Makefile- acl.c
- acl.h
- acldata.c
- acldata.h
- auth.c
- auth.h
- config.c
- config.h
- configmanager.c
- configmanager.h
- error.c
- error.h
- event.c
- event.h
- event_bsd.c
- event_bsd.h
- event_linux.c
- event_linux.h
- event_solaris.c
- event_solaris.h
- func.c
- func.h
- http.c
- http.h
- httplistener.c
- httplistener.h
- httpparser.c
- httpparser.h
- httprequest.c
- httprequest.h
- keyfile_auth.c
- keyfile_auth.h
- ldap_auth.c
- ldap_auth.h
- ldap_resource.c
- ldap_resource.h
- log.c
- log.h
- main.c
- netsite.h
- objs.mk
- protocol.c
- protocol.h
- request.c
- request.h
- resourcepool.c
- resourcepool.h
- session.c
- session.h
- sessionhandler.c
- sessionhandler.h
- srvctrl.c
- srvctrl.h
- threadpools.c
- threadpools.h
- vfs.c
- vfs.h
- vserver.c
- vserver.h
- webserver.c
- webserver.h
- websocket.c
- websocket.h
- ws-fn.c
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright 2013 Olaf Wintermann. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/sha.h>
#if defined(__sun) && defined(__SunOS_5_10)
#include <sha2.h>
#define SHA256_Init SHA256Init
#define SHA256_Update SHA256Update
#define SHA256_Final SHA256Final
#endif
#include "../util/atomic.h"
#include "../util/util.h"
#include <cx/hash_map.h>
#include "keyfile_auth.h"
Keyfile* keyfile_new(CxAllocator *a) {
Keyfile *keyfile = cxCalloc(a, 1, sizeof(Keyfile));
if(!keyfile) {
return NULL;
}
keyfile->authdb.get_user = keyfile_get_user;
keyfile->authdb.use_cache = 0;
keyfile->users = cxHashMapCreate(a, CX_STORE_POINTERS, 16);
return keyfile;
}
int keyfile_add_user(
Keyfile *keyfile,
cxmutstr name,
enum KeyfileHashType hash_type,
cxmutstr hash,
cxmutstr *groups,
size_t ngroups)
{
const CxAllocator *a = keyfile->users->allocator;
if(hash.length < 12) {
// hash too short
// TODO: log
return -1;
}
KeyfileUser *user = cxMalloc(a, sizeof(KeyfileUser));
user->user.name = cx_strdup_a(a, cx_strcast(name)).ptr;
user->user.uid = -1;
user->user.gid = -1;
user->user.verify_password = keyfile_user_verify_password;
user->user.check_group = keyfile_user_check_group;
user->user.free = keyfile_user_free;
user->hash_type = hash_type;
user->hash = cxMalloc(a, hash.length + 1);
if(!user->user.name || !user->hash) {
return -1;
}
user->hashlen = util_base64decode(hash.ptr, hash.length, user->hash);
if(ngroups > 0) {
user->groups = cxCalloc(a, ngroups, sizeof(cxmutstr));
if(!user->groups) {
return -1;
}
for(int i=0;i<ngroups;i++) {
user->groups[i] = cx_strdup_a(a, cx_strcast(groups[i]));
}
} else {
user->groups = NULL;
}
// add to keyfile
return cxMapPut(keyfile->users, cx_hash_key(name.ptr, name.length), user);
}
// authdb functions
User* keyfile_get_user(AuthDB *db, Session *sn, Request *rq, const char *user) {
Keyfile *keyfile = (Keyfile*)db;
return cxMapGet(keyfile->users, cx_hash_key_str(user));
}
int keyfile_user_verify_password(User *user, const char *password) {
KeyfileUser *usr = (KeyfileUser*)user;
return ssha_verify(usr, password);
}
int keyfile_user_check_group(User *user, const char *group) {
KeyfileUser *usr = (KeyfileUser*)user;
cxstring grp = cx_str(group);
for(int i=0;i<usr->numgroups;i++) {
if(!cx_strcmp(cx_strcast(usr->groups[i]), grp)) {
return 1;
}
}
return 0;
}
void keyfile_user_free(User *user) {
// don't free, it will be freed by keyfile_unref
}
int ssha_verify(KeyfileUser *user, const char *password) {
/*
* SSHA: SHA(pw + salt) + salt
* user->hash is already base64 decoded
*/
size_t hlen;
switch(user->hash_type) {
case KEYFILE_SSHA: hlen = 20; break;
case KEYFILE_SSHA256: hlen = 32; break;
case KEYFILE_SSHA512: hlen = 64; break;
}
char *salt = user->hash + hlen;
size_t saltlen = user->hashlen - hlen;
size_t pwlen = strlen(password);
unsigned char pwhash[64];
switch(user->hash_type) {
case KEYFILE_SSHA: {
SHA_CTX ctx;
SHA1_Init(&ctx);
SHA1_Update(&ctx, password, pwlen);
SHA1_Update(&ctx, salt, saltlen);
SHA1_Final(pwhash, &ctx);
break;
}
case KEYFILE_SSHA256: {
SHA256_CTX ctx;
SHA256_Init(&ctx);
SHA256_Update(&ctx, password, pwlen);
SHA256_Update(&ctx, salt, saltlen);
SHA256_Final(pwhash, &ctx);
break;
}
case KEYFILE_SSHA512: {
SHA512_CTX ctx;
SHA512_Init(&ctx);
SHA512_Update(&ctx, password, pwlen);
SHA512_Update(&ctx, salt, saltlen);
SHA512_Final(pwhash, &ctx);
break;
}
}
if(!memcmp(user->hash, pwhash, hlen)) {
return 1;
} else {
return 0;
}
}