20071019-1912

author: Charles.Forsyth <devnull@localhost> 2007-10-19 18:13:19 +0000
committer: Charles.Forsyth <devnull@localhost> 2007-10-19 18:13:19 +0000
commit: 184c64d409f10c08000332c4b0cb7d3b97cb228a (patch)
tree: 1d621e3eaf14b580d0a5c78769452f2b2aac4f19 /appl/cmd/auth
parent: c445c21544c1f7943f45fd51c1a6f1278f218a52 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/appl/cmd/auth/factotum/proto/infauth.b b/appl/cmd/auth/factotum/proto/infauth.b
index 244979bc..0b3505d6 100644
--- a/appl/cmd/auth/factotum/proto/infauth.b
+++ b/appl/cmd/auth/factotum/proto/infauth.b
@@ -184,11 +184,33 @@ negotiatecrypto(io: ref IO, key: ref Key, ai: ref Authinfo, attrs: list of ref S
 	if(alg != nil)
 		attrs = sl(ss("alg") :: ss(alg) :: nil) :: attrs;
 	ai.secret = sl(attrs).pack();
+	if(role == "server")
+		ai.cap = capability(nil, ai.suid);
 
 	io.done(ai);
 	return nil;
 }
 
+capability(ufrom, uto: string): string
+{
+	capfd := sys->open("#¤/caphash", Sys->OWRITE);
+	if(capfd == nil)
+		return nil;
+	key := IPint.random(0, 160).iptob64();
+	if(key == nil)
+		return nil;
+
+	users := uto;
+	if(ufrom != nil)
+		users = ufrom+"@"+uto;
+	digest := array[Keyring->SHA1dlen] of byte;
+	ausers := array of byte users;
+	keyring->hmac_sha1(ausers, len ausers, array of byte key, digest, nil);
+	if(sys->write(capfd, digest, len digest) < 0)
+		return nil;
+	return users+"@"+key;
+}
+
 algcompatible(nil: string, nil: list of string): int
 {
 	return 1;	# XXX
author	Charles.Forsyth <devnull@localhost>	2007-10-19 18:13:19 +0000
committer	Charles.Forsyth <devnull@localhost>	2007-10-19 18:13:19 +0000
commit	184c64d409f10c08000332c4b0cb7d3b97cb228a (patch)
tree	1d621e3eaf14b580d0a5c78769452f2b2aac4f19 /appl/cmd/auth
parent	c445c21544c1f7943f45fd51c1a6f1278f218a52 (diff)