commit - 9588300b2310754aad4bb34786bb9b0351f459f5
commit + ab49325580f82fd698b4d0503625fa1bbb7f1652
blob - 2c9b4c7b9ec28cf3ae4da688e73c2b199a61c175
blob + 73844c2b82bfd4dffc4278ec535019ca2e956b96
--- gotwebd/auth.c
+++ gotwebd/auth.c
static volatile int client_cnt;
static int inflight;
-static char token_secret[32];
+char auth_token_secret[32];
-#if 0
-int
-auth_init(void)
-{
- arc4random_buf(token_secret);
-}
-#endif
-
/*
* The token format is:
*
return -1;
}
- if (HMAC(EVP_sha256(), token_secret, sizeof(token_secret), data,
- len - 32, exp, NULL) == NULL) {
+ if (HMAC(EVP_sha256(), auth_token_secret, sizeof(auth_token_secret),
+ data, len - 32, exp, NULL) == NULL) {
free(data);
return -1;
}
return NULL;
}
- if (HMAC(EVP_sha256(), token_secret, sizeof(token_secret), tok, siz,
- hmac, &hmaclen) == NULL) {
+ if (HMAC(EVP_sha256(), auth_token_secret, sizeof(auth_token_secret),
+ tok, siz, hmac, &hmaclen) == NULL) {
free(tok);
return NULL;
}
break;
case GOTWEBD_IMSG_CTL_START:
auth_launch(env);
+ break;
+ case GOTWEBD_IMSG_AUTH_SECRET:
+ if (imsg_get_data(&imsg, auth_token_secret,
+ sizeof(auth_token_secret)) == -1)
+ fatalx("%s: invalid AUTH_SECRET msg", __func__);
+ fprintf(stderr, "auth: code: ");
+ for (int i = 0; i < 16; i++)
+ fprintf(stderr, "%x",
+ ((uint16_t *)auth_token_secret)[i]);
+ fprintf(stderr, "\n");
break;
default:
fatalx("%s: unknown imsg type %d", __func__,
blob - db9f586dae8ab239b36bb87983f3f6345f44b4c0
blob + 0382f7e6be608750be2c3e0ee02f50daa24bc381
--- gotwebd/gotweb.c
+++ gotwebd/gotweb.c
break;
case GOTWEBD_IMSG_CTL_START:
gotweb_launch(env);
+ break;
+ case GOTWEBD_IMSG_AUTH_SECRET:
+ if (imsg_get_data(&imsg, auth_token_secret,
+ sizeof(auth_token_secret)) == -1)
+ fatalx("%s: invalid AUTH_SECRET msg", __func__);
+ fprintf(stderr, "gotwebd: code: ");
+ for (int i = 0; i < 16; i++)
+ fprintf(stderr, "%x",
+ ((uint16_t *)auth_token_secret)[i]);
+ fprintf(stderr, "\n");
break;
default:
fatalx("%s: unknown imsg type %d", __func__,
blob - d5aac58e76bff711acb2cff1d174502b13a6f039
blob + a11ae6f06bb79acc24e4927dce18a16c90269601
--- gotwebd/gotwebd.c
+++ gotwebd/gotwebd.c
/* gotweb need to reload its config. */
env->servers_pending = env->prefork_gotwebd;
env->gotweb_pending = env->prefork_gotwebd;
+
+ arc4random_buf(auth_token_secret, sizeof(auth_token_secret));
/* send our gotweb servers */
TAILQ_FOREACH(srv, &env->servers, entry) {
if (main_compose_gotweb(env, GOTWEBD_IMSG_CFG_SRV,
-1, srv, sizeof(*srv)) == -1)
fatal("main_compose_gotweb GOTWEBD_IMSG_CFG_SRV");
+
+ if (main_compose_gotweb(env, GOTWEBD_IMSG_AUTH_SECRET, -1,
+ auth_token_secret, sizeof(auth_token_secret)) == -1)
+ fatal("main_compose_gotweb GOTWEB_IMSG_AUTH_SECRET");
}
/* send our sockets */
fatalx("%s: send socket error", __func__);
}
+ if (main_compose_auth(env, GOTWEBD_IMSG_AUTH_SECRET, -1,
+ auth_token_secret, sizeof(auth_token_secret)) == -1)
+ fatal("main_compose_gotweb GOTWEB_IMSG_AUTH_SECRET");
+
if (auth_privinit(env, uid, gid) == -1)
fatalx("cannot open authentication socket");
+
if (main_compose_auth(env, GOTWEBD_IMSG_CFG_SOCK, env->auth_sock->fd,
NULL, 0) == -1)
fatal("main_compose_auth GOTWEBD_IMSG_CFG_SOCK");
blob - b5864d25a22fbb8ba0d3d41cdb8283fbf5873c39
blob + 9132227647f754018fffa6d218b2459acf39a02e
--- gotwebd/gotwebd.h
+++ gotwebd/gotwebd.h
GOTWEBD_IMSG_CTL_PIPE,
GOTWEBD_IMSG_CTL_START,
GOTWEBD_IMSG_AUTH_SOCK,
+ GOTWEBD_IMSG_AUTH_SECRET,
GOTWEBD_IMSG_REQ_PROCESS,
GOTWEBD_IMSG_REQ_DONE,
};
RSS,
};
+extern char auth_token_secret[32];
+
extern struct gotwebd *gotwebd_env;
typedef int (*got_render_blame_line_cb)(struct template *, const char *,