#include "all.h"
#include "io.h"
#include <authsrv.h>
Nvrsafe nvr;
char*
nvrgetconfig(void)
{
return nvr.config;
}
int
nvrsetconfig(char* word)
{
int c;
c = strlen(word);
if(c >= sizeof(nvr.config)) {
print("config string too long\n");
return 1;
}
memset(nvr.config, 0, sizeof(nvr.config));
memmove(nvr.config, word, c);
nvr.configsum = nvcsum(nvr.config, sizeof(nvr.config));
nvwrite(NVRAUTHADDR, &nvr, sizeof(nvr));
return 0;
}
int
nvrcheck(void)
{
uchar csum;
print("nvr read\n");
nvread(NVRAUTHADDR, &nvr, sizeof(nvr));
csum = nvcsum(nvr.authkey, sizeof(nvr.authkey));
if(csum != nvr.authsum) {
print("\n\n ** NVR key checksum is incorrect **\n");
print(" ** set password to allow attaches **\n\n");
memset(nvr.authkey, 0, sizeof(nvr.authkey));
return 1;
}
csum = nvcsum(nvr.config, sizeof(nvr.config));
if(csum != nvr.configsum) {
print("\n\n ** NVR config checksum is incorrect **\n");
memset(nvr.config, 0, sizeof(nvr.config));
return 1;
}
return 0;
}
void
cmd_passwd(int, char *[])
{
char passwd[32];
static char zeros[DESKEYLEN];
char nkey1[DESKEYLEN], nkey2[DESKEYLEN];
char authid[NAMELEN];
char authdom[DOMLEN];
if(memcmp(nvr.authkey, zeros, sizeof(nvr.authkey))) {
print("Old password:");
getstring(passwd, sizeof(passwd), 0);
memset(nkey1, 0, DESKEYLEN);
passtokey(nkey1, passwd);
if(memcmp(nkey1, nvr.authkey, DESKEYLEN)) {
print("Bad password\n");
delay(1000);
return;
}
}
print("New password:");
getstring(passwd, sizeof(passwd), 0);
memset(nkey1, 0, DESKEYLEN);
passtokey(nkey1, passwd);
print("Confirm password:");
getstring(passwd, sizeof(passwd), 0);
memset(nkey2, 0, DESKEYLEN);
passtokey(nkey2, passwd);
if(memcmp(nkey1, nkey2, DESKEYLEN)) {
print("don't match\n");
return;
}
memmove(nvr.authkey, nkey1, DESKEYLEN);
nvr.authsum = nvcsum(nvr.authkey, DESKEYLEN);
print("Authentication id:");
getstring(authid, sizeof(authid), 1);
if(authid[0]){
memset(nvr.authid, 0, NAMELEN);
strcpy(nvr.authid, authid);
nvr.authidsum = nvcsum(nvr.authid, NAMELEN);
}
print("Authentication domain:");
getstring(authdom, sizeof(authdom), 1);
if(authdom[0]){
memset(nvr.authdom, 0, NAMELEN);
strcpy(nvr.authdom, authdom);
nvr.authdomsum = nvcsum(nvr.authdom, NAMELEN);
}
nvwrite(NVRAUTHADDR, &nvr, sizeof(nvr));
}
void
getstring(char *str, int n, int doecho)
{
int c;
char *p, *e;
memset(str, 0, n);
p = str;
e = str+n-1;
echo = doecho;
for(;;) {
if(p == e) {
*p = '\0';
goto out;
}
c = getc();
switch(c) {
case '\n':
*p = '\0';
if(!doecho)
print("\n");
goto out;
case '\b':
if(p > str)
p--;
break;
case 'U' - '@':
p = str;
break;
default:
*p++ = c;
}
}
out:
echo = 1;
}
int
conslock(void)
{
static char zeroes[DESKEYLEN];
char passwd[128];
char nkey1[DESKEYLEN];
if(memcmp(nvr.authkey, zeroes, DESKEYLEN) == 0) {
print("no password set\n");
return 0;
}
for(;;) {
print("%s password:", service);
getstring(passwd, sizeof(passwd), 0);
memset(nkey1, 0, DESKEYLEN);
passtokey(nkey1, passwd);
if(memcmp(nkey1, nvr.authkey, DESKEYLEN) == 0) {
prdate();
break;
}
print("Bad password\n");
delay(1000);
}
return 1;
}
/*
* authentication specific to 9P2000
*/
/* authentication states */
enum
{
HaveProtos=1,
NeedProto,
HaveOK,
NeedCchal,
HaveSinfo,
NeedTicket,
HaveSauthenticator,
SSuccess,
};
char *phasename[] =
{
[HaveProtos] "HaveProtos",
[NeedProto] "NeedProto",
[HaveOK] "HaveOK",
[NeedCchal] "NeedCchal",
[HaveSinfo] "HaveSinfo",
[NeedTicket] "NeedTicket",
[HaveSauthenticator] "HaveSauthenticator",
[SSuccess] "SSuccess",
};
/* authentication structure */
struct Auth
{
int inuse;
char uname[NAMELEN]; /* requestor's remote user name */
char aname[NAMELEN]; /* requested aname */
Userid uid; /* uid decided on */
int phase;
char cchal[CHALLEN];
char tbuf[TICKETLEN+AUTHENTLEN]; /* server ticket */
Ticket t;
Ticketreq tr;
};
Auth* auths;
Lock authlock;
void
authinit(void)
{
auths = ialloc(conf.nauth * sizeof(*auths), 0);
}
static int
failure(Auth *s, char *why)
{
int i;
if(*why)
print("authentication failed: %s: %s\n", phasename[s->phase], why);
srand((uintptr)s + m->ticks);
for(i = 0; i < CHALLEN; i++)
s->tr.chal[i] = nrand(256);
s->uid = -1;
strncpy(s->tr.authid, nvr.authid, NAMELEN);
strncpy(s->tr.authdom, nvr.authdom, DOMLEN);
memmove(s->cchal, s->tr.chal, sizeof(s->cchal));
s->phase = HaveProtos;
return -1;
}
Auth*
authnew(char *uname, char *aname)
{
static int si = 0;
int i, nwrap;
Auth *s;
i = si;
nwrap = 0;
for(;;){
if(i < 0 || i >= conf.nauth){
if(++nwrap > 1)
return nil;
i = 0;
}
s = &auths[i++];
if(s->inuse)
continue;
lock(&authlock);
if(s->inuse == 0){
s->inuse = 1;
strncpy(s->uname, uname, NAMELEN-1);
strncpy(s->aname, aname, NAMELEN-1);
failure(s, "");
si = i;
unlock(&authlock);
break;
}
unlock(&authlock);
}
return s;
}
void
authfree(Auth *s)
{
if(s != nil)
s->inuse = 0;
}
int
authread(File* file, uchar* data, int n)
{
Auth *s;
int m;
s = file->auth;
if(s == nil)
return -1;
switch(s->phase){
default:
return failure(s, "unexpected phase");
case HaveProtos:
m = snprint((char*)data, n, "v.2 p9sk1@%s", nvr.authdom) + 1;
s->phase = NeedProto;
break;
case HaveOK:
m = 3;
if(n < m)
return failure(s, "read too short");
strcpy((char*)data, "OK");
s->phase = NeedCchal;
break;
case HaveSinfo:
m = TICKREQLEN;
if(n < m)
return failure(s, "read too short");
convTR2M(&s->tr, (char*)data);
s->phase = NeedTicket;
break;
case HaveSauthenticator:
m = AUTHENTLEN;
if(n < m)
return failure(s, "read too short");
memmove(data, s->tbuf+TICKETLEN, m);
s->phase = SSuccess;
break;
}
return m;
}
int
authwrite(File* file, uchar *data, int n)
{
Auth *s;
int m;
char *p, *d;
Authenticator a;
s = file->auth;
if(s == nil)
return -1;
switch(s->phase){
default:
return failure(s, "unknown phase");
case NeedProto:
p = (char*)data;
if(p[n-1] != 0)
return failure(s, "proto missing terminator");
d = strchr((char*)p, ' ');
if(d == nil)
return failure(s, "proto missing separator");
*d++ = 0;
if(strcmp(p, "p9sk1") != 0)
return failure(s, "unknown proto");
if(strcmp(d, nvr.authdom) != 0)
return failure(s, "unknown domain");
s->phase = HaveOK;
m = n;
break;
case NeedCchal:
m = CHALLEN;
if(n < m)
return failure(s, "client challenge too short");
memmove(s->cchal, data, sizeof(s->cchal));
s->phase = HaveSinfo;
break;
case NeedTicket:
m = TICKETLEN+AUTHENTLEN;
if(n < m)
return failure(s, "ticket+auth too short");
convM2T((char*)data, &s->t, nvr.authkey);
if(s->t.num != AuthTs
|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0)
return failure(s, "bad ticket");
convM2A((char*)data+TICKETLEN, &a, s->t.key);
if(a.num != AuthAc
|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
|| a.id != 0)
return failure(s, "bad authenticator");
/* at this point, we're convinced */
s->uid = strtouid(s->t.suid);
if(s->uid < 0)
return failure(s, "unknown user");
if(cons.flags & authdebugflag)
print("user %s = %d authenticated\n", s->t.suid, s->uid);
/* create an authenticator to send back */
a.num = AuthAs;
memmove(a.chal, s->cchal, sizeof(a.chal));
a.id = 0;
convA2M(&a, s->tbuf+TICKETLEN, s->t.key);
s->phase = HaveSauthenticator;
break;
}
return m;
}
int
authuid(Auth* s)
{
return s->uid;
}
char*
authaname(Auth* s)
{
return s->aname;
}
char*
authuname(Auth* s)
{
return s->uname;
}
|
