ccx-utils

Miscellaneous utilities written in C
git clone https://ccx.te2000.cz/git/ccx-utils
Log | Files | Refs

commit 66af5e955911a7f9db29e0bcd2fdf7df1b69eb67
parent 570ad8dc58ee32d83fc1108a08ad23cf6876ef38
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Wed, 31 Jul 2024 10:15:15 +0000

More WIP on miniroon

Diffstat:
Msrc/miniroon.c | 68++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 62 insertions(+), 6 deletions(-)

diff --git a/src/miniroon.c b/src/miniroon.c @@ -15,12 +15,25 @@ #define input_fd 0 #define payload_size_max 1024*1024 -typedef struct { +typedef struct bytebuffer_s { char *data; size_t len; -} bytebuffer_t; +} bytebuffer; -int netstring_get_chunk (const bytebuffer_t *input, bytebuffer_t *chunk, bytebuffer_t *rest) +typedef struct miniroon_header_b { + bytebuffer *id; + + enum miniroon_version { + V0 = 0 + } version; + + enum miniroon_action { + REVOKE, INVOKE, INVOKE_ONCE + } action; + +} miniroon_header; + +int netstring_get_chunk (const bytebuffer *input, bytebuffer *chunk, bytebuffer *rest) { uint64_t nlen; /* size of payload */ size_t pos; /* size of numerical prefix */ @@ -62,6 +75,17 @@ void fd_block(int fd) { } } +void parse_header(miniroon_header *header, bytebuffer *outer) { + bytebuffer input=*outer, chunk, next; + if(!input.len) { + strerr_dief1x(111, "Empty header"); + } + if(!netstring_get_chunk(&input, &chunk, &next)) { + strerr_dief1x(111, "Malformed netstring"); + } + +} + int handle_payload(size_t payload_size) { char payload[payload_size+1]; char *read_next = payload; @@ -83,9 +107,15 @@ int handle_payload(size_t payload_size) { strerr_dief1x(111, "Invalid netstring terminator"); } - bytebuffer_t input, chunk, next; - next.data = payload; - next.len = payload_size; + bytebuffer input, chunk, next; + input.data = payload; + input.len = payload_size; + + if(!netstring_get_chunk(&input, &chunk, &next)) { + strerr_dief1x(111, "Malformed netstring"); + } + macaroon_info_t macaroon_info; + handle_header(&macaroon_info, &chunk); while(next.len) { input = next; @@ -96,11 +126,37 @@ int handle_payload(size_t payload_size) { } } + +/* +capability ``` +container/bzr.ccx/123456 +login/tty1/7890 +``` +- secret +- execline command +- env allowlist (re?) +- max execution count/id (uuidv7?) + +``` +h1 = hmac(secret, [capv0;name;invoke-once]) +c1 = [capv0;name;invoke-once;h1] +c2 = [capv0;name;invoke-once;att1;hmac(h1, [att1])] +``` +*/ + int main (int argc, char const *const *argv) { char read_char; size_t payload_size = 0; + if (argc != 2) { + strerr_dieusage(100, USAGE); + } + + if (chdir(argv[1]) != 0) { + strerr_dief1sys(111, "chdir()"); + } + fd_block(input_fd); while(payload_size < payload_size_max) {