diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-08-08 16:45:32 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-08-08 16:45:32 +0200 |
commit | b58605a79d955d97f3df8381a4df156d04d3f9cc (patch) | |
tree | 8f3eabbf1d08c78994dcaf96ea2089e3901c4427 | |
parent | 7fd4f1d8463e324ab850b6c3c92c045b68906efc (diff) |
introduce TALER_OS_init() to safely handle static linkage
-rw-r--r-- | debian/etc-taler-exchange/taler/conf.d/exchange-business.conf | 4 | ||||
-rw-r--r-- | doc/audit/response-202109.tex (renamed from doc/audit/response-202012.tex) | 20 | ||||
-rw-r--r-- | src/auditor/taler-auditor-dbinit.c | 8 | ||||
-rw-r--r-- | src/auditor/taler-auditor-httpd.c | 1 | ||||
-rw-r--r-- | src/auditor/taler-auditor-sync.c | 1 | ||||
-rw-r--r-- | src/bank-lib/bank_api_admin.c | 5 | ||||
-rw-r--r-- | src/bank-lib/fakebank.c | 4 | ||||
-rw-r--r-- | src/exchange-tools/taler-auditor-offline.c | 8 | ||||
-rw-r--r-- | src/exchange-tools/taler-exchange-dbinit.c | 8 | ||||
-rw-r--r-- | src/exchange-tools/taler-exchange-offline.c | 1 | ||||
-rw-r--r-- | src/exchange/taler-exchange-aggregator.c | 1 | ||||
-rw-r--r-- | src/exchange/taler-exchange-closer.c | 1 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd.c | 1 | ||||
-rw-r--r-- | src/exchange/taler-exchange-transfer.c | 1 | ||||
-rw-r--r-- | src/exchange/taler-exchange-wirewatch.c | 1 | ||||
-rw-r--r-- | src/include/taler_util.h | 7 | ||||
-rw-r--r-- | src/util/taler-exchange-secmod-eddsa.c | 2 | ||||
-rw-r--r-- | src/util/taler-exchange-secmod-rsa.c | 2 |
18 files changed, 59 insertions, 17 deletions
diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf index 6958d6686..554852a14 100644 --- a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf +++ b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf @@ -26,6 +26,10 @@ BASE_URL = enable_credit = yes enable_debit = yes + +# Account identifier in the form of an RFC-8905 payto:// URI. +# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME +# Make sure to URL-encode spaces in $NAME! payto_uri = # Credentials to access the account are in a separate diff --git a/doc/audit/response-202012.tex b/doc/audit/response-202109.tex index 90bd59544..43ed6a636 100644 --- a/doc/audit/response-202012.tex +++ b/doc/audit/response-202109.tex @@ -4,7 +4,7 @@ %\topmargin=-0.2in \usepackage[ansinew]{inputenc} -\usepackage{makeidx,amsmath,amssymb,exscale,multicol,epsfig,graphics} +\usepackage{makeidx,amsmath,amssymb,exscale,multicol,epsfig,graphics,url} \begin{document} \pagestyle{headings} @@ -138,6 +138,12 @@ use callbacks {\em excessively}. Rewriting the code in another language may indeed make this part easier to understand, alas would have other disadvantages as pointed out previously. +{\bf Update:} We introduced additional functions to replace +variadic calls to functions that cannot be type-checked by +the compiler (like libjansson's {\tt json\_pack()}) with +type-safe versions (like the new {\tt GNUNET\_JSON\_PACK()}). + + \subsection{Initializing structs with memset} Using {\tt memset()} first prevents compiler (or valgrind) warnings about @@ -241,6 +247,11 @@ the interaction with offline key signing mechanism. The remaining disk accesses quite fundamental configuration data (which ports to bind to, configuration to access the database, etc.), and of course the program logic itself. +{\bf Update:} We have also restructured the configuration such that only +the {\tt taler-exchange-transfer} and {\tt taler-exchange-wirewatch} programs +need to have access to the more sensitive bank account configuration data, +and so that these processes can run as a separate user. + \subsection{Avoid dlopen} @@ -270,4 +281,11 @@ provided on a best-effort basis. Fortunately, even a best-effort append-only transaction log would serve to limit the financial damage incurred by the exchange in an active database compromise scenario. +{\bf Update:} We have tightened the installation instructions for the +Taler exchange to guide users towards a more restricted Postgres setup, +tightening which components of the Exchange need what level of access +to the exchange database. + + + \end{document} diff --git a/src/auditor/taler-auditor-dbinit.c b/src/auditor/taler-auditor-dbinit.c index fe5e5310e..ab97b7399 100644 --- a/src/auditor/taler-auditor-dbinit.c +++ b/src/auditor/taler-auditor-dbinit.c @@ -136,14 +136,14 @@ main (int argc, }; enum GNUNET_GenericReturnValue ret; - /* force linker to link against libtalerutil; if we do - not do this, the linker may "optimize" libtalerutil - away and skip #TALER_OS_init(), which we do need */ - (void) TALER_project_data_default (); if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) return EXIT_INVALIDARGUMENT; + /* force linker to link against libtalerutil; if we do + not do this, the linker may "optimize" libtalerutil + away and skip #TALER_OS_init(), which we do need */ + TALER_OS_init (); ret = GNUNET_PROGRAM_run ( argc, argv, "taler-auditor-dbinit", diff --git a/src/auditor/taler-auditor-httpd.c b/src/auditor/taler-auditor-httpd.c index da17e7698..57165ef03 100644 --- a/src/auditor/taler-auditor-httpd.c +++ b/src/auditor/taler-auditor-httpd.c @@ -571,6 +571,7 @@ main (int argc, int fh = -1; enum TALER_MHD_GlobalOptions go; + TALER_OS_init (); { int ret; diff --git a/src/auditor/taler-auditor-sync.c b/src/auditor/taler-auditor-sync.c index ad55d7ccd..79135230f 100644 --- a/src/auditor/taler-auditor-sync.c +++ b/src/auditor/taler-auditor-sync.c @@ -593,6 +593,7 @@ main (int argc, GNUNET_GETOPT_OPTION_END }; + TALER_OS_init (); TALER_gcrypt_init (); /* must trigger initialization manually at this point! */ { int ret; diff --git a/src/bank-lib/bank_api_admin.c b/src/bank-lib/bank_api_admin.c index 2a8559b2f..702b3187f 100644 --- a/src/bank-lib/bank_api_admin.c +++ b/src/bank-lib/bank_api_admin.c @@ -129,6 +129,11 @@ handle_admin_add_incoming_finished (void *cls, We should pass the JSON reply to the application */ ec = TALER_JSON_get_error_code (j); break; + case MHD_HTTP_CONFLICT: + /* Nothign to verify, we used the same wire subject + twice? */ + ec = TALER_JSON_get_error_code (j); + break; case MHD_HTTP_INTERNAL_SERVER_ERROR: /* Server had an internal issue; we should retry, but this API leaves this to the application */ diff --git a/src/bank-lib/fakebank.c b/src/bank-lib/fakebank.c index 0e726e77c..8c5a90fec 100644 --- a/src/bank-lib/fakebank.c +++ b/src/bank-lib/fakebank.c @@ -824,7 +824,7 @@ make_admin_transfer ( if (NULL != t) { /* duplicate reserve public key not allowed */ - GNUNET_break (0); + GNUNET_break_op (0); return GNUNET_NO; } @@ -1074,7 +1074,7 @@ handle_admin_add_incoming (struct TALER_FAKEBANK_Handle *h, GNUNET_free (debit); if (GNUNET_OK != ret) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Reserve public key not unique\n"); return TALER_MHD_reply_with_error ( connection, diff --git a/src/exchange-tools/taler-auditor-offline.c b/src/exchange-tools/taler-auditor-offline.c index 0fbd82baa..45bf271b4 100644 --- a/src/exchange-tools/taler-auditor-offline.c +++ b/src/exchange-tools/taler-auditor-offline.c @@ -1454,14 +1454,14 @@ main (int argc, }; enum GNUNET_GenericReturnValue ret; - /* force linker to link against libtalerutil; if we do - not do this, the linker may "optimize" libtalerutil - away and skip #TALER_OS_init(), which we do need */ - (void) TALER_project_data_default (); if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) return EXIT_INVALIDARGUMENT; + /* force linker to link against libtalerutil; if we do + not do this, the linker may "optimize" libtalerutil + away and skip #TALER_OS_init(), which we do need */ + TALER_OS_init (); ret = GNUNET_PROGRAM_run ( argc, argv, "taler-auditor-offline", diff --git a/src/exchange-tools/taler-exchange-dbinit.c b/src/exchange-tools/taler-exchange-dbinit.c index 3f5542b28..42794b35e 100644 --- a/src/exchange-tools/taler-exchange-dbinit.c +++ b/src/exchange-tools/taler-exchange-dbinit.c @@ -120,14 +120,14 @@ main (int argc, }; enum GNUNET_GenericReturnValue ret; - /* force linker to link against libtalerutil; if we do - not do this, the linker may "optimize" libtalerutil - away and skip #TALER_OS_init(), which we do need */ - (void) TALER_project_data_default (); if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) return EXIT_INVALIDARGUMENT; + /* force linker to link against libtalerutil; if we do + not do this, the linker may "optimize" libtalerutil + away and skip #TALER_OS_init(), which we do need */ + TALER_OS_init (); ret = GNUNET_PROGRAM_run ( argc, argv, "taler-exchange-dbinit", diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c index 020c11404..4558f00bd 100644 --- a/src/exchange-tools/taler-exchange-offline.c +++ b/src/exchange-tools/taler-exchange-offline.c @@ -3456,6 +3456,7 @@ main (int argc, GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) return EXIT_INVALIDARGUMENT; + TALER_OS_init (); ret = GNUNET_PROGRAM_run ( argc, argv, "taler-exchange-offline", diff --git a/src/exchange/taler-exchange-aggregator.c b/src/exchange/taler-exchange-aggregator.c index a2ea65c37..5da0a8094 100644 --- a/src/exchange/taler-exchange-aggregator.c +++ b/src/exchange/taler-exchange-aggregator.c @@ -1013,6 +1013,7 @@ main (int argc, GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) return EXIT_INVALIDARGUMENT; + TALER_OS_init (); ret = GNUNET_PROGRAM_run ( argc, argv, "taler-exchange-aggregator", diff --git a/src/exchange/taler-exchange-closer.c b/src/exchange/taler-exchange-closer.c index d14bedaca..89e439998 100644 --- a/src/exchange/taler-exchange-closer.c +++ b/src/exchange/taler-exchange-closer.c @@ -547,6 +547,7 @@ main (int argc, GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) return EXIT_INVALIDARGUMENT; + TALER_OS_init (); ret = GNUNET_PROGRAM_run ( argc, argv, "taler-exchange-closer", diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index ca058f0b7..d0d8b9533 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -1669,6 +1669,7 @@ main (int argc, int fh = -1; enum TALER_MHD_GlobalOptions go; + TALER_OS_init (); ret = GNUNET_GETOPT_run ("taler-exchange-httpd", options, argc, argv); diff --git a/src/exchange/taler-exchange-transfer.c b/src/exchange/taler-exchange-transfer.c index a242547b8..567943437 100644 --- a/src/exchange/taler-exchange-transfer.c +++ b/src/exchange/taler-exchange-transfer.c @@ -559,6 +559,7 @@ main (int argc, GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) return EXIT_INVALIDARGUMENT; + TALER_OS_init (); ret = GNUNET_PROGRAM_run ( argc, argv, "taler-exchange-transfer", diff --git a/src/exchange/taler-exchange-wirewatch.c b/src/exchange/taler-exchange-wirewatch.c index 6e40fc001..cc99e42c3 100644 --- a/src/exchange/taler-exchange-wirewatch.c +++ b/src/exchange/taler-exchange-wirewatch.c @@ -768,6 +768,7 @@ main (int argc, GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) return EXIT_INVALIDARGUMENT; + TALER_OS_init (); ret = GNUNET_PROGRAM_run ( argc, argv, "taler-exchange-wirewatch", diff --git a/src/include/taler_util.h b/src/include/taler_util.h index 59824a521..79e247791 100644 --- a/src/include/taler_util.h +++ b/src/include/taler_util.h @@ -175,6 +175,13 @@ TALER_project_data_default (void); /** + * Initialize libtalerutil. + */ +void +TALER_OS_init (void); + + +/** * URL-encode a string according to rfc3986. * * @param s string to encode diff --git a/src/util/taler-exchange-secmod-eddsa.c b/src/util/taler-exchange-secmod-eddsa.c index 5ca50f062..dc2d35d13 100644 --- a/src/util/taler-exchange-secmod-eddsa.c +++ b/src/util/taler-exchange-secmod-eddsa.c @@ -1680,7 +1680,7 @@ main (int argc, /* force linker to link against libtalerutil; if we do not do this, the linker may "optimize" libtalerutil away and skip #TALER_OS_init(), which we do need */ - GNUNET_OS_init (TALER_project_data_default ()); + TALER_OS_init (); now = now_tmp = GNUNET_TIME_absolute_get (); ret = GNUNET_PROGRAM_run (argc, argv, "taler-exchange-secmod-eddsa", diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c index 35bd78902..2aabaddc0 100644 --- a/src/util/taler-exchange-secmod-rsa.c +++ b/src/util/taler-exchange-secmod-rsa.c @@ -2081,7 +2081,7 @@ main (int argc, /* force linker to link against libtalerutil; if we do not do this, the linker may "optimize" libtalerutil away and skip #TALER_OS_init(), which we do need */ - GNUNET_OS_init (TALER_project_data_default ()); + TALER_OS_init (); now = now_tmp = GNUNET_TIME_absolute_get (); ret = GNUNET_PROGRAM_run (argc, argv, "taler-exchange-secmod-rsa", |