src/server/daemon/keyfile_auth.c

Sun, 27 Nov 2022 13:33:30 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 27 Nov 2022 13:33:30 +0100
changeset 443
ef3c8a0e1fee
parent 415
d938228c382e
child 467
4d038bc6f86e
permissions
-rw-r--r--

improve daemon startup
parent will wait until daemon is started and returns error code if startup failed
daemon startup log messages will be printed by parent

62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #include <stdio.h>
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #include <stdlib.h>
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31 #include <string.h>
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
32
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include <openssl/sha.h>
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
34 #if defined(__sun) && defined(__SunOS_5_10)
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
35 #include <sha2.h>
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
36 #define SHA256_Init SHA256Init
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
37 #define SHA256_Update SHA256Update
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
38 #define SHA256_Final SHA256Final
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
39 #endif
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 #include "../util/atomic.h"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42 #include "../util/util.h"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
44 #include <cx/hash_map.h>
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
45
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46 #include "keyfile_auth.h"
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
47
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
48 Keyfile* keyfile_new(CxAllocator *a) {
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
49 Keyfile *keyfile = cxCalloc(a, 1, sizeof(Keyfile));
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
50 if(!keyfile) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
51 return NULL;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
52 }
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
53 keyfile->authdb.get_user = keyfile_get_user;
66
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 64
diff changeset
54 keyfile->authdb.use_cache = 0;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
55 keyfile->users = cxHashMapCreate(a, 16);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56 return keyfile;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
58
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
59 int keyfile_add_user(
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 Keyfile *keyfile,
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
61 cxmutstr name,
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 enum KeyfileHashType hash_type,
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
63 cxmutstr hash,
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
64 cxmutstr *groups,
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
65 size_t ngroups)
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
66 {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
67 CxAllocator *a = keyfile->users->allocator;
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
68
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69 if(hash.length < 12) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
70 // hash too short
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
71 // TODO: log
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
72 return -1;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
73 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
74
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
75 KeyfileUser *user = cxMalloc(a, sizeof(KeyfileUser));
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
76 user->user.name = cx_strdup_a(a, cx_strcast(name)).ptr;
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 62
diff changeset
77 user->user.uid = -1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 62
diff changeset
78 user->user.gid = -1;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
79 user->user.verify_password = keyfile_user_verify_password;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
80 user->user.check_group = keyfile_user_check_group;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
81 user->user.free = keyfile_user_free;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
82
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
83 user->hash_type = hash_type;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
84 user->hash = cxMalloc(a, hash.length + 1);
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
85
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
86 if(!user->user.name || !user->hash) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
87 return -1;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
88 }
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
89
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
90 user->hashlen = util_base64decode(hash.ptr, hash.length, user->hash);
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
91
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
92 if(ngroups > 0) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
93 user->groups = cxCalloc(a, ngroups, sizeof(cxmutstr));
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
94 if(!user->groups) {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
95 return -1;
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
96 }
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
97 for(int i=0;i<ngroups;i++) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
98 user->groups[i] = cx_strdup_a(a, cx_strcast(groups[i]));
255
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
99 }
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
100
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
101 } else {
b5d15a4a19f5 refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 174
diff changeset
102 user->groups = NULL;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
103 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
104
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
105 // add to keyfile
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
106 return cxMapPut(keyfile->users, cx_hash_key(name.ptr, name.length), user);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
107 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
109 // authdb functions
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
111 User* keyfile_get_user(AuthDB *db, const char *user) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 Keyfile *keyfile = (Keyfile*)db;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
113 return cxMapGet(keyfile->users, cx_hash_key_str(user));
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
114 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
115
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
116 int keyfile_user_verify_password(User *user, const char *password) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
117 KeyfileUser *usr = (KeyfileUser*)user;
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
118 return ssha_verify(usr, password);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
119 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
120
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
121 int keyfile_user_check_group(User *user, const char *group) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
122 KeyfileUser *usr = (KeyfileUser*)user;
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
123 cxstring grp = cx_str(group);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
124 for(int i=0;i<usr->numgroups;i++) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
125 if(!cx_strcmp(cx_strcast(usr->groups[i]), grp)) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
126 return 1;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
127 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
128 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
129 return 0;
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
132 void keyfile_user_free(User *user) {
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
133 // don't free, it will be freed by keyfile_unref
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
134 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
135
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
136
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
137 int ssha_verify(KeyfileUser *user, const char *password) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
138 /*
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
139 * SSHA: SHA(pw + salt) + salt
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 88
diff changeset
140 * user->hash is already base64 decoded
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
141 */
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
142
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
143 size_t hlen;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
144 switch(user->hash_type) {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
145 case KEYFILE_SSHA: hlen = 20; break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
146 case KEYFILE_SSHA256: hlen = 32; break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
147 case KEYFILE_SSHA512: hlen = 64; break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
148 }
97
09fbefc0e6a9 added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 88
diff changeset
149
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
150 char *salt = user->hash + hlen;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
151 size_t saltlen = user->hashlen - hlen;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
152
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
153 size_t pwlen = strlen(password);
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
154
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
155 unsigned char pwhash[64];
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
156 switch(user->hash_type) {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
157 case KEYFILE_SSHA: {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
158 SHA_CTX ctx;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
159 SHA1_Init(&ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
160 SHA1_Update(&ctx, password, pwlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
161 SHA1_Update(&ctx, salt, saltlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
162 SHA1_Final(pwhash, &ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
163 break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
164 }
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
165 case KEYFILE_SSHA256: {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
166 SHA256_CTX ctx;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
167 SHA256_Init(&ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
168 SHA256_Update(&ctx, password, pwlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
169 SHA256_Update(&ctx, salt, saltlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
170 SHA256_Final(pwhash, &ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
171 break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
172 }
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
173 case KEYFILE_SSHA512: {
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
174 SHA512_CTX ctx;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
175 SHA512_Init(&ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
176 SHA512_Update(&ctx, password, pwlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
177 SHA512_Update(&ctx, salt, saltlen);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
178 SHA512_Final(pwhash, &ctx);
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
179 break;
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
180 }
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
181 }
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
182
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
183 if(!memcmp(user->hash, pwhash, hlen)) {
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
184 return 1;
64
c7f5b062e622 added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
185 } else {
c7f5b062e622 added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
186 return 0;
62
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
187 }
c47e081b6c0f added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
188 }
174
8f2a834d1d68 adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 133
diff changeset
189

mercurial