commit 66af5e955911a7f9db29e0bcd2fdf7df1b69eb67
parent 570ad8dc58ee32d83fc1108a08ad23cf6876ef38
Author: Jan Pobrislo <ccx@te2000.cz>
Date: Wed, 31 Jul 2024 10:15:15 +0000
More WIP on miniroon
Diffstat:
M | src/miniroon.c | | | 68 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------ |
1 file changed, 62 insertions(+), 6 deletions(-)
diff --git a/src/miniroon.c b/src/miniroon.c
@@ -15,12 +15,25 @@
#define input_fd 0
#define payload_size_max 1024*1024
-typedef struct {
+typedef struct bytebuffer_s {
char *data;
size_t len;
-} bytebuffer_t;
+} bytebuffer;
-int netstring_get_chunk (const bytebuffer_t *input, bytebuffer_t *chunk, bytebuffer_t *rest)
+typedef struct miniroon_header_b {
+ bytebuffer *id;
+
+ enum miniroon_version {
+ V0 = 0
+ } version;
+
+ enum miniroon_action {
+ REVOKE, INVOKE, INVOKE_ONCE
+ } action;
+
+} miniroon_header;
+
+int netstring_get_chunk (const bytebuffer *input, bytebuffer *chunk, bytebuffer *rest)
{
uint64_t nlen; /* size of payload */
size_t pos; /* size of numerical prefix */
@@ -62,6 +75,17 @@ void fd_block(int fd) {
}
}
+void parse_header(miniroon_header *header, bytebuffer *outer) {
+ bytebuffer input=*outer, chunk, next;
+ if(!input.len) {
+ strerr_dief1x(111, "Empty header");
+ }
+ if(!netstring_get_chunk(&input, &chunk, &next)) {
+ strerr_dief1x(111, "Malformed netstring");
+ }
+
+}
+
int handle_payload(size_t payload_size) {
char payload[payload_size+1];
char *read_next = payload;
@@ -83,9 +107,15 @@ int handle_payload(size_t payload_size) {
strerr_dief1x(111, "Invalid netstring terminator");
}
- bytebuffer_t input, chunk, next;
- next.data = payload;
- next.len = payload_size;
+ bytebuffer input, chunk, next;
+ input.data = payload;
+ input.len = payload_size;
+
+ if(!netstring_get_chunk(&input, &chunk, &next)) {
+ strerr_dief1x(111, "Malformed netstring");
+ }
+ macaroon_info_t macaroon_info;
+ handle_header(&macaroon_info, &chunk);
while(next.len) {
input = next;
@@ -96,11 +126,37 @@ int handle_payload(size_t payload_size) {
}
}
+
+/*
+capability ```
+container/bzr.ccx/123456
+login/tty1/7890
+```
+- secret
+- execline command
+- env allowlist (re?)
+- max execution count/id (uuidv7?)
+
+```
+h1 = hmac(secret, [capv0;name;invoke-once])
+c1 = [capv0;name;invoke-once;h1]
+c2 = [capv0;name;invoke-once;att1;hmac(h1, [att1])]
+```
+*/
+
int main (int argc, char const *const *argv)
{
char read_char;
size_t payload_size = 0;
+ if (argc != 2) {
+ strerr_dieusage(100, USAGE);
+ }
+
+ if (chdir(argv[1]) != 0) {
+ strerr_dief1sys(111, "chdir()");
+ }
+
fd_block(input_fd);
while(payload_size < payload_size_max) {