lokinet/llarp/service/auth.cpp

189 lines
5.7 KiB
C++
Raw Permalink Normal View History

2020-05-28 11:07:32 +00:00
#include "auth.hpp"
#include <unordered_map>
2022-01-17 12:57:08 +00:00
#include <llarp/router/abstractrouter.hpp>
#include "protocol.hpp"
#include <llarp/util/str.hpp>
#include <llarp/util/fs.hpp>
2020-05-28 11:07:32 +00:00
namespace llarp::service
{
/// maybe get auth result from string
2021-02-24 12:14:15 +00:00
std::optional<AuthResultCode>
ParseAuthResultCode(std::string data)
2020-05-28 11:07:32 +00:00
{
2021-02-24 12:14:15 +00:00
std::unordered_map<std::string, AuthResultCode> values = {
{"OKAY", AuthResultCode::eAuthAccepted},
{"REJECT", AuthResultCode::eAuthRejected},
{"PAYME", AuthResultCode::eAuthPaymentRequired},
{"LIMITED", AuthResultCode::eAuthRateLimit}};
2020-05-28 11:07:32 +00:00
auto itr = values.find(data);
if (itr == values.end())
return std::nullopt;
return itr->second;
}
AuthType
ParseAuthType(std::string data)
{
2021-03-05 17:31:52 +00:00
std::unordered_map<std::string, AuthType> values = {
2022-01-17 12:57:08 +00:00
{"file", AuthType::eAuthTypeFile},
2021-03-05 17:31:52 +00:00
{"lmq", AuthType::eAuthTypeLMQ},
{"whitelist", AuthType::eAuthTypeWhitelist},
{"none", AuthType::eAuthTypeNone}};
const auto itr = values.find(data);
if (itr == values.end())
throw std::invalid_argument("no such auth type: " + data);
return itr->second;
}
2021-02-24 18:41:23 +00:00
AuthFileType
ParseAuthFileType(std::string data)
{
std::unordered_map<std::string, AuthFileType> values = {
{"plain", AuthFileType::eAuthFilePlain},
{"plaintext", AuthFileType::eAuthFilePlain},
{"hashed", AuthFileType::eAuthFileHashes},
{"hashes", AuthFileType::eAuthFileHashes},
{"hash", AuthFileType::eAuthFileHashes}};
const auto itr = values.find(data);
if (itr == values.end())
throw std::invalid_argument("no such auth file type: " + data);
2022-04-01 18:31:20 +00:00
#ifndef HAVE_CRYPT
2022-04-01 17:18:18 +00:00
if (itr->second == AuthFileType::eAuthFileHashes)
throw std::invalid_argument("unsupported auth file type: " + data);
#endif
return itr->second;
}
2021-02-24 18:41:23 +00:00
/// turn an auth result code into an int
uint64_t
AuthResultCodeAsInt(AuthResultCode code)
{
2021-02-24 18:50:45 +00:00
return static_cast<std::underlying_type_t<AuthResultCode>>(code);
2021-02-24 18:41:23 +00:00
}
/// may turn an int into an auth result code
std::optional<AuthResultCode>
AuthResultCodeFromInt(uint64_t code)
{
switch (code)
{
case 0:
return AuthResultCode::eAuthAccepted;
case 1:
return AuthResultCode::eAuthRejected;
case 2:
return AuthResultCode::eAuthFailed;
case 3:
return AuthResultCode::eAuthRateLimit;
case 4:
return AuthResultCode::eAuthPaymentRequired;
default:
return std::nullopt;
}
}
2022-01-17 12:57:08 +00:00
class FileAuthPolicy : public IAuthPolicy, public std::enable_shared_from_this<FileAuthPolicy>
{
const std::set<fs::path> m_Files;
const AuthFileType m_Type;
2022-01-17 12:57:08 +00:00
AbstractRouter* const m_Router;
mutable util::Mutex m_Access;
std::unordered_set<ConvoTag> m_Pending;
/// returns an auth result for a auth info challange, opens every file until it finds a token
/// matching it
/// this is expected to be done in the IO thread
AuthResult
CheckFiles(const AuthInfo& info) const
{
for (const auto& f : m_Files)
{
fs::ifstream i{f};
std::string line{};
while (std::getline(i, line))
{
// split off comments
const auto parts = split_any(line, "#;", true);
if (auto part = parts[0]; not parts.empty() and not parts[0].empty())
{
// split off whitespaces and check password
if (CheckPasswd(std::string{TrimWhitespace(part)}, info.token))
2022-01-17 12:57:08 +00:00
return AuthResult{AuthResultCode::eAuthAccepted, "accepted by whitelist"};
}
}
}
return AuthResult{AuthResultCode::eAuthRejected, "rejected by whitelist"};
}
bool
CheckPasswd(std::string hash, std::string challenge) const
{
switch (m_Type)
{
case AuthFileType::eAuthFilePlain:
return hash == challenge;
case AuthFileType::eAuthFileHashes:
return CryptoManager::instance()->check_passwd_hash(
std::move(hash), std::move(challenge));
default:
return false;
}
}
2022-01-17 12:57:08 +00:00
public:
FileAuthPolicy(AbstractRouter* r, std::set<fs::path> files, AuthFileType filetype)
: m_Files{std::move(files)}, m_Type{filetype}, m_Router{r}
2022-01-17 12:57:08 +00:00
{}
void
AuthenticateAsync(
std::shared_ptr<ProtocolMessage> msg, std::function<void(AuthResult)> hook) override
{
auto reply = m_Router->loop()->make_caller(
[tag = msg->tag, hook, self = shared_from_this()](AuthResult result) {
{
util::Lock _lock{self->m_Access};
self->m_Pending.erase(tag);
}
hook(result);
});
{
util::Lock _lock{m_Access};
m_Pending.emplace(msg->tag);
}
if (msg->proto == ProtocolType::Auth)
{
m_Router->QueueDiskIO(
[self = shared_from_this(),
auth = AuthInfo{std::string{
reinterpret_cast<const char*>(msg->payload.data()), msg->payload.size()}},
reply]() {
try
{
reply(self->CheckFiles(auth));
}
catch (std::exception& ex)
{
reply(AuthResult{AuthResultCode::eAuthFailed, ex.what()});
}
});
}
else
reply(AuthResult{AuthResultCode::eAuthRejected, "protocol error"});
}
bool
AsyncAuthPending(ConvoTag tag) const override
{
util::Lock _lock{m_Access};
return m_Pending.count(tag);
}
};
std::shared_ptr<IAuthPolicy>
MakeFileAuthPolicy(AbstractRouter* r, std::set<fs::path> files, AuthFileType filetype)
2022-01-17 12:57:08 +00:00
{
return std::make_shared<FileAuthPolicy>(r, std::move(files), filetype);
2022-01-17 12:57:08 +00:00
}
2020-05-28 11:07:32 +00:00
} // namespace llarp::service