taler-merchant-httpd_post-challenge-ID.c (20089B)
1 /* 2 This file is part of TALER 3 (C) 2025 Taler Systems SA 4 5 TALER is free software; you can redistribute it and/or modify 6 it under the terms of the GNU Affero General Public License as 7 published by the Free Software Foundation; either version 3, 8 or (at your option) any later version. 9 10 TALER is distributed in the hope that it will be useful, but 11 WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 GNU General Public License for more details. 14 15 You should have received a copy of the GNU General Public 16 License along with TALER; see the file COPYING. If not, 17 see <http://www.gnu.org/licenses/> 18 */ 19 20 /** 21 * @file src/backend/taler-merchant-httpd_post-challenge-ID.c 22 * @brief endpoint to trigger sending MFA challenge 23 * @author Christian Grothoff 24 */ 25 #include "platform.h" 26 #include "taler-merchant-httpd.h" 27 #include "taler-merchant-httpd_mfa.h" 28 #include "taler-merchant-httpd_post-challenge-ID.h" 29 #include "merchant-database/lookup_mfa_challenge.h" 30 #include "merchant-database/update_mfa_challenge.h" 31 32 33 /** 34 * How many attempts do we allow per solution at most? Note that 35 * this is just for the API, the value must also match the 36 * database logic in create_mfa_challenge. 37 */ 38 #define MAX_SOLUTIONS 3 39 40 41 /** 42 * How long is an OTP code valid? 43 */ 44 #define OTP_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30) 45 46 47 /** 48 * Internal state for MFA processing. 49 */ 50 struct MfaState 51 { 52 53 /** 54 * Kept in a DLL. 55 */ 56 struct MfaState *next; 57 58 /** 59 * Kept in a DLL. 60 */ 61 struct MfaState *prev; 62 63 /** 64 * HTTP request we are handling. 65 */ 66 struct TMH_HandlerContext *hc; 67 68 /** 69 * Challenge code. 70 */ 71 char *code; 72 73 /** 74 * When does @e code expire? 75 */ 76 struct GNUNET_TIME_Absolute expiration_date; 77 78 /** 79 * When may we transmit a new code? 80 */ 81 struct GNUNET_TIME_Absolute retransmission_date; 82 83 /** 84 * Handle to the helper process. 85 */ 86 struct GNUNET_Process *child; 87 88 /** 89 * Handle to wait for @e child 90 */ 91 struct GNUNET_ChildWaitHandle *cwh; 92 93 /** 94 * Address where to send the challenge. 95 */ 96 char *required_address; 97 98 /** 99 * Message to send. 100 */ 101 char *msg; 102 103 /** 104 * Instance the challenge is for. 105 */ 106 char *instance_id; 107 108 /** 109 * Offset of transmission in msg. 110 */ 111 size_t msg_off; 112 113 /** 114 * ID of our challenge. 115 */ 116 uint64_t challenge_id; 117 118 /** 119 * Salted hash over the request body. 120 */ 121 struct TALER_MERCHANT_MFA_BodyHash h_body; 122 123 /** 124 * Channel to use for the challenge. 125 */ 126 enum TALER_MERCHANT_MFA_Channel channel; 127 128 enum 129 { 130 MFA_PHASE_PARSE = 0, 131 MFA_PHASE_LOOKUP, 132 MFA_PHASE_SENDING, 133 MFA_PHASE_SUSPENDING, 134 MFA_PHASE_SENT, 135 MFA_PHASE_RETURN_YES, 136 MFA_PHASE_RETURN_NO, 137 138 } phase; 139 140 141 /** 142 * #GNUNET_NO if the @e connection was not suspended, 143 * #GNUNET_YES if the @e connection was suspended, 144 * #GNUNET_SYSERR if @e connection was resumed to as 145 * part of #THM_mfa_done during shutdown. 146 */ 147 enum GNUNET_GenericReturnValue suspended; 148 149 /** 150 * Type of critical operation being authorized. 151 */ 152 enum TALER_MERCHANT_MFA_CriticalOperation op; 153 154 /** 155 * Set to true if sending worked. 156 */ 157 bool send_ok; 158 }; 159 160 161 /** 162 * Kept in a DLL. 163 */ 164 static struct MfaState *mfa_head; 165 166 /** 167 * Kept in a DLL. 168 */ 169 static struct MfaState *mfa_tail; 170 171 172 /** 173 * Clean up @a mfa process. 174 * 175 * @param[in] cls the `struct MfaState` to clean up 176 */ 177 static void 178 mfa_context_cleanup (void *cls) 179 { 180 struct MfaState *mfa = cls; 181 182 GNUNET_CONTAINER_DLL_remove (mfa_head, 183 mfa_tail, 184 mfa); 185 if (NULL != mfa->cwh) 186 { 187 GNUNET_wait_child_cancel (mfa->cwh); 188 mfa->cwh = NULL; 189 } 190 if (NULL != mfa->child) 191 { 192 GNUNET_break (GNUNET_OK == 193 GNUNET_process_kill (mfa->child, 194 SIGKILL)); 195 GNUNET_break (GNUNET_OK == 196 GNUNET_process_wait (mfa->child, 197 true, 198 NULL, 199 NULL)); 200 GNUNET_process_destroy (mfa->child); 201 mfa->child = NULL; 202 } 203 GNUNET_free (mfa->required_address); 204 GNUNET_free (mfa->msg); 205 GNUNET_free (mfa->instance_id); 206 GNUNET_free (mfa->code); 207 GNUNET_free (mfa); 208 } 209 210 211 void 212 TMH_challenge_done () 213 { 214 for (struct MfaState *mfa = mfa_head; 215 NULL != mfa; 216 mfa = mfa->next) 217 { 218 if (GNUNET_YES == mfa->suspended) 219 { 220 mfa->suspended = GNUNET_SYSERR; 221 MHD_resume_connection (mfa->hc->connection); 222 } 223 } 224 } 225 226 227 /** 228 * Send the given @a response for the @a mfa request. 229 * 230 * @param[in,out] mfa process to generate an error response for 231 * @param response_code response code to use 232 * @param[in] response response data to send back 233 */ 234 static void 235 respond_to_challenge_with_response (struct MfaState *mfa, 236 unsigned int response_code, 237 struct MHD_Response *response) 238 { 239 enum MHD_Result res; 240 241 res = MHD_queue_response (mfa->hc->connection, 242 response_code, 243 response); 244 MHD_destroy_response (response); 245 mfa->phase = (MHD_NO == res) 246 ? MFA_PHASE_RETURN_NO 247 : MFA_PHASE_RETURN_YES; 248 } 249 250 251 /** 252 * Generate an error for @a mfa. 253 * 254 * @param[in,out] mfa process to generate an error response for 255 * @param http_status HTTP status of the response 256 * @param ec Taler error code to return 257 * @param hint hint to return, can be NULL 258 */ 259 static void 260 respond_with_error (struct MfaState *mfa, 261 unsigned int http_status, 262 enum TALER_ErrorCode ec, 263 const char *hint) 264 { 265 respond_to_challenge_with_response ( 266 mfa, 267 http_status, 268 TALER_MHD_make_error (ec, 269 hint)); 270 } 271 272 273 /** 274 * Challenge code transmission complete. Continue based on the result. 275 * 276 * @param[in,out] mfa process to send the challenge for 277 */ 278 static void 279 phase_sent (struct MfaState *mfa) 280 { 281 enum GNUNET_DB_QueryStatus qs; 282 283 if (! mfa->send_ok) 284 { 285 respond_with_error (mfa, 286 MHD_HTTP_BAD_GATEWAY, 287 TALER_EC_MERCHANT_TAN_MFA_HELPER_EXEC_FAILED, 288 "process exited with error"); 289 return; 290 } 291 qs = TALER_MERCHANTDB_update_mfa_challenge (TMH_db, 292 mfa->challenge_id, 293 mfa->code, 294 MAX_SOLUTIONS, 295 mfa->expiration_date, 296 mfa->retransmission_date); 297 switch (qs) 298 { 299 case GNUNET_DB_STATUS_HARD_ERROR: 300 GNUNET_break (0); 301 respond_with_error (mfa, 302 MHD_HTTP_INTERNAL_SERVER_ERROR, 303 TALER_EC_GENERIC_DB_COMMIT_FAILED, 304 "update_mfa_challenge"); 305 return; 306 case GNUNET_DB_STATUS_SOFT_ERROR: 307 GNUNET_break (0); 308 respond_with_error (mfa, 309 MHD_HTTP_INTERNAL_SERVER_ERROR, 310 TALER_EC_GENERIC_DB_SOFT_FAILURE, 311 "update_mfa_challenge"); 312 return; 313 case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: 314 GNUNET_break (0); 315 respond_with_error (mfa, 316 MHD_HTTP_INTERNAL_SERVER_ERROR, 317 TALER_EC_GENERIC_DB_INVARIANT_FAILURE, 318 "no results on INSERT, but success?"); 319 return; 320 case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: 321 break; 322 } 323 { 324 struct MHD_Response *response; 325 326 response = 327 TALER_MHD_make_json_steal ( 328 GNUNET_JSON_PACK ( 329 GNUNET_JSON_pack_timestamp ( 330 "solve_expiration", 331 GNUNET_TIME_absolute_to_timestamp ( 332 mfa->expiration_date)), 333 GNUNET_JSON_pack_timestamp ( 334 "earliest_retransmission", 335 GNUNET_TIME_absolute_to_timestamp ( 336 mfa->retransmission_date)))); 337 respond_to_challenge_with_response ( 338 mfa, 339 MHD_HTTP_OK, 340 response); 341 } 342 } 343 344 345 /** 346 * Function called when our SMS helper has terminated. 347 * 348 * @param cls our `struct ANASTASIS_AUHTORIZATION_State` 349 * @param type type of the process 350 * @param exit_code status code of the process 351 */ 352 static void 353 transmission_done_cb (void *cls, 354 enum GNUNET_OS_ProcessStatusType type, 355 long unsigned int exit_code) 356 { 357 struct MfaState *mfa = cls; 358 359 mfa->cwh = NULL; 360 if (NULL != mfa->child) 361 { 362 GNUNET_process_destroy (mfa->child); 363 mfa->child = NULL; 364 } 365 mfa->send_ok = ( (GNUNET_OS_PROCESS_EXITED == type) && 366 (0 == exit_code) ); 367 if (! mfa->send_ok) 368 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 369 "MFA helper failed with status %d/%u\n", 370 (int) type, 371 (unsigned int) exit_code); 372 mfa->phase = MFA_PHASE_SENT; 373 GNUNET_assert (GNUNET_YES == mfa->suspended); 374 mfa->suspended = GNUNET_NO; 375 MHD_resume_connection (mfa->hc->connection); 376 TALER_MHD_daemon_trigger (); 377 } 378 379 380 /** 381 * Resolve a binary name via PATH. 382 * 383 * Needed because the GNUnet process helpers to not support 384 * an execp equivalent at present. 385 * 386 * @param binary_name name to search for 387 * @returns resolved path or NULL if not found 388 */ 389 static char * 390 resolve_path (const char *binary_name) 391 { 392 char *path_env; 393 char full_path[2048]; 394 char *dir; 395 char *path_copy; 396 397 if (NULL != strchr (binary_name, 398 '/')) 399 { 400 /* Already a full path, do not search. */ 401 return GNUNET_strdup (binary_name); 402 } 403 path_env = getenv ("PATH"); 404 if (path_env == NULL) 405 return NULL; 406 /* Duplicate PATH because strtok modifies the string it parses */ 407 path_copy = GNUNET_strdup (path_env); 408 dir = strtok (path_copy, ":"); 409 while (dir != NULL) 410 { 411 snprintf (full_path, 412 sizeof(full_path), 413 "%s/%s", 414 dir, 415 binary_name); 416 if (0 == access (full_path, 417 X_OK)) 418 { 419 GNUNET_free (path_copy); 420 return GNUNET_strdup (full_path); 421 } 422 dir = strtok (NULL, ":"); 423 } 424 GNUNET_free (path_copy); 425 return NULL; 426 } 427 428 429 /** 430 * Setup challenge code for @a mfa and send it to the 431 * @a required_address; on success. 432 * 433 * @param[in,out] mfa process to send the challenge for 434 */ 435 static void 436 phase_send_challenge (struct MfaState *mfa) 437 { 438 const char *prog = NULL; 439 char *binary_path = NULL; 440 unsigned long long challenge_num; 441 char **cmd_argv = NULL; 442 443 challenge_num = (unsigned long long) 444 GNUNET_CRYPTO_random_u64 (1000 * 1000 * 100); 445 GNUNET_asprintf (&mfa->code, 446 "%04llu-%04llu", 447 challenge_num / 10000, 448 challenge_num % 10000); 449 switch (mfa->channel) 450 { 451 case TALER_MERCHANT_MFA_CHANNEL_NONE: 452 GNUNET_assert (0); 453 break; 454 case TALER_MERCHANT_MFA_CHANNEL_SMS: 455 mfa->expiration_date 456 = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_UNIT_HOURS); 457 mfa->retransmission_date 458 = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_UNIT_HOURS); 459 prog = TMH_helper_sms; 460 break; 461 case TALER_MERCHANT_MFA_CHANNEL_EMAIL: 462 mfa->expiration_date 463 = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_UNIT_HOURS); 464 mfa->retransmission_date 465 = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_UNIT_HOURS); 466 prog = TMH_helper_email; 467 break; 468 case TALER_MERCHANT_MFA_CHANNEL_TOTP: 469 mfa->expiration_date 470 = GNUNET_TIME_relative_to_absolute (OTP_TIMEOUT); 471 mfa->retransmission_date 472 = GNUNET_TIME_relative_to_absolute (OTP_TIMEOUT); 473 respond_with_error (mfa, 474 MHD_HTTP_NOT_IMPLEMENTED, 475 TALER_EC_GENERIC_FEATURE_NOT_IMPLEMENTED, 476 "#10327"); 477 goto done; 478 } 479 if (NULL == prog) 480 { 481 respond_with_error ( 482 mfa, 483 MHD_HTTP_INTERNAL_SERVER_ERROR, 484 TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, 485 TALER_MERCHANT_MFA_channel_to_string (mfa->channel)); 486 goto done; 487 } 488 { 489 /* Start child process and feed pipe */ 490 struct GNUNET_DISK_PipeHandle *p; 491 struct GNUNET_DISK_FileHandle *pipe_stdin; 492 const char *extra_args[] = { 493 mfa->required_address, 494 NULL, 495 }; 496 497 cmd_argv = TALER_words_split (prog, 498 extra_args); 499 500 GNUNET_assert (NULL != cmd_argv[0]); 501 502 p = GNUNET_DISK_pipe (GNUNET_DISK_PF_BLOCKING_RW); 503 if (NULL == p) 504 { 505 respond_with_error (mfa, 506 MHD_HTTP_INTERNAL_SERVER_ERROR, 507 TALER_EC_GENERIC_ALLOCATION_FAILURE, 508 "pipe"); 509 goto done; 510 } 511 mfa->child = GNUNET_process_create (GNUNET_OS_INHERIT_STD_ERR); 512 GNUNET_assert (GNUNET_OK == 513 GNUNET_process_set_options ( 514 mfa->child, 515 GNUNET_process_option_inherit_rpipe (p, 516 STDIN_FILENO))); 517 binary_path = resolve_path (cmd_argv[0]); 518 if ( (NULL == binary_path) || 519 (GNUNET_OK != 520 GNUNET_process_run_command_argv (mfa->child, 521 binary_path, 522 (const char **) cmd_argv)) ) 523 { 524 GNUNET_process_destroy (mfa->child); 525 mfa->child = NULL; 526 GNUNET_break (GNUNET_OK == 527 GNUNET_DISK_pipe_close (p)); 528 respond_with_error (mfa, 529 MHD_HTTP_BAD_GATEWAY, 530 TALER_EC_MERCHANT_TAN_MFA_HELPER_EXEC_FAILED, 531 "exec"); 532 goto done; 533 } 534 535 pipe_stdin = GNUNET_DISK_pipe_detach_end (p, 536 GNUNET_DISK_PIPE_END_WRITE); 537 GNUNET_assert (NULL != pipe_stdin); 538 GNUNET_break (GNUNET_OK == 539 GNUNET_DISK_pipe_close (p)); 540 GNUNET_asprintf (&mfa->msg, 541 "%s is your security code.\n" 542 "Do not share your code with anyone.\n\n" 543 "Authorizes: %s\n" 544 "Login: %s\n\n" 545 "Expires: %s (%s).\n", 546 mfa->code, 547 TALER_MERCHANT_MFA_co2s (mfa->op), 548 mfa->instance_id, 549 GNUNET_TIME_absolute2s ( 550 mfa->expiration_date), 551 GNUNET_TIME_relative2s ( 552 GNUNET_TIME_absolute_get_remaining ( 553 mfa->expiration_date), 554 true)); 555 { 556 const char *off = mfa->msg; 557 size_t left = strlen (off); 558 559 while (0 != left) 560 { 561 ssize_t ret; 562 563 ret = GNUNET_DISK_file_write (pipe_stdin, 564 off, 565 left); 566 if (ret <= 0) 567 { 568 respond_with_error (mfa, 569 MHD_HTTP_BAD_GATEWAY, 570 TALER_EC_MERCHANT_TAN_MFA_HELPER_EXEC_FAILED, 571 "write"); 572 goto done; 573 } 574 mfa->msg_off += ret; 575 off += ret; 576 left -= ret; 577 } 578 GNUNET_DISK_file_close (pipe_stdin); 579 } 580 } 581 mfa->phase = MFA_PHASE_SUSPENDING; 582 done: 583 GNUNET_free (binary_path); 584 TALER_words_destroy (cmd_argv); 585 } 586 587 588 /** 589 * Lookup challenge in DB. 590 * 591 * @param[in,out] mfa process to parse data for 592 */ 593 static void 594 phase_lookup (struct MfaState *mfa) 595 { 596 enum GNUNET_DB_QueryStatus qs; 597 uint32_t retry_counter; 598 struct GNUNET_TIME_Absolute confirmation_date; 599 struct GNUNET_TIME_Absolute retransmission_date; 600 struct TALER_MERCHANT_MFA_BodySalt salt; 601 602 qs = TALER_MERCHANTDB_lookup_mfa_challenge (TMH_db, 603 mfa->challenge_id, 604 &mfa->h_body, 605 &salt, 606 &mfa->required_address, 607 &mfa->op, 608 &confirmation_date, 609 &retransmission_date, 610 &retry_counter, 611 &mfa->channel, 612 &mfa->instance_id); 613 switch (qs) 614 { 615 case GNUNET_DB_STATUS_HARD_ERROR: 616 GNUNET_break (0); 617 respond_with_error (mfa, 618 MHD_HTTP_INTERNAL_SERVER_ERROR, 619 TALER_EC_GENERIC_DB_COMMIT_FAILED, 620 "lookup_mfa_challenge"); 621 return; 622 case GNUNET_DB_STATUS_SOFT_ERROR: 623 GNUNET_break (0); 624 respond_with_error (mfa, 625 MHD_HTTP_INTERNAL_SERVER_ERROR, 626 TALER_EC_GENERIC_DB_SOFT_FAILURE, 627 "lookup_mfa_challenge"); 628 return; 629 case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: 630 GNUNET_break_op (0); 631 respond_with_error (mfa, 632 MHD_HTTP_NOT_FOUND, 633 TALER_EC_MERCHANT_TAN_CHALLENGE_UNKNOWN, 634 mfa->hc->infix); 635 return; 636 case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: 637 break; 638 } 639 if (! GNUNET_TIME_absolute_is_future (confirmation_date)) 640 { 641 /* was already solved */ 642 respond_with_error (mfa, 643 MHD_HTTP_GONE, 644 TALER_EC_MERCHANT_TAN_CHALLENGE_SOLVED, 645 NULL); 646 return; 647 } 648 if (GNUNET_TIME_absolute_is_future (retransmission_date)) 649 { 650 /* too early to try again */ 651 respond_with_error (mfa, 652 MHD_HTTP_TOO_MANY_REQUESTS, 653 TALER_EC_MERCHANT_TAN_TOO_EARLY, 654 GNUNET_TIME_absolute2s (retransmission_date)); 655 return; 656 } 657 mfa->phase++; 658 } 659 660 661 /** 662 * Parse challenge request. 663 * 664 * @param[in,out] mfa process to parse data for 665 */ 666 static void 667 phase_parse (struct MfaState *mfa) 668 { 669 struct TMH_HandlerContext *hc = mfa->hc; 670 enum GNUNET_GenericReturnValue ret; 671 672 ret = TMH_mfa_parse_challenge_id (hc, 673 hc->infix, 674 &mfa->challenge_id, 675 &mfa->h_body); 676 if (GNUNET_OK != ret) 677 { 678 mfa->phase = (GNUNET_NO == ret) 679 ? MFA_PHASE_RETURN_YES 680 : MFA_PHASE_RETURN_NO; 681 return; 682 } 683 mfa->phase++; 684 } 685 686 687 enum MHD_Result 688 TMH_post_challenge_ID (const struct TMH_RequestHandler *rh, 689 struct MHD_Connection *connection, 690 struct TMH_HandlerContext *hc) 691 { 692 struct MfaState *mfa = hc->ctx; 693 694 if (NULL == mfa) 695 { 696 mfa = GNUNET_new (struct MfaState); 697 mfa->hc = hc; 698 hc->ctx = mfa; 699 hc->cc = &mfa_context_cleanup; 700 GNUNET_CONTAINER_DLL_insert (mfa_head, 701 mfa_tail, 702 mfa); 703 } 704 705 while (1) 706 { 707 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 708 "Processing /challenge in phase %d\n", 709 (int) mfa->phase); 710 switch (mfa->phase) 711 { 712 case MFA_PHASE_PARSE: 713 phase_parse (mfa); 714 break; 715 case MFA_PHASE_LOOKUP: 716 phase_lookup (mfa); 717 break; 718 case MFA_PHASE_SENDING: 719 phase_send_challenge (mfa); 720 break; 721 case MFA_PHASE_SUSPENDING: 722 mfa->cwh = GNUNET_wait_child (mfa->child, 723 &transmission_done_cb, 724 mfa); 725 if (NULL == mfa->cwh) 726 { 727 respond_with_error (mfa, 728 MHD_HTTP_INTERNAL_SERVER_ERROR, 729 TALER_EC_GENERIC_ALLOCATION_FAILURE, 730 "GNUNET_wait_child"); 731 continue; 732 } 733 mfa->suspended = GNUNET_YES; 734 MHD_suspend_connection (hc->connection); 735 return MHD_YES; 736 case MFA_PHASE_SENT: 737 phase_sent (mfa); 738 break; 739 case MFA_PHASE_RETURN_YES: 740 return MHD_YES; 741 case MFA_PHASE_RETURN_NO: 742 GNUNET_break (0); 743 return MHD_NO; 744 } 745 } 746 }