/* This does the authenticate step as well (we need the ballot details
anyway) */
static struct electorate *find_electorate(const struct barcode *barcode)
{
enum error err;
struct electorate *elec;
fprintf(stderr,"commit_vote:find_electorate: authenticating barcode:%s\n",barcode->ascii);
err = authenticate(barcode, &elec);
fprintf(stderr,"commit_vote:find_electorate: authenticate returned error %i%s\n",err,err?"...this is bad..":"");
if (err != ERR_OK)
cgi_error_response(err);
return elec;
}
/* DDS3.2.3: Authenticate */
int main(int argc, char *argv[])
{
struct http_vars *vars;
struct barcode_hash_entry *bcentry;
struct barcode bc;
char bchash[HASH_BITS+1];
struct electorate *elecs, *i;
PGconn *conn;
int ppcode;
/* Our own failure function */
set_cgi_bailout();
/* Can be called on slave as well as master */
conn = connect_db_port("evacs", get_database_port());
if (!conn) bailout("Could not open database connection\n");
/* Copy barcode ascii code from POST arguments */
vars = cgi_get_arguments();
strncpy(bc.ascii, http_string(vars, "barcode"), sizeof(bc.ascii)-1);
bc.ascii[sizeof(bc.ascii)-1] = '\0';
http_free(vars);
/* Extract data and checksum from ascii */
if (!bar_decode_ascii(&bc))
cgi_error_response(ERR_BARCODE_MISREAD);
/* Hash the barcode to look up in the table */
gen_hash(bchash, bc.data, sizeof(bc.data));
bcentry = get_bhash_table(conn, bchash);
if (!bcentry) {
PQfinish(conn);
fprintf(stderr, "Barcode `%s' not found\n", bc.ascii);
cgi_error_response(ERR_BARCODE_AUTHENTICATION_FAILED);
}
/* DDS3.2.4: Check Unused */
if (bcentry->used) {
PQfinish(conn);
fprintf(stderr, "Barcode `%s' already used\n", bc.ascii);
cgi_error_response(ERR_BARCODE_USED);
}
ppcode = SQL_singleton_int(conn,"SELECT polling_place_code "
"FROM server_parameter;");
if (ppcode < 0) {
PQfinish(conn);
cgi_error_response(ERR_SERVER_INTERNAL);
}
if (ppcode != bcentry->ppcode) {
PQfinish(conn);
cgi_error_response(ERR_BARCODE_PP_INCORRECT);
}
elecs = get_electorates(conn);
for (i = elecs; i; i = i->next) {
if (i->code == bcentry->ecode) {
/* Found it! */
vars = create_response(conn, i);
free_electorates(elecs);
PQfinish(conn);
cgi_good_response(vars);
}
}
/* Should never happen */
free_electorates(elecs);
PQfinish(conn);
bailout("Barcode electorate %u not found\n", bcentry->ecode);
}
/* DDS3.2.26: Commit Vote */
int main(int argc, char *argv[])
{
struct http_vars *vars;
const char *keystrokes;
/* SIPL 2011-09-23 Addressed potential for buffer overflow.
The array size was 10. Now increased to 26,
to allow for up to 11 values in the rotation. */
char rot_string[26]="{";
char *rot_ptr=&rot_string[1],*r;
struct preference_set prefs;
struct rotation rot;
struct electorate *elec;
struct barcode bc;
int c;
enum error err;
unsigned int i;
PGconn *conn;
fprintf(stderr,"commit_vote:Starting commit\n");
/* Tell the other functions to use our bailout code */
set_cgi_bailout();
fprintf(stderr,"commit_vote:Set bailout\n");
fprintf(stderr,"commit_vote:get_database_port() will return %s\n",get_database_port());
conn = connect_db_port("evacs", get_database_port());
fprintf(stderr,"commit_vote:Got port: %s\n",get_database_port());
/* Don't free this: we keep pointers into it */
vars = cgi_get_arguments();
fprintf(stderr,"commit_vote:Got args\n");
/* Unwrap CGI variables */
strncpy(bc.ascii, http_string(vars, "barcode"), sizeof(bc.ascii)-1);
bc.ascii[sizeof(bc.ascii)-1] = '\0';
if (!bar_decode_ascii(&bc))
cgi_error_response(ERR_BARCODE_MISREAD);
fprintf(stderr,"commit_vote:unwrapped CGI vars\n");
elec = find_electorate(&bc);
fprintf(stderr,"commit_vote:found electorate\n");
keystrokes = http_string(vars, "keystrokes");
fprintf(stderr,"commit_vote:got keystrokes\n");
prefs = unwrap_vote(http_string(vars, "vote"));
fprintf(stderr,"commit_vote:unwrapped vote\n");
rot = decode_rotation(vars, elec->num_seats);
fprintf(stderr,"commit_vote:Decoded Rotation OK\n");
/* determine the paper version from the rotation */
for (i=0; i<elec->num_seats; i++) {
r=sprintf_malloc("%u,",rot.rotations[i]);
strcpy(rot_ptr,r);
rot_ptr+=(2*sizeof(char));
free(r);
}
rot_ptr-=(sizeof(char));
strcpy(rot_ptr,(const char *)"}");
fprintf(stderr,"commit_vote:rotation string: '%s'\n",&rot_string[0]);
prefs.paper_version =SQL_singleton_int(conn,
"SELECT rotation_num FROM robson_rotation_%u "
"WHERE rotation = '%s';",elec->num_seats, rot_string
);
fprintf(stderr,"commit_vote:rotation number: '%u'\n",prefs.paper_version);
/* Sanity check - there must be a rotation which matches */
if (prefs.paper_version < 1)
cgi_error_response(ERR_SERVER_INTERNAL);
fprintf(stderr,"commit_vote:reconstructing vote\n");
/* Determine the initial cursor position */
c = get_cursor(vars);
/* Compare vote they gave with reconstructed voter keystrokes */
if (!reconstruct_and_compare(&rot, keystrokes, &prefs, c)) {
fprintf(stderr,"%s: Reconstructed keystrokes do not match\n",
am_i_master() ? "master" : "slave");
cgi_error_response(ERR_RECONSTRUCTION_FAILED);
}
/* Do the actual verification and commit */
fprintf(stderr,"commit_vote:doing actual commit\n");
err = save_and_verify(conn, &prefs, &bc, elec, vars);
fprintf(stderr,"commit_vote:commit complete\n");
/* Cleanup */
http_free(vars);
PQfinish(conn);
/* This will be an OK response if err = ERR_OK */
cgi_error_response(err);
return(0);
}