[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: auth plugins
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: auth plugins |
|
Date: |
Thu, 14 Jan 2021 15:26:04 +0100 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new eb6204c auth plugins
eb6204c is described below
commit eb6204cccc71bee0491b48a0cc0eec22c0a7da6b
Author: Dominik Meister <dominik.meister@hotmail.ch>
AuthorDate: Thu Jan 14 15:25:53 2021 +0100
auth plugins
---
src/backend/Makefile.am | 14 +++-
src/backend/anastasis-httpd_truth.c | 2 +
src/backend/anastasis.conf | 26 +++++++
src/backend/anastasis_authorization_plugin_email.c | 25 ++++++-
...mail.c => anastasis_authorization_plugin_sms.c} | 80 ++++++++++++--------
src/include/anastasis_authorization_plugin.h | 8 ++
src/lib/test_anastasis_api.conf | 7 ++
src/util/Makefile.am | 17 ++++-
src/util/test_anastasis_child_management.c | 86 ++++++++++++++++++++++
src/util/test_anastasis_crypto.c | 1 -
10 files changed, 228 insertions(+), 38 deletions(-)
diff --git a/src/backend/Makefile.am b/src/backend/Makefile.am
index 0cd511e..7d4ab65 100644
--- a/src/backend/Makefile.am
+++ b/src/backend/Makefile.am
@@ -22,7 +22,8 @@ libanastasisauthorization_la_LDFLAGS = \
plugin_LTLIBRARIES = \
libanastasis_plugin_authorization_file.la \
- libanastasis_plugin_authorization_email.la
+ libanastasis_plugin_authorization_email.la \
+ libanastasis_plugin_authorization_sms.la
libanastasis_plugin_authorization_file_la_SOURCES = \
anastasis_authorization_plugin_file.c
libanastasis_plugin_authorization_file_la_LIBADD = \
@@ -43,6 +44,17 @@ libanastasis_plugin_authorization_email_la_LDFLAGS = \
-ltalerutil \
-lgnunetutil \
$(XLIB)
+libanastasis_plugin_authorization_sms_la_SOURCES = \
+ anastasis_authorization_plugin_sms.c
+libanastasis_plugin_authorization_sms_la_LIBADD = \
+ $(LTLIBINTL)
+libanastasis_plugin_authorization_sms_la_LDFLAGS = \
+ $(ANASTASIS_PLUGIN_LDFLAGS) \
+ -ljansson \
+ -ltalerutil \
+ -lgnunetutil \
+ $(XLIB)
+
pkgcfg_DATA = \
anastasis.conf
diff --git a/src/backend/anastasis-httpd_truth.c
b/src/backend/anastasis-httpd_truth.c
index 8959b02..e38e395 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -1044,8 +1044,10 @@ AH_handler_truth_get (struct MHD_Connection *connection,
as = authorization->start (authorization->cls,
&truth_public_key,
code,
+ authorization->auth_command,
decrypted_truth,
decrypted_truth_size);
+
GNUNET_free (decrypted_truth);
if (NULL == as)
{
diff --git a/src/backend/anastasis.conf b/src/backend/anastasis.conf
index 6c002f8..e43d5aa 100644
--- a/src/backend/anastasis.conf
+++ b/src/backend/anastasis.conf
@@ -35,6 +35,32 @@ DB = postgres
# Upload limit per backup, in megabytes
UPLOAD_LIMIT_MB = 16
+# Authentication costs
+
+# Cost of authentication by question
+#QUESTION_COST = EUR:0
+
+# Cost of authentication by file (only for testing purposes)
+#FILE_COST = EUR:1
+
+# Cost of authentication by E-Mail
+#EMAIL_COST = EUR:0
+
+# Cost of authentication by SMS
+#SMS_COST = EUR:0
+
+# Cost of authentication by postal
+#POSTAL_COST = EUR:0
+
+# Cost of authentication by video
+#VIDEO_COST = EUR:0
+
+#SMS authentication command which is executed
+#SMSAUTH_COMMAND = some_sms_script.sh
+
+#E-Mail authentication command which is executed
+#EMAILAUTH_COMMAND = some_email_script.sh
+
# Fulfillment URL of the ANASTASIS service itself.
FULFILLMENT_URL = taler://fulfillment-success
diff --git a/src/backend/anastasis_authorization_plugin_email.c
b/src/backend/anastasis_authorization_plugin_email.c
index 407aa45..a38c414 100644
--- a/src/backend/anastasis_authorization_plugin_email.c
+++ b/src/backend/anastasis_authorization_plugin_email.c
@@ -23,6 +23,7 @@
#include "anastasis_authorization_plugin.h"
#include <taler/taler_mhd_lib.h>
#include <regex.h>
+#include "anastasis_util_lib.h"
/**
@@ -47,6 +48,10 @@ struct ANASTASIS_AUTHORIZATION_State
* closure
*/
void *cls;
+ /**
+ * Command which is executed to run the email authentication
+ */
+ char *auth_command;
};
@@ -123,6 +128,7 @@ static struct ANASTASIS_AUTHORIZATION_State *
email_start (void *cls,
const struct ANASTASIS_CRYPTO_TruthPublicKeyP *truth_public_key,
uint64_t code,
+ char *auth_command,
const void *data,
size_t data_length)
{
@@ -132,6 +138,7 @@ email_start (void *cls,
as->cls = cls;
as->truth_public_key = truth_public_key;
as->code = code;
+ as->auth_command = auth_command;
as->email = GNUNET_STRINGS_data_to_string_alloc (data,
data_length);
return as;
@@ -156,6 +163,8 @@ email_process (struct ANASTASIS_AUTHORIZATION_State *as,
int p[2];
/*FIXME ERROR HANDLING*/
int ret = pipe (p);
+
+
pid_t pid = fork ();
switch (pid)
{
@@ -176,12 +185,13 @@ email_process (struct ANASTASIS_AUTHORIZATION_State *as,
case 0:
dup2 (p[0],0);
close (p[1]);
- execlp ("mail", "mail", "-s", subject, as->email, NULL);
+ execlp (as->auth_command, subject, as->email, NULL);
close (p[0]);
char buff[21];
sprintf (buff, "%lu", as->code);
ret = write (p[1], buff, strlen (buff));
close (p[1]);
+
break;
default:
/*FIXME */
@@ -220,6 +230,19 @@ libanastasis_plugin_authorization_email_init (void *cls)
plugin->start = &email_start;
plugin->process = &email_process;
plugin->cleanup = &email_cleanup;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (cfg,
+ "anastasis",
+ "EMAILAUTH_COMMAND",
+ &plugin->auth_command))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "anastasis",
+ "EMAILAUTH_COMMAND");
+ GNUNET_free (plugin);
+ return NULL;
+ }
return plugin;
}
diff --git a/src/backend/anastasis_authorization_plugin_email.c
b/src/backend/anastasis_authorization_plugin_sms.c
similarity index 75%
copy from src/backend/anastasis_authorization_plugin_email.c
copy to src/backend/anastasis_authorization_plugin_sms.c
index 407aa45..e40789a 100644
--- a/src/backend/anastasis_authorization_plugin_email.c
+++ b/src/backend/anastasis_authorization_plugin_sms.c
@@ -23,6 +23,7 @@
#include "anastasis_authorization_plugin.h"
#include <taler/taler_mhd_lib.h>
#include <regex.h>
+#include "anastasis_util_lib.h"
/**
@@ -36,17 +37,21 @@ struct ANASTASIS_AUTHORIZATION_State
*/
const struct ANASTASIS_CRYPTO_TruthPublicKeyP *truth_public_key;
/**
- * Code which is sent to the user (here saved into a file)
+ * Code which is sent to the user (here sent via SMS)
*/
uint64_t code;
/**
* holds the truth information
*/
- char *email;
+ char *phone_number;
/**
* closure
*/
void *cls;
+ /**
+ * Command which is executed to run the sms authentication
+ */
+ char *auth_command;
};
@@ -67,17 +72,17 @@ struct ANASTASIS_AUTHORIZATION_State
* #GNUNET_SYSERR if @a data invalid but we failed to queue a reply on
@a connection
*/
static enum GNUNET_GenericReturnValue
-email_validate (void *cls,
- struct MHD_Connection *connection,
- const char *data,
- size_t data_length)
+sms_validate (void *cls,
+ struct MHD_Connection *connection,
+ const char *data,
+ size_t data_length)
{
regex_t regex;
int regex_result;
/*FIXME very basic check */
- const char *regexp = "[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}";
- char *email = GNUNET_STRINGS_data_to_string_alloc (data,
- data_length);
+ const char *regexp = "^[0-9]+$";
+ char *phone_number = GNUNET_STRINGS_data_to_string_alloc (data,
+ data_length);
regex_result = regcomp (®ex,
regexp,
@@ -92,7 +97,7 @@ email_validate (void *cls,
}
regex_result = regexec (®ex,
- email,
+ phone_number,
0,
NULL,
0);
@@ -102,7 +107,7 @@ email_validate (void *cls,
return GNUNET_NO;
}
regfree (®ex);
- GNUNET_free (email);
+ GNUNET_free (phone_number);
return GNUNET_OK;
}
@@ -120,11 +125,12 @@ email_validate (void *cls,
* @return state to track progress on the authorization operation, NULL on
failure
*/
static struct ANASTASIS_AUTHORIZATION_State *
-email_start (void *cls,
- const struct ANASTASIS_CRYPTO_TruthPublicKeyP *truth_public_key,
- uint64_t code,
- const void *data,
- size_t data_length)
+sms_start (void *cls,
+ const struct ANASTASIS_CRYPTO_TruthPublicKeyP *truth_public_key,
+ uint64_t code,
+ char *auth_command,
+ const void *data,
+ size_t data_length)
{
struct ANASTASIS_AUTHORIZATION_State *as;
@@ -132,8 +138,9 @@ email_start (void *cls,
as->cls = cls;
as->truth_public_key = truth_public_key;
as->code = code;
- as->email = GNUNET_STRINGS_data_to_string_alloc (data,
- data_length);
+ as->auth_command = auth_command;
+ as->phone_number = GNUNET_STRINGS_data_to_string_alloc (data,
+ data_length);
return as;
}
@@ -147,12 +154,11 @@ email_start (void *cls,
* @return state of the request
*/
static enum ANASTASIS_AUTHORIZATION_Result
-email_process (struct ANASTASIS_AUTHORIZATION_State *as,
- struct MHD_Connection *connection)
+sms_process (struct ANASTASIS_AUTHORIZATION_State *as,
+ struct MHD_Connection *connection)
{
MHD_RESULT mres;
struct MHD_Response *resp;
- char *subject = "Anastasis E-Mail Authentication Service";
int p[2];
/*FIXME ERROR HANDLING*/
int ret = pipe (p);
@@ -176,11 +182,10 @@ email_process (struct ANASTASIS_AUTHORIZATION_State *as,
case 0:
dup2 (p[0],0);
close (p[1]);
- execlp ("mail", "mail", "-s", subject, as->email, NULL);
- close (p[0]);
char buff[21];
sprintf (buff, "%lu", as->code);
- ret = write (p[1], buff, strlen (buff));
+ execlp (as->auth_command, buff, as->phone_number, NULL);
+ close (p[0]);
close (p[1]);
break;
default:
@@ -197,9 +202,9 @@ email_process (struct ANASTASIS_AUTHORIZATION_State *as,
* @param as state to clean up
*/
static void
-email_cleanup (struct ANASTASIS_AUTHORIZATION_State *as)
+sms_cleanup (struct ANASTASIS_AUTHORIZATION_State *as)
{
- GNUNET_free (as->email);
+ GNUNET_free (as->phone_number);
GNUNET_free (as);
}
@@ -211,15 +216,28 @@ email_cleanup (struct ANASTASIS_AUTHORIZATION_State *as)
* @return NULL on error, otherwise a `struct ANASTASIS_AuthorizationPlugin`
*/
void *
-libanastasis_plugin_authorization_email_init (void *cls)
+libanastasis_plugin_authorization_sms_init (void *cls)
{
struct ANASTASIS_AuthorizationPlugin *plugin;
struct GNUNET_CONFIGURATION_Handle *cfg = cls;
plugin = GNUNET_new (struct ANASTASIS_AuthorizationPlugin);
- plugin->validate = &email_validate;
- plugin->start = &email_start;
- plugin->process = &email_process;
- plugin->cleanup = &email_cleanup;
+ plugin->validate = &sms_validate;
+ plugin->start = &sms_start;
+ plugin->process = &sms_process;
+ plugin->cleanup = &sms_cleanup;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (cfg,
+ "anastasis",
+ "SMSAUTH_COMMAND",
+ &plugin->auth_command))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "anastasis",
+ "SMSAUTH_COMMAND");
+ GNUNET_free (plugin);
+ return NULL;
+ }
return plugin;
}
diff --git a/src/include/anastasis_authorization_plugin.h
b/src/include/anastasis_authorization_plugin.h
index 05e95ae..cd21171 100644
--- a/src/include/anastasis_authorization_plugin.h
+++ b/src/include/anastasis_authorization_plugin.h
@@ -114,6 +114,12 @@ struct ANASTASIS_AuthorizationPlugin
*/
struct GNUNET_TIME_Relative code_retransmission_frequency;
+ /**
+ * Command which is executed to run the plugin (some bash script or a
+ * command line argument)
+ */
+ char *auth_command;
+
/**
* Validate @a data is a well-formed input into the challenge method,
* i.e. @a data is a well-formed phone number for sending an SMS, or
@@ -148,6 +154,7 @@ struct ANASTASIS_AuthorizationPlugin
* interaction with the user
* @param code secret code that the user has to provide back to satisfy the
challenge in
* the main anastasis protocol
+ * @param auth_command authentication command which is executed
* @param data input to validate (i.e. is it a valid phone number, etc.)
* @return state to track progress on the authorization operation, NULL on
failure
*/
@@ -155,6 +162,7 @@ struct ANASTASIS_AuthorizationPlugin
(*start)(void *cls,
const struct ANASTASIS_CRYPTO_TruthPublicKeyP *truth_public_key,
uint64_t code,
+ char *auth_command,
const void *data,
size_t data_length);
diff --git a/src/lib/test_anastasis_api.conf b/src/lib/test_anastasis_api.conf
index 3be46e4..4596d33 100644
--- a/src/lib/test_anastasis_api.conf
+++ b/src/lib/test_anastasis_api.conf
@@ -69,6 +69,13 @@ FILE_COST = EUR:1
# Cost of authentication by video
#VIDEO_COST = EUR:0
+# Command which is executed for the sms authentication
+SMSAUTH_COMMAND =
/home/dominik/Documents/Anastasis-work/anastasis/src/lib/sms_authentication.sh
+
+# Command which is executed for the sms authentication
+# EMAILAUTH_COMMAND =
+
+
# Upload limit
UPLOAD_LIMIT_MB = 1
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index 06ce9c4..fc48e55 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -31,23 +31,32 @@ lib_LTLIBRARIES = \
libanastasisutil_la_SOURCES = \
anastasis_crypto.c \
- child_management.c \
- os_installation.c
+ child_management.c \
+ os_installation.c
libanastasisutil_la_LIBADD = \
-lgnunetutil \
$(LIBGCRYPT_LIBS) \
-ljansson \
- $(XLIB)
+ -ltalerutil \
+ $(XLIB)
libanastasisutil_la_LDFLAGS = \
-version-info 0:0:0 \
-export-dynamic -no-undefined
check_PROGRAMS = \
- test_anastasis_crypto
+ test_anastasis_crypto \
+ test_anastasis_child_management
TESTS = \
$(check_PROGRAMS)
+test_anastasis_child_management_SOURCES = \
+ test_anastasis_child_management.c
+test_anastasis_child_management_LDADD = \
+ -lgnunetutil \
+ -ltalerutil \
+ libanastasisutil.la
+
test_anastasis_crypto_SOURCES = \
test_anastasis_crypto.c
test_anastasis_crypto_LDADD = \
diff --git a/src/util/test_anastasis_child_management.c
b/src/util/test_anastasis_child_management.c
new file mode 100644
index 0000000..d239069
--- /dev/null
+++ b/src/util/test_anastasis_child_management.c
@@ -0,0 +1,86 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2014-2020 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3, or
+ (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public
+ License along with TALER; see the file COPYING. If not, see
+ <http://www.gnu.org/licenses/>
+*/
+
+/**
+ * @file lib/test_anastasis_child_management.c
+ * @brief testcase to test the child management
+ * @author Christian Grothoff
+ * @author Dominik Meister
+ */
+#include "platform.h"
+#include <gnunet/gnunet_util_lib.h>
+#include "anastasis_util_lib.h"
+
+static int done;
+
+void
+childCompletedCallback (void *cls,
+ enum GNUNET_OS_ProcessStatusType type,
+ long unsigned int exit_code)
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"%lu",exit_code);
+ done = 1;
+}
+
+
+static int
+test_child_management ()
+{
+ int p[2];
+ int ret = pipe (p);
+ pid_t pid = fork ();
+ char *command = "child_management_test.sh";
+ switch (pid)
+ {
+ case -1:
+ close (p[0]);
+ close (p[1]);
+ return 2;
+ case 0:
+ dup2 (p[0],0);
+ close (p[1]);
+ execlp (command,"1234","41764941294", NULL);
+ close (p[0]);
+ close (p[1]);
+ struct ANASTASIS_ChildWaitHandle *cwh;
+ void *cls;
+ cwh = ANASTASIS_wait_child (pid,
+ &childCompletedCallback,
+ cls);
+ break;
+ default:
+ /*FIXME */
+ break;
+ }
+ return 0;
+}
+
+
+int
+main (int argc,
+ const char *const argv[])
+{
+ if (0 != test_child_management ())
+ return 1;
+ GNUNET_log_setup (argv[0], "DEBUG", NULL);
+ return 0;
+}
+
+
+/* end of test_anastasis_crypto.c */
diff --git a/src/util/test_anastasis_crypto.c b/src/util/test_anastasis_crypto.c
index ee66b37..93c99d4 100644
--- a/src/util/test_anastasis_crypto.c
+++ b/src/util/test_anastasis_crypto.c
@@ -351,7 +351,6 @@ main (int argc,
return 1;
if (0 != test_public_key_derive ())
return 1;
-
return 0;
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: auth plugins,
gnunet <=