Archives/falk-werner_webfuse-provider
1
0
Fork 0
mirror of https://github.com/falk-werner/webfuse-provider synced 2026-03-02 04:09:18 +00:00
Code Issues Releases Wiki Activity

Feature/authentication (#14)

Browse Source 
* makes wsfs_server_config opaque

* feature: try to create mount point, if not present

* fixes server start failure due to existing mountpoint

* added basic authentication infrastructure

* makes wsfs_server_config opaque

* feature: try to create mount point, if not present

* fixes server start failure due to existing mountpoint

* added basic authentication infrastructure

* added unit tests for credentials

* added unit tests for authenticators

* propagates authenticators to server protocol

* enabled username authentication in daemon example

* adds example to compute password hash

* adds infrastructure to execute commands

* added userdb to encapsulate authentication stuff

* adds session and session_manager

* fixes warning about unused param

* moves some logic from server_protocol to session

* makes wsfs_server_config opaque

* feature: try to create mount point, if not present

* fixes server start failure due to existing mountpoint

* added basic authentication infrastructure

* makes wsfs_server_config opaque

* added unit tests for credentials

* added unit tests for authenticators

* propagates authenticators to server protocol

* enabled username authentication in daemon example

* adds example to compute password hash

* adds infrastructure to execute commands

* added userdb to encapsulate authentication stuff

* adds session and session_manager

* fixes warning about unused param

* moves some logic from server_protocol to session

* updates libcrypto to version 1.1.0
This commit is contained in:
Falk Werner
2019-03-23 22:53:14 +01:00
committed by GitHub
parent de9095a978
commit 48185776b6
32 changed files with 1969 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
example/daemon/main.c
View File

@@ -7,12 +7,15 @@
#include <unistd.h>
#include <getopt.h>
#include <jansson.h>
#include <wsfs_adapter.h>
struct args
{
struct wsfs_server_config config;
struct wsfs_server_config * config;
char * passwd_path;
bool show_help;
};
@@ -25,7 +28,7 @@ static void show_help(void)
"Websocket file system daemon\n"
"\n"
"Usage: wsfsd [m <mount_point>] [-d <document_root] [-n <vhost_name>] [-p <port>]\n"
" [-c <server_cert_path> -k] [<server_key_path>]\n"
" [-c <server_cert_path>] [-k <server_key_path>] [-P <passwd_path>]\n"
"\n"
"Options:\n"
"\t-m, --mount_point Path of mount point (required)\n"
@@ -34,9 +37,39 @@ static void show_help(void)
"\t-k, --server_key_path Path of servers private key (default: not set, TLS disabled)\n"
"\t-n, --vhost_name Name of virtual host (default: \"localhost\")\n"
"\t-p, --port Number of servers port (default: 8080)\n"
"\t-P, --passwd_path Path to password file (default: not set, authentication disabled)\n"
"\n");
}
static bool authenticate(struct wsfs_credentials * creds, void * user_data)
{
bool result = false;
struct args * args = user_data;
char const * username = wsfs_credentials_get(creds, "username");
char const * password = wsfs_credentials_get(creds, "password");
if ((NULL != username) && (NULL != password))
{
json_t * passwd = json_load_file(args->passwd_path, 0, NULL);
if (NULL != passwd)
{
json_t * user = json_object_get(passwd, username);
if (json_is_object(user))
{
json_t * password_holder = json_object_get(user, "password");
if (json_is_string(password_holder))
{
result = (0 == strcmp(password, json_string_value(password_holder)));
}
}
json_decref(passwd);
}
}
return result;
}
static int parse_arguments(int argc, char * argv[], struct args * args)
{
static struct option const options[] =
@@ -47,16 +80,18 @@ static int parse_arguments(int argc, char * argv[], struct args * args)
{"server_key_path", required_argument, NULL, 'k'},
{"vhost_name", required_argument, NULL, 'n'},
{"port", required_argument, NULL, 'p'},
{"passwd_path", required_argument, NULL, 'P'},
{"help", no_argument, NULL, 'h'},
{NULL, 0, NULL, 0}
};
bool result = EXIT_SUCCESS;
bool finished = false;
bool has_mountpoint = false;
while ((!finished) && (EXIT_SUCCESS == result))
{
int option_index = 0;
int const c = getopt_long(argc, argv, "m:d:c:k:n:p:h", options, &option_index);
int const c = getopt_long(argc, argv, "m:d:c:k:n:p:P:h", options, &option_index);
switch (c)
{
@@ -68,27 +103,31 @@ static int parse_arguments(int argc, char * argv[], struct args * args)
finished = true;
break;
case 'm':
free(args->config.mount_point);
args->config.mount_point = strdup(optarg);
wsfs_server_config_set_mountpoint(args->config, optarg);
has_mountpoint = true;
break;
case 'd':
free(args->config.document_root);
args->config.document_root = strdup(optarg);
wsfs_server_config_set_documentroot(args->config, optarg);
break;
case 'c':
free(args->config.cert_path);
args->config.cert_path = strdup(optarg);
wsfs_server_config_set_certpath(args->config, optarg);
break;
case 'k':
free(args->config.key_path);
args->config.key_path = strdup(optarg);
wsfs_server_config_set_keypath(args->config, optarg);
break;
case 'n':
free(args->config.vhost_name);
args->config.vhost_name = strdup(optarg);
wsfs_server_config_set_vhostname(args->config, optarg);
break;
case 'p':
args->config.port = atoi(optarg);
wsfs_server_config_set_port(args->config, atoi(optarg));
break;
case 'P':
free(args->passwd_path);
args->passwd_path = strdup(optarg);
wsfs_server_config_add_authenticator(args->config,
"username",
&authenticate,
args);
break;
default:
fprintf(stderr, "error: unknown argument\n");
@@ -99,7 +138,7 @@ static int parse_arguments(int argc, char * argv[], struct args * args)
if ((EXIT_SUCCESS == result) && (!args->show_help))
{
if (NULL == args->config.mount_point)
if (!has_mountpoint)
{
fprintf(stderr, "error: missing mount point\n");
result = EXIT_FAILURE;
@@ -123,26 +162,19 @@ static void on_interrupt(int signal_id)
int main(int argc, char * argv[])
{
struct args args =
{
.config =
{
.mount_point = NULL,
.document_root = NULL,
.cert_path = NULL,
.key_path = NULL,
.vhost_name = strdup("localhost"),
.port = 8080,
},
.show_help = 0
};
struct args args;
args.config = wsfs_server_config_create();
wsfs_server_config_set_vhostname(args.config, "localhost");
wsfs_server_config_set_port(args.config, 8080);
args.passwd_path = NULL;
args.show_help = false;
int result = parse_arguments(argc, argv, &args);
if (!args.show_help)
{
signal(SIGINT, on_interrupt);
server = wsfs_server_create(&args.config);
server = wsfs_server_create(args.config);
if (NULL != server)
{
wsfs_server_run(server);
@@ -159,7 +191,8 @@ int main(int argc, char * argv[])
show_help();
}
wsfs_server_config_cleanup(&args.config);
free(args.passwd_path);
wsfs_server_config_dispose(args.config);
return result;
}

46
example/lib/userdb/include/userdb.h Normal file
View File

@@ -0,0 +1,46 @@
#ifndef USERDB_H
#define USERDB_H
#ifndef __cplusplus
#include <stdbool.h>
#endif
#ifdef __cplusplus
extern "C"
{
#endif
struct userdb;
extern struct userdb * userdb_create(
char const * pepper);
extern void userdb_dispose(struct userdb * db);
extern bool userdb_save(
struct userdb * db,
char const * filename);
extern bool userdb_load(
struct userdb * db,
char const * filename);
extern void userdb_add(
struct userdb * db,
char const * username,
char const * password);
extern void userdb_remove(
struct userdb * db,
char const * user);
extern bool userdb_check(
struct userdb * db,
char const * username,
char const * password);
#ifdef __cplusplus
}
#endif
#endif

277
example/lib/userdb/src/userdb.c Normal file
View File

@@ -0,0 +1,277 @@
#include "userdb.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <jansson.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#define USERDB_HASH_ALGORITHM "sha512"
#define USERDB_MAJOR 1
#define USERDB_MINOR 0
#define USERDB_SALT_SIZE 32
struct userdb
{
json_t * users;
char * pepper;
char * hash_algorithm;
};
static bool is_compatible(json_t * meta)
{
bool result = false;
if (json_is_object(meta))
{
json_t * type = json_object_get(meta, "type");
json_t * major = json_object_get(meta, "major");
json_t * minor = json_object_get(meta, "minor");
json_t * hash_algorithm = json_object_get(meta, "hash_algorithm");
result = (
json_is_string(type) &&
(0 == strcmp(json_string_value(type), "wsfs-userdb")) &&
json_is_integer(major) &&
(USERDB_MAJOR == json_integer_value(major)) &&
json_is_integer(minor) &&
json_is_string(hash_algorithm)
);
if (result)
{
char const * algorithm = json_string_value(hash_algorithm);
result = (NULL != EVP_get_digestbyname(algorithm));
}
}
return result;
}
static char hex_char(unsigned char value)
{
switch (value)
{
case 0x00: return '0';
case 0x01: return '1';
case 0x02: return '2';
case 0x03: return '3';
case 0x04: return '4';
case 0x05: return '5';
case 0x06: return '6';
case 0x07: return '7';
case 0x08: return '8';
case 0x09: return '9';
case 0x0a: return 'a';
case 0x0b: return 'b';
case 0x0c: return 'c';
case 0x0d: return 'd';
case 0x0e: return 'e';
case 0x0f: return 'f';
default: return '?';
}
}
static char * to_hex(unsigned char const * value, size_t length)
{
char * result = malloc((2 * length) + 1);
if (NULL != result)
{
for (size_t i = 0, j = 0; i < length; i++, j+=2)
{
unsigned char high = (value[i] >> 4) & 0x0f;
unsigned char low = value[i] & 0x0f;
result[j ] = hex_char(high);
result[j + 1] = hex_char(low);
}
result[2 * length] = '\0';
}
return result;
}
static char * generate_salt(void)
{
unsigned char buffer[USERDB_SALT_SIZE];
int rc = RAND_bytes(buffer, USERDB_SALT_SIZE);
if (1 != rc)
{
fprintf(stderr, "fatal: failed to generate salt (OpenSSL RAND_bytes failed)\n");
exit(EXIT_FAILURE);
}
return to_hex(buffer, USERDB_SALT_SIZE);
}
static char * compute_hash(
struct userdb * db,
char const * password,
char const * salt)
{
EVP_MD const * digest = EVP_get_digestbyname(db->hash_algorithm);
if (NULL == digest)
{
fprintf(stderr, "error: hash algorithm %s not supported\n", db->hash_algorithm);
return NULL;
}
char * result = NULL;
unsigned int hash_size = EVP_MD_size(digest);
unsigned char * hash = malloc(hash_size);
if (NULL != hash)
{
EVP_MD_CTX * context = EVP_MD_CTX_new();
EVP_DigestInit_ex(context, digest, NULL);
EVP_DigestUpdate(context, password, strlen(password));
EVP_DigestUpdate(context, salt, strlen(salt));
EVP_DigestUpdate(context, db->pepper, strlen(db->pepper));
EVP_DigestFinal_ex(context, hash, &hash_size);
EVP_MD_CTX_free(context);
result = to_hex(hash, hash_size);
free(hash);
}
return result;
}
struct userdb * userdb_create(
char const * pepper)
{
struct userdb * db = malloc(sizeof(struct userdb));
if (NULL != db)
{
db->users = json_object();
db->pepper = strdup(pepper);
db->hash_algorithm = strdup(USERDB_HASH_ALGORITHM);
}
return db;
}
void userdb_dispose(
struct userdb * db)
{
json_decref(db->users);
free(db->pepper);
free(db->hash_algorithm);
free(db);
}
bool userdb_save(
struct userdb * db,
char const * filename)
{
json_t * container = json_object();
json_t * meta = json_object();
json_object_set_new(meta, "type", json_string("wsfs-userdb"));
json_object_set_new(meta, "major", json_integer(USERDB_MAJOR));
json_object_set_new(meta, "minor", json_integer(USERDB_MINOR));
json_object_set_new(meta, "hash_algorithm", json_string(db->hash_algorithm));
json_object_set_new(container, "meta", meta);
json_object_set(container, "users", db->users);
int result = json_dump_file(container, filename, JSON_INDENT(2));
json_decref(container);
return (0 == result);
}
bool userdb_load(
struct userdb * db,
char const * filename)
{
bool result = false;
json_t * container = json_load_file(filename, 0, NULL);
if (NULL != container)
{
json_t * meta = json_object_get(container, "meta");
json_t * users = json_object_get(container, "users");
if ((is_compatible(meta)) && (json_is_object(users))) {
json_t * hash_algorithm = json_object_get(meta, "hash_algorithm");
free(db->hash_algorithm);
db->hash_algorithm = strdup(json_string_value(hash_algorithm));
json_decref(db->users);
json_incref(users);
db->users = users;
result = true;
}
json_decref(container);
}
return result;
}
void userdb_add(
struct userdb * db,
char const * username,
char const * password)
{
char * salt = generate_salt();
char * hash = compute_hash(db, password, salt);
json_t * user = json_object();
json_object_set_new(user, "password_hash", json_string(hash));
json_object_set_new(user, "salt", json_string(salt));
json_object_set_new(db->users, username, user);
free(salt);
free(hash);
}
void userdb_remove(
struct userdb * db,
char const * user)
{
json_object_del(db->users, user);
}
static char const * json_object_get_string(
json_t * object,
char const * key)
{
char const * result = NULL;
json_t * string_holder = json_object_get(object, key);
if (json_is_string(string_holder))
{
result = json_string_value(string_holder);
}
return result;
}
bool userdb_check(
struct userdb * db,
char const * username,
char const * password)
{
bool result = false;
json_t * user = json_object_get(db->users, username);
if (json_is_object(user))
{
char const * salt = json_object_get_string(user, "salt");
char const * hash = json_object_get_string(user, "password_hash");
char * computed_hash = compute_hash(db, password, salt);
result = (0 == strcmp(computed_hash, hash));
free(computed_hash);
}
return result;
}

304
example/passwd/main.c Normal file
View File

@@ -0,0 +1,304 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdbool.h>
#include <unistd.h>
#include <getopt.h>
#include <openssl/conf.h>
#include <openssl/opensslv.h>
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <jansson.h>
#include <userdb.h>
struct args
{
char * file;
char * command;
char * username;
char * password;
char * pepper;
bool show_help;
};
typedef int command_invoke_fn(
struct args * args);
struct command
{
char const * name;
command_invoke_fn * invoke;
};
static void print_usage(void)
{
printf(
"wsfs-passwd, Copyright (c) 2019 authors <https://github.com/falk-werner/fuse-wsfs>\n"
"Manage wsfs passwd file\n"
"\n"
"Usage: wsfs-passwd -f <file> -c <command> [-u <username>] [-p <password>] [-P <pepper>]\n"
"\n"
"Options:\n"
"\t-f, --file Path of wsfs passwd file\n"
"\t-c, --command Command to execute\n"
"\t-u, --username Name of user\n"
"\t-p, --password Password of user\n"
"\t-P, --pepper pepper\n"
"\t-h, --help Shows this message\n"
"\n"
"Commands:\n"
"\tcreate Creates an empty passwd file (or cleans an existing)\n"
"\t Example: wsfs-passwd -f passwd.json -c create\n"
"\tadd Adds or replaces a user\n"
"\t Example: wsfs-passwd -f passwd.json -c add -u bob -p secret\n"
"\tremove Removes a user\n"
"\t Example: wsfs-passwd -f passwd.json -c remove -u bob\n"
"\tcheck Checks password of a user\n"
"\t Example: wsfs-passwd -f passwd.json -c check -u bob -p secret\n"
"\n"
);
}
static int parse_args(struct args * args, int argc, char * argv[])
{
static struct option const options[] =
{
{"file", required_argument, NULL, 'f'},
{"command", required_argument, NULL, 'c'},
{"username", required_argument, NULL, 'u'},
{"password", required_argument, NULL, 'p'},
{"Pepper", required_argument, NULL, 'P'},
{"help", required_argument, NULL, 'h'},
{NULL, 0, NULL, 0}
};
int result = EXIT_SUCCESS;
bool finished = false;
while ((!finished) && (EXIT_SUCCESS == result))
{
int option_index = 0;
int const c = getopt_long(argc, argv, "f:c:u:p:P:h", options, &option_index);
switch (c)
{
case -1:
finished = true;
break;
case 'h':
args->show_help = true;
finished = true;
break;
case 'f':
free(args->file);
args->file = strdup(optarg);
break;
case 'c':
free(args->command);
args->command = strdup(optarg);
break;
case 'u':
free(args->username);
args->username = strdup(optarg);
break;
case 'p':
free(args->password);
args->password = strdup(optarg);
break;
case 'P':
free(args->pepper);
args->pepper = strdup(optarg);
break;
default:
fprintf(stderr, "error: unknown argument\n");
result = EXIT_FAILURE;
break;
}
}
if ((result == EXIT_SUCCESS) && (!args->show_help))
{
if (NULL == args->file)
{
fprintf(stderr, "error: missing file\n");
args->show_help = true;
result = EXIT_FAILURE;
}
else if (NULL == args->command)
{
fprintf(stderr, "error: missing command\n");
args->show_help = true;
result = EXIT_FAILURE;
}
}
return result;
}
static void args_init(struct args * args)
{
args->file = NULL;
args->command = NULL;
args->username = NULL;
args->password = NULL;
args->pepper = strdup("");
args->show_help = false;
}
static int create_passwd(struct args * args)
{
struct userdb * db = userdb_create(args->pepper);
bool result = userdb_save(db, args->file);
userdb_dispose(db);
return (result) ? EXIT_SUCCESS : EXIT_FAILURE;
}
static int add_user(struct args * args)
{
if (NULL == args->username)
{
fprintf(stderr, "error: missing username");
args->show_help = true;
return EXIT_FAILURE;
}
if (NULL == args->password)
{
fprintf(stderr, "error: missing password");
args->show_help = true;
return EXIT_FAILURE;
}
struct userdb * db = userdb_create(args->pepper);
userdb_load(db, args->file);
userdb_add(db, args->username, args->password);
bool result = userdb_save(db, args->file);
userdb_dispose(db);
return (result) ? EXIT_SUCCESS : EXIT_FAILURE;
}
static int remove_user(struct args * args)
{
if (NULL == args->username)
{
fprintf(stderr, "error: missing username");
args->show_help = true;
return EXIT_FAILURE;
}
struct userdb * db = userdb_create(args->pepper);
userdb_load(db, args->file);
userdb_remove(db, args->username);
bool result = userdb_save(db, args->file);
userdb_dispose(db);
return (result) ? EXIT_SUCCESS : EXIT_FAILURE;
}
static int check_password(struct args * args)
{
if (NULL == args->username)
{
fprintf(stderr, "error: missing username");
args->show_help = true;
return EXIT_FAILURE;
}
if (NULL == args->password)
{
fprintf(stderr, "error: missing password");
args->show_help = true;
return EXIT_FAILURE;
}
struct userdb * db = userdb_create(args->pepper);
userdb_load(db, args->file);
bool result = userdb_check(db, args->username, args->password);
userdb_dispose(db);
printf("%s\n", (result) ? "OK" : "FAILURE");
return (result) ? EXIT_SUCCESS : EXIT_FAILURE;
}
static int invoke_invalid_command(struct args * args)
{
(void) args;
fprintf(stderr, "error: unknown command\n");
return EXIT_FAILURE;
}
static struct command const commands[] =
{
{"create", &create_passwd},
{"add", &add_user},
{"remove", &remove_user},
{"check", &check_password},
{NULL, NULL}
};
static struct command const invalid_command =
{
"<invalid>",
&invoke_invalid_command
};
static struct command const * get_command(char const * name)
{
for(size_t i = 0; NULL != commands[i].name; i++)
{
if (0 == strcmp(name, commands[i].name))
{
return &commands[i];
}
}
return &invalid_command;
}
static void args_cleanup(struct args * args)
{
free(args->file);
free(args->command);
free(args->username);
free(args->password);
free(args->pepper);
}
static void openssl_cleanup(void)
{
FIPS_mode_set(0);
ENGINE_cleanup();
CONF_modules_unload(1);
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
}
int main(int argc, char * argv[])
{
OPENSSL_init();
OPENSSL_add_all_algorithms_conf();
struct args args;
args_init(&args);
int result = parse_args(&args, argc, argv);
if ((EXIT_SUCCESS == result) && (!args.show_help))
{
struct command const * command = get_command(args.command);
result = command->invoke(&args);
}
if (args.show_help)
{
print_usage();
}
args_cleanup(&args);
openssl_cleanup();
return result;
}