token.c File Reference

---

Detailed Description

Token management.

Author:

Raphael Manfredi

Date:

2003

#include "common.h"
#include "token.h"
#include "clock.h"
#include "version.h"
#include "lib/misc.h"
#include "lib/sha1.h"
#include "lib/base64.h"
#include "lib/crc.h"
#include "lib/tm.h"
#include "lib/override.h"

Data Structures
struct	tokkey
	Describes the keys to use depending on the version. More...
Defines
#define	TOKEN_CLOCK_SKEW   3600 /**< +/- 1 hour */
	+/- 1 hour
#define	TOKEN_LIFE   60 /**< lifetime of our tokens */
	lifetime of our tokens
#define	TOKEN_BASE64_SIZE   (TOKEN_VERSION_SIZE * 4 / 3) /**< base64 size */
	base64 size
#define	LEVEL_SIZE   (2 * G_N_ELEMENTS(token_keys)) /**< at most */
	at most
#define	LEVEL_BASE64_SIZE   (LEVEL_SIZE * 4 / 3 + 3) /**< +2 for == tail */
	+2 for == tail
Functions
	RCSID ("$Id:token.c, v 1.14 2006/02/04 21:31:47 rmanfredi Exp $")
const gchar *	tok_strerror (tok_error_t errnum)
const struct tokkey *	find_tokkey (time_t now)
	Based on the timestamp, determine the proper token keys to use.
const gchar *	random_key (time_t now, guint *idx, const struct tokkey **tkused)
	Pickup a key randomly.
gchar *	tok_generate (time_t now, const gchar *version)
	Generate new token for given version string.
gchar *	tok_version (void)
	Get a version token, base64-encoded.
gchar *	tok_short_version (void)
	Get a version token for the short version string, base64-encoded.
tok_error_t	tok_version_valid (const gchar *version, const gchar *tokenb64, gint len, host_addr_t addr)
	Validate a base64-encoded version token `tokenb64' of `len' bytes.
gboolean	tok_is_ancient (time_t now)
	Check whether the version is too ancient to be able to generate a proper token string identifiable by remote parties.
Variables
const gchar *	keys_096b []
const gchar *	keys_096 []
tokkey	token_keys []
	Describes the keys to use depending on the version.
const gchar *	tok_errstr []
	Token validation errors.

---

Define Documentation

#define LEVEL_BASE64_SIZE   (LEVEL_SIZE * 4 / 3 + 3) /**< +2 for == tail */

+2 for == tail

#define LEVEL_SIZE   (2 * G_N_ELEMENTS(token_keys)) /**< at most */

at most

#define TOKEN_BASE64_SIZE   (TOKEN_VERSION_SIZE * 4 / 3) /**< base64 size */

base64 size

#define TOKEN_CLOCK_SKEW   3600 /**< +/- 1 hour */

+/- 1 hour

#define TOKEN_LIFE   60 /**< lifetime of our tokens */

lifetime of our tokens

---

Function Documentation

const struct tokkey* find_tokkey (  time_t  now  )  [static]

Based on the timestamp, determine the proper token keys to use. Returns: NULL if we cannot locate any suitable keys.

const gchar* random_key (  time_t  now, guint *  idx, const struct tokkey **  tkused )  [static]

Pickup a key randomly. Returns: the key string and the index within the key array into `idx' and the token key structure used in `tkused'.

RCSID (  "$Id:token.  c, v 1.14 2006/02/04 21:31:47 rmanfredi Exp $"  )

gchar* tok_generate (  time_t  now, const gchar *  version )  [static]

Generate new token for given version string.

gboolean tok_is_ancient (  time_t  now  )

Check whether the version is too ancient to be able to generate a proper token string identifiable by remote parties.

gchar* tok_short_version (  void   )

Get a version token for the short version string, base64-encoded. Returns: a pointer to static data.

const gchar* tok_strerror (  tok_error_t  errnum  )

Returns: human-readable error string corresponding to error code `errnum'.

gchar* tok_version (  void   )

Get a version token, base64-encoded. Returns: a pointer to static data. Note: Token versions are only used to identify GTKG servents as such with a higher level of confidence than just reading the version string alone. It is not meant to be used for strict authentication management, since the algorithm and the keys are exposed publicly.

tok_error_t tok_version_valid (  const gchar *  version, const gchar *  tokenb64, gint  len, host_addr_t  addr )

Validate a base64-encoded version token `tokenb64' of `len' bytes. The `ip' is given only for clock update operations. Returns: error code, or TOK_OK if token is valid.

---

Variable Documentation

const gchar* keys_096[] [static]

Initial value: { "261c 78d6 fcc5 d96e 2649 061a 4534 29b5", "2629 7de4 8edd 43eb 6c47 2b01 caf1 5e86", "50c2 076a 5a15 5c0c 27fb eda0 381b 2eb7", "851c 2fff 0a31 c6ad 2181 4d31 8fea 492c", "c8f8 01a8 2975 cc75 417c 63aa 5403 5b41", "045b aca8 5227 7d0f 232a 7c6a d713 d5dd", "f281 f0c5 23fb cf66 5ca4 6a3d 9df1 dc6a", "0fc8 ac1f 76da 5f7e 3459 bd7d 3175 76cf", "f981 7fe7 06d1 d3d9 9d69 1e47 b8d0 9adf", "7422 4730 d7d0 9293 002c b700 8979 dccf", "c328 4be8 9008 8d52 cbd6 2f45 30ba 9467", "cdc2 2db6 6bba 312c 10fb 246b b371 be09", "017a 3e68 90e0 e0f0 8124 3cc8 fcf8 3bf7", "2e56 a817 02b3 0819 d971 a245 c33e 42fc", "0ee7 8801 db48 f2d6 64ad 6c42 bac3 f7ee", "c758 af82 e6a3 aa5f 1da0 c127 4541 1ce8", "2edc 2b16 9e66 a191 9e45 2e66 ea98 0c7b", "438a a8ed d27e 711e 631e 2372 a013 d095", "45cf 2974 2086 d00e efec 9277 05a3 bff2", "bb86 594c 74e2 432d 5444 8a85 82c8 d098", "64f4 9829 a541 8625 578c fd90 639c f42b", "3084 a2bc f4ed 8b3c 2a2b 1834 cd8e 3f8b", }

const gchar* keys_096b[] [static]

Initial value: { "bea7 69a5 a647 f605 46b0 d155 2ba6 cee7", "68b0 2cf3 2c1a 8ae0 a72d f5c0 e77b bba8", "856e 4221 1470 a903 193e 2cc9 79a5 5337", "59c3 3f96 fbc0 0397 0356 6500 fc72 41b6", "e0f3 9f6c 16d7 4231 cd00 e991 b511 db07", "e765 cc0e 8672 692c cdc6 3b57 f178 cf59", "3120 1d5a ffc2 4ad8 bd4b bb38 bf99 b026", "8b39 85dd af31 86a5 2e7e 0b95 f030 482b", "5107 a6b7 4013 3439 3dae b5b4 e679 a401", "7d65 9e48 ee7e 7078 286b 29e9 e9be 296a", "e82d 1335 53d0 28c1 3423 7b30 6358 de81", "8b27 3698 03a2 6889 3bdd d095 34b6 0629", "b178 7abb 38cd 1084 f861 f1b2 05ab 28bc", "1253 e83d 6ee1 739e d7fe cb08 0527 3b3b", "13cb 0ec4 7784 2bd3 728a 3cbb 7900 c25c", "77da a447 ea85 ca52 4867 abae c992 aca3", "232d 40d4 2d6f 473c 411a 2beb bb1c b72c", "f62d be65 19a3 63c2 3714 e224 bf31 b565", "34b8 c34b aebb 844e 8080 da67 036b 1fbb", "e824 cbee 3b74 9c99 e808 ac6c 079b 1d16", }

const gchar* tok_errstr[] [static]

Initial value: { "OK", "Bad length", "Bad timestamp", "Bad key index", "Failed checking", "Not base64-encoded", "Keys not found", "Bad version string", "Version older than expected", "Level not base64-encoded", "Bad level length", "Level too short", "Level mismatch", "Missing level", } Token validation errors.

struct tokkey token_keys[]

Describes the keys to use depending on the version.

---