taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix auditor issues

Browse Source
This commit is contained in:
Christian Grothoff 2020-01-19 21:51:13 +01:00
parent c48e4a8a06
commit 6445558065
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
4 changed files with 541 additions and 512 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
contrib/auditor-report.tex.j2
View File

@ -223,7 +223,11 @@ the tiny threshold. Below, we report {\em non-tiny} wire transfers that are lagg
\nopagebreak \nopagebreak
\multicolumn{4}{l}{ {\tt \small {{ item.coin_pub }} } } \\ \multicolumn{4}{l}{ {\tt \small {{ item.coin_pub }} } } \\
\nopagebreak \nopagebreak
\multicolumn{4}{l}{ {\tt {{ item.account.url }} } } \\ \hline \multicolumn{4}{l}{ {\tt
{% if 'payto_uri' in item.account %}
{{ item.account.payto_uri }}
{% endif %}
} } \\ \hline
{% endfor %} {% endfor %}
\end{longtable} \end{longtable}
{% endif %} {% endif %}
@ -269,7 +273,11 @@ Note that some minimal lag may be normal as transactions may be in-flight.
\nopagebreak \nopagebreak
\multicolumn{3}{l}{ {\tt \small {{ item.wtid }} } } \\ \multicolumn{3}{l}{ {\tt \small {{ item.wtid }} } } \\
\nopagebreak \nopagebreak
\multicolumn{3}{l}{ {\tt {{ item.account }} } } \\ \hline \multicolumn{3}{l}{ {\tt
{% if 'payto_uri' in item.account %}
{{ item.account.payto_uri }}
{% endif %}
} } \\ \hline
{% endfor %} {% endfor %}
\end{longtable} \end{longtable}
{% endif %} {% endif %}

948
src/auditor/auditor-basedb.sql
View File

File diff suppressed because it is too large Load Diff

26
src/auditor/taler-auditor.c
View File

@ -4158,9 +4158,17 @@ deposit_cb (void *cls,
TALER_JSON_merchant_wire_signature_hash (receiver_wire_account, TALER_JSON_merchant_wire_signature_hash (receiver_wire_account,
&dr.h_wire)) &dr.h_wire))
{ {
GNUNET_break (0); report (report_bad_sig_losses,
cc->qs = GNUNET_DB_STATUS_HARD_ERROR; json_pack ("{s:s, s:I, s:o, s:o}",
return GNUNET_SYSERR; "operation", "deposit",
"row", (json_int_t) rowid,
"loss", TALER_JSON_from_amount (amount_with_fee),
"key_pub", GNUNET_JSON_from_data_auto (coin_pub)));
GNUNET_break (GNUNET_OK ==
TALER_amount_add (&total_bad_sig_loss,
&total_bad_sig_loss,
amount_with_fee));
return GNUNET_OK;
} }
dr.timestamp = GNUNET_TIME_absolute_hton (timestamp); dr.timestamp = GNUNET_TIME_absolute_hton (timestamp);
dr.refund_deadline = GNUNET_TIME_absolute_hton (refund_deadline); dr.refund_deadline = GNUNET_TIME_absolute_hton (refund_deadline);
@ -4704,6 +4712,8 @@ analyze_coins (void *cls)
GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
return qs; return qs;
} }
if (0 > cc.qs)
return cc.qs;
/* process refunds */ /* process refunds */
if (0 > if (0 >
@ -4716,6 +4726,8 @@ analyze_coins (void *cls)
GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
return qs; return qs;
} }
if (0 > cc.qs)
return cc.qs;
/* process refreshs */ /* process refreshs */
if (0 > if (0 >
@ -4728,6 +4740,8 @@ analyze_coins (void *cls)
GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
return qs; return qs;
} }
if (0 > cc.qs)
return cc.qs;
/* process deposits */ /* process deposits */
if (0 > if (0 >
@ -4740,6 +4754,8 @@ analyze_coins (void *cls)
GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
return qs; return qs;
} }
if (0 > cc.qs)
return cc.qs;
/* process recoups */ /* process recoups */
if (0 > if (0 >
@ -4752,6 +4768,8 @@ analyze_coins (void *cls)
GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
return qs; return qs;
} }
if (0 > cc.qs)
return cc.qs;
if (0 > if (0 >
(qs = edb->select_recoup_refresh_above_serial_id (edb->cls, (qs = edb->select_recoup_refresh_above_serial_id (edb->cls,
esession, esession,
@ -4763,6 +4781,8 @@ analyze_coins (void *cls)
GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
return qs; return qs;
} }
if (0 > cc.qs)
return cc.qs;
/* sync 'cc' back to disk */ /* sync 'cc' back to disk */
cc.qs = GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; cc.qs = GNUNET_DB_STATUS_SUCCESS_ONE_RESULT;

67
src/auditor/test-auditor.sh
View File

@ -9,7 +9,7 @@ set -eu
# Set of numbers for all the testcases. # Set of numbers for all the testcases.
# When adding new tests, increase the last number: # When adding new tests, increase the last number:
ALL_TESTS=`seq 0 25` ALL_TESTS=`seq 0 26`
# $TESTS determines which tests we should run. # $TESTS determines which tests we should run.
# This construction is used to make it easy to # This construction is used to make it easy to
@ -408,9 +408,9 @@ function test_4() {
echo "===========4: deposit wire target wrong=================" echo "===========4: deposit wire target wrong================="
# Original target bank account was 43, changing to 44 # Original target bank account was 43, changing to 44
SERIAL=`echo "SELECT deposit_serial_id FROM deposits WHERE amount_with_fee_val=0 AND amount_with_fee_frac=10000000 ORDER BY deposit_serial_id LIMIT 1" | psql $DB -Aqt` SERIAL=`echo "SELECT deposit_serial_id FROM deposits WHERE amount_with_fee_val=3 AND amount_with_fee_frac=0 ORDER BY deposit_serial_id LIMIT 1" | psql $DB -Aqt`
OLD_WIRE=`echo "SELECT wire FROM deposits WHERE deposit_serial_id=${SERIAL};" | psql $DB -Aqt` OLD_WIRE=`echo "SELECT wire FROM deposits WHERE deposit_serial_id=${SERIAL};" | psql $DB -Aqt`
echo "UPDATE deposits SET wire='{\"url\":\"payto://x-taler-bank/localhost:8082/44\",\"salt\":\"test-salt\"}' WHERE deposit_serial_id=${SERIAL}" | psql -Aqt $DB echo "UPDATE deposits SET wire='{\"payto_uri\":\"payto://x-taler-bank/localhost:8082/44\",\"salt\":\"test-salt\"}' WHERE deposit_serial_id=${SERIAL}" | psql -Aqt $DB
run_audit run_audit
@ -425,7 +425,7 @@ then
fi fi
LOSS=`jq -r .bad_sig_losses[0].loss < test-audit.json` LOSS=`jq -r .bad_sig_losses[0].loss < test-audit.json`
if test $LOSS != "TESTKUDOS:0.1" if test $LOSS != "TESTKUDOS:3"
then then
exit_fail "Wrong deposit bad signature loss, got $LOSS" exit_fail "Wrong deposit bad signature loss, got $LOSS"
fi fi
@ -437,7 +437,7 @@ then
fi fi
LOSS=`jq -r .total_bad_sig_loss < test-audit.json` LOSS=`jq -r .total_bad_sig_loss < test-audit.json`
if test $LOSS != "TESTKUDOS:0.1" if test $LOSS != "TESTKUDOS:3"
then then
exit_fail "Wrong total bad sig loss, got $LOSS" exit_fail "Wrong total bad sig loss, got $LOSS"
fi fi
@ -455,7 +455,7 @@ echo "UPDATE deposits SET wire='$OLD_WIRE' WHERE deposit_serial_id=${SERIAL}" |
function test_5() { function test_5() {
echo "===========5: deposit contract hash wrong=================" echo "===========5: deposit contract hash wrong================="
# Modify h_wire hash, so it is inconsistent with 'wire' # Modify h_wire hash, so it is inconsistent with 'wire'
SERIAL=`echo "SELECT deposit_serial_id FROM deposits WHERE amount_with_fee_val=0 AND amount_with_fee_frac=10000000 ORDER BY deposit_serial_id LIMIT 1" | psql $DB -Aqt` SERIAL=`echo "SELECT deposit_serial_id FROM deposits WHERE amount_with_fee_val=3 AND amount_with_fee_frac=0 ORDER BY deposit_serial_id LIMIT 1" | psql $DB -Aqt`
OLD_H=`echo "SELECT h_contract_terms FROM deposits WHERE deposit_serial_id=$SERIAL;" | psql $DB -Aqt` OLD_H=`echo "SELECT h_contract_terms FROM deposits WHERE deposit_serial_id=$SERIAL;" | psql $DB -Aqt`
echo "UPDATE deposits SET h_contract_terms='\x12bb676444955c98789f219148aa31899d8c354a63330624d3d143222cf3bb8b8e16f69accd5a8773127059b804c1955696bf551dd7be62719870613332aa8d5' WHERE deposit_serial_id=$SERIAL" | psql -Aqt $DB echo "UPDATE deposits SET h_contract_terms='\x12bb676444955c98789f219148aa31899d8c354a63330624d3d143222cf3bb8b8e16f69accd5a8773127059b804c1955696bf551dd7be62719870613332aa8d5' WHERE deposit_serial_id=$SERIAL" | psql -Aqt $DB
@ -469,7 +469,7 @@ then
fi fi
LOSS=`jq -r .bad_sig_losses[0].loss < test-audit.json` LOSS=`jq -r .bad_sig_losses[0].loss < test-audit.json`
if test $LOSS != "TESTKUDOS:0.1" if test $LOSS != "TESTKUDOS:3"
then then
exit_fail "Wrong deposit bad signature loss, got $LOSS" exit_fail "Wrong deposit bad signature loss, got $LOSS"
fi fi
@ -481,7 +481,7 @@ then
fi fi
LOSS=`jq -r .total_bad_sig_loss < test-audit.json` LOSS=`jq -r .total_bad_sig_loss < test-audit.json`
if test $LOSS != "TESTKUDOS:0.1" if test $LOSS != "TESTKUDOS:3"
then then
exit_fail "Wrong total bad sig loss, got $LOSS" exit_fail "Wrong total bad sig loss, got $LOSS"
fi fi
@ -511,7 +511,7 @@ then
fi fi
LOSS=`jq -r .bad_sig_losses[0].loss < test-audit.json` LOSS=`jq -r .bad_sig_losses[0].loss < test-audit.json`
if test $LOSS != "TESTKUDOS:0.1" if test $LOSS == "TESTKUDOS:0"
then then
exit_fail "Wrong deposit bad signature loss, got $LOSS" exit_fail "Wrong deposit bad signature loss, got $LOSS"
fi fi
@ -523,7 +523,7 @@ then
fi fi
LOSS=`jq -r .total_bad_sig_loss < test-audit.json` LOSS=`jq -r .total_bad_sig_loss < test-audit.json`
if test $LOSS != "TESTKUDOS:0.1" if test $LOSS == "TESTKUDOS:0"
then then
exit_fail "Wrong total bad sig loss, got $LOSS" exit_fail "Wrong total bad sig loss, got $LOSS"
fi fi
@ -1429,9 +1429,54 @@ fi
} }
# Test for deposit wire target malformed
function test_26() {
echo "===========26: deposit wire target malformed ================="
# Expects 'payto_uri', not 'url' (also breaks signature, but we cannot even check that).
SERIAL=`echo "SELECT deposit_serial_id FROM deposits WHERE amount_with_fee_val=3 AND amount_with_fee_frac=0 ORDER BY deposit_serial_id LIMIT 1" | psql $DB -Aqt`
OLD_WIRE=`echo "SELECT wire FROM deposits WHERE deposit_serial_id=${SERIAL};" | psql $DB -Aqt`
echo "UPDATE deposits SET wire='{\"url\":\"payto://x-taler-bank/localhost:8082/44\",\"salt\":\"test-salt\"}' WHERE deposit_serial_id=${SERIAL}" | psql -Aqt $DB
run_audit
echo -n "Testing inconsistency detection... "
jq -e .bad_sig_losses[0] < test-audit.json > /dev/null || exit_fail "Bad signature not detected"
ROW=`jq -e .bad_sig_losses[0].row < test-audit.json`
if test $ROW != ${SERIAL}
then
exit_fail "Row wrong, got $ROW"
fi
LOSS=`jq -r .bad_sig_losses[0].loss < test-audit.json`
if test $LOSS != "TESTKUDOS:3"
then
exit_fail "Wrong deposit bad signature loss, got $LOSS"
fi
OP=`jq -r .bad_sig_losses[0].operation < test-audit.json`
if test $OP != "deposit"
then
exit_fail "Wrong operation, got $OP"
fi
LOSS=`jq -r .total_bad_sig_loss < test-audit.json`
if test $LOSS != "TESTKUDOS:3"
then
exit_fail "Wrong total bad sig loss, got $LOSS"
fi
echo PASS
# Undo:
echo "UPDATE deposits SET wire='$OLD_WIRE' WHERE deposit_serial_id=${SERIAL}" | psql -Aqt $DB
}
# ************************************************** # **************************************************
# TODO: Add tests for revocation (payback, accepting of coins despite revocation) HERE! # TODO: Add tests for revocation (payback, accepting of coins despite revocation) HERE! #6053
# ************************************************** # **************************************************