miniroon

Simplistic macaroon-based authorization for Unix systems
git clone https://ccx.te2000.cz/git/miniroon
Log | Files | Refs
commit e1844aaee0b3f7f690656fd1b2fa7de358277bc8
parent 1efa727ec7928f8f901d22e6f54c2a9d8aa35999
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Sun, 10 Nov 2024 01:13:17 +0000

Get env whitelist from empty variables

Diffstat:

Msrc/miniroon-read.c | 4++--


Msrc/miniroon-verify.c | 37++++++++++++++++++++++++++++---------


2 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/src/miniroon-read.c b/src/miniroon-read.c
@@ -97,8 +97,8 @@ void process_header(miniroon_header *header, const bytebuffer source) {
   for(size_t i=0; i<header->id.len; i++) {
     id[i] = header->id.data[i];
     if(id[i] == '-') { continue; }
-    if(id[i] >= '0' && id[i] >= '9') { continue; }
-    if(id[i] >= 'a' && id[i] >= 'z') { continue; }
+    if(id[i] >= '0' && id[i] <= '9') { continue; }
+    if(id[i] >= 'a' && id[i] <= 'z') { continue; }
     strerr_dief1x(111, "Invalid character in miniroon ID");
   }
   id[header->id.len] = 0;
diff --git a/src/miniroon-verify.c b/src/miniroon-verify.c
@@ -4,6 +4,9 @@
 #include <unistd.h>
 #include <sys/select.h>
 
+// for debug prints
+#include <stdio.h>
+
 #include <skalibs/types.h>
 #include <skalibs/strerr.h>
 #include <skalibs/djbunix.h>
@@ -52,7 +55,7 @@ int miniroon_env_map_find(miniroon_env_map *emap, const bytebuffer name);
 void miniroon_data_init(miniroon_data *data);
 void process_payload(const bytebuffer payload);
 void validate_caveats(miniroon_data *data);
-void read_secret(const bytebuffer secret);  // TODO
+void read_secret(const bytebuffer secret);
 
 #define MINIROON_HMAC_SIZE 32
 //#define MINIROON_HMAC_FUNC(key, msg, out) hmac_b2s_256(key, msg, out)
@@ -95,8 +98,9 @@ void read_secret(const bytebuffer secret){
 void miniroon_env_map_init(miniroon_env_map *emap) {
   memset(emap, 0, sizeof(miniroon_env_map));
 }
-void miniroon_env_map_add(miniroon_env_map *emap, const bytebuffer name);
-// TODO
+void miniroon_env_map_add(miniroon_env_map *emap, const bytebuffer name) {
+  assert(0); // TODO
+}
 int miniroon_env_map_find(miniroon_env_map *emap, const bytebuffer name);
 // TODO
 
@@ -105,13 +109,28 @@ void validate_caveats(miniroon_data *md) {
   miniroon_env_map_init(&emap);
   // stralloc env_modif;
 
-  int env_allow_fd = openc_readb("env.allow");
-  if (env_allow_fd < 0) {
-    strerr_dief1sys(111, "open(env.allow)");
-  }
+  char **env = environ;
+  char *var;
+  while(var = *(env++)) {
+
+    write(2, "env >", 5);
+    write(2, var, strlen(var));
+    write(2, "<\n", 2);
+
+    for(size_t i=0; var[i]; i++) {
+      if(var[i] == '-') { continue; }
+      if(var[i] >= '0' && var[i] <= '9') { continue; }
+      if(var[i] >= 'A' && var[i] <= 'z') { continue; }
+      if(var[i] == '=') {
+        if(var[i+1]) { break; }
+        bytebuffer bb = {var, i - 1};
+        miniroon_env_map_add(&emap, bb);
+      }
+    }
 
-  if(close(env_allow_fd) != 0) {
-    strerr_dief1sys(111, "close(env_allow_fd)");
+  }
+  for(size_t i=0; i < md->caveat_count; i++) {
+    dbg_print_bb1("Validate caveat", md->caveats[i]);
   }
 }