webserver: comparison src/server/daemon/keyfile

-:c858850f3d3a
+:c47e081b6c0f
+/*
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+*
+* Copyright 2013 Olaf Wintermann. All rights reserved.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+*
+*   1. Redistributions of source code must retain the above copyright
+*      notice, this list of conditions and the following disclaimer.
+*
+*   2. Redistributions in binary form must reproduce the above copyright
+*      notice, this list of conditions and the following disclaimer in the
+*      documentation and/or other materials provided with the distribution.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+* POSSIBILITY OF SUCH DAMAGE.
+*/
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/sha.h>
+#include "../util/atomic.h"
+#include "../util/util.h"
+#include "keyfile_auth.h"
+Keyfile* keyfile_new() {
+Keyfile *keyfile = malloc(sizeof(Keyfile));
+keyfile->authdb.get_user = keyfile_get_user;
+keyfile->users = ucx_map_new(16);
+keyfile->ref = 1;
+return keyfile;
+}
+void keyfile_ref(Keyfile *keyfile) {
+ws_atomic_inc32(&keyfile->ref);
+}
+void keyfile_unref(Keyfile *keyfile) {
+uint32_t ref = ws_atomic_dec32(&keyfile->ref);
+if(ref == 0) {
+UcxMapIterator i = ucx_map_iterator(keyfile->users);
+KeyfileUser *user;
+UCX_MAP_FOREACH(user, i) {
+free(user->user.name);
+free(user->hash);
+for(int i=0;i<user->numgroups;i++) {
+free(user->groups[i].ptr);
+}
+free(user->groups);
+}
+ucx_map_free(keyfile->users);
+free(keyfile->authdb.name);
+free(keyfile);
+}
+}
+void keyfile_add_user(
+Keyfile *keyfile,
+sstr_t name,
+enum KeyfileHashType hash_type,
+sstr_t hash,
+sstr_t *groups,
+size_t ngroups)
+{
+if(hash.length < 12) {
+// hash too short
+// TODO: log
+return;
+}
+KeyfileUser *user = malloc(sizeof(KeyfileUser));
+user->user.name = sstrdup(name).ptr;
+user->user.verify_password = keyfile_user_verify_password;
+user->user.check_group = keyfile_user_check_group;
+user->user.free = keyfile_user_free;
+user->hash_type = hash_type;
+user->hash = malloc(hash.length + 1);
+user->hashlen = util_base64decode(hash.ptr, hash.length, user->hash);
+user->groups = calloc(ngroups, sizeof(sstr_t));
+for(int i=0;i<ngroups;i++) {
+//user->groups[i] = sstrdup(groups[i]);
+sstrdup(groups[i]);
+}
+// add to keyfile
+ucx_map_sstr_put(keyfile->users, name, user);
+}
+// authdb functions
+User* keyfile_get_user(AuthDB *db, char *user) {
+Keyfile *keyfile = (Keyfile*)db;
+return ucx_map_cstr_get(keyfile->users, user);
+}
+int keyfile_user_verify_password(User *user, char *password) {
+KeyfileUser *usr = (KeyfileUser*)user;
+switch(usr->hash_type) {
+case KEYFILE_SSHA: return ssha_verify(usr, password);
+}
+return 0;
+}
+int keyfile_user_check_group(User *user, char *group) {
+KeyfileUser *usr = (KeyfileUser*)user;
+sstr_t grp = sstr(group);
+for(int i=0;i<usr->numgroups;i++) {
+if(!sstrcmp(usr->groups[i], grp)) {
+return 1;
+}
+}
+return 0;
+}
+void keyfile_user_free(User *user) {
+// don't free, it will be freed by keyfile_unref
+}
+int ssha_verify(KeyfileUser *user, char *password) {
+/*
+* SSHA: SHA1(pw + salt) + 8 bytes salt
+* the SSHA hash is already base64 decoded
+*/
+char *salt = user->hash + user->hashlen - 8; // last 8 bytes are salt
+size_t pwlen = strlen(password);
+size_t saltpwlen = pwlen + 8;
+char *saltpw = malloc(saltpwlen);
+memcpy(saltpw, password, pwlen);
+memcpy(saltpw + pwlen, salt, 8);
+unsigned char pwhash[20];
+SHA1((const unsigned char*)saltpw, saltpwlen, pwhash);
+if(!memcmp(user->hash, pwhash, 20)) {
+return 1;
+}
+return 0;
+}

comparison: src/server/daemon/keyfile_auth.c

src/server/daemon/keyfile_auth.c

Mercurial > hg > webserver / file comparison

comparison: src/server/daemon/keyfile_auth.c

src/server/daemon/keyfile_auth.c