Sun, 27 Nov 2022 13:33:30 +0100
improve daemon startup
parent will wait until daemon is started and returns error code if startup failed
daemon startup log messages will be printed by parent
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
29 | #include <stdio.h> |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
30 | #include <stdlib.h> |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
31 | #include <string.h> |
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
32 | |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | #include <openssl/sha.h> |
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
34 | #if defined(__sun) && defined(__SunOS_5_10) |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
35 | #include <sha2.h> |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
36 | #define SHA256_Init SHA256Init |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
37 | #define SHA256_Update SHA256Update |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
38 | #define SHA256_Final SHA256Final |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
39 | #endif |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
40 | |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
41 | #include "../util/atomic.h" |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
42 | #include "../util/util.h" |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
43 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
44 | #include <cx/hash_map.h> |
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
45 | |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
46 | #include "keyfile_auth.h" |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
47 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
48 | Keyfile* keyfile_new(CxAllocator *a) { |
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
49 | Keyfile *keyfile = cxCalloc(a, 1, sizeof(Keyfile)); |
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
50 | if(!keyfile) { |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
51 | return NULL; |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
52 | } |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
53 | keyfile->authdb.get_user = keyfile_get_user; |
66
74babc0082b7
added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
64
diff
changeset
|
54 | keyfile->authdb.use_cache = 0; |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
55 | keyfile->users = cxHashMapCreate(a, 16); |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
56 | return keyfile; |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
57 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
58 | |
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
59 | int keyfile_add_user( |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
60 | Keyfile *keyfile, |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
61 | cxmutstr name, |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
62 | enum KeyfileHashType hash_type, |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
63 | cxmutstr hash, |
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
64 | cxmutstr *groups, |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
65 | size_t ngroups) |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
66 | { |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
67 | CxAllocator *a = keyfile->users->allocator; |
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
68 | |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
69 | if(hash.length < 12) { |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
70 | // hash too short |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
71 | // TODO: log |
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
72 | return -1; |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
73 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
74 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
75 | KeyfileUser *user = cxMalloc(a, sizeof(KeyfileUser)); |
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
76 | user->user.name = cx_strdup_a(a, cx_strcast(name)).ptr; |
63
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
62
diff
changeset
|
77 | user->user.uid = -1; |
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
62
diff
changeset
|
78 | user->user.gid = -1; |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
79 | user->user.verify_password = keyfile_user_verify_password; |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
80 | user->user.check_group = keyfile_user_check_group; |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
81 | user->user.free = keyfile_user_free; |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
82 | |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
83 | user->hash_type = hash_type; |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
84 | user->hash = cxMalloc(a, hash.length + 1); |
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
85 | |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
86 | if(!user->user.name || !user->hash) { |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
87 | return -1; |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
88 | } |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
89 | |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
90 | user->hashlen = util_base64decode(hash.ptr, hash.length, user->hash); |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
91 | |
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
92 | if(ngroups > 0) { |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
93 | user->groups = cxCalloc(a, ngroups, sizeof(cxmutstr)); |
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
94 | if(!user->groups) { |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
95 | return -1; |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
96 | } |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
97 | for(int i=0;i<ngroups;i++) { |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
98 | user->groups[i] = cx_strdup_a(a, cx_strcast(groups[i])); |
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
99 | } |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
100 | |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
101 | } else { |
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
102 | user->groups = NULL; |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
103 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
104 | |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
105 | // add to keyfile |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
106 | return cxMapPut(keyfile->users, cx_hash_key(name.ptr, name.length), user); |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
107 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
108 | |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
109 | // authdb functions |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
110 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
111 | User* keyfile_get_user(AuthDB *db, const char *user) { |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
112 | Keyfile *keyfile = (Keyfile*)db; |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
113 | return cxMapGet(keyfile->users, cx_hash_key_str(user)); |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
114 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
115 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
116 | int keyfile_user_verify_password(User *user, const char *password) { |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
117 | KeyfileUser *usr = (KeyfileUser*)user; |
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
118 | return ssha_verify(usr, password); |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
119 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
120 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
121 | int keyfile_user_check_group(User *user, const char *group) { |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
122 | KeyfileUser *usr = (KeyfileUser*)user; |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
123 | cxstring grp = cx_str(group); |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
124 | for(int i=0;i<usr->numgroups;i++) { |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
125 | if(!cx_strcmp(cx_strcast(usr->groups[i]), grp)) { |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
126 | return 1; |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
127 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
128 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
129 | return 0; |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
130 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
131 | |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
132 | void keyfile_user_free(User *user) { |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
133 | // don't free, it will be freed by keyfile_unref |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
134 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
135 | |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
136 | |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
261
diff
changeset
|
137 | int ssha_verify(KeyfileUser *user, const char *password) { |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
138 | /* |
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
139 | * SSHA: SHA(pw + salt) + salt |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
88
diff
changeset
|
140 | * user->hash is already base64 decoded |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
141 | */ |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
142 | |
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
143 | size_t hlen; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
144 | switch(user->hash_type) { |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
145 | case KEYFILE_SSHA: hlen = 20; break; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
146 | case KEYFILE_SSHA256: hlen = 32; break; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
147 | case KEYFILE_SSHA512: hlen = 64; break; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
148 | } |
97
09fbefc0e6a9
added ldap group support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
88
diff
changeset
|
149 | |
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
150 | char *salt = user->hash + hlen; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
151 | size_t saltlen = user->hashlen - hlen; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
152 | |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
153 | size_t pwlen = strlen(password); |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
154 | |
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
155 | unsigned char pwhash[64]; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
156 | switch(user->hash_type) { |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
157 | case KEYFILE_SSHA: { |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
158 | SHA_CTX ctx; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
159 | SHA1_Init(&ctx); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
160 | SHA1_Update(&ctx, password, pwlen); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
161 | SHA1_Update(&ctx, salt, saltlen); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
162 | SHA1_Final(pwhash, &ctx); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
163 | break; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
164 | } |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
165 | case KEYFILE_SSHA256: { |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
166 | SHA256_CTX ctx; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
167 | SHA256_Init(&ctx); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
168 | SHA256_Update(&ctx, password, pwlen); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
169 | SHA256_Update(&ctx, salt, saltlen); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
170 | SHA256_Final(pwhash, &ctx); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
171 | break; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
172 | } |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
173 | case KEYFILE_SSHA512: { |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
174 | SHA512_CTX ctx; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
175 | SHA512_Init(&ctx); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
176 | SHA512_Update(&ctx, password, pwlen); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
177 | SHA512_Update(&ctx, salt, saltlen); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
178 | SHA512_Final(pwhash, &ctx); |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
179 | break; |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
180 | } |
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
181 | } |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
182 | |
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
183 | if(!memcmp(user->hash, pwhash, hlen)) { |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
184 | return 1; |
64
c7f5b062e622
added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
63
diff
changeset
|
185 | } else { |
c7f5b062e622
added net_writev
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
63
diff
changeset
|
186 | return 0; |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
187 | } |
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
188 | } |
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
133
diff
changeset
|
189 |