commit - f46ee42641dd2c58c44365794546a0908a7ce329
commit + 397ec897bd7efc2c881e37fe4497f6c84cb11bf4
blob - 3fdff78bcab1fcf6493998cb99b64ff5a5da4f63
blob + 35892c0841b43528ed047b14d7f9c99fc59838a1
--- .gitignore
+++ .gitignore
**/obj
**/tags
+**/.cache
blob - 547a60d7b8cd9bf024edbc1b6e869566fc4b85b3
blob + 87461919df19caa7d12f3784d9f40c6c3c0cbc45
--- gotwebd/auth.c
+++ gotwebd/auth.c
time_t now;
uint64_t issued, expire;
uint8_t *data;
- size_t len;
+ int len;
char hmac[32], exp[32];
+ fprintf(stderr, "auth: code: ");
+ for (int i = 0; i < 16; i++)
+ fprintf(stderr, "%x",
+ ((uint16_t *)auth_token_secret)[i]);
+ fprintf(stderr, "\n");
+
/* xxx check for overflow */
len = (strlen(token) / 4) * 3;
- if (len < 28 + 32) /* min length assuming empty username and host */
- return -1;
data = malloc(len);
if (data == NULL)
return -1;
- if (EVP_DecodeBlock(data, token, strlen(token)) == -1) {
+ len = EVP_DecodeBlock(data, token, strlen(token));
+ if (len == -1) {
free(data);
return -1;
}
+ log_warnx("len is %d", len);
+ //len--;
now = time(NULL);
+ if (len < 28 + 32) /* min length assuming empty username and host */
+ return -1;
+
if (memcmp(data, "v1", 3) != 0) {
free(data);
return -1;
return -1;
}
+ fprintf(stderr, "check: computed:\t");
+ for (int i = 0; i < 16; i++)
+ fprintf(stderr, "%04x", (int)((uint16_t *)exp)[i]);
+ fprintf(stderr, "\n");
+
memcpy(hmac, data + len - 32, 32);
+
+ fprintf(stderr, "check: given hmac:\t");
+ for (int i = 0; i < 16; i++)
+ fprintf(stderr, "%04x", (int)((uint16_t *)hmac)[i]);
+ fprintf(stderr, "\n");
+
if (memcmp(hmac, exp, 32) != 0) {
free(data);
return -1;
memcpy(&issued, data + 3, sizeof(issued));
memcpy(&expire, data + 3 + 8, sizeof(expire));
- if (expire < now) {
- free(data);
- return -1;
- }
+ /* if (expire < now) { */
+ /* free(data); */
+ /* return -1; */
+ /* } */
+ (void)now;
/* xxx: extract username and host */
return 0;
size_t siz, hlen;
unsigned int hmaclen; /* openssl... */
- issued = time(NULL);
+ issued = 1749394718; //time(NULL);
expire = issued + (24 * 60 * 60); /* now + 1 day */
fp = open_memstream(&tok, &siz);
return NULL;
}
+ fprintf(stderr, "generated: hmac is:\t");
+ for (int i = 0; i < 16; i++)
+ fprintf(stderr, "%04x", (int)((uint16_t *)hmac)[i]);
+ fprintf(stderr, "\n");
+ log_warnx("hmaclen=%d", hmaclen);
+
bmem = BIO_new(BIO_s_mem());
if (bmem == NULL) {
free(tok);
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
b64 = BIO_push(b64, bmem);
+ log_warnx("siz is %zu", siz + hmaclen);
if (BIO_write(b64, tok, siz) != (int)siz ||
BIO_write(b64, hmac, hmaclen) != hmaclen ||
BIO_flush(b64) <= 0) {
free(tok);
BIO_free_all(b64);
+
+ if (auth_check_token(enc) == -1)
+ fatalx("generated a token that won't pass validation!");
+
return enc;
}
auth_launch(env);
break;
case GOTWEBD_IMSG_AUTH_SECRET:
- if (imsg_get_data(&imsg, auth_token_secret,
- sizeof(auth_token_secret)) == -1)
- fatalx("%s: invalid AUTH_SECRET msg", __func__);
- fprintf(stderr, "auth: code: ");
- for (int i = 0; i < 16; i++)
- fprintf(stderr, "%x",
- ((uint16_t *)auth_token_secret)[i]);
- fprintf(stderr, "\n");
+ /* if (imsg_get_data(&imsg, auth_token_secret, */
+ /* sizeof(auth_token_secret)) == -1) */
+ /* fatalx("%s: invalid AUTH_SECRET msg", __func__); */
+ /* fprintf(stderr, "auth: code: "); */
+ /* for (int i = 0; i < 16; i++) */
+ /* fprintf(stderr, "%x", */
+ /* ((uint16_t *)auth_token_secret)[i]); */
+ /* fprintf(stderr, "\n"); */
break;
default:
fatalx("%s: unknown imsg type %d", __func__,
