diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/afbs-api.c | 7 | ||||
-rw-r--r-- | src/config.c | 2 | ||||
-rw-r--r-- | src/main.c | 2 | ||||
-rw-r--r-- | src/session.c | 14 |
4 files changed, 22 insertions, 3 deletions
diff --git a/src/afbs-api.c b/src/afbs-api.c index 42ea7597..44fa0334 100644 --- a/src/afbs-api.c +++ b/src/afbs-api.c @@ -40,6 +40,13 @@ STATIC json_object* clientContextCreate (AFB_request *request) { } // request a new client context token and check result + if (AFB_UNAUTH == ctxTokenCreate (request)) { + request->errcode=MHD_HTTP_UNAUTHORIZED; + jresp= jsonNewMessage(AFB_FAIL, "No/Invalid initial token provided [should match --token=xxxx]"); + return (jresp); + } + + // request a new client context token and check result if (AFB_SUCCESS != ctxTokenCreate (request)) { request->errcode=MHD_HTTP_UNAUTHORIZED; jresp= jsonNewMessage(AFB_FAIL, "Token Session Not Activated [restart with --token=xxxx]"); diff --git a/src/config.c b/src/config.c index 2ec90595..2e7611a5 100644 --- a/src/config.c +++ b/src/config.c @@ -21,13 +21,11 @@ */ - #include "../include/local-def.h" #include <stdarg.h> #include <sys/stat.h> #include <sys/types.h> - #define AFB_CONFIG_JTYPE "AFB_config" PUBLIC char *ERROR_LABEL[]=ERROR_LABEL_DEF; @@ -109,7 +109,7 @@ static AFB_options cliOptions [] = { {SET_SMACK ,1,"smack" , "Set Smack Label [default demo]"}, {SET_PLUGINS ,1,"mods" , "Enable module [default all]"}, - {SET_AUTH_TOKEN ,1,"token" , "Initial Secret [default=non]"}, + {SET_AUTH_TOKEN ,1,"token" , "Initial Secret [default=no-session, --token="" for session without authentication]"}, {DISPLAY_VERSION ,0,"version" , "Display version and copyright"}, {DISPLAY_HELP ,0,"help" , "Display this help"}, diff --git a/src/session.c b/src/session.c index a5a00406..56620f35 100644 --- a/src/session.c +++ b/src/session.c @@ -476,9 +476,23 @@ PUBLIC AFB_error ctxTokenCreate (AFB_request *request) { int oldTnkValid; const char *ornew; uuid_t newuuid; + const char *token; if (request->client == NULL) return AFB_EMPTY; + // if config->token!="" then verify that we have the right initial share secret + if (request->config->token[0] != '\0') { + + // check for initial token secret and return if not presented + token = MHD_lookup_connection_value(request->connection, MHD_GET_ARGUMENT_KIND, "token"); + if (token == NULL) return AFB_UNAUTH; + + // verify that presented initial tokens fit + if (strcmp(request->config->token, token)) return AFB_UNAUTH; + + } + + // create a UUID as token value uuid_generate(newuuid); uuid_unparse_lower(newuuid, request->client->token); |