[0] | 1 | //auth.c: |
---|
| 2 | |
---|
[690] | 3 | /* |
---|
| 4 | * Copyright (C) Philipp 'ph3-der-loewe' Schafft - 2008 |
---|
| 5 | * |
---|
| 6 | * This file is part of libroar a part of RoarAudio, |
---|
| 7 | * a cross-platform sound system for both, home and professional use. |
---|
| 8 | * See README for details. |
---|
| 9 | * |
---|
| 10 | * This file is free software; you can redistribute it and/or modify |
---|
| 11 | * it under the terms of the GNU General Public License version 3 |
---|
| 12 | * as published by the Free Software Foundation. |
---|
| 13 | * |
---|
| 14 | * libroar is distributed in the hope that it will be useful, |
---|
| 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 17 | * GNU General Public License for more details. |
---|
| 18 | * |
---|
| 19 | * You should have received a copy of the GNU General Public License |
---|
| 20 | * along with this software; see the file COPYING. If not, write to |
---|
| 21 | * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. |
---|
| 22 | * |
---|
| 23 | * NOTE for everyone want's to change something and send patches: |
---|
| 24 | * read README and HACKING! There a addition information on |
---|
| 25 | * the license of this document you need to read before you send |
---|
| 26 | * any patches. |
---|
| 27 | * |
---|
| 28 | * NOTE for uses of non-GPL (LGPL,...) software using libesd, libartsc |
---|
| 29 | * or libpulse*: |
---|
| 30 | * The libs libroaresd, libroararts and libroarpulse link this lib |
---|
| 31 | * and are therefore GPL. Because of this it may be illigal to use |
---|
| 32 | * them with any software that uses libesd, libartsc or libpulse*. |
---|
| 33 | */ |
---|
| 34 | |
---|
[0] | 35 | #include "libroar.h" |
---|
| 36 | |
---|
[3220] | 37 | /* How auth works: |
---|
| 38 | * 0) set stage to zero |
---|
| 39 | * 1) get server address and local node name (from uname()) |
---|
| 40 | * 2) look up authfile/authdb/authservice for the server+local address + stage. |
---|
| 41 | * if no data was found send NONE-Auth. |
---|
| 42 | * 3) send data to server |
---|
| 43 | * 4) read answer from server |
---|
| 44 | * 5) if stage of server response is non-zero increment stage to server stage+1 |
---|
| 45 | * and repeat from step 2) |
---|
| 46 | * 6) check if we got an OK or an ERROR, return currect value |
---|
| 47 | */ |
---|
| 48 | |
---|
| 49 | /* The protocol: |
---|
| 50 | * Auth request: |
---|
| 51 | * Byte 0: auth type |
---|
| 52 | * Byte 1: stage |
---|
| 53 | * Byte 2: reserved (must be zero) |
---|
| 54 | * Byte 3: reserved (must be zero) |
---|
| 55 | * Byte 4-end: auth type depending data. |
---|
| 56 | * |
---|
| 57 | * If no data is to be send bytes 2 and 3 can be omitted. |
---|
| 58 | * If no data is to be send and stage is zero bytes 1, 2 and 3 can be omitted. |
---|
| 59 | * |
---|
| 60 | * Auth response: |
---|
| 61 | * The same as the auth request. |
---|
| 62 | * if the message type is OK the server accepted our auth. |
---|
| 63 | * if the message type is ERROR the server recjected us. we may try other auth methodes. |
---|
| 64 | * if the server accepted our data and the stage is non-zero we need to continue with the next |
---|
| 65 | * stage of the auth. |
---|
| 66 | * if the server rejected us the auth type value of the response is a suggested next auth type |
---|
| 67 | * we should try if possible. This may help the client to find a working auth type. |
---|
| 68 | */ |
---|
| 69 | |
---|
| 70 | /* The protocol by auth type: |
---|
| 71 | * |
---|
| 72 | * --- NONE: |
---|
| 73 | * No data is send, the server accepts the connect or rejects it depending on some |
---|
| 74 | * magic within the server. we do not care about this. |
---|
| 75 | * The data block is not used. |
---|
| 76 | * |
---|
| 77 | * --- COOKIE: |
---|
| 78 | * We send cookies for all stages the server ask us to provide a cookie. |
---|
| 79 | * if a cookie is wrong the server rejects us or aks us for another. |
---|
| 80 | * The cookie is send as binary data in the data block. |
---|
| 81 | * |
---|
| 82 | * --- TRUST: |
---|
| 83 | * We ask the server to auth us based on ower UID/GID/PID. |
---|
| 84 | * The server may reject this becasue we are not allowed or because it is not |
---|
| 85 | * supported by the transport. |
---|
| 86 | * If we get rejected we may try to continue with IDENT then RHOST before we use NONE. |
---|
| 87 | * The data block is not used. |
---|
| 88 | * |
---|
| 89 | * --- PASSWORD: |
---|
| 90 | * This is technikly the same as COOKIE just that the cookie is limited to |
---|
| 91 | * printable ASCII chars and that the user should be asked to provide the password. |
---|
| 92 | * This may be done via a GUI popup window. |
---|
| 93 | * |
---|
| 94 | * --- SYSUSER: |
---|
| 95 | * We provide a Username + Password for a system user. |
---|
| 96 | * The data block contains of two main parts: |
---|
| 97 | * The first part is a one byte long subtype. |
---|
| 98 | * The value must be 0x01 for username+password. |
---|
| 99 | * futur versions may define other types. |
---|
| 100 | * the secund part is the actual data block. |
---|
| 101 | * for username+password it is splited into two fields, both terminated with \0. |
---|
| 102 | * the first is the username the last one the password as clear text. |
---|
| 103 | * Example: char data[] = "\001MyUser\0MyPassword\0"; |
---|
| 104 | * |
---|
| 105 | * --- OPENPGP_SIGN: |
---|
| 106 | * |
---|
| 107 | * --- OPENPGP_ENCRYPT: |
---|
| 108 | * |
---|
| 109 | * --- OPENPGP_AUTH: |
---|
| 110 | * |
---|
| 111 | * --- KERBEROS: |
---|
| 112 | * We use Kerberos to auth. |
---|
| 113 | * |
---|
| 114 | * --- RHOST: |
---|
| 115 | * The server is asked to auth us based on our source address. |
---|
| 116 | * The data block is not used. |
---|
| 117 | * |
---|
| 118 | * --- XAUTH: |
---|
| 119 | * We send an X11 Cookie. |
---|
| 120 | * |
---|
| 121 | * --- IDENT: |
---|
| 122 | * The server is asked to auth us based on our source address using the IDENT protocol. |
---|
| 123 | * The data block is not used. |
---|
| 124 | * |
---|
| 125 | */ |
---|
| 126 | |
---|
[0] | 127 | int roar_auth (struct roar_connection * con) { |
---|
| 128 | struct roar_message mes; |
---|
| 129 | |
---|
[131] | 130 | memset(&mes, 0, sizeof(struct roar_message)); // make valgrind happy! |
---|
| 131 | |
---|
[0] | 132 | mes.cmd = ROAR_CMD_AUTH; |
---|
| 133 | mes.datalen = 0; |
---|
| 134 | |
---|
| 135 | return roar_req(con, &mes, NULL); |
---|
| 136 | } |
---|
| 137 | |
---|
| 138 | //ll |
---|