aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMattias Andrée <maandree@kth.se>2023-06-23 16:24:26 +0200
committerMattias Andrée <maandree@kth.se>2023-06-23 16:24:26 +0200
commit2a717740fa534a3a5bd0040ef9606e15bbe7115c (patch)
treee78cd57b48a31c9178d12cac53d0f40a957becf3
parentImplement authentication (diff)
downloadkey2root-2a717740fa534a3a5bd0040ef9606e15bbe7115c.tar.gz
key2root-2a717740fa534a3a5bd0040ef9606e15bbe7115c.tar.bz2
key2root-2a717740fa534a3a5bd0040ef9606e15bbe7115c.tar.xz
Fix mistakes
Signed-off-by: Mattias Andrée <maandree@kth.se>
-rw-r--r--key2root-addkey.c16
-rw-r--r--key2root-lskeys.c2
-rw-r--r--key2root-rmkey.c4
-rw-r--r--key2root.c26
4 files changed, 29 insertions, 19 deletions
diff --git a/key2root-addkey.c b/key2root-addkey.c
index 78435f3..989aa8f 100644
--- a/key2root-addkey.c
+++ b/key2root-addkey.c
@@ -48,7 +48,7 @@ checkkey(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *line
int failed = 0;
size_t len;
- while (*rhead2p < whead || data[*rhead2p] != '\n')
+ while (*rhead2p < whead && data[*rhead2p] != '\n')
++*rhead2p;
if (data[*rhead2p] != '\n')
@@ -66,7 +66,7 @@ checkkey(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *line
failed = 1;
}
- if (failed || klen >= len || data[*rheadp + klen] != ' ' || memcpy(&data[*rheadp], keyname, klen)) {
+ if (failed || klen >= len || data[*rheadp + klen] != ' ' || memcmp(&data[*rheadp], keyname, klen)) {
*rheadp = ++*rhead2p;
return 0;
} else {
@@ -196,10 +196,8 @@ main(int argc, char *argv[])
if (failed)
return 1;
- if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
+ if (mlockall(MCL_CURRENT | MCL_FUTURE))
fprintf(stderr, "%s: mlockall MCL_CURRENT|MCL_FUTURE: %s\n", argv0, strerror(errno));
- exit(1);
- }
if (!parameters) {
stpcpy(mksalt(stpcpy(generated_parameters, HASH_PREFIX)), "$");
@@ -238,8 +236,8 @@ main(int argc, char *argv[])
fprintf(stderr, "%s: crypt <key> %s: %s\n", argv0, parameters, strerror(errno));
explicit_bzero(key, key_len);
free(key);
- key_size = key_len = strlen(keyname) + strlen(hash) + 3;
- key = malloc(key_len);
+ key_size = key_len = strlen(keyname) + strlen(hash) + 2;
+ key = malloc(key_len + 1);
if (!key) {
fprintf(stderr, "%s: malloc: %s\n", argv0, strerror(errno));
exit(1);
@@ -284,7 +282,7 @@ main(int argc, char *argv[])
gap_size = end - beginning;
if (gap_size > key_len) {
memmove(&data[beginning + key_len], &data[end], data_len - end);
- data_len -= key_len - gap_size;
+ data_len -= gap_size - key_len;
} else if (gap_size < key_len) {
gap_increase = key_len - gap_size;
if (data_len + gap_increase > data_size) {
@@ -295,7 +293,7 @@ main(int argc, char *argv[])
exit(1);
}
}
- memmove(&data[end], &data[end + gap_increase], data_len - end);
+ memmove(&data[end + gap_increase], &data[end], data_len - end);
data_len += gap_increase;
}
memcpy(&data[beginning], key, key_len);
diff --git a/key2root-lskeys.c b/key2root-lskeys.c
index a25b32d..85d6661 100644
--- a/key2root-lskeys.c
+++ b/key2root-lskeys.c
@@ -27,7 +27,7 @@ outputkey(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin
int failed = 0;
size_t len;
- while (*rhead2p < whead || data[*rhead2p] != '\n')
+ while (*rhead2p < whead && data[*rhead2p] != '\n')
++*rhead2p;
if (data[*rhead2p] != '\n')
diff --git a/key2root-rmkey.c b/key2root-rmkey.c
index 1b4a366..f44cf06 100644
--- a/key2root-rmkey.c
+++ b/key2root-rmkey.c
@@ -45,7 +45,7 @@ removekeys(char *data, size_t *wheadp, size_t *rheadp, size_t *rhead2p, size_t *
size_t len, klen;
size_t i;
- while (*rhead2p < *wheadp || data[*rhead2p] != '\n')
+ while (*rhead2p < *wheadp && data[*rhead2p] != '\n')
++*rhead2p;
if (data[*rhead2p] != '\n')
@@ -68,7 +68,7 @@ removekeys(char *data, size_t *wheadp, size_t *rheadp, size_t *rhead2p, size_t *
} else {
for (i = 0; i < *nkeysp; i++) {
klen = strlen(keys[i]);
- if (klen >= len || data[*rheadp + klen] != ' ' || memcpy(&data[*rheadp], keys[i], klen))
+ if (klen >= len || data[*rheadp + klen] != ' ' || memcmp(&data[*rheadp], keys[i], klen))
continue;
/* retain key order so that they are output in the provided order if not found */
memmove(&keys[i], &keys[i + 1], (--*nkeysp - i) * sizeof(*keys));
diff --git a/key2root.c b/key2root.c
index 77ed0ac..450ca00 100644
--- a/key2root.c
+++ b/key2root.c
@@ -224,6 +224,20 @@ set_environ(void)
static int
+hashequal(const char *a, const char *b)
+{
+ size_t an = strlen(a) + 1;
+ size_t bn = strlen(b) + 1;
+ size_t n = an < bn ? an : bn;
+ size_t i;
+ int diff = 0;
+ for (i = 0; i < n; i++)
+ diff |= a[i] ^ b[i];
+ return !diff;
+}
+
+
+static int
checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *linenop, const char *path,
const char *keyname, size_t keyname_len, const char *key, size_t key_len, int *key_foundp)
{
@@ -231,7 +245,7 @@ checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin
char *hash, *sp;
size_t len;
- while (*rhead2p < whead || data[*rhead2p] != '\n')
+ while (*rhead2p < whead && data[*rhead2p] != '\n')
++*rhead2p;
if (data[*rhead2p] != '\n')
@@ -254,7 +268,7 @@ checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin
keyname_len = (size_t)(sp - &data[*rheadp]);
goto check;
} else if (failed || keyname_len >= len || data[*rheadp + keyname_len] != ' ' ||
- memcpy(&data[*rheadp], keyname, keyname_len)) {
+ memcmp(&data[*rheadp], keyname, keyname_len)) {
*rheadp = ++*rhead2p;
return 0;
} else {
@@ -263,7 +277,7 @@ checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin
*key_foundp = 1;
data[(*rhead2p)++] = '\0';
hash = crypt(key, &data[*rheadp]);
- match = hash && strlen(hash) == key_len && !memcmp(hash, key, key_len);
+ match = hash && hashequal(hash, &data[*rheadp]);
*rheadp = *rhead2p;
return match;
}
@@ -364,10 +378,8 @@ main(int argc, char *argv[])
if (!argc)
usage();
- if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
+ if (mlockall(MCL_CURRENT | MCL_FUTURE))
fprintf(stderr, "%s: mlockall MCL_CURRENT|MCL_FUTURE: %s\n", argv0, strerror(errno));
- exit(EXIT_ERROR);
- }
sprintf(path_user_id, "%s/%ju", KEYPATH, (uintmax_t)getuid());
errno = 0;
@@ -419,7 +431,7 @@ main(int argc, char *argv[])
!authenticate(path_user_name, key_name, key, key_len, &key_found)) {
fprintf(stderr, "%s: authentication failed: %s\n", argv0,
key_name ? (key_found ? "key mismatch" : "key not found")
- : (key_found ? "no match key found" : "no key found"));
+ : (key_found ? "no matching key found" : "no key found"));
explicit_bzero(key, key_len);
exit(EXIT_AUTH);
}