add in-protocol authentication mechanism

2026-03-02 03:40:24 +00:00 · 2023-01-22 20:53:50 +01:00
parent 9423d75021
commit 5db3b28b5a
18 changed files with 147 additions and 19 deletions
--- a/doc/authentication.md
+++ b/doc/authentication.md
@@ -1,12 +1,21 @@
 # Authentication

-Webfuse supports token-based authentication using HTTP headers. To activate authentication, two command line option needs to be given:
+Webfuse supports two authentications mechanisms:
+
+- token-based authentication using HTTP headers
+- in-protocol authentication
+
+To activate authentication, two command line option needs to be given:

 - `--wf-authenticator PATH`  
  allows to specify an executable used for authentication
- `--wf-auth-header HEADER`
+- `--wf-auth-header HEADER` _(optional)_
  allows to specify the HTTP header used for authentication

+When `--wf-auth-header` is not specifiend or the header is not contained
+in the HTTP request, the in-protocol solutions is used: Before any other
+operation, the credentials are queried via `getcreds`request.
+
 ## Authenticator

 An authenticator is an executable or script used for token-based
--- a/doc/protocol.md
+++ b/doc/protocol.md
@@ -313,6 +313,7 @@ _Note that the following numbers are in `hexadecimal` notation._
 | rmdir    | 0x14    | 0x94     |
 | statfs   | 0x15    | 0x95     |
 | utimens  | 0x16    | 0x96     |
+| getcreds | 0x17    | 0x97     |

 ## Methods

@@ -807,6 +808,29 @@ _Note that handle might be invalid (-1), even if the file is open._
 | type   | u8        | message type (0x96) |
 | result | result    | operation status |

+### getcreds
+
+Query credentials. When authentication is active and the in-protocol
+authentication mechanism is used, this is the first request a
+webfuse service sends to a provider.
+
+#### Request
+
+| Field  | Data Type | Description |
+| ------ | --------- | ----------- |
+| id     | u32       | message id |
+| type   | u8        | message type (0x17) |
+
+_Note that handle might be invalid (-1), even if the file is open._
+
+#### Response
+
+| Field  | Data Type | Description |
+| ------ | --------- | ----------- |
+| id     | u32       | message id |
+| type   | u8        | message type (0x97) |
+| creds  | str       | credentials |
+
 ## Examples

 ### Get file attributes