Sat, 15 Sep 2018 11:56:36 +0200
adds encrypted password store
new repo config element: <stored-user>
new dav command: add-user
/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright 2018 Olaf Wintermann. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef PWD_H #define PWD_H #include <stdlib.h> #include <inttypes.h> #include <ucx/map.h> #include <ucx/buffer.h> #include <libidav/crypto.h> #ifdef __cplusplus extern "C" { #endif #define PWDSTORE_MAX_LEN 1024 /* * File Format: * * file = header, enc_content * header = magic, version, enc, pwfunc, salt * magic = 1 byte * version = 1 byte * enc = 1 byte * pwfunc = 1 byte * salt = 16 bytes * content = { entry } * entry = length username length password * length = uint16 * username = string * password = string * * The content is AES encrypted with a key derived from a password * and the salt. The first 16 bytes are the aes iv. * * All integers are big endian */ #define PWDS_HEADER_SIZE 20 typedef struct PwdStore PwdStore; typedef struct PwdEntry PwdEntry; struct PwdStore { /* * map of all usernames and passwords * key is the username * value is PwdEntry* */ UcxMap *pwds; /* * a buffer containing the complete file content */ UcxBuffer *content; /* * key used for encryption/decryption */ DavKey *key; /* * indicates if the PwdStore is decrypted with pwdstore_decrypt */ uint8_t isdecrypted; }; #define PWDS_MAGIC(p) (p)->content->space[0] #define PWDS_VERSION(p) (p)->content->space[1] #define PWDS_ENC(p) (p)->content->space[2] #define PWDS_PWFUNC(p) (p)->content->space[3] #define PWDS_MAGIC_CHAR 'P' struct PwdEntry { char *user; char *password; }; /* * opens the password store * the content is still encrypted and must be decrypted using pwdstore_decrypt */ PwdStore* pwdstore_open(const char *file); PwdStore* pwdstore_new(void); /* * decrypts the password store with a password */ int pwdstore_decrypt(PwdStore *p); int pwdstore_setpassword(PwdStore *p, const char *password); void pwdstore_encsettings(PwdStore *p, uint8_t enc, uint8_t pwfunc); void pwdstore_free(PwdStore* p); PwdEntry* pwdstore_get(PwdStore *p, const char *username); void pwdstore_put(PwdStore *p, const char *username, const char *password); int pwdstore_store(PwdStore *p, const char *file); #ifdef __cplusplus } #endif #endif /* PWD_H */