File: server_authorization.c

package info (click to toggle)
lsh-utils 2.1-12
  • links: PTS
  • area: main
  • in suites: buster
  • size: 12,884 kB
  • sloc: ansic: 51,017; sh: 5,683; lisp: 657; makefile: 381; perl: 63
file content (115 lines) | stat: -rw-r--r-- 2,643 bytes parent folder | download | duplicates (9) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
/* server_authorization.c
 *
 * User authorization database.
 *
 */

/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1999 Balzs Scheidler
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

#if HAVE_CONFIG_H
#include "config.h"
#endif

#include <assert.h>

#include "server_authorization.h"

#include "format.h"
#include "publickey_crypto.h"
#include "server_userauth.h"
#include "sexp.h"
#include "spki.h"
#include "xalloc.h"

#include "server_authorization.c.x"

/* For now a key is authorized if a file named as the hash of the
   SPKI pubkey exists */

/* GABA:
   (class
     (name authorization_db)
     (super lookup_verifier)
     (vars
       (index_name string)
       ;; (signalgo object signature_algorithm)
       (hashalgo const object hash_algorithm)))
*/

static struct verifier *
do_key_lookup(struct lookup_verifier *c,
	      int method,
	      struct lsh_user *keyholder,
	      struct lsh_string *key)
{
  CAST(authorization_db, closure, c);
  struct lsh_string *filename;

  struct verifier *v = NULL;

  assert(keyholder);

  switch (method)
    {
    default:
      return NULL;

      /* FIXME: SPKI support. */
      
    case ATOM_SSH_DSS:
      v = make_ssh_dss_verifier(key);
      break;

    case ATOM_SSH_RSA:
      v = make_ssh_rsa_verifier(key);
      break;
    }

  if (!v)
    return NULL;
  
  /* FIXME: Proper spki acl reading should go here. */
  
  filename = ssh_format(".lsh/%lS/%lxfS", 
			closure->index_name,
			hash_string(closure->hashalgo,
				    PUBLIC_SPKI_KEY(v, 0),
				    1));
  
  if (USER_FILE_EXISTS(keyholder, filename, 1))
    return v;

  return NULL;
}

struct lookup_verifier *
make_authorization_db(struct lsh_string *index_name, 
		      /* struct signature_algorithm *s, */
		      const struct hash_algorithm *h)
{
  NEW(authorization_db, res);

  res->super.lookup = do_key_lookup;
  res->index_name = index_name;
  /* res->signalgo = s; */
  res->hashalgo = h;

  return &res->super;
}