taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

implementing #3819: check for inconsistent deposit request

Browse Source
This commit is contained in:
Christian Grothoff 2015-06-12 11:47:01 +02:00
parent 006c55b3de
commit 9891cafe12
2 changed files with 55 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/include/taler_mintdb_plugin.h
View File

@ -813,7 +813,10 @@ struct TALER_MINTDB_Plugin
* @param deposit deposit to search for * @param deposit deposit to search for
* @return #GNUNET_YES if we know this operation, * @return #GNUNET_YES if we know this operation,
* #GNUNET_NO if this deposit is unknown to us, * #GNUNET_NO if this deposit is unknown to us,
* #GNUNET_SYSERR on internal error * #GNUNET_SYSERR on DB error or if same coin(pub), merchant(pub) and
* transaction ID are already in DB, but for different
* other transaction details (contract, wiring details,
* amount, etc.)
*/ */
int int
(*have_deposit) (void *cls, (*have_deposit) (void *cls,

69
src/mintdb/plugin_mintdb_postgres.c
View File

@ -797,18 +797,13 @@ postgres_prepare (PGconn *db_conn)
during /deposit processing. Used in #postgres_have_deposit(). */ during /deposit processing. Used in #postgres_have_deposit(). */
PREPARE ("get_deposit", PREPARE ("get_deposit",
"SELECT" "SELECT"
" denom_pub" /* Note: not actually used (yet), #3819 */ " amount_with_fee_val" /* Note: not actually used (yet), #3819 */
",amount_with_fee_val" /* Note: not actually used (yet), #3819 */
",amount_with_fee_frac" /* Note: not actually used (yet), #3819 */ ",amount_with_fee_frac" /* Note: not actually used (yet), #3819 */
",amount_with_fee_curr" /* Note: not actually used (yet), #3819 */ ",amount_with_fee_curr" /* Note: not actually used (yet), #3819 */
",deposit_fee_val" /* Note: not actually used (yet), #3819 */
",deposit_fee_frac" /* Note: not actually used (yet), #3819 */
",deposit_fee_curr" /* Note: not actually used (yet), #3819 */
",timestamp" /* Note: not actually used (yet), #3819 */ ",timestamp" /* Note: not actually used (yet), #3819 */
",refund_deadline" /* Note: not actually used (yet), #3819 */ ",refund_deadline" /* Note: not actually used (yet), #3819 */
",h_contract" /* Note: not actually used (yet), #3819 */ ",h_contract" /* Note: not actually used (yet), #3819 */
",h_wire" /* Note: not actually used (yet), #3819 */ ",h_wire" /* Note: not actually used (yet), #3819 */
",coin_sig" /* Note: not actually used (yet), #3819 */
" FROM deposits" " FROM deposits"
" WHERE (" " WHERE ("
" (coin_pub=$1) AND" " (coin_pub=$1) AND"
@ -1759,6 +1754,10 @@ postgres_get_reserve_history (void *cls,
* @param deposit deposit to search for * @param deposit deposit to search for
* @return #GNUNET_YES if we know this operation, * @return #GNUNET_YES if we know this operation,
* #GNUNET_NO if this deposit is unknown to us * #GNUNET_NO if this deposit is unknown to us
* #GNUNET_SYSERR on DB error or if same coin(pub), merchant(pub) and
* transaction ID are already in DB, but for different
* other transaction details (contract, wiring details,
* amount, etc.)
*/ */
static int static int
postgres_have_deposit (void *cls, postgres_have_deposit (void *cls,
@ -1772,9 +1771,7 @@ postgres_have_deposit (void *cls,
TALER_PQ_query_param_end TALER_PQ_query_param_end
}; };
PGresult *result; PGresult *result;
int ret;
ret = GNUNET_SYSERR;
result = TALER_PQ_exec_prepared (session->conn, result = TALER_PQ_exec_prepared (session->conn,
"get_deposit", "get_deposit",
params); params);
@ -1782,16 +1779,54 @@ postgres_have_deposit (void *cls,
PQresultStatus (result)) PQresultStatus (result))
{ {
BREAK_DB_ERR (result); BREAK_DB_ERR (result);
goto cleanup;
}
ret = (0 == PQntuples (result)) ? GNUNET_NO : GNUNET_YES;
/* NOTE: maybe check that the other information in @a deposit
also matches, and if not report inconsistencies? Right now,
if the merchant re-uses a transaction ID, the mint silently
ignores the second request (not ideal..., #3819) */
cleanup:
PQclear (result); PQclear (result);
return ret; return GNUNET_SYSERR;
}
if (0 == PQntuples (result))
{
PQclear (result);
return GNUNET_NO;
}
/* Now we check that the other information in @a deposit
also matches, and if not report inconsistencies. */
{
struct TALER_MINTDB_Deposit deposit2 = *deposit;
struct TALER_PQ_ResultSpec rs[] = {
TALER_PQ_result_spec_amount ("amount_with_fee",
&deposit2.amount_with_fee),
TALER_PQ_result_spec_absolute_time ("timestamp",
&deposit2.timestamp),
TALER_PQ_result_spec_absolute_time ("refund_deadline",
&deposit2.refund_deadline),
TALER_PQ_result_spec_auto_from_type ("h_contract",
&deposit2.h_contract),
TALER_PQ_result_spec_auto_from_type ("h_wire",
&deposit2.h_wire),
TALER_PQ_result_spec_end
};
if (GNUNET_OK !=
TALER_PQ_extract_result (result, rs, 0))
{
GNUNET_break (0);
PQclear (result);
return GNUNET_SYSERR;
}
if (0 != memcmp (&deposit2,
deposit,
sizeof (struct TALER_MINTDB_Deposit)))
{
/* Inconsistencies detected! Bug in merchant! (We might want to
expand the API with a 'get_deposit' function to return the
original transaction details to be used for an error message
in the future!) #3838 */
GNUNET_break_op (0);
PQclear (result);
return GNUNET_SYSERR;
}
}
PQclear (result);
return GNUNET_YES;
} }