Add real factotum.

This commit is contained in:
Russ Cox 2005-11-04 15:36:40 +00:00
parent 06b60293ad
commit ab73f2bbf5
26 changed files with 1361 additions and 58 deletions

View File

@ -8,27 +8,23 @@ OFILES=\
readcons.$O\
secstore.$O\
latin1.$O\
$(OS)-factotum.$O\
LIBS=\
LIBS1=\
kern/libkern.a\
exportfs/libexportfs.a\
libauth/libauth.a\
libauthsrv/libauthsrv.a\
libsec/libsec.a\
libmp/libmp.a\
libmemdraw/libmemdraw.a\
libmemlayer/libmemlayer.a\
libdraw/libdraw.a\
libc/libc.a\
kern/libkern.a\
gui-$(GUI)/libgui.a\
libmemdraw/libmemdraw.a\
libdraw/libdraw.a\
kern/libkern.a\
libc/libc.a\
libmemdraw/libmemdraw.a\
libmemlayer/libmemlayer.a\
libdraw/libdraw.a\
libmachdep.a
# stupid gcc
LIBS=$(LIBS1) $(LIBS1) $(LIBS1) libmachdep.a
$(TARG): $(OFILES) $(LIBS)
$(CC) $(LDFLAGS) -o $(TARG) $(OFILES) $(LIBS) $(LDADD)
@ -45,6 +41,9 @@ kern/libkern.a:
exportfs/libexportfs.a:
(cd exportfs; make)
libauth/libauth.a:
(cd libauth; make)
libauthsrv/libauthsrv.a:
(cd libauthsrv; make)

118
cpu.c
View File

@ -17,7 +17,6 @@
#define Maxfdata 8192
#define MaxStr 128
static char* getuser(void);
static void fatal(int, char*, ...);
static void catcher(void*, char*);
static void usage(void);
@ -98,7 +97,9 @@ cpumain(int argc, char **argv)
close(fd);
}
user = readcons("user", getenv("USER"), 0);
user = getenv("USER");
if(user == nil)
user = readcons("user", nil, 0);
secstoreserver = nil;
ARGBEGIN{
case 'a':
@ -126,6 +127,9 @@ cpumain(int argc, char **argv)
}
break;
*/
case 'k':
keyspec = EARGF(usage());
break;
case 'u':
user = EARGF(usage());
break;
@ -136,6 +140,15 @@ cpumain(int argc, char **argv)
usage();
}ARGEND;
if((fd = dialfactotum()) < 0)
fprint(2, "dial factotum: %r\n");
else if(sysmount(fd, -1, "/mnt/factotum", MREPL, "") < 0)
fprint(2, "mount factotum: %r\n");
else if((fd = open("/mnt/factotum/ctl", OREAD)) < 0)
fprint(2, "open /mnt/factotum/ctl: %r\n");
else
close(fd);
if(secstoreserver == nil)
secstoreserver = authserver;
@ -436,6 +449,96 @@ gettickets(Ticketreq *tr, char *key, char *trbuf, char *tbuf)
return mkserverticket(tr, key, tbuf);
}
/*
* prompt user for a key. don't care about memory leaks, runs standalone
*/
static Attr*
promptforkey(char *params)
{
char *v;
int fd;
Attr *a, *attr;
char *def;
fd = open("/dev/cons", ORDWR);
if(fd < 0)
sysfatal("opening /dev/cons: %r");
attr = _parseattr(params);
fprint(fd, "\n!Adding key:");
for(a=attr; a; a=a->next)
if(a->type != AttrQuery && a->name[0] != '!')
fprint(fd, " %q=%q", a->name, a->val);
fprint(fd, "\n");
for(a=attr; a; a=a->next){
v = a->name;
if(a->type != AttrQuery || v[0]=='!')
continue;
def = nil;
if(strcmp(v, "user") == 0)
def = getuser();
a->val = readcons(v, def, 0);
if(a->val == nil)
sysfatal("user terminated key input");
a->type = AttrNameval;
}
for(a=attr; a; a=a->next){
v = a->name;
if(a->type != AttrQuery || v[0]!='!')
continue;
def = nil;
if(strcmp(v+1, "user") == 0)
def = getuser();
a->val = readcons(v+1, def, 1);
if(a->val == nil)
sysfatal("user terminated key input");
a->type = AttrNameval;
}
fprint(fd, "!\n");
close(fd);
return attr;
}
/*
* send a key to the mounted factotum
*/
static int
sendkey(Attr *attr)
{
int fd, rv;
char buf[1024];
fd = open("/mnt/factotum/ctl", ORDWR);
if(fd < 0)
sysfatal("opening /mnt/factotum/ctl: %r");
rv = fprint(fd, "key %A\n", attr);
read(fd, buf, sizeof buf);
close(fd);
return rv;
}
int
askuser(char *params)
{
Attr *attr;
fmtinstall('A', _attrfmt);
attr = promptforkey(params);
if(attr == nil)
sysfatal("no key supplied");
if(sendkey(attr) < 0)
sysfatal("sending key to factotum: %r");
return 0;
}
AuthInfo*
p9anyfactotum(int fd, int afd)
{
return auth_proxy(fd, askuser, "proto=p9any role=client %s", keyspec);
}
AuthInfo*
p9any(int fd)
{
@ -444,11 +547,14 @@ p9any(int fd)
char tbuf[TICKETLEN+TICKETLEN+AUTHENTLEN], trbuf[TICKREQLEN];
char authkey[DESKEYLEN];
Authenticator auth;
int i, v2, n;
int afd, i, v2, n;
Ticketreq tr;
Ticket t;
AuthInfo *ai;
if((afd = open("/mnt/factotum/ctl", ORDWR)) >= 0)
return p9anyfactotum(fd, afd);
if((n = readstr(fd, buf, sizeof buf)) < 0)
fatal(1, "cannot read p9any negotiation");
bbuf = buf;
@ -598,9 +704,3 @@ setamalg(char *s)
return setam(s);
}
char*
getuser(void)
{
return getenv("USER");
}

View File

@ -8,3 +8,5 @@ extern int exportfs(int, int);
extern char *user;
extern char *getkey(char*, char*);
extern char *findkey(char**, char*);
extern int dialfactotum(void);
extern char *getuser(void);

View File

@ -99,7 +99,7 @@ exportfs(int fd, int msgsz)
fatal("convM2S format error");
}
//iprint("<- %F\n", &r->work);
if(0) iprint("<- %F\n", &r->work);
DEBUG(DFD, "%F\n", &r->work);
(fcalls[r->work.type])(r);
}
@ -110,6 +110,7 @@ reply(Fcall *r, Fcall *t, char *err)
{
uchar *data;
int m, n;
static QLock lk;
t->tag = r->tag;
t->fid = r->fid;
@ -120,7 +121,7 @@ reply(Fcall *r, Fcall *t, char *err)
else
t->type = r->type + 1;
//iprint("-> %F\n", t);
if(0) iprint("-> %F\n", t);
DEBUG(DFD, "\t%F\n", t);
data = malloc(messagesize); /* not mallocz; no need to clear */

View File

@ -431,6 +431,7 @@ slave(Fsrpc *f)
Proc *p;
int pid;
static int nproc;
static QLock lk;
for(;;) {
for(p = Proclist; p; p = p->next) {

View File

@ -50,6 +50,8 @@ extern int dirwstat(char*, Dir*);
extern int dirfwstat(int, Dir*);
extern long dirread(int, Dir*, long);
extern int lfdfd(int);
/*
* network dialing and authentication
*/

View File

@ -13,6 +13,7 @@ OFILES=\
devfs-$(OS).$O\
devip.$O\
devip-$(OS).$O\
devlfd.$O\
devmnt.$O\
devmouse.$O\
devpipe.$O\

View File

@ -175,25 +175,6 @@ print(char *fmt, ...)
return n;
}
int
iprint(char *fmt, ...)
{
int n, s;
va_list arg;
char buf[PRINTSIZE];
s = splhi();
va_start(arg, fmt);
n = vseprint(buf, buf+sizeof(buf), fmt, arg) - buf;
va_end(arg);
if(screenputs != nil && iprintscreenputs)
screenputs(buf, n);
uartputs(buf, n);
splx(s);
return n;
}
void
panic(char *fmt, ...)
{
@ -1208,3 +1189,23 @@ writebintime(char *buf, int n)
}
int
iprint(char *fmt, ...)
{
int n, s;
va_list arg;
char buf[PRINTSIZE];
s = splhi();
va_start(arg, fmt);
n = vseprint(buf, buf+sizeof(buf), fmt, arg) - buf;
va_end(arg);
if(screenputs != nil && iprintscreenputs)
screenputs(buf, n);
#undef write
write(2, buf, n);
splx(s);
return n;
}

126
kern/devlfd.c Normal file
View File

@ -0,0 +1,126 @@
#include "u.h"
#include <errno.h>
#include "lib.h"
#include "dat.h"
#include "fns.h"
#include "error.h"
#undef pread
#undef pwrite
Chan*
lfdchan(int fd)
{
Chan *c;
c = newchan();
c->type = devno('L', 0);
c->aux = (void*)fd;
c->name = newcname("fd");
c->mode = ORDWR;
c->qid.type = 0;
c->qid.path = 0;
c->qid.vers = 0;
c->dev = 0;
c->offset = 0;
return c;
}
int
lfdfd(int fd)
{
return newfd(lfdchan(fd));
}
static Chan*
lfdattach(char *x)
{
USED(x);
error(Egreg);
return nil;
}
static Walkqid*
lfdwalk(Chan *c, Chan *nc, char **name, int nname)
{
USED(c);
USED(nc);
USED(name);
USED(nname);
error(Egreg);
return nil;
}
static int
lfdstat(Chan *c, uchar *dp, int n)
{
USED(c);
USED(dp);
USED(n);
error(Egreg);
return -1;
}
static Chan*
lfdopen(Chan *c, int omode)
{
USED(c);
USED(omode);
error(Egreg);
return nil;
}
static void
lfdclose(Chan *c)
{
close((int)c->aux);
}
static long
lfdread(Chan *c, void *buf, long n, vlong off)
{
USED(off); /* can't pread on pipes */
n = read((int)c->aux, buf, n);
if(n < 0){
iprint("error %d\n", errno);
oserror();
}
return n;
}
static long
lfdwrite(Chan *c, void *buf, long n, vlong off)
{
USED(off); /* can't pread on pipes */
n = write((int)c->aux, buf, n);
if(n < 0){
iprint("error %d\n", errno);
oserror();
}
return n;
}
Dev lfddevtab = {
'L',
"lfd",
devreset,
devinit,
devshutdown,
lfdattach,
lfdwalk,
lfdstat,
lfdopen,
devcreate,
lfdclose,
lfdread,
devbread,
lfdwrite,
devbwrite,
devremove,
devwstat,
};

View File

@ -8,9 +8,12 @@ enum
{
Qdir = 0,
Qboot = 0x1000,
Qmnt = 0x2000,
Qfactotum,
Nrootfiles = 32,
Nbootfiles = 32,
Nmntfiles = 2,
};
typedef struct Dirlist Dirlist;
@ -26,6 +29,7 @@ struct Dirlist
static Dirtab rootdir[Nrootfiles] = {
"#/", {Qdir, 0, QTDIR}, 0, DMDIR|0555,
"boot", {Qboot, 0, QTDIR}, 0, DMDIR|0555,
"mnt", {Qmnt, 0, QTDIR}, 0, DMDIR|0555,
};
static uchar *rootdata[Nrootfiles];
static Dirlist rootlist =
@ -33,7 +37,7 @@ static Dirlist rootlist =
0,
rootdir,
rootdata,
2,
3,
Nrootfiles
};
@ -50,6 +54,19 @@ static Dirlist bootlist =
Nbootfiles
};
static Dirtab mntdir[Nmntfiles] = {
"mnt", {Qmnt, 0, QTDIR}, 0, DMDIR|0555,
"factotum", {Qfactotum, 0, QTDIR}, 0, DMDIR|0555,
};
static Dirlist mntlist =
{
Qmnt,
mntdir,
nil,
2,
Nmntfiles
};
/*
* add a file to the list
*/
@ -97,7 +114,6 @@ rootreset(void)
addrootdir("dev");
addrootdir("env");
addrootdir("fd");
addrootdir("mnt");
addrootdir("net");
addrootdir("net.alt");
addrootdir("proc");
@ -129,6 +145,13 @@ rootgen(Chan *c, char *name, Dirtab *dirt, int ndirt, int s, Dir *dp)
return 1;
}
return devgen(c, name, rootlist.dir, rootlist.ndir, s, dp);
case Qmnt:
if(s == DEVDOTDOT){
Qid tqiddir = {Qdir, 0, QTDIR};
devdir(c, tqiddir, "#/", 0, eve, 0555, dp);
return 1;
}
return devgen(c, name, mntlist.dir, mntlist.ndir, s, dp);
case Qboot:
if(s == DEVDOTDOT){
Qid tqiddir = {Qdir, 0, QTDIR};
@ -139,22 +162,25 @@ rootgen(Chan *c, char *name, Dirtab *dirt, int ndirt, int s, Dir *dp)
default:
if(s == DEVDOTDOT){
Qid tqiddir = {Qdir, 0, QTDIR};
if((int)c->qid.path < Qboot)
tqiddir.path = c->qid.path&0xF000;
devdir(c, tqiddir, "#/", 0, eve, 0555, dp);
else {
tqiddir.path = Qboot;
devdir(c, tqiddir, "#/", 0, eve, 0555, dp);
}
return 1;
}
if(s != 0)
return -1;
if((int)c->qid.path < Qboot){
switch((int)c->qid.path & 0xF000){
case Qdir:
t = c->qid.path-1;
l = &rootlist;
}else{
break;
case Qboot:
t = c->qid.path - Qboot - 1;
l = &bootlist;
break;
case Qmnt:
t = c->qid.path - Qmnt - 1;
l = &mntlist;
break;
}
if(t >= l->ndir)
return -1;
@ -209,17 +235,19 @@ rootread(Chan *c, void *buf, long n, vlong off)
switch(t){
case Qdir:
case Qboot:
case Qmnt:
return devdirread(c, buf, n, nil, 0, rootgen);
}
if(t<Qboot)
l = &rootlist;
else{
t -= Qboot;
if(t&Qboot)
l = &bootlist;
}
else if(t&Qmnt)
l = &mntlist;
else
l = &bootlist;
t &= 0xFFF;
t--;
if(t >= l->ndir)
error(Egreg);

View File

@ -765,6 +765,7 @@ sslput(Dstate *s, Block * volatile b)
int offset;
if(waserror()){
iprint("error: %s\n", up->errstr);
if(b != nil)
free(b);
nexterror();
@ -1071,8 +1072,9 @@ sslwrite(Chan *c, void *a, long n, vlong o)
nexterror();
}
qlock(&s->out.q);
p = a;
if(0) iprint("write %d %.2ux %.2ux %.2ux %.2ux %.2ux %.2ux %.2ux %.2ux\n",
n, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
e = p + n;
do {
m = e - p;
@ -1092,7 +1094,9 @@ sslwrite(Chan *c, void *a, long n, vlong o)
p += m;
} while(p < e);
p = a;
if(0) iprint("wrote %d %.2ux %.2ux %.2ux %.2ux %.2ux %.2ux %.2ux %.2ux\n",
n, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
poperror();
qunlock(&s->out.q);
return n;

View File

@ -12,6 +12,8 @@ extern Dev mousedevtab;
extern Dev drawdevtab;
extern Dev ipdevtab;
extern Dev fsdevtab;
extern Dev mntdevtab;
extern Dev lfddevtab;
Dev *devtab[] = {
&rootdevtab,
@ -22,6 +24,8 @@ Dev *devtab[] = {
&drawdevtab,
&ipdevtab,
&fsdevtab,
&mntdevtab,
&lfddevtab,
0
};

21
libauth/Makefile Normal file
View File

@ -0,0 +1,21 @@
ROOT=..
include ../Make.config
LIB=libauth.a
OFILES=\
attr.$O\
auth_attr.$O\
auth_challenge.$O\
auth_getuserpasswd.$O\
auth_proxy.$O\
auth_respond.$O\
auth_rpc.$O\
auth_userpasswd.$O\
$(LIB): $(OFILES)
$(AR) r $(LIB) $(OFILES)
$(RANLIB) $(LIB)
%.$O: %.c
$(CC) $(CFLAGS) $*.c

174
libauth/attr.c Normal file
View File

@ -0,0 +1,174 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
int
_attrfmt(Fmt *fmt)
{
char *b, buf[1024], *ebuf;
Attr *a;
ebuf = buf+sizeof buf;
b = buf;
strcpy(buf, " ");
for(a=va_arg(fmt->args, Attr*); a; a=a->next){
if(a->name == nil)
continue;
switch(a->type){
case AttrQuery:
b = seprint(b, ebuf, " %q?", a->name);
break;
case AttrNameval:
b = seprint(b, ebuf, " %q=%q", a->name, a->val);
break;
case AttrDefault:
b = seprint(b, ebuf, " %q:=%q", a->name, a->val);
break;
}
}
return fmtstrcpy(fmt, buf+1);
}
Attr*
_copyattr(Attr *a)
{
Attr **la, *na;
na = nil;
la = &na;
for(; a; a=a->next){
*la = _mkattr(a->type, a->name, a->val, nil);
setmalloctag(*la, getcallerpc(&a));
la = &(*la)->next;
}
*la = nil;
return na;
}
Attr*
_delattr(Attr *a, char *name)
{
Attr *fa;
Attr **la;
for(la=&a; *la; ){
if(strcmp((*la)->name, name) == 0){
fa = *la;
*la = (*la)->next;
fa->next = nil;
_freeattr(fa);
}else
la=&(*la)->next;
}
return a;
}
Attr*
_findattr(Attr *a, char *n)
{
for(; a; a=a->next)
if(strcmp(a->name, n) == 0 && a->type != AttrQuery)
return a;
return nil;
}
void
_freeattr(Attr *a)
{
Attr *anext;
for(; a; a=anext){
anext = a->next;
free(a->name);
free(a->val);
a->name = (void*)~0;
a->val = (void*)~0;
a->next = (void*)~0;
free(a);
}
}
Attr*
_mkattr(int type, char *name, char *val, Attr *next)
{
Attr *a;
a = malloc(sizeof(*a));
if(a==nil)
sysfatal("_mkattr malloc: %r");
a->type = type;
a->name = strdup(name);
a->val = strdup(val);
if(a->name==nil || a->val==nil)
sysfatal("_mkattr malloc: %r");
a->next = next;
setmalloctag(a, getcallerpc(&type));
return a;
}
static Attr*
cleanattr(Attr *a)
{
Attr *fa;
Attr **la;
for(la=&a; *la; ){
if((*la)->type==AttrQuery && _findattr(a, (*la)->name)){
fa = *la;
*la = (*la)->next;
fa->next = nil;
_freeattr(fa);
}else
la=&(*la)->next;
}
return a;
}
Attr*
_parseattr(char *s)
{
char *p, *t, *tok[256];
int i, ntok, type;
Attr *a;
s = strdup(s);
if(s == nil)
sysfatal("_parseattr strdup: %r");
ntok = tokenize(s, tok, nelem(tok));
a = nil;
for(i=ntok-1; i>=0; i--){
t = tok[i];
if(p = strchr(t, '=')){
*p++ = '\0';
// if(p-2 >= t && p[-2] == ':'){
// p[-2] = '\0';
// type = AttrDefault;
// }else
type = AttrNameval;
a = _mkattr(type, t, p, a);
setmalloctag(a, getcallerpc(&s));
}
else if(t[strlen(t)-1] == '?'){
t[strlen(t)-1] = '\0';
a = _mkattr(AttrQuery, t, "", a);
setmalloctag(a, getcallerpc(&s));
}else{
/* really a syntax error, but better to provide some indication */
a = _mkattr(AttrNameval, t, "", a);
setmalloctag(a, getcallerpc(&s));
}
}
free(s);
return cleanattr(a);
}
char*
_strfindattr(Attr *a, char *n)
{
a = _findattr(a, n);
if(a == nil)
return nil;
return a->val;
}

13
libauth/auth_attr.c Normal file
View File

@ -0,0 +1,13 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
#include <authsrv.h>
#include "authlocal.h"
Attr*
auth_attr(AuthRpc *rpc)
{
if(auth_rpc(rpc, "attr", nil, 0) != ARok)
return nil;
return _parseattr(rpc->arg);
}

117
libauth/auth_challenge.c Normal file
View File

@ -0,0 +1,117 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
#include <authsrv.h>
#include "authlocal.h"
Chalstate*
auth_challenge(char *fmt, ...)
{
char *p;
va_list arg;
Chalstate *c;
quotefmtinstall(); /* just in case */
va_start(arg, fmt);
p = vsmprint(fmt, arg);
va_end(arg);
if(p == nil)
return nil;
c = mallocz(sizeof(*c), 1);
if(c == nil){
free(p);
return nil;
}
if((c->afd = open("/mnt/factotum/rpc", ORDWR)) < 0){
Error:
auth_freechal(c);
free(p);
return nil;
}
if((c->rpc=auth_allocrpc(c->afd)) == nil
|| auth_rpc(c->rpc, "start", p, strlen(p)) != ARok
|| auth_rpc(c->rpc, "read", nil, 0) != ARok)
goto Error;
if(c->rpc->narg > sizeof(c->chal)-1){
werrstr("buffer too small for challenge");
goto Error;
}
memmove(c->chal, c->rpc->arg, c->rpc->narg);
c->nchal = c->rpc->narg;
free(p);
return c;
}
AuthInfo*
auth_response(Chalstate *c)
{
int ret;
AuthInfo *ai;
ai = nil;
if(c->afd < 0){
werrstr("auth_response: connection not open");
return nil;
}
if(c->resp == nil){
werrstr("auth_response: nil response");
return nil;
}
if(c->nresp == 0){
werrstr("auth_response: unspecified response length");
return nil;
}
if(c->user){
if(auth_rpc(c->rpc, "write", c->user, strlen(c->user)) != ARok){
/*
* if this fails we're out of phase with factotum.
* give up.
*/
goto Out;
}
}
if(auth_rpc(c->rpc, "write", c->resp, c->nresp) != ARok){
/*
* don't close the connection -- maybe we'll try again.
*/
return nil;
}
switch(ret = auth_rpc(c->rpc, "read", nil, 0)){
case ARok:
default:
werrstr("factotum protocol botch %d %s", ret, c->rpc->ibuf);
break;
case ARdone:
ai = auth_getinfo(c->rpc);
break;
}
Out:
close(c->afd);
auth_freerpc(c->rpc);
c->afd = -1;
c->rpc = nil;
return ai;
}
void
auth_freechal(Chalstate *c)
{
if(c == nil)
return;
if(c->afd >= 0)
close(c->afd);
if(c->rpc != nil)
auth_freerpc(c->rpc);
memset(c, 0xBB, sizeof(*c));
free(c);
}

View File

@ -0,0 +1,75 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
#include "authlocal.h"
enum {
ARgiveup = 100,
};
static int
dorpc(AuthRpc *rpc, char *verb, char *val, int len, AuthGetkey *getkey)
{
int ret;
for(;;){
if((ret = auth_rpc(rpc, verb, val, len)) != ARneedkey && ret != ARbadkey)
return ret;
if(getkey == nil)
return ARgiveup; /* don't know how */
if((*getkey)(rpc->arg) < 0)
return ARgiveup; /* user punted */
}
}
UserPasswd*
auth_getuserpasswd(AuthGetkey *getkey, char *fmt, ...)
{
AuthRpc *rpc;
char *f[3], *p, *params;
int fd;
va_list arg;
UserPasswd *up;
up = nil;
rpc = nil;
params = nil;
fd = open("/mnt/factotum/rpc", ORDWR);
if(fd < 0)
goto out;
rpc = auth_allocrpc(fd);
if(rpc == nil)
goto out;
quotefmtinstall(); /* just in case */
va_start(arg, fmt);
params = vsmprint(fmt, arg);
va_end(arg);
if(params == nil)
goto out;
if(dorpc(rpc, "start", params, strlen(params), getkey) != ARok
|| dorpc(rpc, "read", nil, 0, getkey) != ARok)
goto out;
rpc->arg[rpc->narg] = '\0';
if(tokenize(rpc->arg, f, 2) != 2){
werrstr("bad answer from factotum");
goto out;
}
up = malloc(sizeof(*up)+rpc->narg+1);
if(up == nil)
goto out;
p = (char*)&up[1];
strcpy(p, f[0]);
up->user = p;
p += strlen(p)+1;
strcpy(p, f[1]);
up->passwd = p;
out:
free(params);
auth_freerpc(rpc);
close(fd);
return up;
}

212
libauth/auth_proxy.c Normal file
View File

@ -0,0 +1,212 @@
#include <u.h>
#include <libc.h>
#include <fcall.h>
#include <auth.h>
#include "authlocal.h"
enum {
ARgiveup = 100,
};
static uchar*
gstring(uchar *p, uchar *ep, char **s)
{
uint n;
if(p == nil)
return nil;
if(p+BIT16SZ > ep)
return nil;
n = GBIT16(p);
p += BIT16SZ;
if(p+n > ep)
return nil;
*s = malloc(n+1);
memmove((*s), p, n);
(*s)[n] = '\0';
p += n;
return p;
}
static uchar*
gcarray(uchar *p, uchar *ep, uchar **s, int *np)
{
uint n;
if(p == nil)
return nil;
if(p+BIT16SZ > ep)
return nil;
n = GBIT16(p);
p += BIT16SZ;
if(p+n > ep)
return nil;
*s = malloc(n);
if(*s == nil)
return nil;
memmove((*s), p, n);
*np = n;
p += n;
return p;
}
void
auth_freeAI(AuthInfo *ai)
{
if(ai == nil)
return;
free(ai->cuid);
free(ai->suid);
free(ai->cap);
free(ai->secret);
free(ai);
}
static uchar*
convM2AI(uchar *p, int n, AuthInfo **aip)
{
uchar *e = p+n;
AuthInfo *ai;
ai = mallocz(sizeof(*ai), 1);
if(ai == nil)
return nil;
p = gstring(p, e, &ai->cuid);
p = gstring(p, e, &ai->suid);
p = gstring(p, e, &ai->cap);
p = gcarray(p, e, &ai->secret, &ai->nsecret);
if(p == nil)
auth_freeAI(ai);
else
*aip = ai;
return p;
}
AuthInfo*
auth_getinfo(AuthRpc *rpc)
{
AuthInfo *a;
if(auth_rpc(rpc, "authinfo", nil, 0) != ARok)
return nil;
if(convM2AI((uchar*)rpc->arg, rpc->narg, &a) == nil){
werrstr("bad auth info from factotum");
return nil;
}
return a;
}
static int
dorpc(AuthRpc *rpc, char *verb, char *val, int len, AuthGetkey *getkey)
{
int ret;
for(;;){
if((ret = auth_rpc(rpc, verb, val, len)) != ARneedkey && ret != ARbadkey)
return ret;
if(getkey == nil)
return ARgiveup; /* don't know how */
if((*getkey)(rpc->arg) < 0)
return ARgiveup; /* user punted */
}
}
/*
* this just proxies what the factotum tells it to.
*/
AuthInfo*
fauth_proxy(int fd, AuthRpc *rpc, AuthGetkey *getkey, char *params)
{
char *buf;
int m, n, ret;
AuthInfo *a;
char oerr[ERRMAX];
rerrstr(oerr, sizeof oerr);
werrstr("UNKNOWN AUTH ERROR");
if(dorpc(rpc, "start", params, strlen(params), getkey) != ARok){
werrstr("fauth_proxy start: %r");
return nil;
}
buf = malloc(AuthRpcMax);
if(buf == nil)
return nil;
for(;;){
switch(dorpc(rpc, "read", nil, 0, getkey)){
case ARdone:
free(buf);
a = auth_getinfo(rpc);
errstr(oerr, sizeof oerr); /* no error, restore whatever was there */
return a;
case ARok:
if(write(fd, rpc->arg, rpc->narg) != rpc->narg){
werrstr("auth_proxy write fd: %r");
goto Error;
}
break;
case ARphase:
n = 0;
memset(buf, 0, AuthRpcMax);
while((ret = dorpc(rpc, "write", buf, n, getkey)) == ARtoosmall){
if(atoi(rpc->arg) > AuthRpcMax)
break;
m = read(fd, buf+n, atoi(rpc->arg)-n);
if(m <= 0){
if(m == 0)
werrstr("auth_proxy short read: %s", buf);
goto Error;
}
n += m;
}
if(ret != ARok){
werrstr("auth_proxy rpc write: %s: %r", buf);
goto Error;
}
break;
default:
werrstr("auth_proxy rpc: %r");
goto Error;
}
}
Error:
free(buf);
return nil;
}
AuthInfo*
auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...)
{
int afd;
char *p;
va_list arg;
AuthInfo *ai;
AuthRpc *rpc;
quotefmtinstall(); /* just in case */
va_start(arg, fmt);
p = vsmprint(fmt, arg);
va_end(arg);
afd = open("/mnt/factotum/rpc", ORDWR);
if(afd < 0){
werrstr("opening /mnt/factotum/rpc: %r");
free(p);
return nil;
}
rpc = auth_allocrpc(afd);
if(rpc == nil){
free(p);
return nil;
}
ai = fauth_proxy(fd, rpc, getkey, p);
free(p);
auth_freerpc(rpc);
close(afd);
return ai;
}

73
libauth/auth_respond.c Normal file
View File

@ -0,0 +1,73 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
#include <authsrv.h>
#include "authlocal.h"
enum {
ARgiveup = 100,
};
static int
dorpc(AuthRpc *rpc, char *verb, char *val, int len, AuthGetkey *getkey)
{
int ret;
for(;;){
if((ret = auth_rpc(rpc, verb, val, len)) != ARneedkey && ret != ARbadkey)
return ret;
if(getkey == nil)
return ARgiveup; /* don't know how */
if((*getkey)(rpc->arg) < 0)
return ARgiveup; /* user punted */
}
}
int
auth_respond(void *chal, uint nchal, char *user, uint nuser, void *resp, uint nresp, AuthGetkey *getkey, char *fmt, ...)
{
char *p, *s;
va_list arg;
int afd;
AuthRpc *rpc;
Attr *a;
if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0)
return -1;
if((rpc = auth_allocrpc(afd)) == nil){
close(afd);
return -1;
}
quotefmtinstall(); /* just in case */
va_start(arg, fmt);
p = vsmprint(fmt, arg);
va_end(arg);
if(p==nil
|| dorpc(rpc, "start", p, strlen(p), getkey) != ARok
|| dorpc(rpc, "write", chal, nchal, getkey) != ARok
|| dorpc(rpc, "read", nil, 0, getkey) != ARok){
free(p);
close(afd);
auth_freerpc(rpc);
return -1;
}
free(p);
if(rpc->narg < nresp)
nresp = rpc->narg;
memmove(resp, rpc->arg, nresp);
if((a = auth_attr(rpc)) != nil
&& (s = _strfindattr(a, "user")) != nil && strlen(s) < nuser)
strcpy(user, s);
else if(nuser > 0)
user[0] = '\0';
_freeattr(a);
close(afd);
auth_freerpc(rpc);
return nresp;
}

116
libauth/auth_rpc.c Normal file
View File

@ -0,0 +1,116 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
#include "authlocal.h"
static struct {
char *verb;
int val;
} tab[] = {
"ok", ARok,
"done", ARdone,
"error", ARerror,
"needkey", ARneedkey,
"badkey", ARbadkey,
"phase", ARphase,
"toosmall", ARtoosmall,
"error", ARerror,
};
static int
classify(char *buf, uint n, AuthRpc *rpc)
{
int i, len;
for(i=0; i<nelem(tab); i++){
len = strlen(tab[i].verb);
if(n >= len && memcmp(buf, tab[i].verb, len) == 0 && (n==len || buf[len]==' ')){
if(n==len){
rpc->narg = 0;
rpc->arg = "";
}else{
rpc->narg = n - (len+1);
rpc->arg = (char*)buf+len+1;
}
return tab[i].val;
}
}
werrstr("malformed rpc response: %s", buf);
return ARrpcfailure;
}
AuthRpc*
auth_allocrpc(int afd)
{
AuthRpc *rpc;
rpc = mallocz(sizeof(*rpc), 1);
if(rpc == nil)
return nil;
rpc->afd = afd;
return rpc;
}
void
auth_freerpc(AuthRpc *rpc)
{
free(rpc);
}
uint
auth_rpc(AuthRpc *rpc, char *verb, void *a, int na)
{
int l, n, type;
char *f[4];
l = strlen(verb);
if(na+l+1 > AuthRpcMax){
werrstr("rpc too big");
return ARtoobig;
}
memmove(rpc->obuf, verb, l);
rpc->obuf[l] = ' ';
memmove(rpc->obuf+l+1, a, na);
if((n=write(rpc->afd, rpc->obuf, l+1+na)) != l+1+na){
if(n >= 0)
werrstr("auth_rpc short write");
return ARrpcfailure;
}
if((n=read(rpc->afd, rpc->ibuf, AuthRpcMax)) < 0)
return ARrpcfailure;
rpc->ibuf[n] = '\0';
/*
* Set error string for good default behavior.
*/
switch(type = classify(rpc->ibuf, n, rpc)){
default:
werrstr("unknown rpc type %d (bug in auth_rpc.c)", type);
break;
case ARok:
break;
case ARrpcfailure:
break;
case ARerror:
if(rpc->narg == 0)
werrstr("unspecified rpc error");
else
werrstr("%s", rpc->arg);
break;
case ARneedkey:
werrstr("needkey %s", rpc->arg);
break;
case ARbadkey:
if(getfields(rpc->arg, f, nelem(f), 0, "\n") < 2)
werrstr("badkey %s", rpc->arg);
else
werrstr("badkey %s", f[1]);
break;
case ARphase:
werrstr("phase error %s", rpc->arg);
break;
}
return type;
}

50
libauth/auth_userpasswd.c Normal file
View File

@ -0,0 +1,50 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
#include <authsrv.h>
#include "authlocal.h"
/*
* compute the proper response. We encrypt the ascii of
* challenge number, with trailing binary zero fill.
* This process was derived empirically.
* this was copied from inet's guard.
*/
static void
netresp(char *key, long chal, char *answer)
{
uchar buf[8];
memset(buf, 0, 8);
sprint((char *)buf, "%lud", chal);
if(encrypt(key, buf, 8) < 0)
abort();
chal = (buf[0]<<24)+(buf[1]<<16)+(buf[2]<<8)+buf[3];
sprint(answer, "%.8lux", chal);
}
AuthInfo*
auth_userpasswd(char *user, char *passwd)
{
char key[DESKEYLEN], resp[16];
AuthInfo *ai;
Chalstate *ch;
/*
* Probably we should have a factotum protocol
* to check a raw password. For now, we use
* p9cr, which is simplest to speak.
*/
if((ch = auth_challenge("user=%q proto=p9cr role=server", user)) == nil)
return nil;
passtokey(key, passwd);
netresp(key, atol(ch->chal), resp);
memset(key, 0, sizeof key);
ch->resp = resp;
ch->nresp = strlen(resp);
ai = auth_response(ch);
auth_freechal(ch);
return ai;
}

1
libauth/authlocal.h Normal file
View File

@ -0,0 +1 @@
extern AuthInfo* _fauth_proxy(int fd, AuthRpc *rpc, AuthGetkey *getkey, char *params);

51
libauth/httpauth.c Normal file
View File

@ -0,0 +1,51 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
#include <authsrv.h>
/* deprecated.
This is the mechanism that put entries in /sys/lib/httpd.rewrite
and passwords on the authserver in /sys/lib/httppasswords, which
was awkward to administer. Instead, use local .httplogin files,
which are implemented in sys/src/cmd/ip/httpd/authorize.c */
int
httpauth(char *name, char *password)
{
int afd;
Ticketreq tr;
Ticket t;
char key[DESKEYLEN];
char buf[512];
afd = authdial(nil, nil);
if(afd < 0)
return -1;
/* send ticket request to AS */
memset(&tr, 0, sizeof(tr));
strcpy(tr.uid, name);
tr.type = AuthHttp;
convTR2M(&tr, buf);
if(write(afd, buf, TICKREQLEN) != TICKREQLEN){
close(afd);
return -1;
}
if(_asrdresp(afd, buf, TICKETLEN) < 0){
close(afd);
return -1;
}
close(afd);
/*
* use password and try to decrypt the
* ticket. If it doesn't work we've got a bad password,
* give up.
*/
passtokey(key, password);
convM2T(buf, &t, key);
if(t.num != AuthHr || strcmp(t.cuid, tr.uid))
return -1;
return 0;
}

2
main.c
View File

@ -36,6 +36,8 @@ main(int argc, char **argv)
char buf[1024], *s;
int n;
eve = getuser();
sizebug();
fmtinstall('r', errfmt);

107
posix-factotum.c Normal file
View File

@ -0,0 +1,107 @@
#include <u.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <pwd.h>
#include <libc.h>
#include <auth.h>
#include <fcall.h>
#include <authsrv.h>
#include <libsec.h>
#include "drawterm.h"
#undef socket
#undef connect
#undef getenv
#undef access
char*
getuser(void)
{
static char user[64];
struct passwd *pw;
pw = getpwuid(getuid());
if(pw == nil)
return "none";
strecpy(user, user+sizeof user, pw->pw_name);
return user;
}
/*
* Absent other hints, it works reasonably well to use
* the X11 display name as the name space identifier.
* This is how sam's B has worked since the early days.
* Since most programs using name spaces are also using X,
* this still seems reasonable. Terminal-only sessions
* can set $NAMESPACE.
*/
static char*
nsfromdisplay(void)
{
int fd;
Dir *d;
char *disp, *p;
if((disp = getenv("DISPLAY")) == nil){
werrstr("$DISPLAY not set");
return nil;
}
/* canonicalize: xxx:0.0 => xxx:0 */
p = strrchr(disp, ':');
if(p){
p++;
while(isdigit((uchar)*p))
p++;
if(strcmp(p, ".0") == 0)
*p = 0;
}
return smprint("/tmp/ns.%s.%s", getuser(), disp);
}
char*
getns(void)
{
char *ns;
ns = getenv("NAMESPACE");
if(ns == nil)
ns = nsfromdisplay();
if(ns == nil){
werrstr("$NAMESPACE not set, %r");
return nil;
}
return ns;
}
int
dialfactotum(void)
{
int fd;
struct sockaddr_un su;
char *name;
name = smprint("%s/factotum", getns());
if(name == nil || access(name, 0) < 0)
return -1;
memset(&su, 0, sizeof su);
su.sun_family = AF_UNIX;
if(strlen(name)+1 > sizeof su.sun_path){
werrstr("socket name too long");
return -1;
}
strcpy(su.sun_path, name);
if((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0){
werrstr("socket: %r");
return -1;
}
if(connect(fd, (struct sockaddr*)&su, sizeof su) < 0){
werrstr("connect %s: %r", name);
close(fd);
return -1;
}
return lfdfd(fd);
}

22
win32-factotum.c Normal file
View File

@ -0,0 +1,22 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
#include <fcall.h>
#include <authsrv.h>
#include <libsec.h>
#include "drawterm.h"
#undef getenv
char*
getuser(void)
{
return getenv("USER");
}
int
dialfactotum(void)
{
return -1;
}