[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: clean up auth override logic
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: clean up auth override logic |
|
Date: |
Sat, 06 Mar 2021 12:55:15 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 01a09468 clean up auth override logic
01a09468 is described below
commit 01a094683c841b9bf345b8eca2407522eaa37e8d
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Mar 6 12:55:12 2021 +0100
clean up auth override logic
---
src/backend/taler-merchant-httpd.c | 32 ++++++++++++----------
src/backend/taler-merchant-httpd.h | 5 ++++
...merchant-httpd_private-post-instances-ID-auth.c | 3 ++
.../taler-merchant-httpd_private-post-instances.c | 2 ++
4 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.c
b/src/backend/taler-merchant-httpd.c
index 721221a0..bc82ee95 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -158,7 +158,8 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
/**
* Initial authorization token.
*/
-static char *default_auth;
+char *TMH_default_auth;
+
/**
* Holds data needed to determine when to resume a connection for
@@ -1574,14 +1575,14 @@ url_handler (void *cls,
/* use 'default' */
use_default = true;
hc->instance = TMH_lookup_instance (NULL);
- if ( (NULL != default_auth) &&
+ if ( (NULL != TMH_default_auth) &&
(NULL != hc->instance) )
{
/* Override default instance access control */
- TMH_compute_auth (default_auth,
+ TMH_compute_auth (TMH_default_auth,
&hc->instance->auth.auth_salt,
&hc->instance->auth.auth_hash);
- GNUNET_free (default_auth);
+ GNUNET_free (TMH_default_auth);
}
}
if (NULL != hc->instance)
@@ -1748,18 +1749,21 @@ url_handler (void *cls,
/* If we have not even a default instance AND no override
credentials, THEN we accept anything (no access control) */
auth_ok = ( (NULL == TMH_lookup_instance (NULL)) &&
- (NULL == default_auth) );
- /* Are the credentials provided OK for CLI override? */
- auth_ok |= ( (NULL != default_auth) &&
- (NULL != auth) &&
- (0 == strcmp (auth,
- default_auth)) );
+ (NULL == TMH_default_auth) );
/* Check against selected instance, if we have one */
if (NULL != hc->instance)
- auth_ok |= (GNUNET_OK ==
+ auth_ok |= (! auth_malformed) &&
+ (GNUNET_OK ==
TMH_check_auth (auth,
&hc->instance->auth.auth_salt,
&hc->instance->auth.auth_hash));
+ else /* Are the credentials provided OK for CLI override? */
+ auth_ok |= ( (use_default) &&
+ (NULL != TMH_default_auth) &&
+ (NULL != auth) &&
+ (! auth_malformed) &&
+ (0 == strcmp (auth,
+ TMH_default_auth)) );
if (! auth_ok)
{
if (auth_malformed)
@@ -1908,8 +1912,8 @@ run (void *cls,
(void) cfgfile;
tok = getenv ("TALER_MERCHANT_TOKEN");
if ( (NULL != tok) &&
- (NULL == default_auth) )
- default_auth = GNUNET_strdup (tok);
+ (NULL == TMH_default_auth) )
+ TMH_default_auth = GNUNET_strdup (tok);
cfg = config;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Starting taler-merchant-httpd\n");
@@ -2064,7 +2068,7 @@ main (int argc,
"auth",
"TOKEN",
"use TOKEN to initially authenticate access
to the default instance (you can also set the TALER_MERCHANT_TOKEN environment
variable instead)",
- &default_auth),
+ &TMH_default_auth),
GNUNET_GETOPT_OPTION_END
};
diff --git a/src/backend/taler-merchant-httpd.h
b/src/backend/taler-merchant-httpd.h
index 7cb3c836..eb6d67c6 100644
--- a/src/backend/taler-merchant-httpd.h
+++ b/src/backend/taler-merchant-httpd.h
@@ -417,6 +417,11 @@ extern struct GNUNET_CONTAINER_MultiHashMap *TMH_by_id_map;
*/
extern struct GNUNET_TIME_Relative TMH_legal_expiration;
+/**
+ * Initial authorization token.
+ */
+extern char *TMH_default_auth;
+
/**
* Kick MHD to run now, to be called after MHD_resume_connection().
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
index 084310bb..a6e1326c 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
@@ -151,6 +151,9 @@ retry:
/* Finally, also update our running process */
mi->auth = ias;
}
+ if (0 == strcmp (mi->settings.id,
+ "default"))
+ GNUNET_free (TMH_default_auth); /* clear after it was manually set */
return TALER_MHD_reply_static (connection,
MHD_HTTP_NO_CONTENT,
NULL,
diff --git a/src/backend/taler-merchant-httpd_private-post-instances.c
b/src/backend/taler-merchant-httpd_private-post-instances.c
index 88a51a26..d251a9d0 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances.c
@@ -504,6 +504,8 @@ retry:
TMH_add_instance (mi));
}
GNUNET_JSON_parse_free (spec);
+ GNUNET_free (TMH_default_auth); /* clear it: user just either created default
+ instance or it should already be NULL */
return TALER_MHD_reply_static (connection,
MHD_HTTP_NO_CONTENT,
NULL,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: clean up auth override logic,
gnunet <=