[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-challenger] branch master updated: consider pin/auth attempts lef
|
From: |
gnunet |
|
Subject: |
[taler-challenger] branch master updated: consider pin/auth attempts left before refusing |
|
Date: |
Sun, 18 Feb 2024 12:43:52 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository challenger.
The following commit(s) were added to refs/heads/master by this push:
new 500fb57 consider pin/auth attempts left before refusing
500fb57 is described below
commit 500fb579164c307d8475ce69e7c74f928e6000ac
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Feb 18 12:43:48 2024 +0100
consider pin/auth attempts left before refusing
---
src/challenger/challenger-httpd_authorize.c | 12 +++++++++---
src/challenger/challenger-httpd_solve.c | 1 -
src/challengerdb/pg_authorize_start.c | 12 ++++++++++--
src/challengerdb/pg_authorize_start.h | 6 +++++-
src/challengerdb/pg_validate_solve_pin.c | 4 ++++
src/include/challenger_database_plugin.h | 6 +++++-
6 files changed, 33 insertions(+), 8 deletions(-)
diff --git a/src/challenger/challenger-httpd_authorize.c
b/src/challenger/challenger-httpd_authorize.c
index 6c11104..25256d4 100644
--- a/src/challenger/challenger-httpd_authorize.c
+++ b/src/challenger/challenger-httpd_authorize.c
@@ -138,6 +138,8 @@ CH_handler_authorize (struct CH_HandlerContext *hc,
{
json_t *last_address;
uint32_t address_attempts_left;
+ uint32_t pin_transmissions_left;
+ uint32_t auth_attempts_left;
enum GNUNET_DB_QueryStatus qs;
/* authorize_start will return 0 if a 'redirect_uri' was
@@ -149,7 +151,9 @@ CH_handler_authorize (struct CH_HandlerContext *hc,
state,
redirect_uri,
&last_address,
- &address_attempts_left);
+ &address_attempts_left,
+ &pin_transmissions_left,
+ &auth_attempts_left);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
@@ -176,10 +180,12 @@ CH_handler_authorize (struct CH_HandlerContext *hc,
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
break;
}
- if (0 == address_attempts_left)
+ if ( (0 == address_attempts_left) &&
+ (0 == pin_transmissions_left) &&
+ (0 == auth_attempts_left) )
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Refusing authorization: zero address attempts left\n");
+ "Refusing authorization: zero attempts left\n");
json_decref (last_address);
return TALER_MHD_redirect_with_oauth_status (
hc->connection,
diff --git a/src/challenger/challenger-httpd_solve.c
b/src/challenger/challenger-httpd_solve.c
index 543b9dd..ff5acf7 100644
--- a/src/challenger/challenger-httpd_solve.c
+++ b/src/challenger/challenger-httpd_solve.c
@@ -272,7 +272,6 @@ CH_handler_solve (struct CH_HandlerContext *hc,
if ( (NULL != bc->state) &&
(0 == bc->addr_left) &&
- (0 == bc->pin_transmissions_left) &&
(0 == bc->auth_attempts_left) )
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
diff --git a/src/challengerdb/pg_authorize_start.c
b/src/challengerdb/pg_authorize_start.c
index d62b77a..7217e2b 100644
--- a/src/challengerdb/pg_authorize_start.c
+++ b/src/challengerdb/pg_authorize_start.c
@@ -34,7 +34,9 @@ CH_PG_authorize_start (void *cls,
const char *client_state,
const char *client_redirect_uri,
json_t **last_address,
- uint32_t *address_attempts_left)
+ uint32_t *address_attempts_left,
+ uint32_t *pin_transmissions_left,
+ uint32_t *auth_attempts_left)
{
struct PostgresClosure *pg = cls;
struct GNUNET_PQ_QueryParam params[] = {
@@ -56,6 +58,10 @@ CH_PG_authorize_start (void *cls,
NULL),
GNUNET_PQ_result_spec_uint32 ("address_attempts_left",
address_attempts_left),
+ GNUNET_PQ_result_spec_uint32 ("pin_transmissions_left",
+ pin_transmissions_left),
+ GNUNET_PQ_result_spec_uint32 ("auth_attempts_left",
+ auth_attempts_left),
GNUNET_PQ_result_spec_end
};
@@ -71,7 +77,9 @@ CH_PG_authorize_start (void *cls,
" AND ($5::VARCHAR=COALESCE(client_redirect_uri,$5::VARCHAR))"
" RETURNING"
" address"
- " ,address_attempts_left;");
+ " ,address_attempts_left"
+ " ,pin_transmissions_left"
+ " ,auth_attempts_left;");
return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
"authorize_start_validation",
params,
diff --git a/src/challengerdb/pg_authorize_start.h
b/src/challengerdb/pg_authorize_start.h
index ef78479..dceddb4 100644
--- a/src/challengerdb/pg_authorize_start.h
+++ b/src/challengerdb/pg_authorize_start.h
@@ -40,6 +40,8 @@
* @param client_redirect_uri where to redirect at the end, NULL to use a
unique one registered for the client
* @param[out] last_address set to the last address used
* @param[out] address_attempts_left set to number of address changing
attempts left for this address
+ * @param[out] pin_transmissions_left set to number of times the PIN can still
be re-requested
+ * @param[out] auth_attempts_left set to number of authentication attempts
remaining
* @return transaction status:
* #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
* #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes
to the address (attempts exhausted)
@@ -53,7 +55,9 @@ CH_PG_authorize_start (void *cls,
const char *client_state,
const char *client_redirect_uri,
json_t **last_address,
- uint32_t *address_attempts_left);
+ uint32_t *address_attempts_left,
+ uint32_t *pin_transmissions_left,
+ uint32_t *auth_attempts_left);
#endif
diff --git a/src/challengerdb/pg_validate_solve_pin.c
b/src/challengerdb/pg_validate_solve_pin.c
index 7c1bd59..536e4dc 100644
--- a/src/challengerdb/pg_validate_solve_pin.c
+++ b/src/challengerdb/pg_validate_solve_pin.c
@@ -51,6 +51,10 @@ CH_PG_validate_solve_pin (void *cls,
¬_found),
GNUNET_PQ_result_spec_bool ("solved",
solved),
+ GNUNET_PQ_result_spec_bool ("exhausted",
+ exhausted),
+ GNUNET_PQ_result_spec_bool ("no_challenge",
+ no_challenge),
GNUNET_PQ_result_spec_uint32 ("address_attempts_left",
addr_left),
GNUNET_PQ_result_spec_uint32 ("auth_attempts_left",
diff --git a/src/include/challenger_database_plugin.h
b/src/include/challenger_database_plugin.h
index e7beb34..2e47d7f 100644
--- a/src/include/challenger_database_plugin.h
+++ b/src/include/challenger_database_plugin.h
@@ -231,6 +231,8 @@ struct CHALLENGER_DatabasePlugin
* @param client_redirect_uri where to redirect at the end, NULL to use a
unique one registered for the client
* @param[out] last_address set to the last address used
* @param[out] address_attempts_left set to number change address operations
left for this @a nonce
+ * @param[out] pin_transmissions_left set to number of times the PIN can
still be re-requested
+ * @param[out] auth_attempts_left set to number of authentication attempts
remaining
* @return transaction status:
* #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
* #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further
changes to the address (attempts exhausted)
@@ -244,7 +246,9 @@ struct CHALLENGER_DatabasePlugin
const char *client_state,
const char *client_redirect_uri,
json_t **last_address,
- uint32_t *address_attempts_left);
+ uint32_t *address_attempts_left,
+ uint32_t *pin_transmissions_left,
+ uint32_t *auth_attempts_left);
/**
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-challenger] branch master updated: consider pin/auth attempts left before refusing,
gnunet <=