gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-merchant] branch master updated: return 400 if wallet uses untrus


From: gnunet
Subject: [taler-merchant] branch master updated: return 400 if wallet uses untrusted exchange base URL; towards fixing #9183
Date: Sat, 14 Sep 2024 00:48:47 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository merchant.

The following commit(s) were added to refs/heads/master by this push:
     new e2354ce6 return 400 if wallet uses untrusted exchange base URL; 
towards fixing #9183
e2354ce6 is described below

commit e2354ce622ea3ba015ece7607ee01754fd135f78
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Sep 14 00:48:43 2024 +0200

    return 400 if wallet uses untrusted exchange base URL; towards fixing #9183
---
 src/backend/taler-merchant-httpd_exchanges.c       | 50 ++++++++++++++++------
 .../taler-merchant-httpd_post-orders-ID-abort.c    |  5 ++-
 .../taler-merchant-httpd_post-orders-ID-pay.c      | 14 +++---
 .../taler-merchant-httpd_post-orders-ID-refund.c   |  8 ++++
 ...r-merchant-httpd_private-get-instances-ID-kyc.c |  6 +++
 src/backend/taler-merchant-kyccheck.c              | 17 +++++---
 src/testing/test_kyc_api.c                         | 17 ++++----
 7 files changed, 80 insertions(+), 37 deletions(-)

diff --git a/src/backend/taler-merchant-httpd_exchanges.c 
b/src/backend/taler-merchant-httpd_exchanges.c
index 26c2f5cd..f5cefc48 100644
--- a/src/backend/taler-merchant-httpd_exchanges.c
+++ b/src/backend/taler-merchant-httpd_exchanges.c
@@ -35,7 +35,7 @@
  * Threshold after which exponential backoff should not increase.
  */
 #define RETRY_BACKOFF_THRESHOLD GNUNET_TIME_relative_multiply ( \
-          GNUNET_TIME_UNIT_SECONDS, 60)
+    GNUNET_TIME_UNIT_SECONDS, 60)
 
 /**
  * This is how long /keys long-polls for, so we should
@@ -43,7 +43,7 @@
  * answer. See exchange_api_handle.c.
  */
 #define LONG_POLL_THRESHOLD GNUNET_TIME_relative_multiply ( \
-          GNUNET_TIME_UNIT_SECONDS, 120)
+    GNUNET_TIME_UNIT_SECONDS, 120)
 
 
 /**
@@ -248,20 +248,13 @@ TMH_EXCHANGES_get_currency (
 static struct TMH_Exchange *
 lookup_exchange (const char *exchange_url)
 {
-  struct TMH_Exchange *exchange;
-
-  for (exchange = exchange_head;
+  for (struct TMH_Exchange *exchange = exchange_head;
        NULL != exchange;
        exchange = exchange->next)
     if (0 == strcmp (exchange->url,
                      exchange_url))
       return exchange;
-  exchange = GNUNET_new (struct TMH_Exchange);
-  exchange->url = GNUNET_strdup (exchange_url);
-  GNUNET_CONTAINER_DLL_insert (exchange_head,
-                               exchange_tail,
-                               exchange);
-  return exchange;
+  return NULL;
 }
 
 
@@ -476,6 +469,20 @@ TMH_EXCHANGES_keys4exchange (
               "Trying to find chosen exchange `%s'\n",
               chosen_exchange);
   exchange = lookup_exchange (chosen_exchange);
+  if (NULL == exchange)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Exchange `%s' not configured\n",
+                chosen_exchange);
+    return NULL;
+  }
+  if (! exchange->trusted)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Exchange `%s' not trusted\n",
+                chosen_exchange);
+    return NULL;
+  }
   fo = GNUNET_new (struct TMH_EXCHANGES_KeysOperation);
   fo->fc = fc;
   fo->fc_cls = fc_cls;
@@ -972,6 +979,16 @@ accept_exchanges (void *cls,
                                "EXCHANGE_BASE_URL");
     return;
   }
+  exchange = lookup_exchange (url);
+  if (NULL != exchange)
+  {
+    GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                               section,
+                               "EXCHANGE_BASE_URL",
+                               "same base URL specified again");
+    GNUNET_free (url);
+    return;
+  }
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (cfg,
                                              section,
@@ -984,9 +1001,12 @@ accept_exchanges (void *cls,
     GNUNET_free (url);
     return;
   }
-  exchange = lookup_exchange (url);
-  GNUNET_free (url);
+  exchange = GNUNET_new (struct TMH_Exchange);
+  exchange->url = url;
   exchange->currency = currency;
+  GNUNET_CONTAINER_DLL_insert (exchange_head,
+                               exchange_tail,
+                               exchange);
   if (GNUNET_OK ==
       GNUNET_CONFIGURATION_get_value_string (cfg,
                                              section,
@@ -1067,7 +1087,9 @@ update_exchange_keys (void *cls,
               "Received keys change notification: reload `%s'\n",
               url);
   exchange = lookup_exchange (url);
-  reload_exchange_keys (exchange);
+  GNUNET_break (NULL != exchange);
+  if (NULL != exchange)
+    reload_exchange_keys (exchange);
 }
 
 
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-abort.c 
b/src/backend/taler-merchant-httpd_post-orders-ID-abort.c
index 3dbb6fa8..80c6930b 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-abort.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-abort.c
@@ -593,11 +593,12 @@ find_next_exchange (struct AbortContext *ac)
                                             ac);
       if (NULL == ac->fo)
       {
+        /* strange, should have happened on pay! */
         GNUNET_break (0);
         resume_abort_with_error (ac,
                                  MHD_HTTP_INTERNAL_SERVER_ERROR,
-                                 
TALER_EC_MERCHANT_POST_ORDERS_ID_ABORT_EXCHANGE_LOOKUP_FAILED,
-                                 "Failed to lookup exchange by URL");
+                                 TALER_EC_MERCHANT_GENERIC_EXCHANGE_UNTRUSTED,
+                                 ac->current_exchange);
         return;
       }
       return;
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c 
b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
index 555e2959..e6097a50 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -1520,10 +1520,10 @@ force_keys (struct ExchangeGroup *eg)
     eg);
   if (NULL == eg->fo)
   {
-    GNUNET_break (0);
+    GNUNET_break_op (0);
     resume_pay_with_error (pc,
-                           
TALER_EC_MERCHANT_POST_ORDERS_ID_PAY_EXCHANGE_LOOKUP_FAILED,
-                           "Failed to lookup exchange by URL");
+                           TALER_EC_MERCHANT_GENERIC_EXCHANGE_UNTRUSTED,
+                           eg->exchange_url);
     return;
   }
   pc->pending_at_eg++;
@@ -1611,13 +1611,13 @@ phase_batch_deposits (struct PayContext *pc)
       eg);
     if (NULL == eg->fo)
     {
-      GNUNET_break (0);
+      GNUNET_break_op (0);
       pay_end (pc,
                TALER_MHD_reply_with_error (
                  pc->connection,
-                 MHD_HTTP_INTERNAL_SERVER_ERROR,
-                 TALER_EC_MERCHANT_POST_ORDERS_ID_PAY_EXCHANGE_LOOKUP_FAILED,
-                 "Failed to lookup exchange by URL"));
+                 MHD_HTTP_BAD_REQUEST,
+                 TALER_EC_MERCHANT_GENERIC_EXCHANGE_UNTRUSTED,
+                 eg->exchange_url));
       return;
     }
     pc->pending_at_eg++;
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-refund.c 
b/src/backend/taler-merchant-httpd_post-orders-ID-refund.c
index 5fd81bef..57e3ebe5 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-refund.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-refund.c
@@ -711,6 +711,14 @@ TMH_post_orders_ID_refund (const struct TMH_RequestHandler 
*rh,
                                               false,
                                               &exchange_found_cb,
                                               cr);
+        if (NULL == cr->fo)
+        {
+          GNUNET_break (0);
+          return TALER_MHD_reply_with_error (connection,
+                                             MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                             
TALER_EC_MERCHANT_GENERIC_EXCHANGE_UNTRUSTED,
+                                             cr->exchange_url);
+        }
       }
       break;
     case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
diff --git a/src/backend/taler-merchant-httpd_private-get-instances-ID-kyc.c 
b/src/backend/taler-merchant-httpd_private-get-instances-ID-kyc.c
index 33be692d..cc47794d 100644
--- a/src/backend/taler-merchant-httpd_private-get-instances-ID-kyc.c
+++ b/src/backend/taler-merchant-httpd_private-get-instances-ID-kyc.c
@@ -820,6 +820,12 @@ kyc_status_cb (
       false,
       &kyc_with_exchange,
       ekr);
+    if (NULL == ekr->fo)
+    {
+      GNUNET_break (0);
+      ekr_finished (ekr);
+      return;
+    }
     return;
   }
   ekr->access_token = *access_token;
diff --git a/src/backend/taler-merchant-kyccheck.c 
b/src/backend/taler-merchant-kyccheck.c
index e97e2702..73307052 100644
--- a/src/backend/taler-merchant-kyccheck.c
+++ b/src/backend/taler-merchant-kyccheck.c
@@ -467,6 +467,8 @@ exchange_check_cb (
   struct Inquiry *i = cls;
   bool progress = false;
 
+  if (! i->not_first_time)
+    progress = true;
   i->kyc = NULL;
   i->last_http_status = ks->hr.http_status;
   i->last_ec = ks->hr.ec;
@@ -526,8 +528,9 @@ exchange_check_cb (
     /* Forbidden => KYC auth must be wrong */
     i->auth_ok = false;
     /* Start with long-polling */
-    i->due = GNUNET_TIME_absolute_max (i->last_kyc_check.abs_time,
-                                       i->timeout);
+    if (! progress)
+      i->due = GNUNET_TIME_absolute_max (i->last_kyc_check.abs_time,
+                                         i->timeout);
     i->backoff = GNUNET_TIME_UNIT_ZERO;
     break;
   case MHD_HTTP_NOT_FOUND: /* account unknown */
@@ -541,8 +544,9 @@ exchange_check_cb (
     json_decref (i->jlimits);
     i->jlimits = NULL;
     /* Start immediately with Long-polling */
-    i->due = GNUNET_TIME_absolute_max (i->last_kyc_check.abs_time,
-                                       i->timeout);
+    if (! progress)
+      i->due = GNUNET_TIME_absolute_max (i->last_kyc_check.abs_time,
+                                         i->timeout);
     i->backoff = GNUNET_TIME_UNIT_ZERO;
     break;
   case MHD_HTTP_CONFLICT: /* no account_pub known */
@@ -550,8 +554,9 @@ exchange_check_cb (
     /* Conflict => KYC auth wire transfer missing! */
     i->auth_ok = false;
     /* Start immediately with Long-polling */
-    i->due = GNUNET_TIME_absolute_max (i->last_kyc_check.abs_time,
-                                       i->timeout);
+    if (! progress)
+      i->due = GNUNET_TIME_absolute_max (i->last_kyc_check.abs_time,
+                                         i->timeout);
     i->backoff = GNUNET_TIME_UNIT_ZERO;
     break;
   default:
diff --git a/src/testing/test_kyc_api.c b/src/testing/test_kyc_api.c
index 5a42439b..a60f965a 100644
--- a/src/testing/test_kyc_api.c
+++ b/src/testing/test_kyc_api.c
@@ -101,9 +101,9 @@ static char *merchant_url_i1a;
  * @param label label to use for the command.
  */
 #define CMD_EXEC_AGGREGATOR(label) \
-        TALER_TESTING_cmd_exec_aggregator_with_kyc (label "-aggregator", \
-                                                    CONFIG_FILE), \
-        TALER_TESTING_cmd_exec_transfer (label "-transfer", CONFIG_FILE)
+  TALER_TESTING_cmd_exec_aggregator_with_kyc (label "-aggregator", \
+                                              CONFIG_FILE), \
+  TALER_TESTING_cmd_exec_transfer (label "-transfer", CONFIG_FILE)
 
 /**
  * Execute the taler-exchange-wirewatch command with
@@ -112,10 +112,10 @@ static char *merchant_url_i1a;
  * @param label label to use for the command.
  */
 #define CMD_EXEC_WIREWATCH(label)           \
-        TALER_TESTING_cmd_exec_wirewatch2 ( \
-          label,                            \
-          CONFIG_FILE,                      \
-          "exchange-account-exchange")
+  TALER_TESTING_cmd_exec_wirewatch2 ( \
+    label,                            \
+    CONFIG_FILE,                      \
+    "exchange-account-exchange")
 
 
 /**
@@ -241,7 +241,7 @@ run (void *cls,
       NULL,
       EXCHANGE_URL,
       TALER_EXCHANGE_KLPT_NONE,
-      MHD_HTTP_NO_CONTENT,
+      MHD_HTTP_OK,
       true),
     /* now we get the legi UUID by running taler-merchant-depositcheck */
     TALER_TESTING_cmd_depositcheck (
@@ -262,6 +262,7 @@ run (void *cls,
     CMD_EXEC_WIREWATCH (
       "import-kyc-account-withdraw"),
     /* Now we should get a status of pending */
+    // FIXME: currently runs into timeout!
     TALER_TESTING_cmd_merchant_kyc_get (
       "kyc-pending",
       merchant_url,

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]