aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-08-08 16:45:32 +0200
committerChristian Grothoff <christian@grothoff.org>2021-08-08 16:45:32 +0200
commitb58605a79d955d97f3df8381a4df156d04d3f9cc (patch)
tree8f3eabbf1d08c78994dcaf96ea2089e3901c4427
parent7fd4f1d8463e324ab850b6c3c92c045b68906efc (diff)
introduce TALER_OS_init() to safely handle static linkage
-rw-r--r--debian/etc-taler-exchange/taler/conf.d/exchange-business.conf4
-rw-r--r--doc/audit/response-202109.tex (renamed from doc/audit/response-202012.tex)20
-rw-r--r--src/auditor/taler-auditor-dbinit.c8
-rw-r--r--src/auditor/taler-auditor-httpd.c1
-rw-r--r--src/auditor/taler-auditor-sync.c1
-rw-r--r--src/bank-lib/bank_api_admin.c5
-rw-r--r--src/bank-lib/fakebank.c4
-rw-r--r--src/exchange-tools/taler-auditor-offline.c8
-rw-r--r--src/exchange-tools/taler-exchange-dbinit.c8
-rw-r--r--src/exchange-tools/taler-exchange-offline.c1
-rw-r--r--src/exchange/taler-exchange-aggregator.c1
-rw-r--r--src/exchange/taler-exchange-closer.c1
-rw-r--r--src/exchange/taler-exchange-httpd.c1
-rw-r--r--src/exchange/taler-exchange-transfer.c1
-rw-r--r--src/exchange/taler-exchange-wirewatch.c1
-rw-r--r--src/include/taler_util.h7
-rw-r--r--src/util/taler-exchange-secmod-eddsa.c2
-rw-r--r--src/util/taler-exchange-secmod-rsa.c2
18 files changed, 59 insertions, 17 deletions
diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
index 6958d6686..554852a14 100644
--- a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
+++ b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
@@ -26,6 +26,10 @@ BASE_URL =
enable_credit = yes
enable_debit = yes
+
+# Account identifier in the form of an RFC-8905 payto:// URI.
+# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
+# Make sure to URL-encode spaces in $NAME!
payto_uri =
# Credentials to access the account are in a separate
diff --git a/doc/audit/response-202012.tex b/doc/audit/response-202109.tex
index 90bd59544..43ed6a636 100644
--- a/doc/audit/response-202012.tex
+++ b/doc/audit/response-202109.tex
@@ -4,7 +4,7 @@
%\topmargin=-0.2in
\usepackage[ansinew]{inputenc}
-\usepackage{makeidx,amsmath,amssymb,exscale,multicol,epsfig,graphics}
+\usepackage{makeidx,amsmath,amssymb,exscale,multicol,epsfig,graphics,url}
\begin{document}
\pagestyle{headings}
@@ -138,6 +138,12 @@ use callbacks {\em excessively}. Rewriting the code in another language
may indeed make this part easier to understand, alas would have other
disadvantages as pointed out previously.
+{\bf Update:} We introduced additional functions to replace
+variadic calls to functions that cannot be type-checked by
+the compiler (like libjansson's {\tt json\_pack()}) with
+type-safe versions (like the new {\tt GNUNET\_JSON\_PACK()}).
+
+
\subsection{Initializing structs with memset}
Using {\tt memset()} first prevents compiler (or valgrind) warnings about
@@ -241,6 +247,11 @@ the interaction with offline key signing mechanism. The remaining disk accesses
quite fundamental configuration data (which ports to bind to, configuration to
access the database, etc.), and of course the program logic itself.
+{\bf Update:} We have also restructured the configuration such that only
+the {\tt taler-exchange-transfer} and {\tt taler-exchange-wirewatch} programs
+need to have access to the more sensitive bank account configuration data,
+and so that these processes can run as a separate user.
+
\subsection{Avoid dlopen}
@@ -270,4 +281,11 @@ provided on a best-effort basis. Fortunately, even a best-effort append-only
transaction log would serve to limit the financial damage incurred by the
exchange in an active database compromise scenario.
+{\bf Update:} We have tightened the installation instructions for the
+Taler exchange to guide users towards a more restricted Postgres setup,
+tightening which components of the Exchange need what level of access
+to the exchange database.
+
+
+
\end{document}
diff --git a/src/auditor/taler-auditor-dbinit.c b/src/auditor/taler-auditor-dbinit.c
index fe5e5310e..ab97b7399 100644
--- a/src/auditor/taler-auditor-dbinit.c
+++ b/src/auditor/taler-auditor-dbinit.c
@@ -136,14 +136,14 @@ main (int argc,
};
enum GNUNET_GenericReturnValue ret;
- /* force linker to link against libtalerutil; if we do
- not do this, the linker may "optimize" libtalerutil
- away and skip #TALER_OS_init(), which we do need */
- (void) TALER_project_data_default ();
if (GNUNET_OK !=
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ /* force linker to link against libtalerutil; if we do
+ not do this, the linker may "optimize" libtalerutil
+ away and skip #TALER_OS_init(), which we do need */
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-auditor-dbinit",
diff --git a/src/auditor/taler-auditor-httpd.c b/src/auditor/taler-auditor-httpd.c
index da17e7698..57165ef03 100644
--- a/src/auditor/taler-auditor-httpd.c
+++ b/src/auditor/taler-auditor-httpd.c
@@ -571,6 +571,7 @@ main (int argc,
int fh = -1;
enum TALER_MHD_GlobalOptions go;
+ TALER_OS_init ();
{
int ret;
diff --git a/src/auditor/taler-auditor-sync.c b/src/auditor/taler-auditor-sync.c
index ad55d7ccd..79135230f 100644
--- a/src/auditor/taler-auditor-sync.c
+++ b/src/auditor/taler-auditor-sync.c
@@ -593,6 +593,7 @@ main (int argc,
GNUNET_GETOPT_OPTION_END
};
+ TALER_OS_init ();
TALER_gcrypt_init (); /* must trigger initialization manually at this point! */
{
int ret;
diff --git a/src/bank-lib/bank_api_admin.c b/src/bank-lib/bank_api_admin.c
index 2a8559b2f..702b3187f 100644
--- a/src/bank-lib/bank_api_admin.c
+++ b/src/bank-lib/bank_api_admin.c
@@ -129,6 +129,11 @@ handle_admin_add_incoming_finished (void *cls,
We should pass the JSON reply to the application */
ec = TALER_JSON_get_error_code (j);
break;
+ case MHD_HTTP_CONFLICT:
+ /* Nothign to verify, we used the same wire subject
+ twice? */
+ ec = TALER_JSON_get_error_code (j);
+ break;
case MHD_HTTP_INTERNAL_SERVER_ERROR:
/* Server had an internal issue; we should retry, but this API
leaves this to the application */
diff --git a/src/bank-lib/fakebank.c b/src/bank-lib/fakebank.c
index 0e726e77c..8c5a90fec 100644
--- a/src/bank-lib/fakebank.c
+++ b/src/bank-lib/fakebank.c
@@ -824,7 +824,7 @@ make_admin_transfer (
if (NULL != t)
{
/* duplicate reserve public key not allowed */
- GNUNET_break (0);
+ GNUNET_break_op (0);
return GNUNET_NO;
}
@@ -1074,7 +1074,7 @@ handle_admin_add_incoming (struct TALER_FAKEBANK_Handle *h,
GNUNET_free (debit);
if (GNUNET_OK != ret)
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Reserve public key not unique\n");
return TALER_MHD_reply_with_error (
connection,
diff --git a/src/exchange-tools/taler-auditor-offline.c b/src/exchange-tools/taler-auditor-offline.c
index 0fbd82baa..45bf271b4 100644
--- a/src/exchange-tools/taler-auditor-offline.c
+++ b/src/exchange-tools/taler-auditor-offline.c
@@ -1454,14 +1454,14 @@ main (int argc,
};
enum GNUNET_GenericReturnValue ret;
- /* force linker to link against libtalerutil; if we do
- not do this, the linker may "optimize" libtalerutil
- away and skip #TALER_OS_init(), which we do need */
- (void) TALER_project_data_default ();
if (GNUNET_OK !=
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ /* force linker to link against libtalerutil; if we do
+ not do this, the linker may "optimize" libtalerutil
+ away and skip #TALER_OS_init(), which we do need */
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-auditor-offline",
diff --git a/src/exchange-tools/taler-exchange-dbinit.c b/src/exchange-tools/taler-exchange-dbinit.c
index 3f5542b28..42794b35e 100644
--- a/src/exchange-tools/taler-exchange-dbinit.c
+++ b/src/exchange-tools/taler-exchange-dbinit.c
@@ -120,14 +120,14 @@ main (int argc,
};
enum GNUNET_GenericReturnValue ret;
- /* force linker to link against libtalerutil; if we do
- not do this, the linker may "optimize" libtalerutil
- away and skip #TALER_OS_init(), which we do need */
- (void) TALER_project_data_default ();
if (GNUNET_OK !=
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ /* force linker to link against libtalerutil; if we do
+ not do this, the linker may "optimize" libtalerutil
+ away and skip #TALER_OS_init(), which we do need */
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-dbinit",
diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c
index 020c11404..4558f00bd 100644
--- a/src/exchange-tools/taler-exchange-offline.c
+++ b/src/exchange-tools/taler-exchange-offline.c
@@ -3456,6 +3456,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-offline",
diff --git a/src/exchange/taler-exchange-aggregator.c b/src/exchange/taler-exchange-aggregator.c
index a2ea65c37..5da0a8094 100644
--- a/src/exchange/taler-exchange-aggregator.c
+++ b/src/exchange/taler-exchange-aggregator.c
@@ -1013,6 +1013,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-aggregator",
diff --git a/src/exchange/taler-exchange-closer.c b/src/exchange/taler-exchange-closer.c
index d14bedaca..89e439998 100644
--- a/src/exchange/taler-exchange-closer.c
+++ b/src/exchange/taler-exchange-closer.c
@@ -547,6 +547,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-closer",
diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c
index ca058f0b7..d0d8b9533 100644
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@@ -1669,6 +1669,7 @@ main (int argc,
int fh = -1;
enum TALER_MHD_GlobalOptions go;
+ TALER_OS_init ();
ret = GNUNET_GETOPT_run ("taler-exchange-httpd",
options,
argc, argv);
diff --git a/src/exchange/taler-exchange-transfer.c b/src/exchange/taler-exchange-transfer.c
index a242547b8..567943437 100644
--- a/src/exchange/taler-exchange-transfer.c
+++ b/src/exchange/taler-exchange-transfer.c
@@ -559,6 +559,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-transfer",
diff --git a/src/exchange/taler-exchange-wirewatch.c b/src/exchange/taler-exchange-wirewatch.c
index 6e40fc001..cc99e42c3 100644
--- a/src/exchange/taler-exchange-wirewatch.c
+++ b/src/exchange/taler-exchange-wirewatch.c
@@ -768,6 +768,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv))
return EXIT_INVALIDARGUMENT;
+ TALER_OS_init ();
ret = GNUNET_PROGRAM_run (
argc, argv,
"taler-exchange-wirewatch",
diff --git a/src/include/taler_util.h b/src/include/taler_util.h
index 59824a521..79e247791 100644
--- a/src/include/taler_util.h
+++ b/src/include/taler_util.h
@@ -175,6 +175,13 @@ TALER_project_data_default (void);
/**
+ * Initialize libtalerutil.
+ */
+void
+TALER_OS_init (void);
+
+
+/**
* URL-encode a string according to rfc3986.
*
* @param s string to encode
diff --git a/src/util/taler-exchange-secmod-eddsa.c b/src/util/taler-exchange-secmod-eddsa.c
index 5ca50f062..dc2d35d13 100644
--- a/src/util/taler-exchange-secmod-eddsa.c
+++ b/src/util/taler-exchange-secmod-eddsa.c
@@ -1680,7 +1680,7 @@ main (int argc,
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
- GNUNET_OS_init (TALER_project_data_default ());
+ TALER_OS_init ();
now = now_tmp = GNUNET_TIME_absolute_get ();
ret = GNUNET_PROGRAM_run (argc, argv,
"taler-exchange-secmod-eddsa",
diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c
index 35bd78902..2aabaddc0 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -2081,7 +2081,7 @@ main (int argc,
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
- GNUNET_OS_init (TALER_project_data_default ());
+ TALER_OS_init ();
now = now_tmp = GNUNET_TIME_absolute_get ();
ret = GNUNET_PROGRAM_run (argc, argv,
"taler-exchange-secmod-rsa",