9 files changed, 98 insertions, 74 deletions
diff --git a/dev/SEC/.keep b/dev/SEC/.keep
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/dev/SEC/.keep
diff --git a/dev/SEC/build.json b/dev/SEC/build.json
new file mode 100644
index 00000000..a22d0f1f
--- /dev/null
+++ b/dev/SEC/build.json
@@ -0,0 +1,21 @@
+{
+  "compiler_path": "x86_64-w64-mingw32-g++",
+  "compiler_std": "c++20",
+  "headers_path": ["../"],
+  "sources_path": ["Sources/*.cxx"],
+  "output_name": "sec.dll",
+  "compiler_flags": [
+    "-fPIC",
+    "-ffreestanding",
+    "-shared",
+    "-fno-rtti",
+    "-fno-exceptions",
+    "-Wl,--subsystem=17"
+  ],
+  "cpp_macros": [
+    "__SEC_IMPL__",
+    "cSECVersion=0x0100",
+    "cSECVersionHighest=0x0100",
+    "cSECVersionLowest=0x0100"
+  ]
+}
diff --git a/dev/ZKA/HALKit/AMD64/HalKernelMain.cxx b/dev/ZKA/HALKit/AMD64/HalKernelMain.cxx
index 2e15bc99..c5548df7 100644
--- a/dev/ZKA/HALKit/AMD64/HalKernelMain.cxx
+++ b/dev/ZKA/HALKit/AMD64/HalKernelMain.cxx
@@ -228,11 +228,13 @@ Kernel::Void hal_real_init(Kernel::Void) noexcept
 	Kernel::NewFilesystemManager::Mount(fs);
 
 #ifdef __DEBUG__
-	const auto cPassword		  = "debug_usr";
+	const auto cPassword = "debug_usr";
 
 	Kernel::User user{Kernel::RingKind::kRingSuperUser, kSuperUser};
 
-	Kernel::UserManager::The()->TryLogIn(user, cPassword);
+	user.TrySave(cPassword);
+
+	Kernel::UserManager::The()->TryLogIn(user);
 #endif
 
 	Kernel::ke_stop(RUNTIME_CHECK_FAILED);
diff --git a/dev/ZKA/KernelKit/FileManager.hxx b/dev/ZKA/KernelKit/FileManager.hxx
index 7f222c4a..3ac3fe3b 100644
--- a/dev/ZKA/KernelKit/FileManager.hxx
+++ b/dev/ZKA/KernelKit/FileManager.hxx
@@ -26,6 +26,7 @@
 #include <KernelKit/DebugOutput.hxx>
 #include <NewKit/Stream.hxx>
 #include <NewKit/ErrorOr.hxx>
+#include <KernelKit/Heap.hxx>
 #include <NewKit/Ref.hxx>
 
 /// @brief Filesystem manager, abstraction over mounted filesystem.
@@ -362,14 +363,15 @@ namespace Kernel
 	{
 		static const auto cLength = 255;
 
-		struct StringMap final
+		/// @brief restrict information about the file descriptor.
+		struct RESTRICT_MAP final
 		{
 			Char  fRestrict[cLength];
 			Int32 fMappedTo;
 		};
 
 		const SizeT		cRestrictCount	= cRestrictMax;
-		const StringMap cRestrictList[] = {
+		const RESTRICT_MAP cRestrictList[] = {
 			{
 				.fRestrict = cRestrictR,
 				.fMappedTo = eRestrictRead,
@@ -408,6 +410,6 @@ namespace Kernel
 	template <typename Encoding, typename Class>
 	FileStream<Encoding, Class>::~FileStream()
 	{
-		delete fFile;
+		mm_delete_ke_heap(fFile);
 	}
 } // namespace Kernel
diff --git a/dev/ZKA/KernelKit/User.hxx b/dev/ZKA/KernelKit/User.hxx
index ac05b034..1b719f24 100644
--- a/dev/ZKA/KernelKit/User.hxx
+++ b/dev/ZKA/KernelKit/User.hxx
@@ -4,8 +4,8 @@
 
 ------------------------------------------- */
 
-#ifndef _INC_PERMISSION_SEL_HXX_
-#define _INC_PERMISSION_SEL_HXX_
+#ifndef _INC_USER_HXX_
+#define _INC_USER_HXX_
 
 #include <CompilerKit/CompilerKit.hxx>
 #include <KernelKit/LPC.hxx>
@@ -73,6 +73,7 @@ namespace Kernel
 		RingKind   fRing{RingKind::kRingStdUser};
 		Char fUserName[kMaxUserNameLen] = { 0 };
 		Char fUserToken[kMaxUserTokenLen] = { 0 };
+		VoidPtr fUserNodePtr{nullptr};
 
 		friend UserManager;
 	};
@@ -91,10 +92,10 @@ namespace Kernel
 		NEWOS_COPY_DELETE(UserManager);
 
 		STATIC UserManager* The() noexcept;
-		Bool				TryLogIn(User& user, const Char* password) noexcept;
+		Bool				TryLogIn(User& user) noexcept;
 		User*				GetCurrent() noexcept;
 		Void				TryLogOff() noexcept;
 	};
 } // namespace Kernel
 
-#endif /* ifndef _INC_PERMISSION_SEL_HXX_ */
+#endif /* ifndef _INC_USER_HXX_ */
diff --git a/dev/ZKA/KernelRsrc.rsrc b/dev/ZKA/KernelRsrc.rsrc
index 113b2176..db09c394 100644
--- a/dev/ZKA/KernelRsrc.rsrc
+++ b/dev/ZKA/KernelRsrc.rsrc
@@ -8,8 +8,8 @@ BEGIN
   BEGIN
     BLOCK "080904E4"
     BEGIN
-      VALUE "CompanyName", "ZKA Technologies"
-	  VALUE "FileDescription", "NewOS Kernel."
+      VALUE "CompanyName", "ZKA Technologies."
+	  VALUE "FileDescription", "ZKA Kernel DLL."
       VALUE "FileVersion", KERNEL_VERSION
 	  VALUE "InternalName", "newoskrnl"
       VALUE "LegalCopyright", "(c) ZKA Technologies, all rights reserved."
diff --git a/dev/ZKA/Sources/FS/NewFS.cxx b/dev/ZKA/Sources/FS/NewFS.cxx
index bdd4622a..88c415eb 100644
--- a/dev/ZKA/Sources/FS/NewFS.cxx
+++ b/dev/ZKA/Sources/FS/NewFS.cxx
@@ -469,11 +469,11 @@ bool NewFSParser::Format(_Input _Output DriveTrait* drive, _Input const Lba endL
 		return false;
 	}
 
-	Char sectorBuf[kNewFSSectorSz] = {0};
+	Char fs_buf[kNewFSSectorSz] = {0};
 
 	Lba start = kNewFSRootCatalogStartAddress;
 
-	drive->fPacket.fPacketContent = sectorBuf;
+	drive->fPacket.fPacketContent = fs_buf;
 	drive->fPacket.fPacketSize	  = kNewFSSectorSz;
 	drive->fPacket.fLba			  = start;
 
@@ -544,7 +544,7 @@ bool NewFSParser::Format(_Input _Output DriveTrait* drive, _Input const Lba endL
 	// disk isnt faulty and data has been fetched.
 	while (drive->fPacket.fPacketGood)
 	{
-		NFS_ROOT_PARTITION_BLOCK* partBlock = (NFS_ROOT_PARTITION_BLOCK*)sectorBuf;
+		NFS_ROOT_PARTITION_BLOCK* partBlock = (NFS_ROOT_PARTITION_BLOCK*)fs_buf;
 
 		// check for an empty partition here.
 		if (partBlock->PartitionName[0] == 0 &&
@@ -575,7 +575,7 @@ bool NewFSParser::Format(_Input _Output DriveTrait* drive, _Input const Lba endL
 			partBlock->DiskSize		= diskSize;
 			partBlock->FreeCatalog	= sectorCount / sizeof(NFS_CATALOG_STRUCT);
 
-			drive->fPacket.fPacketContent = sectorBuf;
+			drive->fPacket.fPacketContent = fs_buf;
 			drive->fPacket.fPacketSize	  = kNewFSSectorSz;
 			drive->fPacket.fLba			  = kNewFSRootCatalogStartAddress;
 
@@ -600,7 +600,7 @@ bool NewFSParser::Format(_Input _Output DriveTrait* drive, _Input const Lba endL
 
 		start += partBlock->DiskSize;
 
-		drive->fPacket.fPacketContent = sectorBuf;
+		drive->fPacket.fPacketContent = fs_buf;
 		drive->fPacket.fPacketSize	  = kNewFSSectorSz;
 		drive->fPacket.fLba			  = start;
 
@@ -715,19 +715,19 @@ _Output NFS_CATALOG_STRUCT* NewFSParser::FindCatalog(_Input const Char* catalogN
 {
 	kcout << "newoskrnl: start finding catalog...\r";
 
-	NFS_ROOT_PARTITION_BLOCK sectorBuf{0};
+	NFS_ROOT_PARTITION_BLOCK fs_buf{0};
 	auto					 drive = sMountpointInterface.A();
 
 	rt_copy_memory((VoidPtr) "fs/newfs-packet", drive.fPacket.fPacketMime,
 				   rt_string_len("fs/newfs-packet"));
 
-	drive.fPacket.fPacketContent = &sectorBuf;
+	drive.fPacket.fPacketContent = &fs_buf;
 	drive.fPacket.fPacketSize	 = sizeof(NFS_ROOT_PARTITION_BLOCK);
 	drive.fPacket.fLba			 = kNewFSRootCatalogStartAddress;
 
 	drive.fInput(&drive.fPacket);
 
-	NFS_ROOT_PARTITION_BLOCK* part = (NFS_ROOT_PARTITION_BLOCK*)&sectorBuf;
+	NFS_ROOT_PARTITION_BLOCK* part = (NFS_ROOT_PARTITION_BLOCK*)&fs_buf;
 
 	auto	   startCatalogList	 = part->StartCatalog;
 	const auto cCtartCatalogList = startCatalogList;
@@ -937,57 +937,57 @@ VoidPtr NewFSParser::ReadCatalog(_Input _Output NFS_CATALOG_STRUCT* catalog,
 	kcout << "newoskrnl: catalog " << catalog->Name
 		  << ", fork: " << hex_number(dataForkLba) << endl;
 
-	Char* sectorBuf = new Char[sizeof(NFS_FORK_STRUCT)];
+	NFS_FORK_STRUCT* fs_buf = new NFS_FORK_STRUCT();
 	auto  drive		= sMountpointInterface.A();
 
 	rt_copy_memory((VoidPtr) "fs/newfs-packet", drive.fPacket.fPacketMime,
 				   rt_string_len("fs/newfs-packet"));
 
-	NFS_FORK_STRUCT* forkData = nullptr;
+	NFS_FORK_STRUCT* fs_fork_data = nullptr;
 
 	while (dataForkLba >= kNewFSCatalogStartAddress)
 	{
 		drive.fPacket.fLba			 = dataForkLba;
 		drive.fPacket.fPacketSize	 = sizeof(NFS_FORK_STRUCT);
-		drive.fPacket.fPacketContent = sectorBuf;
+		drive.fPacket.fPacketContent = fs_buf;
 
 		drive.fInput(&drive.fPacket);
 
-		forkData = (NFS_FORK_STRUCT*)sectorBuf;
+		fs_fork_data = fs_buf;
 
-		kcout << "newoskrnl: name: " << forkData->ForkName << endl;
+		kcout << "newoskrnl: name: " << fs_fork_data->ForkName << endl;
 
-		if (forkData->DataOffset <= kNewFSCatalogStartAddress)
+		if (fs_fork_data->DataOffset <= kNewFSCatalogStartAddress)
 		{
-			delete[] sectorBuf;
+			delete[] fs_buf;
 
-			kcout << "Fail-Data-Offset: " << hex_number(forkData->DataOffset) << endl;
+			kcout << "Fail-Data-Offset: " << hex_number(fs_fork_data->DataOffset) << endl;
 
 			return nullptr;
 		}
 
-		if (StringBuilder::Equals(forkName, forkData->ForkName) &&
-			StringBuilder::Equals(catalog->Name, forkData->CatalogName))
+		if (StringBuilder::Equals(forkName, fs_fork_data->ForkName) &&
+			StringBuilder::Equals(catalog->Name, fs_fork_data->CatalogName))
 			break;
 
-		dataForkLba = forkData->NextSibling;
+		dataForkLba = fs_fork_data->NextSibling;
 	}
 
 	if (dataForkLba <= kNewFSCatalogStartAddress)
 	{
-		delete[] sectorBuf;
+		delete[] fs_buf;
 		return nullptr;
 	}
 
-	Char* forkBuf = new Char[dataSz];
+	NFS_FORK_STRUCT* forkBuf = new NFS_FORK_STRUCT();
 
-	drive.fPacket.fLba			 = forkData->DataOffset;
+	drive.fPacket.fLba			 = fs_fork_data->DataOffset;
 	drive.fPacket.fPacketSize	 = dataSz;
 	drive.fPacket.fPacketContent = forkBuf;
 
 	drive.fInput(&drive.fPacket);
 
-	delete[] sectorBuf;
+	delete[] fs_buf;
 	return forkBuf;
 }
 
diff --git a/dev/ZKA/Sources/Network/IPC.cxx b/dev/ZKA/Sources/Network/IPC.cxx
index f703e650..926224d9 100644
--- a/dev/ZKA/Sources/Network/IPC.cxx
+++ b/dev/ZKA/Sources/Network/IPC.cxx
@@ -14,7 +14,7 @@ using namespace Kernel;
 /// @brief The internal sanitize function.
 Bool ipc_int_sanitize_packet(IPC_MESSAGE_STRUCT* pckt)
 {
-	auto endian = DEDUCE_ENDIAN(pckt, ((char*)pckt)[0]);
+	auto endian = DEDUCE_ENDIAN(pckt, ((Char*)pckt)[0]);
 
 	switch (endian)
 	{
diff --git a/dev/ZKA/Sources/User.cxx b/dev/ZKA/Sources/User.cxx
index df6a4b9b..620c62f1 100644
--- a/dev/ZKA/Sources/User.cxx
+++ b/dev/ZKA/Sources/User.cxx
@@ -10,6 +10,7 @@
  * 	========================================================
  */
 
+#include "KernelKit/LPC.hxx"
 #include <KernelKit/User.hxx>
 #include <NewKit/KernelCheck.hxx>
 #include <KernelKit/FileManager.hxx>
@@ -38,7 +39,11 @@ namespace Kernel
 
 			for (Size i_pass = 0; i_pass < length; ++i_pass)
 			{
-				Char cur_chr	 = in_password[i_pass];
+				Char cur_chr = in_password[i_pass];
+
+				if (cur_chr == 0)
+					break;
+
 				password[i_pass] = cur_chr + (user->IsStdUser() ? cStdUser : cSuperUser);
 			}
 
@@ -61,7 +66,10 @@ namespace Kernel
 		rt_copy_memory((VoidPtr)userName, this->fUserName, rt_string_len(userName));
 	}
 
-	User::~User() = default;
+	User::~User()
+	{
+		mm_delete_ke_heap(fUserNodePtr);
+	}
 
 	Bool User::TrySave(const Char* password) noexcept
 	{
@@ -86,8 +94,7 @@ namespace Kernel
 
 			if (!node)
 			{
-				ErrLocal() = kErrorInternal;
-
+				ErrLocal() = kErrorDiskIsFull;
 				return false;
 			}
 
@@ -108,8 +115,8 @@ namespace Kernel
 			// writing the data fork now. False means a data fork.
 			bool wrote = new_fs->GetParser()->WriteCatalog(node, false, reinterpret_cast<VoidPtr>(token), len, this->fUserName);
 
-			delete node;
-			node = nullptr;
+			this->fUserNodePtr = reinterpret_cast<VoidPtr>(node);
+			rt_copy_memory(token, this->fUserToken, rt_string_len(token));
 
 			delete[] token;
 			token = nullptr;
@@ -166,9 +173,10 @@ namespace Kernel
 		return view;
 	}
 
-	Bool UserManager::TryLogIn(User& user, const Char* password) noexcept
+	Bool UserManager::TryLogIn(User& user) noexcept
 	{
-		if (!password)
+		if (!user.fUserToken[0] ||
+			!user.fUserNodePtr)
 		{
 			kcout << "newoskrnl: Incorrect data given.\r";
 
@@ -179,63 +187,53 @@ namespace Kernel
 
 		kcout << "newoskrnl: Trying to log-in.\r";
 
-		NewFilesystemManager* new_fs = (NewFilesystemManager*)NewFilesystemManager::GetMounted();
+		kcout << "newoskrnl: reading: " << reinterpret_cast<NFS_CATALOG_STRUCT*>(user.fUserNodePtr)->Name << endl;
 
-		// do not use if unmounted.
+		NewFilesystemManager* new_fs = (NewFilesystemManager*)NewFilesystemManager::GetMounted();
 
 		if (!new_fs)
-			return false;
+		{
+			ErrLocal() = kErrorInvalidCreds;
+			kcout << "newoskrnl: Incorrect filesystem.\r";
 
-		auto node = new_fs->GetParser()->GetCatalog(kUsersFile);
+			return false;
+		}
 
-		// ------------------------------------------ //
-		// Retrieve token from a specific file fork.
-		// Fail on null.
-		// ------------------------------------------ //
+		NFS_CATALOG_STRUCT* node = new_fs->GetParser()->GetCatalog(kUsersFile);
 
 		if (!node)
 		{
-			ErrLocal() = kErrorInvalidData;
-			kcout << "newoskrnl: No such path.\r";
-			return false;
-		}
+			node = reinterpret_cast<NFS_CATALOG_STRUCT*>(user.fUserNodePtr);
+
+			if (!node)
+			{
+				ErrLocal() = kErrorInvalidCreds;
+				kcout << "newoskrnl: Incorrect catalog.\r";
 
-		kcout << "newoskrnl: reading: " << node->Name << endl;
+				return false;
+			}
+		}
 
-		auto token = new_fs->GetParser()->ReadCatalog(node, false, rt_string_len(password), user.fUserName);
+		auto token = new_fs->GetParser()->ReadCatalog(node, false, rt_string_len(user.fUserToken), user.fUserName);
 
 		if (!token)
 		{
 			ErrLocal() = kErrorInvalidCreds;
 
-			kcout << "newoskrnl: Incorrect credentials.\r";
+			kcout << "newoskrnl: Incorrect token.\r";
 			return false;
 		}
 		else
 		{
-			Char generated_token[kMaxUserTokenLen] = {0};
-
-			// ================================================== //
-			// Provide password on token variable.
-			// ================================================== //
-
-			rt_copy_memory((VoidPtr)password, generated_token, rt_string_len(password));
-
-			// ================================================== //
-			// Construct token.
-			// ================================================== //
-
-			Detail::cred_construct_token(generated_token, password, &user, rt_string_len(password));
-
 			// ================================================== //
 			// Checks if it matches the current token we have.
 			// ================================================== //
 
-			if (rt_string_cmp((Char*)token, generated_token, rt_string_len(password)))
+			if (rt_string_cmp(reinterpret_cast<Char*>(token), user.fUserToken, rt_string_len(user.fUserToken)))
 			{
 				kcout << "newoskrnl: Incorrect credentials.\r";
-
 				mm_delete_ke_heap(token);
+
 				return false;
 			}