miniroon

Simplistic macaroon-based authorization for Unix systems
git clone https://ccx.te2000.cz/git/miniroon
Log | Files | Refs
commit 9775572b7114d745ab10714a7a84e3e92ebed749
parent eec7d2a4e3e007a7f1276a76d16bac88a2eca93b
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Thu, 10 Oct 2024 14:43:01 +0000

Store pointers to caveats for later processing

Diffstat:

Msrc/miniroon.c | 19+++++++++++--------


1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/miniroon.c b/src/miniroon.c
@@ -57,9 +57,9 @@ typedef struct miniroon_data_s {
 /* declarations */
 void dbg_print_bb(const bytebuffer bb);
 void dbg_print_bb1(const char *text, const bytebuffer bb);
+void miniroon_data_init(miniroon_data *data);
 void process_payload(const bytebuffer payload);
 void process_header(miniroon_header *header, const bytebuffer source);
-void process_caveat(const bytebuffer source);  // TODO
 void read_secret(const bytebuffer secret);  // TODO
 void hmac_b2s_256(const bytebuffer key, const bytebuffer msg, const bytebuffer output);
 void hmac_sha2_256(const bytebuffer key, const bytebuffer msg, const bytebuffer output);
@@ -142,6 +142,9 @@ bool netstring_chunk_next (netstring_chunk *c) {
   return true;
 }
 
+void miniroon_data_init(miniroon_data *data) {
+  memset(data, 0, sizeof(miniroon_data));
+}
 
 void fd_block(int fd) {
     int flags = fcntl(fd, F_GETFL);
@@ -241,10 +244,6 @@ void read_payload(const bytebuffer bb) {
   }
 }
 
-void process_caveat(const bytebuffer source) {
-  // TODO
-}
-
 void read_secret(const bytebuffer secret){
   assert(secret.len == MINIROON_HMAC_SIZE);
   size_t bytes_read = 0;
@@ -272,14 +271,15 @@ void read_secret(const bytebuffer secret){
 }
 
 void process_payload(const bytebuffer payload) {
-  miniroon_data m;
+  miniroon_data md;
+  miniroon_data_init(&md);
   netstring_chunk c;
   netstring_chunk_init(&c, payload);
 
   if(!netstring_chunk_next(&c)) {
     strerr_dief1x(111, "Mising miniroon header");
   }
-  process_header(&m.hdr, c.inner);
+  process_header(&md.hdr, c.inner);
   // header should be verified by now, we can start hashing
   uint8_t hmac_data[MINIROON_HMAC_SIZE];
   bytebuffer hmac_bb = {hmac_data, MINIROON_HMAC_SIZE};
@@ -296,7 +296,10 @@ void process_payload(const bytebuffer payload) {
 
   while(netstring_chunk_next(&body)) {
     dbg_print_bb1("Got caveat", body.inner);
-    process_caveat(body.inner);
+    if(md.caveat_count >= MAX_CAVEATS) {
+      strerr_dief1x(111, "Too many caveats");
+    }
+    md.caveats[md.caveat_count++] = body.inner;
     MINIROON_HMAC_FUNC(hmac_bb, body.inner, hmac_bb);
     // dbg_print_bb1("Signature update", hmac_bb);
   }