src/server/daemon/keyfile_auth.c@ef3c8a0e1fee (annotated)
src/server/daemon/keyfile_auth.c
Sun, 27 Nov 2022 13:33:30 +0100
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Sun, 27 Nov 2022 13:33:30 +0100
- changeset 443
- ef3c8a0e1fee
- parent 415
- d938228c382e
- child 467
- 4d038bc6f86e
- permissions
- -rw-r--r--
improve daemon startup
parent will wait until daemon is started and returns error code if startup failed
daemon startup log messages will be printed by parent
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
29 | #include <stdio.h> |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
30 | #include <stdlib.h> |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
31 | #include <string.h> |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
32 | |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | #include <openssl/sha.h> |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
34 | #if defined(__sun) && defined(__SunOS_5_10) |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
35 | #include <sha2.h> |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
36 | #define SHA256_Init SHA256Init |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
37 | #define SHA256_Update SHA256Update |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
38 | #define SHA256_Final SHA256Final |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
39 | #endif |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
40 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
41 | #include "../util/atomic.h" |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
42 | #include "../util/util.h" |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
43 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
44 | #include <cx/hash_map.h> |
|
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
45 | |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
46 | #include "keyfile_auth.h" |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
47 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
48 | Keyfile* keyfile_new(CxAllocator *a) { |
|
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
49 | Keyfile *keyfile = cxCalloc(a, 1, sizeof(Keyfile)); |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
50 | if(!keyfile) { |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
51 | return NULL; |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
52 | } |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
53 | keyfile->authdb.get_user = keyfile_get_user; |
|
66
74babc0082b7
added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
64
diff
changeset
|
54 | keyfile->authdb.use_cache = 0; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
55 | keyfile->users = cxHashMapCreate(a, 16); |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
56 | return keyfile; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
57 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
58 | |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
59 | int keyfile_add_user( |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
60 | Keyfile *keyfile, |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
61 | cxmutstr name, |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
62 | enum KeyfileHashType hash_type, |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
63 | cxmutstr hash, |
|
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
64 | cxmutstr *groups, |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
65 | size_t ngroups) |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
66 | { |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
67 | CxAllocator *a = keyfile->users->allocator; |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
68 | |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
69 | if(hash.length < 12) { |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
70 | // hash too short |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
71 | // TODO: log |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
72 | return -1; |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
73 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
74 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
75 | KeyfileUser *user = cxMalloc(a, sizeof(KeyfileUser)); |
|
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
76 | user->user.name = cx_strdup_a(a, cx_strcast(name)).ptr; |
|
63
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
62
diff
changeset
|
77 | user->user.uid = -1; |
|
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
62
diff
changeset
|
78 | user->user.gid = -1; |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
79 | user->user.verify_password = keyfile_user_verify_password; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
80 | user->user.check_group = keyfile_user_check_group; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
81 | user->user.free = keyfile_user_free; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
82 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
83 | user->hash_type = hash_type; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
84 | user->hash = cxMalloc(a, hash.length + 1); |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
85 | |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
86 | if(!user->user.name || !user->hash) { |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
87 | return -1; |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
88 | } |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
89 | |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
90 | user->hashlen = util_base64decode(hash.ptr, hash.length, user->hash); |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
91 | |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
92 | if(ngroups > 0) { |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
93 | user->groups = cxCalloc(a, ngroups, sizeof(cxmutstr)); |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
94 | if(!user->groups) { |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
95 | return -1; |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
96 | } |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
97 | for(int i=0;i<ngroups;i++) { |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
98 | user->groups[i] = cx_strdup_a(a, cx_strcast(groups[i])); |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
99 | } |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
100 | |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
101 | } else { |
|
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
102 | user->groups = NULL; |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
103 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
104 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
105 | // add to keyfile |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
106 | return cxMapPut(keyfile->users, cx_hash_key(name.ptr, name.length), user); |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
107 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
108 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
109 | // authdb functions |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
110 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
111 | User* keyfile_get_user(AuthDB *db, const char *user) { |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
112 | Keyfile *keyfile = (Keyfile*)db; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
113 | return cxMapGet(keyfile->users, cx_hash_key_str(user)); |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
114 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
115 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
116 | int keyfile_user_verify_password(User *user, const char *password) { |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
117 | KeyfileUser *usr = (KeyfileUser*)user; |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
118 | return ssha_verify(usr, password); |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
119 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
120 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
121 | int keyfile_user_check_group(User *user, const char *group) { |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
122 | KeyfileUser *usr = (KeyfileUser*)user; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
123 | cxstring grp = cx_str(group); |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
124 | for(int i=0;i<usr->numgroups;i++) { |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
125 | if(!cx_strcmp(cx_strcast(usr->groups[i]), grp)) { |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
126 | return 1; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
127 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
128 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
129 | return 0; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
130 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
131 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
132 | void keyfile_user_free(User *user) { |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
133 | // don't free, it will be freed by keyfile_unref |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
134 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
135 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
136 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
137 | int ssha_verify(KeyfileUser *user, const char *password) { |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
138 | /* |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
139 | * SSHA: SHA(pw + salt) + salt |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
88
diff
changeset
|
140 | * user->hash is already base64 decoded |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
141 | */ |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
142 | |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
143 | size_t hlen; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
144 | switch(user->hash_type) { |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
145 | case KEYFILE_SSHA: hlen = 20; break; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
146 | case KEYFILE_SSHA256: hlen = 32; break; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
147 | case KEYFILE_SSHA512: hlen = 64; break; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
148 | } |
|
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
88
diff
changeset
|
149 | |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
150 | char *salt = user->hash + hlen; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
151 | size_t saltlen = user->hashlen - hlen; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
152 | |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
153 | size_t pwlen = strlen(password); |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
154 | |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
155 | unsigned char pwhash[64]; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
156 | switch(user->hash_type) { |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
157 | case KEYFILE_SSHA: { |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
158 | SHA_CTX ctx; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
159 | SHA1_Init(&ctx); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
160 | SHA1_Update(&ctx, password, pwlen); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
161 | SHA1_Update(&ctx, salt, saltlen); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
162 | SHA1_Final(pwhash, &ctx); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
163 | break; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
164 | } |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
165 | case KEYFILE_SSHA256: { |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
166 | SHA256_CTX ctx; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
167 | SHA256_Init(&ctx); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
168 | SHA256_Update(&ctx, password, pwlen); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
169 | SHA256_Update(&ctx, salt, saltlen); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
170 | SHA256_Final(pwhash, &ctx); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
171 | break; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
172 | } |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
173 | case KEYFILE_SSHA512: { |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
174 | SHA512_CTX ctx; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
175 | SHA512_Init(&ctx); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
176 | SHA512_Update(&ctx, password, pwlen); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
177 | SHA512_Update(&ctx, salt, saltlen); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
178 | SHA512_Final(pwhash, &ctx); |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
179 | break; |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
180 | } |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
181 | } |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
182 | |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
183 | if(!memcmp(user->hash, pwhash, hlen)) { |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
184 | return 1; |
|
64
c7f5b062e622
added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
63
diff
changeset
|
185 | } else { |
|
c7f5b062e622
added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
63
diff
changeset
|
186 | return 0; |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
187 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
188 | } |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
189 |
