NULL);
- case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
- /* challenge code was stored successfully*/
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Created fresh challenge\n");
- break;
+ enum GNUNET_GenericReturnValue ret;
+
+ ret = gc->authorization->validate (gc->authorization->cls,
+ connection,
+ truth_mime,
+ decrypted_truth,
+ decrypted_truth_size);
+ GNUNET_free (truth_mime);
+ switch (ret)
+ {
+ case GNUNET_OK:
+ /* data valid, continued below */
+ break;
+ case GNUNET_NO:
+ /* data invalid, reply was queued */
+ GNUNET_free (decrypted_truth);
+ return MHD_YES;
+ case GNUNET_SYSERR:
+ /* data invalid, reply was NOT queued */
+ GNUNET_free (decrypted_truth);
+ return MHD_NO;
+ }
}
- if (GNUNET_TIME_absolute_get_duration (transmission_date).rel_value_us <
- gc->authorization->code_retransmission_frequency.rel_value_us)
+ /* Setup challenge and begin authorization process */
{
- /* Too early for a retransmission! */
- GNUNET_free (decrypted_truth);
- return TALER_MHD_reply_with_error (gc->connection,
- MHD_HTTP_ALREADY_REPORTED,
-
TALER_EC_ANASTASIS_TRUTH_CHALLENGE_ACTIVE,
- NULL);
+ struct GNUNET_TIME_Absolute transmission_date;
+ enum GNUNET_DB_QueryStatus qs;
+
+ qs = db->create_challenge_code (db->cls,
+ &gc->truth_uuid,
+ gc->authorization->code_rotation_period,
+ gc->authorization->code_validity_period,
+ INITIAL_RETRY_COUNTER,
+ &transmission_date,
+ &gc->code);
+ switch (qs)
+ {
+ case GNUNET_DB_STATUS_HARD_ERROR:
+ case GNUNET_DB_STATUS_SOFT_ERROR:
+ GNUNET_break (0);
+ GNUNET_free (decrypted_truth);
+ return TALER_MHD_reply_with_error (gc->connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GENERIC_DB_FETCH_FAILED,
+ "store_challenge_code");
+ case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+ /* 0 == retry_counter of existing challenge => rate limit exceeded */
+ GNUNET_free (decrypted_truth);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_TOO_MANY_REQUESTS,
+
TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
+ NULL);
+ case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
+ /* challenge code was stored successfully*/
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Created fresh challenge\n");
+ break;
+ }
+
+ if (GNUNET_TIME_absolute_get_duration (transmission_date).rel_value_us <
+ gc->authorization->code_retransmission_frequency.rel_value_us)
+ {
+ /* Too early for a retransmission! */
+ GNUNET_free (decrypted_truth);
+ return TALER_MHD_reply_with_error (gc->connection,
+ MHD_HTTP_ALREADY_REPORTED,
+
TALER_EC_ANASTASIS_TRUTH_CHALLENGE_ACTIVE,
+ NULL);
+ }
}
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: -modify plugins to set 'satisfied' bit,
gnunet <=