Browse Source

Plan 9 from Bell Labs 2003-01-07

David du Colombier 21 years ago
parent
commit
31a53ababe

+ 11 - 11
dist/replica/plan9.db

@@ -42,7 +42,7 @@
 386/bin/ascii - 775 sys sys 1039758530 63264
 386/bin/astro - 775 sys sys 1039758530 139263
 386/bin/auth - 20000000775 sys sys 1016920815 0
-386/bin/auth/aescbc - 775 sys sys 1039758531 120944
+386/bin/auth/aescbc - 775 sys sys 1041890056 120602
 386/bin/auth/authsrv - 775 sys sys 1039758531 162132
 386/bin/auth/changeuser - 775 sys sys 1039758531 96022
 386/bin/auth/convkeys - 775 sys sys 1039758531 84013
@@ -59,9 +59,9 @@
 386/bin/auth/login - 775 sys sys 1039758534 99385
 386/bin/auth/printnetkey - 775 sys sys 1039758534 40969
 386/bin/auth/secretpem - 775 sys sys 1039758534 118523
-386/bin/auth/secstore - 775 sys sys 1039758535 178992
-386/bin/auth/secstored - 775 sys sys 1039758535 192870
-386/bin/auth/secuser - 775 sys sys 1039758535 149280
+386/bin/auth/secstore - 775 sys sys 1041890054 185946
+386/bin/auth/secstored - 775 sys sys 1041890055 192691
+386/bin/auth/secuser - 775 sys sys 1041890056 149092
 386/bin/auth/status - 775 sys sys 1020319060 738
 386/bin/auth/uniq - 775 sys sys 1039758536 61773
 386/bin/auth/warning - 775 sys sys 1039758536 97723
@@ -4478,7 +4478,7 @@ sys/man/1/rio - 664 sys sys 1015024740 14087
 sys/man/1/rm - 664 sys sys 944959673 515
 sys/man/1/rtstats - 664 sys sys 1018897631 2108
 sys/man/1/sam - 664 sys sys 984709628 18107
-sys/man/1/secstore - 664 sys sys 1035490580 3314
+sys/man/1/secstore - 664 sys sys 1041890056 3434
 sys/man/1/sed - 664 sys sys 944959674 6884
 sys/man/1/seq - 664 sys sys 944959674 1050
 sys/man/1/size - 664 sys sys 944959674 393
@@ -6467,19 +6467,19 @@ sys/src/cmd/auth/passwd.c - 664 sys sys 1022163987 2902
 sys/src/cmd/auth/printnetkey.c - 664 sys sys 1015008430 732
 sys/src/cmd/auth/respond.c - 664 sys sys 1015008432 472
 sys/src/cmd/auth/secstore - 20000000775 sys sys 1017337838 0
-sys/src/cmd/auth/secstore/SConn.c - 664 sys sys 1015008431 4379
+sys/src/cmd/auth/secstore/SConn.c - 664 sys sys 1041890053 4381
 sys/src/cmd/auth/secstore/SConn.h - 664 sys sys 1015008431 955
 sys/src/cmd/auth/secstore/aescbc.c - 664 sys sys 1035328558 4151
 sys/src/cmd/auth/secstore/dirls.c - 664 sys sys 1015008431 2106
 sys/src/cmd/auth/secstore/mkfile - 664 sys sys 1035833808 873
-sys/src/cmd/auth/secstore/pak.c - 664 sys sys 1019240172 9351
-sys/src/cmd/auth/secstore/password.c - 664 sys sys 1021579985 2581
+sys/src/cmd/auth/secstore/pak.c - 664 sys sys 1041890053 9353
+sys/src/cmd/auth/secstore/password.c - 664 sys sys 1041890053 2698
 sys/src/cmd/auth/secstore/secacct.c - 644 sys sys 1015008431 755
 sys/src/cmd/auth/secstore/secchk.c - 664 sys sys 1015008431 521
-sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1036189688 11884
-sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1015008431 836
+sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1041890054 12213
+sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1041890053 841
 sys/src/cmd/auth/secstore/secstored.c - 664 sys sys 1034734162 8089
-sys/src/cmd/auth/secstore/secuser.c - 664 sys sys 1019769759 4323
+sys/src/cmd/auth/secstore/secuser.c - 664 sys sys 1041890054 4351
 sys/src/cmd/auth/secstore/util.c - 664 sys sys 1021579985 1498
 sys/src/cmd/auth/secureidcheck.c - 664 sys sys 1032497640 8909
 sys/src/cmd/auth/status - 775 sys sys 1015008430 738

+ 11 - 0
dist/replica/plan9.log

@@ -16888,3 +16888,14 @@
 1041481459 1 c acme/mail/src/mesg.c - 664 sys sys 1041481453 26236
 1041481703 0 c acme/mail/386/Mail - 775 sys sys 1041481688 175845
 1041627193 0 c sys/src/cmd/ip/ftpfs/proto.c - 664 sys sys 1041568440 28988
+1041890558 0 c 386/bin/auth/aescbc - 775 sys sys 1041890056 120602
+1041890558 1 c 386/bin/auth/secstore - 775 sys sys 1041890054 185946
+1041890558 2 c 386/bin/auth/secstored - 775 sys sys 1041890055 192691
+1041890558 3 c 386/bin/auth/secuser - 775 sys sys 1041890056 149092
+1041890558 4 c sys/man/1/secstore - 664 sys sys 1041890056 3434
+1041890558 5 c sys/src/cmd/auth/secstore/SConn.c - 664 sys sys 1041890053 4381
+1041890558 6 c sys/src/cmd/auth/secstore/pak.c - 664 sys sys 1041890053 9353
+1041890558 7 c sys/src/cmd/auth/secstore/password.c - 664 sys sys 1041890053 2698
+1041890558 8 c sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1041890054 12213
+1041890558 9 c sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1041890053 841
+1041890558 10 c sys/src/cmd/auth/secstore/secuser.c - 664 sys sys 1041890054 4351

+ 8 - 0
sys/man/1/secstore

@@ -94,6 +94,14 @@ says that the password should be read from standard input
 instead of from
 .BR /dev/cons .
 .PP
+Option
+.B -n
+says that the password should be read from NVRAM
+(see
+.IR authsrv (2))
+instead of from
+.BR /dev/cons .
+.PP
 The server is
 .BR tcp!$auth!5356 ,
 or the server specified by option

+ 1 - 1
sys/src/cmd/auth/secstore/SConn.c

@@ -78,7 +78,7 @@ SC_read(SConn *conn, uchar *buf, int n)
 	uchar count[2], digest[SHA1dlen];
 	int len, nr;
 
-	if(read(ss->fd, count, 2) != 2 || count[0]&0x80 == 0){
+	if(read(ss->fd, count, 2) != 2 || (count[0]&0x80) == 0){
 		snprint((char*)buf,n,"!SC_read invalid count");
 		return -1;
 	}

+ 1 - 1
sys/src/cmd/auth/secstore/pak.c

@@ -257,7 +257,7 @@ PAKserver(SConn *conn, char *S, char *mess, PW **pwp)
 	mpmod(m, pak->p, m);
 
 	// lookup client
-	if((pw = getPW(C)) == nil) {
+	if((pw = getPW(C,0)) == nil) {
 		snprint(mess2, sizeof mess2, "%r");
 		writerr(conn, mess2);
 		goto done;

+ 4 - 2
sys/src/cmd/auth/secstore/password.c

@@ -37,7 +37,7 @@ mtimePW(char *id)
 }
 
 PW *
-getPW(char *id)
+getPW(char *id, int dead_or_alive)
 {
 	uint now = time(0);
 	Biobuf *bin;
@@ -71,12 +71,14 @@ getPW(char *id)
 		}
 	}
 	Bterm(bin);
+	if(dead_or_alive)
+		return pw;  // return PW entry for editing, whether currently valid or not
 	if(pw->expire <= now){
 		werrstr("account expired");
 		freePW(pw);
 		return nil;
 	}
-	if(pw->status & Enabled == 0){
+	if((pw->status & Enabled) == 0){
 		werrstr("account disabled");
 		freePW(pw);
 		return nil;

+ 18 - 6
sys/src/cmd/auth/secstore/secstore.c

@@ -3,6 +3,7 @@
 #include <libc.h>
 #include <mp.h>
 #include <libsec.h>
+#include <authsrv.h>
 #include "SConn.h"
 #include "secstore.h"
 enum{ CHK = 16, MAXFILES = 100 };
@@ -14,11 +15,12 @@ typedef struct AuthConn{
 } AuthConn;
 
 int verbose;
+Nvrsafe nvr;
 
 void
 usage(void)
 {
-	fprint(2, "usage: secstore [-c] [-g getfile] [-p putfile] [-r rmfile] [-s tcp!server!5356] [-u user] [-v]\n");
+	fprint(2, "usage: secstore [-cin] [-g getfile] [-p putfile] [-r rmfile] [-s tcp!server!5356] [-u user] [-v]\n");
 	exits("usage");
 }
 
@@ -367,7 +369,7 @@ Out:
 }
 
 static AuthConn*
-login(char *id, char *dest, int pass_stdin)
+login(char *id, char *dest, int pass_stdin, int pass_nvram)
 {
 	AuthConn *c;
 	int fd, n, ntry = 0;
@@ -378,6 +380,11 @@ login(char *id, char *dest, int pass_stdin)
 		exits("nil dest");
 	}
 	c = emalloc(sizeof(*c));
+	if(pass_nvram){
+		if(readnvram(&nvr, 0) < 0)
+			exits("readnvram: %r");
+		strecpy(c->pass, c->pass+sizeof c->pass, nvr.config);
+	}
 	if(pass_stdin){
 		n = readn(0, s, Maxmsg-2);  // so len(PINSTA)<Maxmsg-3
 		if(n < 1)
@@ -391,7 +398,7 @@ login(char *id, char *dest, int pass_stdin)
 			if(nl)
 				*nl = 0;
 		}
-		strncpy(c->pass, s, sizeof c->pass);
+		strecpy(c->pass, c->pass+sizeof c->pass, s);
 	}
 	while(1){
 		if(verbose)
@@ -406,7 +413,7 @@ login(char *id, char *dest, int pass_stdin)
 			return nil;
 		}
 		ntry++;
-		if(!pass_stdin)
+		if(!pass_stdin && !pass_nvram)
 			getpasswd("secstore password: ", c->pass, sizeof c->pass);
 		if(c->pass[0]==0){
 			fprint(2, "null password, skipping secstore login\n");
@@ -417,6 +424,8 @@ login(char *id, char *dest, int pass_stdin)
 		c->conn->free(c->conn);
 		if(pass_stdin)
 			exits("invalid password on standard input");
+		if(pass_nvram)
+			exits("invalid password in nvram");
 		// and let user try retyping the password
 		if(ntry==3)
 			fprint(2, "Enter an empty password to quit.\n");
@@ -458,7 +467,7 @@ login(char *id, char *dest, int pass_stdin)
 int
 main(int argc, char **argv)
 {
-	int chpass = 0, pass_stdin = 0, rc;
+	int chpass = 0, pass_stdin = 0, pass_nvram = 0, rc;
 	int ngfile = 0, npfile = 0, nrfile = 0, Gflag[MAXFILES+1];
 	char *gfile[MAXFILES], *pfile[MAXFILES], *rfile[MAXFILES];
 	char *serve, *tcpserve, *user;
@@ -485,6 +494,9 @@ main(int argc, char **argv)
 	case 'i':
 		pass_stdin = 1;
 		break;
+	case 'n':
+		pass_nvram = 1;
+		break;
 	case 'p':
 		if(npfile >= MAXFILES)
 			exits("too many pfiles");
@@ -530,7 +542,7 @@ main(int argc, char **argv)
 		strcpy(tcpserve, serve);
 	else
 		snprint(tcpserve, rc, "tcp!%s!5356", serve);
-	c = login(user, tcpserve, pass_stdin);
+	c = login(user, tcpserve, pass_stdin, pass_nvram);
 	free(tcpserve);
 	if(c == nil){
 		fprint(2, "secstore authentication failed\n");

+ 1 - 1
sys/src/cmd/auth/secstore/secstore.h

@@ -14,7 +14,7 @@ typedef struct PW {
 	mpint *Hi;  	// H(passphrase)^-1 mod p
 } PW;
 
-PW *getPW(char *);
+PW *getPW(char *, int);
 int putPW(PW *);
 void freePW(PW *);
 int getpasswd(char*, char*, int);

+ 2 - 2
sys/src/cmd/auth/secstore/secuser.c

@@ -32,9 +32,9 @@ main(int argc, char **argv)
 	id = argv[0];
 	if(verbose)
 		fprint(2,"secuser %s\n", id);
-	if((pw = getPW(id)) == nil){
+	if((pw = getPW(id,1)) == nil){
 		isnew = 1;
-		print("new account for %s\n", id);
+		print("new account (because %s/%s %r)\n", SECSTORE_DIR, id);
 		pw = emalloc(sizeof(*pw));
 		pw->id = estrdup(id);
 		snprint(home, sizeof(home), "%s/store/%s", SECSTORE_DIR, id);