![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/src/frontend/session.c b/src/frontend/session.c
index 6403469a1e2d15020a939f130a54ed20c8711704..f64a1b967cb541bd0ba4241e426f380b14153b1c 100644 (file)
--- a/src/frontend/session.c
+++ b/src/frontend/session.c
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif /* HAVE_CONFIG_H */
+
#include "sysdb.h"
#include "frontend/connection-private.h"
+#include <string.h>
+
/*
* public API
*/
int
-sdb_fe_session_start(sdb_conn_t *conn)
+sdb_conn_session_start(sdb_conn_t *conn)
{
- if ((! conn) || (conn->username))
+ char username[sdb_strbuf_len(conn->buf) + 1];
+ const char *tmp;
+
+ if ((! conn) || (conn->cmd != SDB_CONNECTION_STARTUP))
+ return -1;
+
+ tmp = sdb_strbuf_string(conn->buf);
+ if ((! tmp) || (! conn->cmd_len) || (! *tmp)) {
+ sdb_strbuf_sprintf(conn->errbuf, "Invalid empty username");
return -1;
+ }
+ strncpy(username, tmp, conn->cmd_len);
+ username[conn->cmd_len] = '\0';
- if (conn->cmd != CONNECTION_STARTUP)
+ if (! conn->username) {
+ /* We trust the remote peer.
+ * TODO: make the auth mechanism configurable */
+ conn->username = strdup(username);
+ }
+ else if (strcmp(conn->username, username)) {
+ sdb_strbuf_sprintf(conn->errbuf, "%s cannot act on behalf of %s",
+ conn->username, username);
return -1;
+ }
- /* XXX: for now, simply accept all connections */
- sdb_connection_send(conn, CONNECTION_OK, 0, NULL);
+ sdb_connection_send(conn, SDB_CONNECTION_OK, 0, NULL);
+ conn->ready = 1;
return 0;
-} /* sdb_fe_session_start */
+} /* sdb_conn_session_start */
/* vim: set tw=78 sw=4 ts=4 noexpandtab : */