src/server/daemon/keyfile_auth.c

Mon, 24 Aug 2020 17:09:16 +0200

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Mon, 24 Aug 2020 17:09:16 +0200
branch
config
changeset 257
bfeb015c98a4
parent 255
b5d15a4a19f5
child 261
f2c772336ecd
permissions
-rw-r--r--

update server.template to new file format

62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #include <stdio.h>
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #include <stdlib.h>
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31 #include <string.h>
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
32
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include <openssl/sha.h>
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
34 #if defined(__sun) && defined(__SunOS_5_10)
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
35 #include <sha2.h>
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
36 #define SHA256_Init SHA256Init
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
37 #define SHA256_Update SHA256Update
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
38 #define SHA256_Final SHA256Final
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
39 #endif
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 #include "../util/atomic.h"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42 #include "../util/util.h"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
44 #include "keyfile_auth.h"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
45
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
46 Keyfile* keyfile_new(UcxAllocator *a) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
47 Keyfile *keyfile = alcalloc(a, 1, sizeof(Keyfile));
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
48 if(!keyfile) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
49 return NULL;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
50 }
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
51 keyfile->authdb.get_user = keyfile_get_user;
66
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 64
diff changeset
52 keyfile->authdb.use_cache = 0;
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
53 keyfile->users = ucx_map_new_a(a, 16);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54 return keyfile;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
55 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
57 int keyfile_add_user(
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
58 Keyfile *keyfile,
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
59 sstr_t name,
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 enum KeyfileHashType hash_type,
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 sstr_t hash,
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 sstr_t *groups,
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63 size_t ngroups)
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
64 {
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
65 UcxAllocator *a = keyfile->users->allocator;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
66
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
67 if(hash.length < 12) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
68 // hash too short
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69 // TODO: log
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
70 return -1;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
71 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
72
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
73 KeyfileUser *user = almalloc(a, sizeof(KeyfileUser));
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
74 user->user.name = sstrdup_a(a, name).ptr;
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 62
diff changeset
75 user->user.uid = -1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 62
diff changeset
76 user->user.gid = -1;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
77 user->user.verify_password = keyfile_user_verify_password;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
78 user->user.check_group = keyfile_user_check_group;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
79 user->user.free = keyfile_user_free;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
80
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
81 user->hash_type = hash_type;
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
82 user->hash = almalloc(a, hash.length + 1);
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
83
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
84 if(!user->user.name || !user->hash) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
85 return -1;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
86 }
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
87
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
88 user->hashlen = util_base64decode(hash.ptr, hash.length, user->hash);
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
89
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
90 if(ngroups > 0) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
91 user->groups = alcalloc(a, ngroups, sizeof(sstr_t));
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
92 if(!user->groups) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
93 return -1;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
94 }
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
95 for(int i=0;i<ngroups;i++) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
96 user->groups[i] = sstrdup(groups[i]);
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
97 }
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
98
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
99 } else {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
100 user->groups = NULL;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
101 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
102
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
103 // add to keyfile
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
104 return ucx_map_sstr_put(keyfile->users, name, user);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
105 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
106
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
107 // authdb functions
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
109 User* keyfile_get_user(AuthDB *db, char *user) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110 Keyfile *keyfile = (Keyfile*)db;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
111 return ucx_map_cstr_get(keyfile->users, user);
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
113
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
114 int keyfile_user_verify_password(User *user, char *password) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
115 KeyfileUser *usr = (KeyfileUser*)user;
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
116 return ssha_verify(usr, password);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
117 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
118
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
119 int keyfile_user_check_group(User *user, char *group) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
120 KeyfileUser *usr = (KeyfileUser*)user;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
121 sstr_t grp = sstr(group);
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
122 for(int i=0;i<usr->numgroups;i++) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
123 if(!sstrcmp(usr->groups[i], grp)) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
124 return 1;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
125 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
126 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
127 return 0;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
128 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
129
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 void keyfile_user_free(User *user) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 // don't free, it will be freed by keyfile_unref
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
132 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
133
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
134
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
135 int ssha_verify(KeyfileUser *user, char *password) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
136 /*
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
137 * SSHA: SHA(pw + salt) + salt
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 88
diff changeset
138 * user->hash is already base64 decoded
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
139 */
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
140
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
141 size_t hlen;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
142 switch(user->hash_type) {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
143 case KEYFILE_SSHA: hlen = 20; break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
144 case KEYFILE_SSHA256: hlen = 32; break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
145 case KEYFILE_SSHA512: hlen = 64; break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
146 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 88
diff changeset
147
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
148 char *salt = user->hash + hlen;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
149 size_t saltlen = user->hashlen - hlen;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
150
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
151 size_t pwlen = strlen(password);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
152
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
153 unsigned char pwhash[64];
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
154 switch(user->hash_type) {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
155 case KEYFILE_SSHA: {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
156 SHA_CTX ctx;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
157 SHA1_Init(&ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
158 SHA1_Update(&ctx, password, pwlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
159 SHA1_Update(&ctx, salt, saltlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
160 SHA1_Final(pwhash, &ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
161 break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
162 }
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
163 case KEYFILE_SSHA256: {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
164 SHA256_CTX ctx;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
165 SHA256_Init(&ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
166 SHA256_Update(&ctx, password, pwlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
167 SHA256_Update(&ctx, salt, saltlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
168 SHA256_Final(pwhash, &ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
169 break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
170 }
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
171 case KEYFILE_SSHA512: {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
172 SHA512_CTX ctx;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
173 SHA512_Init(&ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
174 SHA512_Update(&ctx, password, pwlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
175 SHA512_Update(&ctx, salt, saltlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
176 SHA512_Final(pwhash, &ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
177 break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
178 }
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
179 }
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
180
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
181 if(!memcmp(user->hash, pwhash, hlen)) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
182 return 1;
64
c7f5b062e622 added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
183 } else {
c7f5b062e622 added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
184 return 0;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
185 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
186 }
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
187

mercurial