[BRLTTY] Fix polkit+keyfile authentication
Samuel Thibault
samuel.thibault at ens-lyon.org
Sat Oct 8 17:33:50 EDT 2016
Some parts of the code were assuming that auth had to
always be a keyfile, thus preventing from being able to use
polkit+keyfile:/etc/brlapi.key as auth.
Samuel
-------------- next part --------------
diff --git a/Programs/brlapi_client.c b/Programs/brlapi_client.c
index 0e20ec1..7a54980 100644
--- a/Programs/brlapi_client.c
+++ b/Programs/brlapi_client.c
@@ -724,7 +724,12 @@ brlapi_fileDescriptor BRLAPI_STDCALL brlapi__openConnection(brlapi_handle_t *han
case BRLAPI_AUTH_KEY: {
size_t authKeyLength;
int res;
- if (brlapi_loadAuthKey(settings.auth, &authKeyLength, (void *) &auth->key) < 0)
+ char *keyfile = brlapi_getKeyFile(settings.auth);
+ if (!keyfile)
+ continue;
+ res = brlapi_loadAuthKey(keyfile, &authKeyLength, (void *) &auth->key);
+ free(keyfile);
+ if (res < 0)
continue;
res = brlapi_writePacket(handle->fileDescriptor, BRLAPI_PACKET_AUTH, auth,
sizeof(auth->type)+authKeyLength);
diff --git a/Programs/brlapi_common.h b/Programs/brlapi_common.h
index 98fed09..090ce84 100644
--- a/Programs/brlapi_common.h
+++ b/Programs/brlapi_common.h
@@ -415,3 +415,23 @@ BRLAPI(getKeyrangeMask) (brlapi_rangeType_t r, brlapi_keyCode_t code, brlapi_key
brlapi_errno = BRLAPI_ERROR_INVALID_PARAMETER;
return -1;
}
+
+static char *
+BRLAPI(getKeyFile)(const char *auth)
+{
+ const char *path;
+ char *ret, *delim;
+ if (!strncmp(auth,"keyfile:",8))
+ path=auth+8;
+ else {
+ path=strstr(auth,"+keyfile:");
+ if (path) path+=9;
+ else path=auth;
+ }
+ ret=strdup(path);
+ delim=strchr(ret,'+');
+ if (delim)
+ *delim = 0;
+ return ret;
+}
+
diff --git a/Programs/brlapi_server.c b/Programs/brlapi_server.c
index 3fadda2..c3b3c6e 100644
--- a/Programs/brlapi_server.c
+++ b/Programs/brlapi_server.c
@@ -1225,6 +1225,18 @@ static void handleNewConnection(Connection *c)
brlapiserver_writePacket(c->fd,BRLAPI_PACKET_VERSION,&versionPacket.data,sizeof(versionPacket.version));
}
+static int
+hasKeyFile(const char *auth)
+{
+ if (isAbsolutePath(auth))
+ return 1;
+ if (!strncmp(auth,"keyfile:", 8))
+ return 1;
+ if (strstr(auth,"+keyfile:"))
+ return 1;
+ return 0;
+}
+
/* Function : handleUnauthorizedConnection */
/* Returns 1 if connection has to be removed */
static int handleUnauthorizedConnection(Connection *c, brlapi_packetType_t type, brlapi_packet_t *packet, size_t size)
@@ -1252,7 +1264,7 @@ static int handleUnauthorizedConnection(Connection *c, brlapi_packetType_t type,
unauthConnections--;
c->auth = 1;
} else {
- if (isAbsolutePath(auth))
+ if (hasKeyFile(auth))
authPacket->type[nbmethods++] = htonl(BRLAPI_AUTH_KEY);
c->auth = 0;
}
@@ -1288,15 +1300,18 @@ static int handleUnauthorizedConnection(Connection *c, brlapi_packetType_t type,
if (authDescriptor) authCorrect = authPerform(authDescriptor, c->fd);
break;
case BRLAPI_AUTH_KEY:
- if (isAbsolutePath(auth)) {
- if (brlapiserver_loadAuthKey(auth,&authKeyLength,&authKey)==-1) {
- logMessage(LOG_WARNING,"Unable to load API authorization key from %s: %s in %s. You may use parameter auth=none if you don't want any authorization (dangerous)", auth, strerror(brlapi_libcerrno), brlapi_errfun);
+ if (hasKeyFile(auth)) {
+ char *path = brlapiserver_getKeyFile(auth);
+ int ret = brlapiserver_loadAuthKey(path,&authKeyLength,&authKey);
+ free(path);
+ if (ret==-1) {
+ logMessage(LOG_WARNING,"Unable to load API authorization key from %s: %s in %s. You may use parameter auth=none if you don't want any authorization (dangerous)", path, strerror(brlapi_libcerrno), brlapi_errfun);
break;
}
logMessage(LOG_CATEGORY(SERVER_EVENTS), "authorization key loaded");
authCorrect = (remaining==authKeyLength) && (!memcmp(&authPacket->key, &authKey, authKeyLength));
memset(&authKey, 0, authKeyLength);
- memset(&authPacket->key, 0, authKeyLength);
+ memset(&authPacket->key, 0, remaining);
}
break;
default:
More information about the BRLTTY
mailing list