src/server/daemon/keyfile_auth.h@ef3c8a0e1fee (annotated)
src/server/daemon/keyfile_auth.h
Sun, 27 Nov 2022 13:33:30 +0100
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Sun, 27 Nov 2022 13:33:30 +0100
- changeset 443
- ef3c8a0e1fee
- parent 415
- d938228c382e
- child 467
- 4d038bc6f86e
- permissions
- -rw-r--r--
improve daemon startup
parent will wait until daemon is started and returns error code if startup failed
daemon startup log messages will be printed by parent
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
29 | #ifndef KEYFILE_AUTH_H |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
30 | #define KEYFILE_AUTH_H |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
31 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
32 | #include "../public/auth.h" |
|
92
382bff43c6eb
fixed some includes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
91
diff
changeset
|
33 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
34 | #include <cx/map.h> |
| 91 | 35 | #include <inttypes.h> |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
36 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
37 | #ifdef __cplusplus |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
38 | extern "C" { |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
39 | #endif |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
40 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
41 | typedef struct keyfile Keyfile; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
42 | typedef struct keyfile_user KeyfileUser; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
43 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
44 | enum KeyfileHashType { |
|
174
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
92
diff
changeset
|
45 | KEYFILE_SSHA = 0, |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
92
diff
changeset
|
46 | KEYFILE_SSHA256, |
|
8f2a834d1d68
adds sha2 support for keyfile auth
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
92
diff
changeset
|
47 | KEYFILE_SSHA512 |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
48 | }; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
49 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
50 | struct keyfile { |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
51 | AuthDB authdb; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
52 | CxMap *users; |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
53 | }; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
54 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
55 | struct keyfile_user { |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
56 | User user; |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
57 | cxmutstr *groups; |
|
66
74babc0082b7
added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
62
diff
changeset
|
58 | size_t numgroups; |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
59 | enum KeyfileHashType hash_type; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
60 | char *hash; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
61 | size_t hashlen; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
62 | }; |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
63 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
64 | Keyfile* keyfile_new(CxAllocator *a); |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
65 | |
|
255
b5d15a4a19f5
refactor configuration loading mechanism
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
174
diff
changeset
|
66 | int keyfile_add_user( |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
67 | Keyfile *keyfile, |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
68 | cxmutstr user, |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
69 | enum KeyfileHashType hash_type, |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
70 | cxmutstr hash, |
|
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
71 | cxmutstr *groups, |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
72 | size_t ngroups); |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
73 | |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
74 | User* keyfile_get_user(AuthDB *db, const char *user); |
|
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
75 | int keyfile_user_verify_password(User *user, const char *password); |
|
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
76 | int keyfile_user_check_group(User *user, const char *group); |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
77 | void keyfile_user_free(User *user); |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
78 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
79 | // SSHA password compare |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
255
diff
changeset
|
80 | int ssha_verify(KeyfileUser *user, const char *password); |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
81 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
82 | #ifdef __cplusplus |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
83 | } |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
84 | #endif |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
85 | |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
86 | #endif /* KEYFILE_AUTH_H */ |
|
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
87 |
