/* DDS3.2.3: Authenticate */ int main(int argc, char *argv[]) { struct http_vars *vars; struct barcode_hash_entry *bcentry; struct barcode bc; char bchash[HASH_BITS+1]; struct electorate *elecs, *i; PGconn *conn; int ppcode; /* Our own failure function */ set_cgi_bailout(); /* Can be called on slave as well as master */ conn = connect_db_port("evacs", get_database_port()); if (!conn) bailout("Could not open database connection\n"); /* Copy barcode ascii code from POST arguments */ vars = cgi_get_arguments(); strncpy(bc.ascii, http_string(vars, "barcode"), sizeof(bc.ascii)-1); bc.ascii[sizeof(bc.ascii)-1] = '\0'; http_free(vars); /* Extract data and checksum from ascii */ if (!bar_decode_ascii(&bc)) cgi_error_response(ERR_BARCODE_MISREAD); /* Hash the barcode to look up in the table */ gen_hash(bchash, bc.data, sizeof(bc.data)); bcentry = get_bhash_table(conn, bchash); if (!bcentry) { PQfinish(conn); fprintf(stderr, "Barcode `%s' not found\n", bc.ascii); cgi_error_response(ERR_BARCODE_AUTHENTICATION_FAILED); } /* DDS3.2.4: Check Unused */ if (bcentry->used) { PQfinish(conn); fprintf(stderr, "Barcode `%s' already used\n", bc.ascii); cgi_error_response(ERR_BARCODE_USED); } ppcode = SQL_singleton_int(conn,"SELECT polling_place_code " "FROM server_parameter;"); if (ppcode < 0) { PQfinish(conn); cgi_error_response(ERR_SERVER_INTERNAL); } if (ppcode != bcentry->ppcode) { PQfinish(conn); cgi_error_response(ERR_BARCODE_PP_INCORRECT); } elecs = get_electorates(conn); for (i = elecs; i; i = i->next) { if (i->code == bcentry->ecode) { /* Found it! */ vars = create_response(conn, i); free_electorates(elecs); PQfinish(conn); cgi_good_response(vars); } } /* Should never happen */ free_electorates(elecs); PQfinish(conn); bailout("Barcode electorate %u not found\n", bcentry->ecode); }
/* DDS3.2.26: Commit Vote */ int main(int argc, char *argv[]) { struct http_vars *vars; const char *keystrokes; /* SIPL 2011-09-23 Addressed potential for buffer overflow. The array size was 10. Now increased to 26, to allow for up to 11 values in the rotation. */ char rot_string[26]="{"; char *rot_ptr=&rot_string[1],*r; struct preference_set prefs; struct rotation rot; struct electorate *elec; struct barcode bc; int c; enum error err; unsigned int i; PGconn *conn; fprintf(stderr,"commit_vote:Starting commit\n"); /* Tell the other functions to use our bailout code */ set_cgi_bailout(); fprintf(stderr,"commit_vote:Set bailout\n"); fprintf(stderr,"commit_vote:get_database_port() will return %s\n",get_database_port()); conn = connect_db_port("evacs", get_database_port()); fprintf(stderr,"commit_vote:Got port: %s\n",get_database_port()); /* Don't free this: we keep pointers into it */ vars = cgi_get_arguments(); fprintf(stderr,"commit_vote:Got args\n"); /* Unwrap CGI variables */ strncpy(bc.ascii, http_string(vars, "barcode"), sizeof(bc.ascii)-1); bc.ascii[sizeof(bc.ascii)-1] = '\0'; if (!bar_decode_ascii(&bc)) cgi_error_response(ERR_BARCODE_MISREAD); fprintf(stderr,"commit_vote:unwrapped CGI vars\n"); elec = find_electorate(&bc); fprintf(stderr,"commit_vote:found electorate\n"); keystrokes = http_string(vars, "keystrokes"); fprintf(stderr,"commit_vote:got keystrokes\n"); prefs = unwrap_vote(http_string(vars, "vote")); fprintf(stderr,"commit_vote:unwrapped vote\n"); rot = decode_rotation(vars, elec->num_seats); fprintf(stderr,"commit_vote:Decoded Rotation OK\n"); /* determine the paper version from the rotation */ for (i=0; i<elec->num_seats; i++) { r=sprintf_malloc("%u,",rot.rotations[i]); strcpy(rot_ptr,r); rot_ptr+=(2*sizeof(char)); free(r); } rot_ptr-=(sizeof(char)); strcpy(rot_ptr,(const char *)"}"); fprintf(stderr,"commit_vote:rotation string: '%s'\n",&rot_string[0]); prefs.paper_version =SQL_singleton_int(conn, "SELECT rotation_num FROM robson_rotation_%u " "WHERE rotation = '%s';",elec->num_seats, rot_string ); fprintf(stderr,"commit_vote:rotation number: '%u'\n",prefs.paper_version); /* Sanity check - there must be a rotation which matches */ if (prefs.paper_version < 1) cgi_error_response(ERR_SERVER_INTERNAL); fprintf(stderr,"commit_vote:reconstructing vote\n"); /* Determine the initial cursor position */ c = get_cursor(vars); /* Compare vote they gave with reconstructed voter keystrokes */ if (!reconstruct_and_compare(&rot, keystrokes, &prefs, c)) { fprintf(stderr,"%s: Reconstructed keystrokes do not match\n", am_i_master() ? "master" : "slave"); cgi_error_response(ERR_RECONSTRUCTION_FAILED); } /* Do the actual verification and commit */ fprintf(stderr,"commit_vote:doing actual commit\n"); err = save_and_verify(conn, &prefs, &bc, elec, vars); fprintf(stderr,"commit_vote:commit complete\n"); /* Cleanup */ http_free(vars); PQfinish(conn); /* This will be an OK response if err = ERR_OK */ cgi_error_response(err); return(0); }