summaryrefslogtreecommitdiff
path: root/appl/cmd/auth/factotum/proto/infauth.b
diff options
context:
space:
mode:
Diffstat (limited to 'appl/cmd/auth/factotum/proto/infauth.b')
-rw-r--r--appl/cmd/auth/factotum/proto/infauth.b22
1 files changed, 22 insertions, 0 deletions
diff --git a/appl/cmd/auth/factotum/proto/infauth.b b/appl/cmd/auth/factotum/proto/infauth.b
index 244979bc..0b3505d6 100644
--- a/appl/cmd/auth/factotum/proto/infauth.b
+++ b/appl/cmd/auth/factotum/proto/infauth.b
@@ -184,11 +184,33 @@ negotiatecrypto(io: ref IO, key: ref Key, ai: ref Authinfo, attrs: list of ref S
if(alg != nil)
attrs = sl(ss("alg") :: ss(alg) :: nil) :: attrs;
ai.secret = sl(attrs).pack();
+ if(role == "server")
+ ai.cap = capability(nil, ai.suid);
io.done(ai);
return nil;
}
+capability(ufrom, uto: string): string
+{
+ capfd := sys->open("#ยค/caphash", Sys->OWRITE);
+ if(capfd == nil)
+ return nil;
+ key := IPint.random(0, 160).iptob64();
+ if(key == nil)
+ return nil;
+
+ users := uto;
+ if(ufrom != nil)
+ users = ufrom+"@"+uto;
+ digest := array[Keyring->SHA1dlen] of byte;
+ ausers := array of byte users;
+ keyring->hmac_sha1(ausers, len ausers, array of byte key, digest, nil);
+ if(sys->write(capfd, digest, len digest) < 0)
+ return nil;
+ return users+"@"+key;
+}
+
algcompatible(nil: string, nil: list of string): int
{
return 1; # XXX
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-10 17:54:23 +0000