[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: added authentication backend lo
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: added authentication backend logic |
|
Date: |
Fri, 11 Sep 2020 00:23:03 +0200 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 68694e1 added authentication backend logic
68694e1 is described below
commit 68694e1627a745d553ec174ac648aa95329139f3
Author: Dominik Meister <dominik.meister@hotmail.ch>
AuthorDate: Fri Sep 11 00:22:53 2020 +0200
added authentication backend logic
---
src/include/anastasis_database_lib.h | 12 +-
src/include/anastasis_database_plugin.h | 45 +++++
src/stasis/plugin_anastasis_postgres.c | 288 +++++++++++++++++++++++++++++++-
3 files changed, 342 insertions(+), 3 deletions(-)
diff --git a/src/include/anastasis_database_lib.h
b/src/include/anastasis_database_lib.h
index a0a1df8..f524fec 100644
--- a/src/include/anastasis_database_lib.h
+++ b/src/include/anastasis_database_lib.h
@@ -46,7 +46,15 @@ ANASTASIS_DB_plugin_unload (struct ANASTASIS_DatabasePlugin
*plugin);
* of results, so all non-negative values indicate success.
*/
enum ANASTASIS_DB_QueryStatus
-{
+{
+ /**
+ * Already valid code stored under this public key, please use the valid code
+ */
+ ANASTASIS_DB_STATUS_VALID_CODE_STORED = -6,
+ /**
+ * Provided Challenge code didnt match the server generated code
+ */
+ ANASTASIS_DB_STATUS_CHALLENGE_CODE_MISSMATCH = -5,
/**
* Update failed because the old recovery data hash does not match what we
previously had in the DB.
*/
@@ -87,4 +95,4 @@ enum ANASTASIS_DB_QueryStatus
#endif /* ANASTASIS_DB_LIB_H */
-/* end of anastasis_database_lib.h */
\ No newline at end of file
+/* end of anastasis_database_lib.h */
diff --git a/src/include/anastasis_database_plugin.h
b/src/include/anastasis_database_plugin.h
index 4ef5947..8d475be 100644
--- a/src/include/anastasis_database_plugin.h
+++ b/src/include/anastasis_database_plugin.h
@@ -380,5 +380,50 @@ struct ANASTASIS_DatabasePlugin
uint32_t post_counter,
const struct ANASTASIS_PaymentSecretP *payment_secret,
const struct TALER_Amount *amount);
+
+ /**
+ * Verify the provided code with the code on the server.
+ * If the code matches the function will return with success, if the code
+ * does not match, the retry counter will be decreased by one.
+ *
+ * @param cls closure
+ * @param truth_pub identification of the challenge which the code
corresponds to
+ * @param code code which the user provided and wants to verify
+ (already verified that this is a uint64_t no checks needed)
+ * @return transaction status
+ */
+ enum ANASTASIS_DB_QueryStatus
+ (*verify_challenge_code)(void *cls,
+ const struct
+ ANASTASIS_CRYPTO_TruthPublicKeyP *truth_pub,
+ uint64_t code);
+ /**
+ * Insert a new challenge code for a given challenge identified by the
challenge
+ * public key. The function will first check if there is already a valid code
+ * for this challenge present and wont insert a new one in this case.
+ *
+ * @param cls closure
+ * @param truth_public_key the identifier for the challenge
+ * @param code code which will be safed to check later
+ * @param expiration_time for how long is the code available
+ * @param retry_counter amount of retries allowed
+ * @return transaction status
+ */
+
+ enum ANASTASIS_DB_QueryStatus
+ (*store_challenge_code)(void *cls,
+ const struct
+ ANASTASIS_CRYPTO_TruthPublicKeyP *truth_public_key,
+ uint64_t code,
+ struct GNUNET_TIME_Relative expiration_time,
+ unsigned int retry_counter);
+
+ /**
+ * FIXME maybe implemented in the postgres_gc but want it seperate first
+ * Function called to remove all expired codes in the database
+ * @return transaction status
+ */
+ enum ANASTASIS_DB_QueryStatus
+ (*challenge_gc)(void *cls);
};
#endif
diff --git a/src/stasis/plugin_anastasis_postgres.c
b/src/stasis/plugin_anastasis_postgres.c
index e09aac5..51892a3 100644
--- a/src/stasis/plugin_anastasis_postgres.c
+++ b/src/stasis/plugin_anastasis_postgres.c
@@ -1415,6 +1415,250 @@ postgres_get_recovery_document (void *cls,
}
}
+/**
+ * Verify the provided code with the code on the server.
+ * If the code matches the function will return with success, if the code
+ * does not match, the retry counter will be decreased by one.
+ *
+ * @param cls closure
+ * @param truth_pub identification of the challenge which the code corresponds
to
+ * @param code code which the user provided and wants to verify
+ (already verified that this is a uint64_t no checks needed)
+ * @return transaction status
+ */
+enum ANASTASIS_DB_QueryStatus
+postgres_verify_challenge_code (void *cls,
+ const struct
+ ANASTASIS_CRYPTO_TruthPublicKeyP *truth_pub,
+ uint64_t code)
+
+{
+ struct PostgresClosure *pg = cls;
+ enum ANASTASIS_DB_QueryStatus qs;
+ uint64_t server_code;
+ {
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (truth_pub),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_uint64 ("code",
+ &server_code),
+ GNUNET_PQ_result_spec_end
+ };
+
+ check_connection (pg);
+ qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
+ "challengecode_select",
+ params,
+ rs);
+ switch (qs)
+ {
+ case GNUNET_DB_STATUS_HARD_ERROR:
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ case GNUNET_DB_STATUS_SOFT_ERROR:
+ GNUNET_break (0);
+ return ANASTASIS_DB_STATUS_SOFT_ERROR;
+ case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+ return ANASTASIS_DB_STATUS_NO_RESULTS;
+ case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
+ if (server_code == code)
+ {
+ return ANASTASIS_DB_STATUS_SUCCESS_ONE_RESULT;
+ }
+ break;
+ default:
+ GNUNET_break (0);
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ }
+ }
+ if (GNUNET_OK != begin_transaction (pg,
+ "update_challenge_retry"))
+ {
+ GNUNET_break (0);
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ }
+
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (truth_pub),
+ GNUNET_PQ_query_param_end
+ };
+
+ qs = GNUNET_PQ_eval_prepared_non_select (pg->conn,
+ "challengecode_update_retry",
+ params);
+ switch (qs)
+ {
+ case GNUNET_DB_STATUS_HARD_ERROR:
+ rollback (pg);
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ case GNUNET_DB_STATUS_SOFT_ERROR:
+ rollback (pg);
+ GNUNET_break (0);
+ return ANASTASIS_DB_STATUS_SOFT_ERROR;
+ case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+ rollback (pg);
+ /*Should never happen */
+ return ANASTASIS_DB_STATUS_NO_RESULTS;
+ case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
+ break;
+ default:
+ GNUNET_break (0);
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ }
+
+ qs = commit_transaction (pg);
+ if (qs < 0)
+ {
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ }
+ return ANASTASIS_DB_STATUS_CHALLENGE_CODE_MISSMATCH;
+}
+
+
+/**
+ * Insert a new challenge code for a given challenge identified by the
challenge
+ * public key. The function will first check if there is already a valid code
+ * for this challenge present and wont insert a new one in this case.
+ *
+ * @param cls closure
+ * @param truth_public_key the identifier for the challenge
+ * @param code code which will be safed to check later
+ * @param expiration_time for how long is the code available
+ * @param retry_counter amount of retries allowed
+ * @return transaction status
+ */
+
+enum ANASTASIS_DB_QueryStatus
+postgres_store_challenge_code (void *cls,
+ const struct
+ ANASTASIS_CRYPTO_TruthPublicKeyP
*truth_public_key,
+ uint64_t code,
+ struct GNUNET_TIME_Relative expiration_time,
+ unsigned int retry_counter)
+{
+ struct PostgresClosure *pg = cls;
+ enum ANASTASIS_DB_QueryStatus qs;
+ struct GNUNET_TIME_Absolute creation_date = GNUNET_TIME_absolute_get ();
+ struct GNUNET_TIME_Absolute expiration_date;
+ GNUNET_TIME_round_abs (&creation_date);
+ expiration_date = GNUNET_TIME_absolute_add (creation_date,
+ expiration_time);
+
+ /*Check if there is already a valid code */
+ /*FIXME maybe put this in a function code reusage*/
+ uint64_t server_code;
+ {
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (truth_public_key),
+ TALER_PQ_query_param_absolute_time (&creation_date),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_uint64 ("code",
+ &server_code),
+ GNUNET_PQ_result_spec_end
+ };
+
+ check_connection (pg);
+ qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
+ "challengecode_select",
+ params,
+ rs);
+ switch (qs)
+ {
+ case GNUNET_DB_STATUS_HARD_ERROR:
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ case GNUNET_DB_STATUS_SOFT_ERROR:
+ GNUNET_break (0);
+ return ANASTASIS_DB_STATUS_SOFT_ERROR;
+ case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+ break;
+ case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
+ return ANASTASIS_DB_STATUS_VALID_CODE_STORED;
+ default:
+ GNUNET_break (0);
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ }
+ }
+
+ check_connection (pg);
+ if (GNUNET_OK != begin_transaction (pg,
+ "store_challenge_code"))
+ {
+ GNUNET_break (0);
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ }
+
+ {
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (truth_public_key),
+ GNUNET_PQ_query_param_uint64 (&code),
+ TALER_PQ_query_param_absolute_time (&creation_date),
+ TALER_PQ_query_param_absolute_time (&expiration_date),
+ GNUNET_PQ_query_param_uint32 (&retry_counter),
+ GNUNET_PQ_query_param_end
+ };
+
+ qs = GNUNET_PQ_eval_prepared_non_select (pg->conn,
+ "challengecode_insert",
+ params);
+ }
+ switch (qs)
+ {
+ case ANASTASIS_DB_STATUS_HARD_ERROR:
+ rollback (pg);
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ case ANASTASIS_DB_STATUS_SOFT_ERROR:
+ rollback (pg);
+ return ANASTASIS_DB_STATUS_SOFT_ERROR;
+ case ANASTASIS_DB_STATUS_NO_RESULTS:
+ GNUNET_break (0);
+ rollback (pg);
+ return ANASTASIS_DB_STATUS_SOFT_ERROR;
+ case ANASTASIS_DB_STATUS_SUCCESS_ONE_RESULT:
+ break;
+ default:
+ rollback (pg);
+ return ANASTASIS_DB_STATUS_HARD_ERROR;
+ return qs;
+ }
+
+ qs = commit_transaction (pg);
+ if (qs < 0)
+ {
+ return qs;
+ }
+
+ return ANASTASIS_DB_STATUS_SUCCESS_ONE_RESULT;
+}
+
+/**
+ * FIXME maybe implemented in the postgres_gc but want it seperate first
+ * Function called to remove all expired codes in the database
+ * @return transaction status
+ */
+enum ANASTASIS_DB_QueryStatus
+postgres_challenge_gc (void *cls)
+{
+ struct PostgresClosure *pg = cls;
+ struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get ();
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_absolute_time (&time_now),
+ GNUNET_PQ_query_param_end
+ };
+ /*FIXME error handling */
+ check_connection (pg);
+ postgres_preflight (pg);
+ return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+ "gc_challengecodes",
+ params);
+}
+
+
+
+
+
/**
* Initialize Postgres database subsystem.
@@ -1463,6 +1707,14 @@ libanastasis_plugin_db_postgres_init (void *cls)
" recovery_data BYTEA NOT NULL,"
" PRIMARY KEY (user_id, version)"
");"),
+ GNUNET_PQ_make_execute (
+ "CREATE TABLE IF NOT EXISTS anastasis_challengecode"
+ "( truth_public_key BYTEA NOT NULL,"
+ " code INT8 NOT NULL,"
+ " creation_date TIMESTAMP NOT NULL DEFAULT NOW(),"
+ " expiration_date TIMESTAMP NOT NULL,"
+ " retry_counter INT4 NOT NULL)"
+ ");"),
GNUNET_PQ_EXECUTE_STATEMENT_END
};
struct GNUNET_PQ_PreparedStatement ps[] = {
@@ -1646,6 +1898,38 @@ libanastasis_plugin_db_postgres_init (void *cls)
" ORDER BY version DESC "
"LIMIT 1;",
1),
+ GNUNET_PQ_make_prepare ("challengecode_insert",
+ "INSERT INTO anastasis_challengecode "
+ "(truth_public_key"
+ ",code"
+ ",creation_date"
+ ",expiration_date"
+ ",retry_counter"
+ ") VALUES "
+ "($1, $2, $3, $4, $5);",
+ 5),
+ GNUNET_PQ_make_prepare ("challengecode_select",
+ "SELECT "
+ "code "
+ "FROM "
+ "anastasis_challengecode "
+ "WHERE (truth_public_key =$1) "
+ "AND (expiration_date > $2) "
+ "AND (retry_counter > 0);",
+ 2),
+
+ GNUNET_PQ_make_prepare ("challengecode_update_retry",
+ "UPDATE anastasis_challengecode "
+ "SET "
+ "retry_counter = retry_counter -1 "
+ "WHERE (truth_public_key =$1) "
+ "AND (retry_counter > 0);",
+ 1),
+ GNUNET_PQ_make_prepare ("gc_challengecodes",
+ "DELETE FROM anastasis_challengecode "
+ "WHERE "
+ "expiration_date < $1;",
+ 1),
GNUNET_PQ_PREPARED_STATEMENT_END
};
@@ -1695,7 +1979,9 @@ libanastasis_plugin_db_postgres_init (void *cls)
plugin->increment_lifetime = &postgres_increment_lifetime;
plugin->start = &begin_transaction;
plugin->check_connection = &check_connection;
-
+ plugin->verify_challenge_code = &postgres_verify_challenge_code;
+ plugin->store_challenge_code = &postgres_store_challenge_code;
+ plugin->challenge_gc = &postgres_challenge_gc;
return plugin;
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: added authentication backend logic,
gnunet <=