[GNUnet-SVN] [taler-exchange] branch master updated (382e3df -> d1d767f)

[gnunet]

This is an automated email from the git hooks/post-receive script.

grothoff pushed a change to branch master
in repository exchange.

    from 382e3df  implement more audit checks for refunds
     new 011b7f5  add skeleton function for 3887-emergency reporting
     new d1d767f  init risk, notes

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 src/auditor/taler-auditor.c | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/src/auditor/taler-auditor.c b/src/auditor/taler-auditor.c
index d04eabc..afb912b 100644
--- a/src/auditor/taler-auditor.c
+++ b/src/auditor/taler-auditor.c
@@ -98,6 +98,28 @@ static struct TALER_AUDITORDB_ProgressPoint pp;
 
 /* ***************************** Report logic **************************** */
 
+
+/**
+ * Called in case we detect an emergency situation where the exchange
+ * is paying out a larger amount on a denomination than we issued in
+ * that denomination.  This means that the exchange's private keys
+ * might have gotten compromised, and that we need to trigger an
+ * emergency request to all wallets to deposit pending coins for the
+ * denomination (and as an exchange suffer a huge financial loss).
+ *
+ * @param dki denomination key where the loss was detected
+ */
+static void
+report_emergency (const struct TALER_EXCHANGEDB_DenominationKeyInformationP 
*dki)
+{
+  /* TODO: properly implement #3887, including how to continue the
+     audit after the emergency. */
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Emergency detected for denomination %s\n",
+              GNUNET_h2s (&dki->properties.denom_hash));
+}
+
+
 /**
  * Report a (serious) inconsistency in the exchange's database.
  *
@@ -1033,6 +1055,8 @@ struct CoinContext
   /**
    * Current financial risk of the exchange operator with respect
    * to key compromise.
+   *
+   * TODO: not yet properly used!
    */
   struct TALER_Amount risk;
 
@@ -1660,8 +1684,7 @@ refresh_session_cb (void *cls,
                              &dso->denom_balance,
                              amount_with_fee))
   {
-    // FIXME: trigger EMERGENCY PROTOCOL HERE! Exchange has been compromised!
-    GNUNET_break (0);
+    report_emergency (dki);
     return GNUNET_SYSERR;
   }
 
@@ -1776,8 +1799,7 @@ deposit_cb (void *cls,
                              &ds->denom_balance,
                              amount_with_fee))
   {
-    // FIXME: trigger EMERGENCY PROTOCOL HERE! Exchange has been compromised!
-    GNUNET_break (0);
+    report_emergency (dki);
     return GNUNET_SYSERR;
   }
 
@@ -1923,6 +1945,7 @@ analyze_coins (void *cls)
 
   /* setup 'cc' */
   // FIXME: FIX misnomer "denomination_summary", as this is no longer exactly 
about denominations!
+  // FIXME: combine request with the one for the 'risk' summary?
   dret = adb->get_denomination_summary (adb->cls,
                                         asession,
                                         &master_pub,
@@ -1961,7 +1984,9 @@ analyze_coins (void *cls)
   }
   if (GNUNET_NO == dret)
   {
-    /* FIXME: initialize cc->risk by other means... */
+    GNUNET_assert (GNUNET_OK ==
+                   TALER_amount_get_zero (currency,
+                                          &cc.risk));
   }
 
   cc.coins = GNUNET_CONTAINER_multihashmap_create (1024,

-- 
To stop receiving notification emails like this one, please contact
address@hidden