commit - 9efa7b7aecf438a367ad0799ff9528a606398910
commit + 0ca6718ee266e9ad7803251cd0835e8da61014d3
blob - 67201e8f435c4a382aeba1763092954a8249178b
blob + fc1f875aa8b4bd5f51a0ebe39be2ece27d521c7b
--- kamid.c
+++ kamid.c
#include "listener.h"
#include "log.h"
#include "sandbox.h"
+#include "table.h"
#include "utils.h"
enum kd_process {
break;
default:
fatalx("unexpected signal %d", sig);
+ }
+}
+
+static inline struct table *
+auth_table_by_id(uint32_t id)
+{
+ struct kd_listen_conf *listen;
+
+ SIMPLEQ_FOREACH(listen, &main_conf->listen_head, entry) {
+ if (listen->id == id)
+ return listen->auth_table;
}
+
+ return NULL;
}
static inline void
do_auth_tls(struct imsg *imsg)
{
- const char *hash, *username = "op";
+ char *username = NULL;
struct passwd *pw;
+ struct table *t;
+ struct kd_auth_req auth;
int p[2];
- hash = imsg->data;
- if (hash[IMSG_DATA_SIZE(*imsg)-1] != '\0')
+ if (sizeof(auth) != IMSG_DATA_SIZE(*imsg))
+ fatal("wrong size for IMSG_AUTH_TLS: "
+ "got %lu; want %lu", IMSG_DATA_SIZE(*imsg),
+ sizeof(auth));
+ memcpy(&auth, imsg->data, sizeof(auth));
+
+ if (memmem(auth.hash, sizeof(auth.hash), "", 1) == NULL)
+ fatal("non NUL-terminated hash received");
+
+ log_debug("tls id=%u hash=%s", auth.listen_id, auth.hash);
+
+ if ((t = auth_table_by_id(auth.listen_id)) == NULL)
+ fatal("request for invalid listener id %d", imsg->hdr.pid);
+
+ log_debug("before table_lookup");
+ if (table_lookup(t, auth.hash, &username) == -1) {
+ log_warnx("login failed for hash %s", auth.hash);
goto err;
+ }
- log_debug("tls hash=%s", hash);
- log_debug("assuming it refers to user `%s'",
- username);
+ log_debug("matched local user %s", username);
if ((pw = getpwnam(username)) == NULL) {
log_warn("getpwnam(%s)", username);
main_imsg_compose_listener(IMSG_AUTH_DIR, -1, imsg->hdr.peerid,
pw->pw_dir, strlen(pw->pw_dir)+1);
+ free(username);
return;
err:
+ free(username);
main_imsg_compose_listener(IMSG_AUTH, -1, imsg->hdr.peerid,
NULL, 0);
}
blob - ab1b10aa6f2f2b04606cca2b0d1339d419b94e0a
blob + 19d2b4de797981210de08763b7513dd5192cd356
--- kamid.h
+++ kamid.h
SIMPLEQ_HEAD(kd_listen_conf_head, kd_listen_conf) listen_head;
};
+struct kd_auth_req {
+ uint32_t listen_id;
+ char hash[128+1];
+};
+
/* kamid.c */
extern int verbose;
int main_imsg_compose_listener(int, int, uint32_t, const void *, uint16_t);
blob - eabd6193022b46ecd7d23b7b59a8e2f54f785398
blob + cfac1cd29f5f637b8e877d3ae0c4430139e977b7
--- listener.c
+++ listener.c
struct client {
uint32_t id;
+ uint32_t lid;
int fd;
int done;
struct tls *ctx;
}
c = xcalloc(1, sizeof(*c));
+ c->lid = listen->id;
c->iev.ibuf.fd = -1;
if (tls_accept_socket(listen->ctx, &c->ctx, s) == -1) {
handle_handshake(int fd, short ev, void *data)
{
struct client *c = data;
+ struct kd_auth_req auth;
ssize_t r;
const char *hash;
close_conn(c);
return;
}
+
+ memset(&auth, 0, sizeof(auth));
+ auth.listen_id = c->lid;
+ strlcpy(auth.hash, hash, sizeof(auth.hash));
+ log_debug("sending hash %s", auth.hash);
listener_imsg_compose_main(IMSG_AUTH_TLS, c->id,
- hash, strlen(hash)+1);
+ &auth, sizeof(auth));
}
static void