Ejemplo n.º 1
0
 virtual void setLimit(DaliClientRole role,unsigned limit)
 {
     CSystemCapability cap;
     cap.setRole(role);
     cap.setLimit(limit);
     addcap("set",cap);
 }
Ejemplo n.º 2
0
 void removeCapability(DaliClientRole role,const char *macstr,const char *cpusnstr=NULL)
 {
     CSystemCapability cap;
     byte cpusn[SC_CPUSN_SZ];
     if (cpusnstr&&decodeCPUSN(cpusnstr,cpusn))
         cap.setCpuSN(cpusn);
     byte mac[SC_MAC_SZ];
     if (macstr&&decodeMAC(macstr,mac))
         cap.setMAC(mac); 
     cap.setRole(role);
     addcap("del",cap);
 }
Ejemplo n.º 3
0
 void addCapability(DaliClientRole role,const char *macstr,const char *cpusnstr=NULL)
 {
     CSystemCapability cap;
     byte cpusn[SC_CPUSN_SZ];
     if (cpusnstr&&decodeCPUSN(cpusnstr,cpusn))
         cap.setCpuSN(cpusn);
     byte mac[SC_MAC_SZ];
     if (macstr&&decodeMAC(macstr,mac))
         cap.setMAC(mac); 
     cap.setRole(role);
     addcap(role==DCR_DaliServer?"srv":"add",cap);
 }
Ejemplo n.º 4
0
Archivo: devcap.c Proyecto: 0intro/vx32
static long
capwrite(Chan *c, void *va, long n, vlong vl)
{
	Caphash *p;
	char *cp;
	uchar hash[Hashlen];
	char *key, *from, *to;
	char err[256];

	switch((ulong)c->qid.path){
	case Qhash:
		if(!iseve())
			error(Eperm);
		if(n < Hashlen)
			error(Eshort);
		memmove(hash, va, Hashlen);
		addcap(hash);
		break;

	case Quse:
		/* copy key to avoid a fault in hmac_xx */
		cp = nil;
		if(waserror()){
			free(cp);
			nexterror();
		}
		cp = smalloc(n+1);
		memmove(cp, va, n);
		cp[n] = 0;

		from = cp;
		key = strrchr(cp, '@');
		if(key == nil)
			error(Eshort);
		*key++ = 0;

		hmac_sha1((uchar*)from, strlen(from), (uchar*)key, strlen(key), hash, nil);

		p = remcap(hash);
		if(p == nil){
			snprint(err, sizeof err, "invalid capability %s@%s", from, key);
			error(err);
		}

		/* if a from user is supplied, make sure it matches */
		to = strchr(from, '@');
		if(to == nil){
			to = from;
		} else {
			*to++ = 0;
			if(strcmp(from, up->user) != 0)
				error("capability must match user");
		}

		/* set user id */
		kstrdup(&up->user, to);
		up->basepri = PriNormal;

		free(p);
		free(cp);
		poperror();
		break;

	default:
		error(Eperm);
		break;
	}

	return n;
}
Ejemplo n.º 5
0
static long capwrite(struct chan *c, void *va, long n, int64_t m)
{
	struct Caphash *p;
	char *cp;
	uint8_t hash[Hashlen];
	char *key, *from, *to;
	char err[256];
	int ret;
	ERRSTACK(1);

	switch ((uint32_t)c->qid.path) {
	case Qhash:
		if (!iseve())
			error(EPERM, "permission denied: you must be eve");
		if (n < Hashlen)
			error(EIO, "Short read: on Qhash");
		memmove(hash, va, Hashlen);
		addcap(hash);
		break;

	case Quse:
		/* copy key to avoid a fault in hmac_xx */
		cp = NULL;
		if (waserror()) {
			kfree(cp);
			nexterror();
		}
		cp = kzmalloc(n + 1, 0);
		memmove(cp, va, n);
		cp[n] = 0;

		from = cp;
		key = strrchr(cp, '@');
		if (key == NULL)
			error(EIO, "short read: Quse");
		*key++ = 0;

		ret = hmac(VB2_ALG_RSA1024_SHA256, key, strlen(key),
		           from, strlen(from), hash, sizeof(hash));
		if (ret)
			error(EINVAL, "HMAC failed");

		p = remcap(hash);
		if (p == NULL) {
			snprintf(err, sizeof(err), "invalid capability %s@%s", from, key);
			error(EINVAL, err);
		}

		/* if a from user is supplied, make sure it matches */
		to = strchr(from, '@');
		if (to == NULL) {
			to = from;
		} else {
			*to++ = 0;
			panic("todo");
			/*
			if (strcmp(from, up->user) != 0)
				error(EINVAL, "capability must match user");
			*/
		}

		/* set user id */
		// TODO: make user a char *, not a fixed array.
		//kstrdup(&current->user, to);
		// In the original user names were NULL-terminated; ensure
		// that is still the case.
		if (strlen(to) > sizeof(current->user)-1)
			error(EINVAL, "New user name is > %d bytes", sizeof(current->user));
		memset(current->user, 0, sizeof(current->user));
		strncpy(current->user, to, sizeof(current->user));
		//up->basepri = PriNormal;


		kfree(p);
		kfree(cp);
		poperror();
		break;

	default:
		error(EPERM, "permission denied: capwrite");
		break;
	}

	return n;
}