add taler-merchant-passwd

author: Christian Grothoff <grothoff@gnunet.org> 2023-10-05 10:00:49 +0200
committer: Christian Grothoff <grothoff@gnunet.org> 2023-10-05 10:00:49 +0200
commit: 4183dd19e4e8048a500501059617ad68fadab66d (patch)
tree: 9e9dec7c8182f5e1c976fb7f59a0109003472d8d
parent: d05295c240865e4dc2926caa1a22c7381219e5cd (diff)
3 files changed, 199 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index ed40a189..b8f96343 100644
--- a/.gitignore
+++ b/.gitignore
@@ -82,3 +82,4 @@ doc/stamp-vti
 doc/mdate-sh
 doc/texinfo.tex
 .private-key
+src/merchant-tools/taler-merchant-passwd
diff --git a/src/merchant-tools/Makefile.am b/src/merchant-tools/Makefile.am
index e08bd1e3..7c28e9ee 100644
--- a/src/merchant-tools/Makefile.am
+++ b/src/merchant-tools/Makefile.am
@@ -9,6 +9,7 @@ endif
 bin_PROGRAMS = \
   taler-merchant-dbinit \
   taler-merchant-setup-reserve \
+  taler-merchant-passwd \
   taler-merchant-benchmark
 
 EXTRA_DIST = \
@@ -47,6 +48,16 @@ taler_merchant_dbinit_LDADD = \
   -lgnunetutil \
   $(XLIB)
 
+taler_merchant_passwd_SOURCES = \
+  taler-merchant-passwd.c
+taler_merchant_passwd_LDADD = \
+  $(LIBGCRYPT_LIBS) \
+  $(top_builddir)/src/backenddb/libtalermerchantdb.la \
+  -ltalerutil \
+  -ltalerpq \
+  -lgnunetutil \
+  $(XLIB)
+
 taler_merchant_setup_reserve_SOURCES = \
   taler-merchant-setup-reserve.c
 taler_merchant_setup_reserve_LDADD = \
diff --git a/src/merchant-tools/taler-merchant-passwd.c b/src/merchant-tools/taler-merchant-passwd.c
new file mode 100644
index 00000000..bfd6534d
--- /dev/null
+++ b/src/merchant-tools/taler-merchant-passwd.c
@@ -0,0 +1,187 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2023 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file merchant-tools/taler-merchant-passwd.c
+ * @brief Reset access tokens for instances.
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_util.h>
+#include <taler/taler_dbevents.h>
+#include <gnunet/gnunet_util_lib.h>
+#include "taler_merchantdb_lib.h"
+#include "taler_merchantdb_lib.h"
+
+/**
+ * Instance to set password for.
+ */
+static char *instance;
+
+/**
+ * Return value from main().
+ */
+static int global_ret;
+
+/**
+ * Main function that will be run.
+ *
+ * @param cls closure
+ * @param args remaining command-line arguments
+ * @param cfgfile name of the configuration file used (for saving, can be NULL!)
+ * @param config configuration
+ */
+static void
+run (void *cls,
+     char *const *args,
+     const char *cfgfile,
+     const struct GNUNET_CONFIGURATION_Handle *config)
+{
+  struct TALER_MERCHANTDB_Plugin *plugin;
+  struct GNUNET_CONFIGURATION_Handle *cfg;
+  const char *pw = args[0];
+  struct TALER_MERCHANTDB_InstanceAuthSettings ias;
+  enum GNUNET_DB_QueryStatus qs;
+  
+  if (NULL == pw)
+    pw = getenv ("TALER_MERCHANT_PASSWORD");
+  if (NULL == pw)
+  {
+    fprintf (stderr,
+             "New password not specified (pass on command-line or via TALER_MERCHANT_PASSWORD)\n");
+    global_ret = -1;
+    return;
+  }
+  if (NULL == instance)
+    instance = GNUNET_strdup ("default");
+  cfg = GNUNET_CONFIGURATION_dup (config);
+  if (NULL ==
+      (plugin = TALER_MERCHANTDB_plugin_load (cfg)))
+  {
+    fprintf (stderr,
+             "Failed to initialize database plugin.\n");
+    global_ret = 1;
+    GNUNET_CONFIGURATION_destroy (cfg);
+    return;
+  }
+
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+                              &ias.auth_salt,
+                              sizeof (ias.auth_salt));
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CRYPTO_kdf (&ias.auth_hash,
+                                    sizeof (ias.auth_hash),
+                                    &ias.auth_salt,
+                                    sizeof (ias.auth_salt),
+                                    pw,
+                                    strlen (pw),
+                                    "merchant-instance-auth",
+                                    strlen ("merchant-instance-auth"),
+                                    NULL,
+                                    0));
+  if (GNUNET_OK !=
+      plugin->connect (plugin->cls))
+  {
+    fprintf (stderr,
+             "Failed to connect to database\n");
+    global_ret = 1;
+    TALER_MERCHANTDB_plugin_unload (plugin);
+    GNUNET_CONFIGURATION_destroy (cfg);
+    return;
+  }
+  qs = plugin->update_instance_auth (plugin->cls,
+                                     instance,
+                                     &ias);
+  switch (qs)
+  {
+  case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
+    {
+      struct GNUNET_DB_EventHeaderP es = {
+        .size = ntohs (sizeof (es)),
+        .type = ntohs (TALER_DBEVENT_MERCHANT_INSTANCE_SETTINGS)
+      };
+      
+      plugin->event_notify (plugin->cls,
+                            &es,
+                            instance,
+                            strlen (instance) + 1);
+    }
+    break;
+  case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+    fprintf (stderr,
+             "Instance `%s' unknown, cannot reset token\n",
+             instance);
+    global_ret = 2;
+    break;
+  case GNUNET_DB_STATUS_SOFT_ERROR:
+  case GNUNET_DB_STATUS_HARD_ERROR:
+    fprintf (stderr,
+             "Internal database error.\n");
+    global_ret = 3;
+    break;
+  }
+  TALER_MERCHANTDB_plugin_unload (plugin);
+  GNUNET_CONFIGURATION_destroy (cfg);
+}
+
+
+/**
+ * The main function of the database initialization tool.
+ * Used to initialize the Taler Exchange's database.
+ *
+ * @param argc number of arguments from the command line
+ * @param argv command line arguments
+ * @return 0 ok, 1 on error
+ */
+int
+main (int argc,
+      char *const *argv)
+{
+  struct GNUNET_GETOPT_CommandLineOption options[] = {
+    GNUNET_GETOPT_option_string ('i',
+                                 "instance",
+                                 "ID",
+                                 "which instance to reset the password of",
+                                 &instance),
+
+    GNUNET_GETOPT_option_version (PACKAGE_VERSION "-" VCS_VERSION),
+    GNUNET_GETOPT_OPTION_END
+  };
+  enum GNUNET_GenericReturnValue ret;
+
+  /* force linker to link against libtalerutil; if we do
+     not do this, the linker may "optimize" libtalerutil
+     away and skip #TALER_OS_init(), which we do need */
+  (void) TALER_project_data_default ();
+  if (GNUNET_OK !=
+      GNUNET_STRINGS_get_utf8_args (argc, argv,
+                                    &argc, &argv))
+    return 4;
+  ret = GNUNET_PROGRAM_run (
+    argc, argv,
+    "taler-merchant-passwd",
+    gettext_noop ("Reset instance password"),
+    options,
+    &run, NULL);
+  GNUNET_free_nz ((void *) argv);
+  if (GNUNET_SYSERR == ret)
+    return 3;
+  if (GNUNET_NO == ret)
+    return 0;
+  return global_ret;
+}
+
+
+/* end of taler-merchant-passwd.c */
author	Christian Grothoff <grothoff@gnunet.org>	2023-10-05 10:00:49 +0200
committer	Christian Grothoff <grothoff@gnunet.org>	2023-10-05 10:00:49 +0200
commit	4183dd19e4e8048a500501059617ad68fadab66d (patch)
tree	9e9dec7c8182f5e1c976fb7f59a0109003472d8d
parent	d05295c240865e4dc2926caa1a22c7381219e5cd (diff)