Commit Diff

Commit:
0ca6718ee266e9ad7803251cd0835e8da61014d3
From:
Omar Polo <op@omarpolo.com>
Date:
Message:
use table for auth
Actions:
Patch | Tree
commit - 9efa7b7aecf438a367ad0799ff9528a606398910
commit + 0ca6718ee266e9ad7803251cd0835e8da61014d3
blob - 67201e8f435c4a382aeba1763092954a8249178b
blob + fc1f875aa8b4bd5f51a0ebe39be2ece27d521c7b
--- kamid.c
+++ kamid.c
@@ -40,6 +40,7 @@
 #include "listener.h"
 #include "log.h"
 #include "sandbox.h"
+#include "table.h"
 #include "utils.h"
 
 enum kd_process {
@@ -241,23 +242,52 @@ main_sig_handler(int sig, short event, void *arg)
 		break;
 	default:
 		fatalx("unexpected signal %d", sig);
+	}
+}
+
+static inline struct table *
+auth_table_by_id(uint32_t id)
+{
+	struct kd_listen_conf *listen;
+
+	SIMPLEQ_FOREACH(listen, &main_conf->listen_head, entry) {
+		if (listen->id == id)
+			return listen->auth_table;
 	}
+
+	return NULL;
 }
 
 static inline void
 do_auth_tls(struct imsg *imsg)
 {
-	const char *hash, *username = "op";
+	char *username = NULL;
 	struct passwd *pw;
+	struct table *t;
+	struct kd_auth_req auth;
 	int p[2];
 
-	hash = imsg->data;
-	if (hash[IMSG_DATA_SIZE(*imsg)-1] != '\0')
+	if (sizeof(auth) != IMSG_DATA_SIZE(*imsg))
+		fatal("wrong size for IMSG_AUTH_TLS: "
+		    "got %lu; want %lu", IMSG_DATA_SIZE(*imsg),
+		    sizeof(auth));
+	memcpy(&auth, imsg->data, sizeof(auth));
+
+	if (memmem(auth.hash, sizeof(auth.hash), "", 1) == NULL)
+                fatal("non NUL-terminated hash received");
+
+	log_debug("tls id=%u hash=%s", auth.listen_id, auth.hash);
+
+	if ((t = auth_table_by_id(auth.listen_id)) == NULL)
+		fatal("request for invalid listener id %d", imsg->hdr.pid);
+
+	log_debug("before table_lookup");
+	if (table_lookup(t, auth.hash, &username) == -1) {
+		log_warnx("login failed for hash %s", auth.hash);
 		goto err;
+	}
 
-	log_debug("tls hash=%s", hash);
-	log_debug("assuming it refers to user `%s'",
-	    username);
+	log_debug("matched local user %s", username);
 
 	if ((pw = getpwnam(username)) == NULL) {
 		log_warn("getpwnam(%s)", username);
@@ -275,9 +305,11 @@ do_auth_tls(struct imsg *imsg)
 	main_imsg_compose_listener(IMSG_AUTH_DIR, -1, imsg->hdr.peerid,
 	    pw->pw_dir, strlen(pw->pw_dir)+1);
 
+	free(username);
 	return;
 
 err:
+	free(username);
 	main_imsg_compose_listener(IMSG_AUTH, -1, imsg->hdr.peerid,
 	    NULL, 0);
 }
blob - ab1b10aa6f2f2b04606cca2b0d1339d419b94e0a
blob + 19d2b4de797981210de08763b7513dd5192cd356
--- kamid.h
+++ kamid.h
@@ -119,6 +119,11 @@ struct kd_conf {
 	SIMPLEQ_HEAD(kd_listen_conf_head, kd_listen_conf)	 listen_head;
 };
 
+struct kd_auth_req {
+	uint32_t	listen_id;
+	char		hash[128+1];
+};
+
 /* kamid.c */
 extern int verbose;
 int	main_imsg_compose_listener(int, int, uint32_t, const void *, uint16_t);
blob - eabd6193022b46ecd7d23b7b59a8e2f54f785398
blob + cfac1cd29f5f637b8e877d3ae0c4430139e977b7
--- listener.c
+++ listener.c
@@ -51,6 +51,7 @@ SPLAY_HEAD(clients_tree_id, client) clients;
 
 struct client {
 	uint32_t		 id;
+	uint32_t		 lid;
 	int			 fd;
 	int			 done;
 	struct tls		*ctx;
@@ -570,6 +571,7 @@ handle_accept(int fd, short ev, void *data)
 	}
 
 	c = xcalloc(1, sizeof(*c));
+	c->lid = listen->id;
 	c->iev.ibuf.fd = -1;
 
 	if (tls_accept_socket(listen->ctx, &c->ctx, s) == -1) {
@@ -595,6 +597,7 @@ static void
 handle_handshake(int fd, short ev, void *data)
 {
 	struct client *c = data;
+	struct kd_auth_req auth;
 	ssize_t r;
 	const char *hash;
 
@@ -616,9 +619,14 @@ handle_handshake(int fd, short ev, void *data)
 		close_conn(c);
 		return;
 	}
+
+	memset(&auth, 0, sizeof(auth));
+	auth.listen_id = c->lid;
+	strlcpy(auth.hash, hash, sizeof(auth.hash));
+	log_debug("sending hash %s", auth.hash);
 
 	listener_imsg_compose_main(IMSG_AUTH_TLS, c->id,
-	    hash, strlen(hash)+1);
+	    &auth, sizeof(auth));
 }
 
 static void