From 184c64d409f10c08000332c4b0cb7d3b97cb228a Mon Sep 17 00:00:00 2001
From: "Charles.Forsyth" <devnull@localhost>
Date: Fri, 19 Oct 2007 18:13:19 +0000
Subject: 20071019-1912

---
 appl/cmd/auth/factotum/proto/infauth.b | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'appl/cmd/auth')

diff --git a/appl/cmd/auth/factotum/proto/infauth.b b/appl/cmd/auth/factotum/proto/infauth.b
index 244979bc..0b3505d6 100644
--- a/appl/cmd/auth/factotum/proto/infauth.b
+++ b/appl/cmd/auth/factotum/proto/infauth.b
@@ -184,11 +184,33 @@ negotiatecrypto(io: ref IO, key: ref Key, ai: ref Authinfo, attrs: list of ref S
 	if(alg != nil)
 		attrs = sl(ss("alg") :: ss(alg) :: nil) :: attrs;
 	ai.secret = sl(attrs).pack();
+	if(role == "server")
+		ai.cap = capability(nil, ai.suid);
 
 	io.done(ai);
 	return nil;
 }
 
+capability(ufrom, uto: string): string
+{
+	capfd := sys->open("#¤/caphash", Sys->OWRITE);
+	if(capfd == nil)
+		return nil;
+	key := IPint.random(0, 160).iptob64();
+	if(key == nil)
+		return nil;
+
+	users := uto;
+	if(ufrom != nil)
+		users = ufrom+"@"+uto;
+	digest := array[Keyring->SHA1dlen] of byte;
+	ausers := array of byte users;
+	keyring->hmac_sha1(ausers, len ausers, array of byte key, digest, nil);
+	if(sys->write(capfd, digest, len digest) < 0)
+		return nil;
+	return users+"@"+key;
+}
+
 algcompatible(nil: string, nil: list of string): int
 {
 	return 1;	# XXX
-- 
cgit v1.2.3