comparison: src/server/daemon/keyfile_auth.c
src/server/daemon/keyfile_auth.c
- changeset 415
- d938228c382e
- parent 261
- f2c772336ecd
- child 467
- 4d038bc6f86e
equal
deleted
inserted
replaced
| 414:99a34860c105 | 415:d938228c382e |
|---|---|
| 39 #endif | 39 #endif |
| 40 | 40 |
| 41 #include "../util/atomic.h" | 41 #include "../util/atomic.h" |
| 42 #include "../util/util.h" | 42 #include "../util/util.h" |
| 43 | 43 |
| 44 #include <cx/hash_map.h> | |
| 45 | |
| 44 #include "keyfile_auth.h" | 46 #include "keyfile_auth.h" |
| 45 | 47 |
| 46 Keyfile* keyfile_new(UcxAllocator *a) { | 48 Keyfile* keyfile_new(CxAllocator *a) { |
| 47 Keyfile *keyfile = alcalloc(a, 1, sizeof(Keyfile)); | 49 Keyfile *keyfile = cxCalloc(a, 1, sizeof(Keyfile)); |
| 48 if(!keyfile) { | 50 if(!keyfile) { |
| 49 return NULL; | 51 return NULL; |
| 50 } | 52 } |
| 51 keyfile->authdb.get_user = keyfile_get_user; | 53 keyfile->authdb.get_user = keyfile_get_user; |
| 52 keyfile->authdb.use_cache = 0; | 54 keyfile->authdb.use_cache = 0; |
| 53 keyfile->users = ucx_map_new_a(a, 16); | 55 keyfile->users = cxHashMapCreate(a, 16); |
| 54 return keyfile; | 56 return keyfile; |
| 55 } | 57 } |
| 56 | 58 |
| 57 int keyfile_add_user( | 59 int keyfile_add_user( |
| 58 Keyfile *keyfile, | 60 Keyfile *keyfile, |
| 59 sstr_t name, | 61 cxmutstr name, |
| 60 enum KeyfileHashType hash_type, | 62 enum KeyfileHashType hash_type, |
| 61 sstr_t hash, | 63 cxmutstr hash, |
| 62 sstr_t *groups, | 64 cxmutstr *groups, |
| 63 size_t ngroups) | 65 size_t ngroups) |
| 64 { | 66 { |
| 65 UcxAllocator *a = keyfile->users->allocator; | 67 CxAllocator *a = keyfile->users->allocator; |
| 66 | 68 |
| 67 if(hash.length < 12) { | 69 if(hash.length < 12) { |
| 68 // hash too short | 70 // hash too short |
| 69 // TODO: log | 71 // TODO: log |
| 70 return -1; | 72 return -1; |
| 71 } | 73 } |
| 72 | 74 |
| 73 KeyfileUser *user = almalloc(a, sizeof(KeyfileUser)); | 75 KeyfileUser *user = cxMalloc(a, sizeof(KeyfileUser)); |
| 74 user->user.name = sstrdup_a(a, name).ptr; | 76 user->user.name = cx_strdup_a(a, cx_strcast(name)).ptr; |
| 75 user->user.uid = -1; | 77 user->user.uid = -1; |
| 76 user->user.gid = -1; | 78 user->user.gid = -1; |
| 77 user->user.verify_password = keyfile_user_verify_password; | 79 user->user.verify_password = keyfile_user_verify_password; |
| 78 user->user.check_group = keyfile_user_check_group; | 80 user->user.check_group = keyfile_user_check_group; |
| 79 user->user.free = keyfile_user_free; | 81 user->user.free = keyfile_user_free; |
| 80 | 82 |
| 81 user->hash_type = hash_type; | 83 user->hash_type = hash_type; |
| 82 user->hash = almalloc(a, hash.length + 1); | 84 user->hash = cxMalloc(a, hash.length + 1); |
| 83 | 85 |
| 84 if(!user->user.name || !user->hash) { | 86 if(!user->user.name || !user->hash) { |
| 85 return -1; | 87 return -1; |
| 86 } | 88 } |
| 87 | 89 |
| 88 user->hashlen = util_base64decode(hash.ptr, hash.length, user->hash); | 90 user->hashlen = util_base64decode(hash.ptr, hash.length, user->hash); |
| 89 | 91 |
| 90 if(ngroups > 0) { | 92 if(ngroups > 0) { |
| 91 user->groups = alcalloc(a, ngroups, sizeof(sstr_t)); | 93 user->groups = cxCalloc(a, ngroups, sizeof(cxmutstr)); |
| 92 if(!user->groups) { | 94 if(!user->groups) { |
| 93 return -1; | 95 return -1; |
| 94 } | 96 } |
| 95 for(int i=0;i<ngroups;i++) { | 97 for(int i=0;i<ngroups;i++) { |
| 96 user->groups[i] = sstrdup_a(a, groups[i]); | 98 user->groups[i] = cx_strdup_a(a, cx_strcast(groups[i])); |
| 97 } | 99 } |
| 98 | 100 |
| 99 } else { | 101 } else { |
| 100 user->groups = NULL; | 102 user->groups = NULL; |
| 101 } | 103 } |
| 102 | 104 |
| 103 // add to keyfile | 105 // add to keyfile |
| 104 return ucx_map_sstr_put(keyfile->users, name, user); | 106 return cxMapPut(keyfile->users, cx_hash_key(name.ptr, name.length), user); |
| 105 } | 107 } |
| 106 | 108 |
| 107 // authdb functions | 109 // authdb functions |
| 108 | 110 |
| 109 User* keyfile_get_user(AuthDB *db, char *user) { | 111 User* keyfile_get_user(AuthDB *db, const char *user) { |
| 110 Keyfile *keyfile = (Keyfile*)db; | 112 Keyfile *keyfile = (Keyfile*)db; |
| 111 return ucx_map_cstr_get(keyfile->users, user); | 113 return cxMapGet(keyfile->users, cx_hash_key_str(user)); |
| 112 } | 114 } |
| 113 | 115 |
| 114 int keyfile_user_verify_password(User *user, char *password) { | 116 int keyfile_user_verify_password(User *user, const char *password) { |
| 115 KeyfileUser *usr = (KeyfileUser*)user; | 117 KeyfileUser *usr = (KeyfileUser*)user; |
| 116 return ssha_verify(usr, password); | 118 return ssha_verify(usr, password); |
| 117 } | 119 } |
| 118 | 120 |
| 119 int keyfile_user_check_group(User *user, char *group) { | 121 int keyfile_user_check_group(User *user, const char *group) { |
| 120 KeyfileUser *usr = (KeyfileUser*)user; | 122 KeyfileUser *usr = (KeyfileUser*)user; |
| 121 sstr_t grp = sstr(group); | 123 cxstring grp = cx_str(group); |
| 122 for(int i=0;i<usr->numgroups;i++) { | 124 for(int i=0;i<usr->numgroups;i++) { |
| 123 if(!sstrcmp(usr->groups[i], grp)) { | 125 if(!cx_strcmp(cx_strcast(usr->groups[i]), grp)) { |
| 124 return 1; | 126 return 1; |
| 125 } | 127 } |
| 126 } | 128 } |
| 127 return 0; | 129 return 0; |
| 128 } | 130 } |
| 130 void keyfile_user_free(User *user) { | 132 void keyfile_user_free(User *user) { |
| 131 // don't free, it will be freed by keyfile_unref | 133 // don't free, it will be freed by keyfile_unref |
| 132 } | 134 } |
| 133 | 135 |
| 134 | 136 |
| 135 int ssha_verify(KeyfileUser *user, char *password) { | 137 int ssha_verify(KeyfileUser *user, const char *password) { |
| 136 /* | 138 /* |
| 137 * SSHA: SHA(pw + salt) + salt | 139 * SSHA: SHA(pw + salt) + salt |
| 138 * user->hash is already base64 decoded | 140 * user->hash is already base64 decoded |
| 139 */ | 141 */ |
| 140 | 142 |
