taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

introduce TALER_OS_init() to safely handle static linkage

Browse Source
This commit is contained in:
Christian Grothoff 2021-08-08 16:45:32 +02:00
parent 7fd4f1d846
commit b58605a79d
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
18 changed files with 59 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
debian/etc-taler-exchange/taler/conf.d/exchange-business.conf vendored
View File

@ -26,6 +26,10 @@ BASE_URL =
enable_credit = yes enable_credit = yes
enable_debit = yes enable_debit = yes
# Account identifier in the form of an RFC-8905 payto:// URI.
# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
# Make sure to URL-encode spaces in $NAME!
payto_uri = payto_uri =
# Credentials to access the account are in a separate # Credentials to access the account are in a separate

20
doc/audit/response-202012.tex → doc/audit/response-202109.tex
View File

@ -4,7 +4,7 @@
%\topmargin=-0.2in %\topmargin=-0.2in
\usepackage[ansinew]{inputenc} \usepackage[ansinew]{inputenc}
\usepackage{makeidx,amsmath,amssymb,exscale,multicol,epsfig,graphics} \usepackage{makeidx,amsmath,amssymb,exscale,multicol,epsfig,graphics,url}
\begin{document} \begin{document}
\pagestyle{headings} \pagestyle{headings}
@ -138,6 +138,12 @@ use callbacks {\em excessively}. Rewriting the code in another language
may indeed make this part easier to understand, alas would have other may indeed make this part easier to understand, alas would have other
disadvantages as pointed out previously. disadvantages as pointed out previously.
{\bf Update:} We introduced additional functions to replace
variadic calls to functions that cannot be type-checked by
the compiler (like libjansson's {\tt json\_pack()}) with
type-safe versions (like the new {\tt GNUNET\_JSON\_PACK()}).
\subsection{Initializing structs with memset} \subsection{Initializing structs with memset}
Using {\tt memset()} first prevents compiler (or valgrind) warnings about Using {\tt memset()} first prevents compiler (or valgrind) warnings about
@ -241,6 +247,11 @@ the interaction with offline key signing mechanism. The remaining disk accesses
quite fundamental configuration data (which ports to bind to, configuration to quite fundamental configuration data (which ports to bind to, configuration to
access the database, etc.), and of course the program logic itself. access the database, etc.), and of course the program logic itself.
{\bf Update:} We have also restructured the configuration such that only
the {\tt taler-exchange-transfer} and {\tt taler-exchange-wirewatch} programs
need to have access to the more sensitive bank account configuration data,
and so that these processes can run as a separate user.
\subsection{Avoid dlopen} \subsection{Avoid dlopen}
@ -270,4 +281,11 @@ provided on a best-effort basis. Fortunately, even a best-effort append-only
transaction log would serve to limit the financial damage incurred by the transaction log would serve to limit the financial damage incurred by the
exchange in an active database compromise scenario. exchange in an active database compromise scenario.
{\bf Update:} We have tightened the installation instructions for the
Taler exchange to guide users towards a more restricted Postgres setup,
tightening which components of the Exchange need what level of access
to the exchange database.
\end{document} \end{document}

8
src/auditor/taler-auditor-dbinit.c
View File

@ -136,14 +136,14 @@ main (int argc,
}; };
enum GNUNET_GenericReturnValue ret; enum GNUNET_GenericReturnValue ret;
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
(void) TALER_project_data_default ();
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_STRINGS_get_utf8_args (argc, argv, GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv)) &argc, &argv))
return EXIT_INVALIDARGUMENT; return EXIT_INVALIDARGUMENT;
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
TALER_OS_init ();
ret = GNUNET_PROGRAM_run ( ret = GNUNET_PROGRAM_run (
argc, argv, argc, argv,
"taler-auditor-dbinit", "taler-auditor-dbinit",

1
src/auditor/taler-auditor-httpd.c
View File

@ -571,6 +571,7 @@ main (int argc,
int fh = -1; int fh = -1;
enum TALER_MHD_GlobalOptions go; enum TALER_MHD_GlobalOptions go;
TALER_OS_init ();
{ {
int ret; int ret;

1
src/auditor/taler-auditor-sync.c
View File

@ -593,6 +593,7 @@ main (int argc,
GNUNET_GETOPT_OPTION_END GNUNET_GETOPT_OPTION_END
}; };
TALER_OS_init ();
TALER_gcrypt_init (); /* must trigger initialization manually at this point! */ TALER_gcrypt_init (); /* must trigger initialization manually at this point! */
{ {
int ret; int ret;

5
src/bank-lib/bank_api_admin.c
View File

@ -129,6 +129,11 @@ handle_admin_add_incoming_finished (void *cls,
We should pass the JSON reply to the application */ We should pass the JSON reply to the application */
ec = TALER_JSON_get_error_code (j); ec = TALER_JSON_get_error_code (j);
break; break;
case MHD_HTTP_CONFLICT:
/* Nothign to verify, we used the same wire subject
twice? */
ec = TALER_JSON_get_error_code (j);
break;
case MHD_HTTP_INTERNAL_SERVER_ERROR: case MHD_HTTP_INTERNAL_SERVER_ERROR:
/* Server had an internal issue; we should retry, but this API /* Server had an internal issue; we should retry, but this API
leaves this to the application */ leaves this to the application */

4
src/bank-lib/fakebank.c
View File

@ -824,7 +824,7 @@ make_admin_transfer (
if (NULL != t) if (NULL != t)
{ {
/* duplicate reserve public key not allowed */ /* duplicate reserve public key not allowed */
GNUNET_break (0); GNUNET_break_op (0);
return GNUNET_NO; return GNUNET_NO;
} }
@ -1074,7 +1074,7 @@ handle_admin_add_incoming (struct TALER_FAKEBANK_Handle *h,
GNUNET_free (debit); GNUNET_free (debit);
if (GNUNET_OK != ret) if (GNUNET_OK != ret)
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Reserve public key not unique\n"); "Reserve public key not unique\n");
return TALER_MHD_reply_with_error ( return TALER_MHD_reply_with_error (
connection, connection,

8
src/exchange-tools/taler-auditor-offline.c
View File

@ -1454,14 +1454,14 @@ main (int argc,
}; };
enum GNUNET_GenericReturnValue ret; enum GNUNET_GenericReturnValue ret;
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
(void) TALER_project_data_default ();
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_STRINGS_get_utf8_args (argc, argv, GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv)) &argc, &argv))
return EXIT_INVALIDARGUMENT; return EXIT_INVALIDARGUMENT;
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
TALER_OS_init ();
ret = GNUNET_PROGRAM_run ( ret = GNUNET_PROGRAM_run (
argc, argv, argc, argv,
"taler-auditor-offline", "taler-auditor-offline",

8
src/exchange-tools/taler-exchange-dbinit.c
View File

@ -120,14 +120,14 @@ main (int argc,
}; };
enum GNUNET_GenericReturnValue ret; enum GNUNET_GenericReturnValue ret;
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
(void) TALER_project_data_default ();
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_STRINGS_get_utf8_args (argc, argv, GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv)) &argc, &argv))
return EXIT_INVALIDARGUMENT; return EXIT_INVALIDARGUMENT;
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
TALER_OS_init ();
ret = GNUNET_PROGRAM_run ( ret = GNUNET_PROGRAM_run (
argc, argv, argc, argv,
"taler-exchange-dbinit", "taler-exchange-dbinit",

1
src/exchange-tools/taler-exchange-offline.c
View File

@ -3456,6 +3456,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv, GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv)) &argc, &argv))
return EXIT_INVALIDARGUMENT; return EXIT_INVALIDARGUMENT;
TALER_OS_init ();
ret = GNUNET_PROGRAM_run ( ret = GNUNET_PROGRAM_run (
argc, argv, argc, argv,
"taler-exchange-offline", "taler-exchange-offline",

1
src/exchange/taler-exchange-aggregator.c
View File

@ -1013,6 +1013,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv, GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv)) &argc, &argv))
return EXIT_INVALIDARGUMENT; return EXIT_INVALIDARGUMENT;
TALER_OS_init ();
ret = GNUNET_PROGRAM_run ( ret = GNUNET_PROGRAM_run (
argc, argv, argc, argv,
"taler-exchange-aggregator", "taler-exchange-aggregator",

1
src/exchange/taler-exchange-closer.c
View File

@ -547,6 +547,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv, GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv)) &argc, &argv))
return EXIT_INVALIDARGUMENT; return EXIT_INVALIDARGUMENT;
TALER_OS_init ();
ret = GNUNET_PROGRAM_run ( ret = GNUNET_PROGRAM_run (
argc, argv, argc, argv,
"taler-exchange-closer", "taler-exchange-closer",

1
src/exchange/taler-exchange-httpd.c
View File

@ -1669,6 +1669,7 @@ main (int argc,
int fh = -1; int fh = -1;
enum TALER_MHD_GlobalOptions go; enum TALER_MHD_GlobalOptions go;
TALER_OS_init ();
ret = GNUNET_GETOPT_run ("taler-exchange-httpd", ret = GNUNET_GETOPT_run ("taler-exchange-httpd",
options, options,
argc, argv); argc, argv);

1
src/exchange/taler-exchange-transfer.c
View File

@ -559,6 +559,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv, GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv)) &argc, &argv))
return EXIT_INVALIDARGUMENT; return EXIT_INVALIDARGUMENT;
TALER_OS_init ();
ret = GNUNET_PROGRAM_run ( ret = GNUNET_PROGRAM_run (
argc, argv, argc, argv,
"taler-exchange-transfer", "taler-exchange-transfer",

1
src/exchange/taler-exchange-wirewatch.c
View File

@ -768,6 +768,7 @@ main (int argc,
GNUNET_STRINGS_get_utf8_args (argc, argv, GNUNET_STRINGS_get_utf8_args (argc, argv,
&argc, &argv)) &argc, &argv))
return EXIT_INVALIDARGUMENT; return EXIT_INVALIDARGUMENT;
TALER_OS_init ();
ret = GNUNET_PROGRAM_run ( ret = GNUNET_PROGRAM_run (
argc, argv, argc, argv,
"taler-exchange-wirewatch", "taler-exchange-wirewatch",

7
src/include/taler_util.h
View File

@ -174,6 +174,13 @@ const struct GNUNET_OS_ProjectData *
TALER_project_data_default (void); TALER_project_data_default (void);
/**
* Initialize libtalerutil.
*/
void
TALER_OS_init (void);
/** /**
* URL-encode a string according to rfc3986. * URL-encode a string according to rfc3986.
* *

2
src/util/taler-exchange-secmod-eddsa.c
View File

@ -1680,7 +1680,7 @@ main (int argc,
/* force linker to link against libtalerutil; if we do /* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */ away and skip #TALER_OS_init(), which we do need */
GNUNET_OS_init (TALER_project_data_default ()); TALER_OS_init ();
now = now_tmp = GNUNET_TIME_absolute_get (); now = now_tmp = GNUNET_TIME_absolute_get ();
ret = GNUNET_PROGRAM_run (argc, argv, ret = GNUNET_PROGRAM_run (argc, argv,
"taler-exchange-secmod-eddsa", "taler-exchange-secmod-eddsa",

2
src/util/taler-exchange-secmod-rsa.c
View File

@ -2081,7 +2081,7 @@ main (int argc,
/* force linker to link against libtalerutil; if we do /* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */ away and skip #TALER_OS_init(), which we do need */
GNUNET_OS_init (TALER_project_data_default ()); TALER_OS_init ();
now = now_tmp = GNUNET_TIME_absolute_get (); now = now_tmp = GNUNET_TIME_absolute_get ();
ret = GNUNET_PROGRAM_run (argc, argv, ret = GNUNET_PROGRAM_run (argc, argv,
"taler-exchange-secmod-rsa", "taler-exchange-secmod-rsa",