From a5247fd9f08fca90d9ee0f64a8afdb180ce4c0f7 Mon Sep 17 00:00:00 2001 From: Luka Vandervelden Date: Thu, 10 Oct 2019 20:58:44 +0200 Subject: [PATCH] Imposed authentication on a few requests. --- src/authd.cr | 9 +++++++++ src/main.cr | 12 +++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/src/authd.cr b/src/authd.cr index b5ad647..083f248 100644 --- a/src/authd.cr +++ b/src/authd.cr @@ -21,6 +21,7 @@ module AuthD InvalidCredentials InvalidUser UserNotFound # For UID-based GetUser requests. + AuthenticationError end class GetTokenRequest @@ -33,6 +34,10 @@ module AuthD class AddUserRequest JSON.mapping({ + # Only clients that have the right shared key will be allowed + # to create users. + shared_key: String, + login: String, password: String, uid: Int32?, @@ -57,6 +62,8 @@ module AuthD class ModUserRequest JSON.mapping({ + shared_key: String, + uid: Int32, password: String?, avatar: String? @@ -129,6 +136,7 @@ module AuthD # FIXME: Extra options may be useful to implement here. def add_user(login : String, password : String) : AuthD::User | Exception send RequestTypes::AddUser, { + :shared_key => @key, :login => login, :password => password }.to_json @@ -147,6 +155,7 @@ module AuthD def mod_user(uid : Int32, password : String? = nil, avatar : String? = nil) : Bool | Exception payload = Hash(String, String|Int32).new payload["uid"] = uid + payload["shared_key"] = @key password.try do |password| payload["password"] = password diff --git a/src/main.cr b/src/main.cr index d0a99c8..8285efc 100644 --- a/src/main.cr +++ b/src/main.cr @@ -21,7 +21,7 @@ authd_passwd_file = "passwd" authd_group_file = "group" authd_jwt_key = "nico-nico-nii" -OptionParser.parse! do |parser| +OptionParser.parse do |parser| parser.on "-u file", "--passwd-file file", "passwd file." do |name| authd_passwd_file = name end @@ -88,6 +88,11 @@ IPC::Service.new "auth" do |event| next end + if request.shared_key != authd_jwt_key + client.send ResponseTypes::AuthenticationError, "Invalid authentication key." + next + end + if passwd.user_exists? request.login client.send ResponseTypes::InvalidUser, "Another user with the same login already exists." @@ -135,6 +140,11 @@ IPC::Service.new "auth" do |event| next end + if request.shared_key != authd_jwt_key + client.send ResponseTypes::AuthenticationError, "Invalid authentication key." + next + end + password_hash = request.password.try do |s| Passwd.hash_password s end