miniroon

Simplistic macaroon-based authorization for Unix systems
git clone https://ccx.te2000.cz/git/miniroon
Log | Files | Refs

commit 2360b01903318d804d133c979abeb6c0dd075c6a
parent 69f0e1cfe660fe5cc0b33a3fa68663f63668f46f
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Sat,  9 Nov 2024 14:10:26 +0000

WIP refactor into two executables

Diffstat:
Msrc/miniroon-header.c | 3+++
Msrc/miniroon-read.c | 52+++++++++++++++++++++++++++++++++++++++++++++++++++-
Msrc/miniroon-verify.c | 10++++------
3 files changed, 58 insertions(+), 7 deletions(-)

diff --git a/src/miniroon-header.c b/src/miniroon-header.c @@ -51,3 +51,6 @@ void parse_header(miniroon_header *header, const bytebuffer source) { } } + +/* vim: sts=2 sw=2 et +*/ diff --git a/src/miniroon-read.c b/src/miniroon-read.c @@ -1,6 +1,7 @@ #include <errno.h> #include <unistd.h> #include <sys/select.h> +#include <stdlib.h> #include <skalibs/types.h> #include <skalibs/strerr.h> @@ -107,7 +108,56 @@ void process_header(miniroon_header *header, const bytebuffer source) { } void process_payload(const bytebuffer payload) { - strerr_dief1x(110, "TODO: exec miniroon-verify here"); + pid_t pid1=0, pid2=0; + int wstat ; + int p[2] ; + + if(pipe(p) == -1) { + strerr_diefu1sys(111, "create pipe"); + } + + pid1 = fork(); + switch(pid1) { + case -1: + strerr_diefu1sys(111, "first fork()"); + break; + case 0: /* child */ + fd_close(p[0]); + pid2 = fork(); + switch(pid2) { + case -1: + strerr_diefu1sys(111, "second fork()"); + break; + case 0: /* child */ + ssize_t payload_write = fd_write(p[1], payload.data, payload.len); + if(payload_write < 0 ) { + strerr_dief1sys(111, "write(payload)"); + } + if(payload_write != payload.len) { + strerr_dief1x(111, "could not write whole payload"); + } + break; + default: /* parent */ + exit(0); + break; + } + break; + default: /* parent */ + waitpid_nointr(pid1, &wstat, 0); + if(!WIFEXITED(wstat) || WEXITSTATUS(wstat) == 0) { + strerr_dief1x(111, "child terminated abnormally"); + } + + char cmd[] = "./verify"; + char fmt_fd[UINT64_FMT], fmt_len[UINT64_FMT]; + fmt_fd[uint64_fmt(fmt_fd, (uint64_t)p[0])] = 0; + fmt_len[uint64_fmt(fmt_len, (uint64_t)payload.len)] = 0; + const char *cmd_argv[4] = {cmd, fmt_fd, fmt_len, 0}; + + fd_close(p[1]); + xexec(cmd_argv); + break; + } } int main (int argc, char const *const *argv) diff --git a/src/miniroon-verify.c b/src/miniroon-verify.c @@ -18,11 +18,9 @@ #include "hmac_sha2_256.h" #include "miniroon-header.h" -#define USAGE "miniroon-verify directory" +#define USAGE "miniroon-verify macaroon-fd macaroon-length" #define PROG "miniroon-verify" -#define payload_fd 3 -#define payload_size_max 1024*1024 #define MAX_CAVEATS 256 #define MAX_ENV_ALLOW 256 @@ -179,7 +177,7 @@ void process_payload(const bytebuffer payload) { xexec(cmd_argv); } -void read_payload(const bytebuffer bb) { +void read_payload(int payload_fd, const bytebuffer bb) { int flags = fcntl(payload_fd, F_GETFL); if(flags == -1) { strerr_dief1sys(111, "fcntl(payload_fd) getfd"); @@ -209,7 +207,7 @@ int main (int argc, char const *const *argv) if (chdir(argv[1]) != 0) { strerr_dief1sys(111, "chdir()"); } - + int64_t payload_fd = -1; /* TODO */ size_t size_size = strlen(argv[1]); size_t payload_size; if(size_scan(argv[1], size_size) != size_size) { @@ -217,7 +215,7 @@ int main (int argc, char const *const *argv) } char payload_data[payload_size]; bytebuffer payload = {payload_data, payload_size}; - read_payload(payload); + read_payload(payload_fd, payload); dbg_print_bb1("Got payload", payload); process_payload(payload); strerr_dief1x(110, "Internal logic error, should not get here");