X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=src%2Ffrontend%2Fsession.c;h=ed68c61cc747e89dbbadba928a29536cca702bb5;hb=7d146c24e78c57af633c57fc75883602083fb83b;hp=b0fc7803e2a0e23ab53a05cc6a1c694c4251b824;hpb=5e20183e0a2264e0aed972ceff913374ab970248;p=sysdb.git

diff --git a/src/frontend/session.c b/src/frontend/session.c
index b0fc780..ed68c61 100644
--- a/src/frontend/session.c
+++ b/src/frontend/session.c
@@ -42,26 +42,31 @@
 int
 sdb_fe_session_start(sdb_conn_t *conn)
 {
-	const char *username;
+	char username[sdb_strbuf_len(conn->buf) + 1];
+	const char *tmp;
 
-	if ((! conn) || (conn->username))
+	if ((! conn) || (conn->cmd != SDB_CONNECTION_STARTUP))
 		return -1;
 
-	if (conn->cmd != SDB_CONNECTION_STARTUP)
-		return -1;
-
-	username = sdb_strbuf_string(conn->buf);
-	if ((! username) || (! conn->cmd_len) || (! *username)) {
+	tmp = sdb_strbuf_string(conn->buf);
+	if ((! tmp) || (! conn->cmd_len) || (! *tmp)) {
 		sdb_strbuf_sprintf(conn->errbuf, "Invalid empty username");
 		return -1;
 	}
+	strncpy(username, tmp, conn->cmd_len);
+	username[conn->cmd_len] = '\0';
 
-	/* XXX: for now, simply accept all connections */
-	conn->username = strndup(username, conn->cmd_len);
 	if (! conn->username) {
-		sdb_strbuf_sprintf(conn->errbuf, "Authentication failed");
+		/* We trust the remote peer.
+		 * TODO: make the auth mechanism configurable */
+		conn->username = strdup(username);
+	}
+	else if (strcmp(conn->username, username)) {
+		sdb_strbuf_sprintf(conn->errbuf, "%s cannot act on behalf of %s",
+				conn->username, username);
 		return -1;
 	}
+
 	sdb_connection_send(conn, SDB_CONNECTION_OK, 0, NULL);
 	conn->ready = 1;
 	return 0;