miniroon

Simplistic macaroon-based authorization for Unix systems
git clone https://ccx.te2000.cz/git/miniroon
Log | Files | Refs
commit 1efa727ec7928f8f901d22e6f54c2a9d8aa35999
parent 2360b01903318d804d133c979abeb6c0dd075c6a
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Sat,  9 Nov 2024 19:10:56 +0000

miniroon-read now properly executes verify

Diffstat:

M.gitignore | 1+


Msrc/miniroon-read.c | 18+++++++++++++++++-


Msrc/miniroon-verify.c | 29++++++++++++++++++++---------


Atest/miniroon/ccx/run | 2++


Atest/miniroon/ccx/secret | 0


Atest/miniroon/ccx/verify | 3+++


6 files changed, 43 insertions(+), 10 deletions(-)

diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 *.o
+*.sw[op]
 build
diff --git a/src/miniroon-read.c b/src/miniroon-read.c
@@ -2,6 +2,7 @@
 #include <unistd.h>
 #include <sys/select.h>
 #include <stdlib.h>
+#include <assert.h>
 
 #include <skalibs/types.h>
 #include <skalibs/strerr.h>
@@ -107,7 +108,20 @@ void process_header(miniroon_header *header, const bytebuffer source) {
   }
 }
 
+void exec_verify_and_write_payload (const bytebuffer payload);
 void process_payload(const bytebuffer payload) {
+  miniroon_header header;
+  netstring_chunk c;
+  netstring_chunk_init(&c, payload);
+
+  if(!netstring_chunk_next(&c)) {
+    strerr_dief1x(111, "Mising miniroon header");
+  }
+  process_header(&header, c.inner);
+  exec_verify_and_write_payload(payload);
+}
+
+void exec_verify_and_write_payload (const bytebuffer payload) {
   pid_t pid1=0, pid2=0;
   int wstat ;
   int p[2] ;
@@ -136,6 +150,7 @@ void process_payload(const bytebuffer payload) {
           if(payload_write != payload.len) {
             strerr_dief1x(111, "could not write whole payload");
           }
+          exit(0);
           break;
         default:  /* parent */
           exit(0);
@@ -144,7 +159,7 @@ void process_payload(const bytebuffer payload) {
       break;
     default:  /* parent */
       waitpid_nointr(pid1, &wstat, 0);
-      if(!WIFEXITED(wstat) || WEXITSTATUS(wstat) == 0) {
+      if(!WIFEXITED(wstat) || WEXITSTATUS(wstat) != 0) {
         strerr_dief1x(111, "child terminated abnormally");
       }
 
@@ -177,6 +192,7 @@ int main (int argc, char const *const *argv)
   payload.len -= 1; /* strip final netstring terminator */
   dbg_print_bb1("Got payload", payload);
   process_payload(payload);
+  assert(0);
   strerr_dief1x(110, "Internal logic error, should not get here");
   return 110;
 }
diff --git a/src/miniroon-verify.c b/src/miniroon-verify.c
@@ -193,29 +193,40 @@ void read_payload(int payload_fd, const bytebuffer bb) {
   if(payload_read != bb.len) {
     strerr_dief1x(111, "could not read whole payload");
   }
+}
 
-  fd_close(payload_fd);
+bool parse_fd(char const *arg, int *fd) {
+  size_t arg_size = strlen(arg);
+  return int_scan(arg, fd) == arg_size;
+}
+
+bool parse_size(char const *arg, size_t *size) {
+  size_t arg_size = strlen(arg);
+  return size_scan(arg, size) == arg_size;
 }
 
 int main (int argc, char const *const *argv)
 {
-
-  if (argc != 2) {
+  if (argc != 3) {
     strerr_dieusage(100, USAGE);
   }
 
-  if (chdir(argv[1]) != 0) {
-    strerr_dief1sys(111, "chdir()");
-  }
-  int64_t payload_fd = -1; /* TODO */
-  size_t size_size = strlen(argv[1]);
+  int payload_fd;
   size_t payload_size;
-  if(size_scan(argv[1], size_size) != size_size) {
+
+  if(!parse_fd(argv[1], &payload_fd)) {
+    strerr_dief1x(100, "could not parse payload fd");
+  }
+
+  if(!parse_size(argv[2], &payload_size)) {
     strerr_dief1x(100, "could not parse payload length");
   }
+
   char payload_data[payload_size];
   bytebuffer payload = {payload_data, payload_size};
   read_payload(payload_fd, payload);
+  fd_close(payload_fd);
+
   dbg_print_bb1("Got payload", payload);
   process_payload(payload);
   strerr_dief1x(110, "Internal logic error, should not get here");
diff --git a/test/miniroon/ccx/run b/test/miniroon/ccx/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec env
diff --git a/test/miniroon/ccx/secret b/test/miniroon/ccx/secret
Binary files differ.
diff --git a/test/miniroon/ccx/verify b/test/miniroon/ccx/verify
@@ -0,0 +1,3 @@
+#!/bin/sh
+project_dir=$(dirname "$0")/../../..
+exec env var1= var2= var3= "$project_dir/src/build/miniroon-verify" "$@"