commit d2df49be7efa06be23a0e81aeaa04aeb68ecb0cf
Author: niten <niten@fudo.org>
Date:   Mon Nov 1 23:28:46 2021 -0700

    Initial commit

diff --git a/backplane-auth.scm b/backplane-auth.scm
new file mode 100644
index 0000000..f23ee80
--- /dev/null
+++ b/backplane-auth.scm
@@ -0,0 +1,66 @@
+(use-modules (srfi srfi-1)
+             (srfi srfi-13)
+             (ice-9 binary-ports)
+             (ice-9 textual-ports)
+             (ice-9 format)
+             (ice-9 regex)
+             (rnrs bytevectors))
+
+(define *host-passwd-file* (getenv "FUDO_HOST_PASSWD_FILE"))
+(when (not *host-passwd-file*)
+  (format (current-error-port "FUDO_HOST_PASSWD_FILE not set~%"))
+  (exit 1))
+
+(define *service-passwd-file* (getenv "FUDO_SERVICE_PASSWD_FILE"))
+(when (not *service-passwd-file*)
+  (format (current-error-port "FUDO_SERVICE_PASSWD_FILE not set~%"))
+  (exit 1))
+
+(define host-regex "^host-([a-zA-Z][a-zA-Z0-9_-]+)$")
+(define service-regex "^service-([a-zA-Z][a-zA-Z0-9_-]+)$")
+
+(define (make-verifier passwd-file)
+  (let ((passwds (load passwd-file)))
+    (lambda (username passwd)
+      (and (> (string-length passwd) 6)
+           (equal? (assoc-ref passwds username) passwd)))))
+
+(define (make-authenticator host-verifier service-verifier)
+  (lambda (username hostname password)
+    (cond ((string-match host-regex username)
+           (host-verifier (match:substring (string-match host-regex username) 1)
+                          password))
+
+          ((string-match service-regex username)
+           (service-verifier (match:substring (string-match service-regex username) 1)
+                             password))
+
+          (else #f))))
+
+(define (make-handler handlers)
+  (lambda (request)
+    (let ((op (assoc-ref handlers (first request))))
+      (if op
+          (apply op (cdr request))
+          #f))))
+
+(define (auth-listener handler)
+  (let ((in (current-input-port))
+        (out (current-output-port)))
+    (while #t
+           (let ((size (bytevector-u16-ref (get-bytevector-n in 2) 0 (endianness big)))
+                 (response (make-bytevector 4 0)))
+             (bytevector-u8-set! response 1 #x02)
+             (if (handler (string-split (get-string-n in size) #\:))
+                 (begin (bytevector-u8-set! response 3 #x01)
+                        (put-bytevector out response 0 4)
+                        (force-output out))
+                 (begin (bytevector-u8-set! response 3 #x00)
+                        (put-bytevector out response 0 4)
+                        (force-output out)))))))
+
+(auth-listener
+ (make-handler
+  (list (cons "auth"
+              (make-authenticator (make-verifier *host-passwd-file*)
+                                  (make-verifier *service-passwd-file*))))))