commit 0ca6718ee266e9ad7803251cd0835e8da61014d3 from: Omar Polo date: Thu Jul 22 18:40:42 2021 UTC use table for auth commit - 9efa7b7aecf438a367ad0799ff9528a606398910 commit + 0ca6718ee266e9ad7803251cd0835e8da61014d3 blob - 67201e8f435c4a382aeba1763092954a8249178b blob + fc1f875aa8b4bd5f51a0ebe39be2ece27d521c7b --- kamid.c +++ kamid.c @@ -40,6 +40,7 @@ #include "listener.h" #include "log.h" #include "sandbox.h" +#include "table.h" #include "utils.h" enum kd_process { @@ -241,23 +242,52 @@ main_sig_handler(int sig, short event, void *arg) break; default: fatalx("unexpected signal %d", sig); + } +} + +static inline struct table * +auth_table_by_id(uint32_t id) +{ + struct kd_listen_conf *listen; + + SIMPLEQ_FOREACH(listen, &main_conf->listen_head, entry) { + if (listen->id == id) + return listen->auth_table; } + + return NULL; } static inline void do_auth_tls(struct imsg *imsg) { - const char *hash, *username = "op"; + char *username = NULL; struct passwd *pw; + struct table *t; + struct kd_auth_req auth; int p[2]; - hash = imsg->data; - if (hash[IMSG_DATA_SIZE(*imsg)-1] != '\0') + if (sizeof(auth) != IMSG_DATA_SIZE(*imsg)) + fatal("wrong size for IMSG_AUTH_TLS: " + "got %lu; want %lu", IMSG_DATA_SIZE(*imsg), + sizeof(auth)); + memcpy(&auth, imsg->data, sizeof(auth)); + + if (memmem(auth.hash, sizeof(auth.hash), "", 1) == NULL) + fatal("non NUL-terminated hash received"); + + log_debug("tls id=%u hash=%s", auth.listen_id, auth.hash); + + if ((t = auth_table_by_id(auth.listen_id)) == NULL) + fatal("request for invalid listener id %d", imsg->hdr.pid); + + log_debug("before table_lookup"); + if (table_lookup(t, auth.hash, &username) == -1) { + log_warnx("login failed for hash %s", auth.hash); goto err; + } - log_debug("tls hash=%s", hash); - log_debug("assuming it refers to user `%s'", - username); + log_debug("matched local user %s", username); if ((pw = getpwnam(username)) == NULL) { log_warn("getpwnam(%s)", username); @@ -275,9 +305,11 @@ do_auth_tls(struct imsg *imsg) main_imsg_compose_listener(IMSG_AUTH_DIR, -1, imsg->hdr.peerid, pw->pw_dir, strlen(pw->pw_dir)+1); + free(username); return; err: + free(username); main_imsg_compose_listener(IMSG_AUTH, -1, imsg->hdr.peerid, NULL, 0); } blob - ab1b10aa6f2f2b04606cca2b0d1339d419b94e0a blob + 19d2b4de797981210de08763b7513dd5192cd356 --- kamid.h +++ kamid.h @@ -119,6 +119,11 @@ struct kd_conf { SIMPLEQ_HEAD(kd_listen_conf_head, kd_listen_conf) listen_head; }; +struct kd_auth_req { + uint32_t listen_id; + char hash[128+1]; +}; + /* kamid.c */ extern int verbose; int main_imsg_compose_listener(int, int, uint32_t, const void *, uint16_t); blob - eabd6193022b46ecd7d23b7b59a8e2f54f785398 blob + cfac1cd29f5f637b8e877d3ae0c4430139e977b7 --- listener.c +++ listener.c @@ -51,6 +51,7 @@ SPLAY_HEAD(clients_tree_id, client) clients; struct client { uint32_t id; + uint32_t lid; int fd; int done; struct tls *ctx; @@ -570,6 +571,7 @@ handle_accept(int fd, short ev, void *data) } c = xcalloc(1, sizeof(*c)); + c->lid = listen->id; c->iev.ibuf.fd = -1; if (tls_accept_socket(listen->ctx, &c->ctx, s) == -1) { @@ -595,6 +597,7 @@ static void handle_handshake(int fd, short ev, void *data) { struct client *c = data; + struct kd_auth_req auth; ssize_t r; const char *hash; @@ -616,9 +619,14 @@ handle_handshake(int fd, short ev, void *data) close_conn(c); return; } + + memset(&auth, 0, sizeof(auth)); + auth.listen_id = c->lid; + strlcpy(auth.hash, hash, sizeof(auth.hash)); + log_debug("sending hash %s", auth.hash); listener_imsg_compose_main(IMSG_AUTH_TLS, c->id, - hash, strlen(hash)+1); + &auth, sizeof(auth)); } static void