src/server/daemon/keyfile_auth.c

Sat, 18 Mar 2023 11:44:37 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sat, 18 Mar 2023 11:44:37 +0100
changeset 477
39ebd50cfc12
parent 467
4d038bc6f86e
child 490
d218607f5a7e
permissions
-rw-r--r--

fix nsapi_error_request() could send empty error messages with http status 200, if the request status code wasn't set

62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #include <stdio.h>
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #include <stdlib.h>
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31 #include <string.h>
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
32
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include <openssl/sha.h>
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
34 #if defined(__sun) && defined(__SunOS_5_10)
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
35 #include <sha2.h>
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
36 #define SHA256_Init SHA256Init
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
37 #define SHA256_Update SHA256Update
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
38 #define SHA256_Final SHA256Final
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
39 #endif
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 #include "../util/atomic.h"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42 #include "../util/util.h"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
44 #include <cx/hash_map.h>
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
45
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46 #include "keyfile_auth.h"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
47
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
48 Keyfile* keyfile_new(CxAllocator *a) {
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
49 Keyfile *keyfile = cxCalloc(a, 1, sizeof(Keyfile));
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
50 if(!keyfile) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
51 return NULL;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
52 }
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
53 keyfile->authdb.get_user = keyfile_get_user;
66
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 64
diff changeset
54 keyfile->authdb.use_cache = 0;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
55 keyfile->users = cxHashMapCreate(a, 16);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56 return keyfile;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
58
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
59 int keyfile_add_user(
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 Keyfile *keyfile,
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
61 cxmutstr name,
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 enum KeyfileHashType hash_type,
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
63 cxmutstr hash,
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
64 cxmutstr *groups,
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
65 size_t ngroups)
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
66 {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
67 CxAllocator *a = keyfile->users->allocator;
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
68
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69 if(hash.length < 12) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
70 // hash too short
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
71 // TODO: log
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
72 return -1;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
73 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
74
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
75 KeyfileUser *user = cxMalloc(a, sizeof(KeyfileUser));
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
76 user->user.name = cx_strdup_a(a, cx_strcast(name)).ptr;
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 62
diff changeset
77 user->user.uid = -1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 62
diff changeset
78 user->user.gid = -1;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
79 user->user.verify_password = keyfile_user_verify_password;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
80 user->user.check_group = keyfile_user_check_group;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
81 user->user.free = keyfile_user_free;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
82
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
83 user->hash_type = hash_type;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
84 user->hash = cxMalloc(a, hash.length + 1);
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
85
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
86 if(!user->user.name || !user->hash) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
87 return -1;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
88 }
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
89
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
90 user->hashlen = util_base64decode(hash.ptr, hash.length, user->hash);
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
91
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
92 if(ngroups > 0) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
93 user->groups = cxCalloc(a, ngroups, sizeof(cxmutstr));
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
94 if(!user->groups) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
95 return -1;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
96 }
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
97 for(int i=0;i<ngroups;i++) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
98 user->groups[i] = cx_strdup_a(a, cx_strcast(groups[i]));
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
99 }
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
100
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
101 } else {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
102 user->groups = NULL;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
103 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
104
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
105 // add to keyfile
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
106 return cxMapPut(keyfile->users, cx_hash_key(name.ptr, name.length), user);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
107 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
109 // authdb functions
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
111 User* keyfile_get_user(AuthDB *db, Session *sn, Request *rq, const char *user) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 Keyfile *keyfile = (Keyfile*)db;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
113 return cxMapGet(keyfile->users, cx_hash_key_str(user));
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
114 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
115
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
116 int keyfile_user_verify_password(User *user, const char *password) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
117 KeyfileUser *usr = (KeyfileUser*)user;
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
118 return ssha_verify(usr, password);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
119 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
120
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
121 int keyfile_user_check_group(User *user, const char *group) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
122 KeyfileUser *usr = (KeyfileUser*)user;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
123 cxstring grp = cx_str(group);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
124 for(int i=0;i<usr->numgroups;i++) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
125 if(!cx_strcmp(cx_strcast(usr->groups[i]), grp)) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
126 return 1;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
127 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
128 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
129 return 0;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
132 void keyfile_user_free(User *user) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
133 // don't free, it will be freed by keyfile_unref
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
134 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
135
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
136
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
137 int ssha_verify(KeyfileUser *user, const char *password) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
138 /*
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
139 * SSHA: SHA(pw + salt) + salt
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 88
diff changeset
140 * user->hash is already base64 decoded
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
141 */
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
142
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
143 size_t hlen;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
144 switch(user->hash_type) {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
145 case KEYFILE_SSHA: hlen = 20; break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
146 case KEYFILE_SSHA256: hlen = 32; break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
147 case KEYFILE_SSHA512: hlen = 64; break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
148 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 88
diff changeset
149
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
150 char *salt = user->hash + hlen;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
151 size_t saltlen = user->hashlen - hlen;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
152
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
153 size_t pwlen = strlen(password);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
154
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
155 unsigned char pwhash[64];
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
156 switch(user->hash_type) {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
157 case KEYFILE_SSHA: {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
158 SHA_CTX ctx;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
159 SHA1_Init(&ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
160 SHA1_Update(&ctx, password, pwlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
161 SHA1_Update(&ctx, salt, saltlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
162 SHA1_Final(pwhash, &ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
163 break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
164 }
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
165 case KEYFILE_SSHA256: {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
166 SHA256_CTX ctx;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
167 SHA256_Init(&ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
168 SHA256_Update(&ctx, password, pwlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
169 SHA256_Update(&ctx, salt, saltlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
170 SHA256_Final(pwhash, &ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
171 break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
172 }
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
173 case KEYFILE_SSHA512: {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
174 SHA512_CTX ctx;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
175 SHA512_Init(&ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
176 SHA512_Update(&ctx, password, pwlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
177 SHA512_Update(&ctx, salt, saltlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
178 SHA512_Final(pwhash, &ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
179 break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
180 }
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
181 }
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
182
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
183 if(!memcmp(user->hash, pwhash, hlen)) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
184 return 1;
64
c7f5b062e622 added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
185 } else {
c7f5b062e622 added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
186 return 0;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
187 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
188 }
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
189

mercurial