Beispiel #1
0
/* DDS3.2.3: Authenticate */
int main(int argc, char *argv[])
{
	struct http_vars *vars;
	struct barcode_hash_entry *bcentry;
	struct barcode bc;
	char bchash[HASH_BITS+1];
	struct electorate *elecs, *i;
	PGconn *conn;
	int ppcode;

	/* Our own failure function */
	set_cgi_bailout();

	/* Can be called on slave as well as master */
	conn = connect_db_port("evacs", get_database_port());
	if (!conn) bailout("Could not open database connection\n");

	/* Copy barcode ascii code from POST arguments */
	vars = cgi_get_arguments();
	strncpy(bc.ascii, http_string(vars, "barcode"), sizeof(bc.ascii)-1);
	bc.ascii[sizeof(bc.ascii)-1] = '\0';
	http_free(vars);

	/* Extract data and checksum from ascii */
	if (!bar_decode_ascii(&bc))
		cgi_error_response(ERR_BARCODE_MISREAD);

	/* Hash the barcode to look up in the table */
	gen_hash(bchash, bc.data, sizeof(bc.data));

	bcentry = get_bhash_table(conn, bchash);
	if (!bcentry) {
		PQfinish(conn);
		fprintf(stderr, "Barcode `%s' not found\n", bc.ascii);
		cgi_error_response(ERR_BARCODE_AUTHENTICATION_FAILED);
	}

	/* DDS3.2.4: Check Unused */
	if (bcentry->used) {
		PQfinish(conn);
		fprintf(stderr, "Barcode `%s' already used\n", bc.ascii);
		cgi_error_response(ERR_BARCODE_USED);
	}

	ppcode = SQL_singleton_int(conn,"SELECT polling_place_code "
				   "FROM server_parameter;");
	if (ppcode < 0) {
		PQfinish(conn);
		cgi_error_response(ERR_SERVER_INTERNAL);
	}

	if (ppcode != bcentry->ppcode) {
		PQfinish(conn);
		cgi_error_response(ERR_BARCODE_PP_INCORRECT);
	}

	elecs = get_electorates(conn);
	for (i = elecs; i; i = i->next) {
		if (i->code == bcentry->ecode) {
			/* Found it! */
			vars = create_response(conn, i);
			free_electorates(elecs);
			PQfinish(conn);
			cgi_good_response(vars);
		}
	}

	/* Should never happen */
	free_electorates(elecs);
	PQfinish(conn);
	bailout("Barcode electorate %u not found\n", bcentry->ecode);
}
Beispiel #2
0
/* DDS3.2.26: Commit Vote */
int main(int argc, char *argv[])
{
	struct http_vars *vars;
	const char *keystrokes;
	/* SIPL 2011-09-23 Addressed potential for buffer overflow.
	   The array size was 10.  Now increased to 26,
	   to allow for up to 11 values in the rotation. */
	char rot_string[26]="{";
	char *rot_ptr=&rot_string[1],*r;
	struct preference_set prefs;
	struct rotation rot;
	struct electorate *elec;
	struct barcode bc;
	int c;
	enum error err;
	unsigned int i;
	PGconn *conn;
	

	fprintf(stderr,"commit_vote:Starting commit\n");
	/* Tell the other functions to use our bailout code */
	set_cgi_bailout();
	fprintf(stderr,"commit_vote:Set bailout\n");
	fprintf(stderr,"commit_vote:get_database_port() will return %s\n",get_database_port());
	
	conn = connect_db_port("evacs", get_database_port());
	
	fprintf(stderr,"commit_vote:Got port: %s\n",get_database_port());
	/* Don't free this: we keep pointers into it */
	vars = cgi_get_arguments();
	fprintf(stderr,"commit_vote:Got args\n");
	
	/* Unwrap CGI variables */
	strncpy(bc.ascii, http_string(vars, "barcode"), sizeof(bc.ascii)-1);
	bc.ascii[sizeof(bc.ascii)-1] = '\0';
	if (!bar_decode_ascii(&bc))
		cgi_error_response(ERR_BARCODE_MISREAD);

	fprintf(stderr,"commit_vote:unwrapped CGI vars\n");
	
	elec = find_electorate(&bc);
	fprintf(stderr,"commit_vote:found electorate\n");

	keystrokes = http_string(vars, "keystrokes");
	fprintf(stderr,"commit_vote:got keystrokes\n");
	prefs = unwrap_vote(http_string(vars, "vote"));
	fprintf(stderr,"commit_vote:unwrapped vote\n");
	rot = decode_rotation(vars, elec->num_seats);
	
	fprintf(stderr,"commit_vote:Decoded Rotation OK\n");
	/* determine the paper version from the rotation */
	for (i=0; i<elec->num_seats; i++) {
		r=sprintf_malloc("%u,",rot.rotations[i]);
		strcpy(rot_ptr,r);
		rot_ptr+=(2*sizeof(char));
		free(r);
	}
	rot_ptr-=(sizeof(char));
	strcpy(rot_ptr,(const char *)"}");

	fprintf(stderr,"commit_vote:rotation string: '%s'\n",&rot_string[0]);

	prefs.paper_version =SQL_singleton_int(conn,
					 "SELECT rotation_num FROM robson_rotation_%u "
					 "WHERE rotation = '%s';",elec->num_seats, rot_string
		);
	
	fprintf(stderr,"commit_vote:rotation number: '%u'\n",prefs.paper_version);
	
	/* Sanity check - there must be a rotation which matches */
	if (prefs.paper_version < 1)
		cgi_error_response(ERR_SERVER_INTERNAL);

	fprintf(stderr,"commit_vote:reconstructing vote\n");

	/* Determine the initial cursor position */
	c = get_cursor(vars);
	
	/* Compare vote they gave with reconstructed voter keystrokes */
	if (!reconstruct_and_compare(&rot, keystrokes, &prefs, c)) {
		fprintf(stderr,"%s: Reconstructed keystrokes do not match\n",
			am_i_master() ? "master" : "slave");
		cgi_error_response(ERR_RECONSTRUCTION_FAILED);
	}

	/* Do the actual verification and commit */
	fprintf(stderr,"commit_vote:doing actual commit\n");
	
	err = save_and_verify(conn, &prefs, &bc, elec, vars);
	fprintf(stderr,"commit_vote:commit complete\n");

	
	/* Cleanup */
	http_free(vars);
	PQfinish(conn);

	/* This will be an OK response if err = ERR_OK */
	cgi_error_response(err);

	return(0);
}