miniroon

Simplistic macaroon-based authorization for Unix systems
git clone https://ccx.te2000.cz/git/miniroon
Log | Files | Refs
commit 1c05dacc0af8390c80bf9df66b710a612acba155
parent 65157e646a6fd2a156aa09eee7d008686a6ea4b7
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Mon,  7 Oct 2024 16:38:42 +0000

Parse miniroon header structure

Diffstat:

Msrc/gen-miniroon.py | 22+++++++++++++++++++---


Msrc/miniroon.c | 29+++++++++++++++++++++++++++--


2 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/src/gen-miniroon.py b/src/gen-miniroon.py
@@ -2,12 +2,28 @@
 import sys
 import hmac
 
+
+class NetString(bytes):
+    @classmethod
+    def from_any(cls, data):
+        if isinstance(data, NetString):
+            return cls(data)
+        if isinstance(data, bytes):
+            return cls(to_ns(data))
+        if isinstance(data, str):
+            return cls(to_ns(data.encode('ascii')))
+        return cls(to_ns(b''.join(cls.from_any(i) for i in data)))
+
+
 def to_ns(b):
     assert isinstance(b, bytes)
-    return b'%d:%s,' % (len(b), b)
+    return NetString(b'%d:%s,' % (len(b), b))
 
 
 def rec_ns(data):
+    if isinstance(data, NetString):
+        return data
+    return NetString.from_any(data)
     if isinstance(data, bytes):
         return to_ns(data)
     if isinstance(data, str):
@@ -22,11 +38,11 @@ def miniroon_hmac(key, msg):
 
 
 def make_miniroon(name, action='invoke-once', secret=b'\0'*32, caveats=(), version='capv0'):
-    hdr = rec_ns((version, name, action))
+    hdr = b''.join(NetString.from_any(i) for i in (version, name, action))
     sig = miniroon_hmac(secret, hdr)
     for c in caveats:
         sig = miniroon_hmac(sig, c)
-    return rec_ns([
+    return NetString.from_any([
         hdr,
         caveats,
         sig,
diff --git a/src/miniroon.c b/src/miniroon.c
@@ -31,7 +31,7 @@ typedef struct netstring_chunk_b {
 } netstring_chunk;
 
 typedef struct miniroon_header_s {
-  bytebuffer *id;
+  bytebuffer id;
 
   enum miniroon_version {
     V0 = 0
@@ -121,6 +121,8 @@ bool netstring_chunk_next (netstring_chunk *c) {
   c->outer.len += c->inner.len + 2;
   c->source.data += c->outer.len;
   c->source.len -= c->outer.len;
+  // dbg_print_bb1("Chunk > Outer", &c->outer);
+  // dbg_print_bb1("Chunk > Inner", &c->inner);
   return true;
 }
 
@@ -136,8 +138,31 @@ void fd_block(int fd) {
 }
 
 void parse_header(miniroon_header *header, bytebuffer *source) {
-  // TODO
   dbg_print_bb1("Got header", source);
+  netstring_chunk c;
+  netstring_chunk_init(&c, *source);
+
+  if(!netstring_chunk_next(&c)) {
+    strerr_dief1x(111, "Mising version in miniroon header");
+  }
+  dbg_print_bb1("Header > Version", &c.inner);
+  // TODO
+
+  if(!netstring_chunk_next(&c)) {
+    strerr_dief1x(111, "Mising ID in miniroon header");
+  }
+  dbg_print_bb1("Header > ID", &c.inner);
+  header->id = c.inner;
+
+  if(!netstring_chunk_next(&c)) {
+    strerr_dief1x(111, "Mising action in miniroon header");
+  }
+  dbg_print_bb1("Header > Action", &c.inner);
+  // TODO
+
+  if(netstring_chunk_next(&c)) {
+    strerr_dief1x(111, "Extraneous data in miniroon header");
+  }
 }
 
 void handle_payload(size_t payload_size) {