Home Explore Help
Register Sign In
RISCI_ATOM
/
harvey
mirror of https://github.com/Harvey-OS/harvey.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 4996d34de5
Branches Tags
harvey
/
sys
/
src
/
cmd
/
auth
/
guard.srv.c

guard.srv.c 2.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 
  1. /*
    2. 

  2.  * guard service
    3. 

  3.  */
    4. 

  4. #include <u.h>
    5. 

  5. #include <libc.h>
    6. 

  6. #include <fcall.h>
    7. 

  7. #include <bio.h>
    8. 

  8. #include <ndb.h>
    9. 

  9. #include <authsrv.h>
    10. 

  10. #include "authcmdlib.h"
    11. 

  11. 

  12. enum {
    13. 

  13. 	Pinlen = 4,
    14. 

  14. };
    15. 

  15. 

  16. /*
    17. 

  17.  * c -> a	client
    18. 

  18.  * a -> c	challenge prompt
    19. 

  19.  * c -> a	KC'{challenge}
    20. 

  20.  * a -> c	OK or NO
    21. 

  21.  */
    22. 

  22. 

  23. void	catchalarm(void*, char*);
    24. 

  24. void	getraddr(char*);
    25. 

  25. 

  26. char	user[ANAMELEN];
    27. 

  27. char	raddr[128];
    28. 

  28. int	debug;
    29. 

  29. Ndb	*db;
    30. 

  30. 

  31. void
    32. 

  32. main(int argc, char *argv[])
    33. 

  33. {
    34. 

  34. 	int n;
    35. 

  35. 	long chal;
    36. 

  36. 	char *err;
    37. 

  37. 	char ukey[DESKEYLEN], resp[32], buf[NETCHLEN];
    38. 

  38. 	Ndb *db2;
    39. 

  39. 

  40. 	ARGBEGIN{
    41. 

  41. 	case 'd':
    42. 

  42. 		debug = 1;
    43. 

  43. 		break;
    44. 

  44. 	}ARGEND;
    45. 

  45. 

  46. 	db = ndbopen("/lib/ndb/auth");
    47. 

  47. 	if(db == 0)
    48. 

  48. 		syslog(0, AUTHLOG, "no /lib/ndb/auth");
    49. 

  49. 	db2 = ndbopen(0);
    50. 

  50. 	if(db2 == 0)
    51. 

  51. 		syslog(0, AUTHLOG, "no /lib/ndb/local");
    52. 

  52. 	db = ndbcat(db, db2);
    53. 

  53. 	werrstr("");
    54. 

  54. 

  55. 	strcpy(raddr, "unknown");
    56. 

  56. 	if(argc >= 1)
    57. 

  57. 		getraddr(argv[argc-1]);
    58. 

  58. 

  59. 	argv0 = "guard";
    60. 

  60. 	srand((getpid()*1103515245)^time(0));
    61. 

  61. 	notify(catchalarm);
    62. 

  62. 

  63. 	/*
    64. 

  64. 	 * read the host and client and get their keys
    65. 

  65. 	 */
    66. 

  66. 	if(readarg(0, user, sizeof user) < 0)
    67. 

  67. 		fail(0);
    68. 

  68. 

  69. 	/*
    70. 

  70. 	 * challenge-response
    71. 

  71. 	 */
    72. 

  72. 	chal = lnrand(MAXNETCHAL);
    73. 

  73. 	sprint(buf, "challenge: %lud\nresponse: ", chal);
    74. 

  74. 	n = strlen(buf) + 1;
    75. 

  75. 	if(write(1, buf, n) != n){
    76. 

  76. 		if(debug)
    77. 

  77. 			syslog(0, AUTHLOG, "g-fail %s@%s: %r sending chal",
    78. 

  78. 				user, raddr);
    79. 

  79. 		exits("replying to server");
    80. 

  80. 	}
    81. 

  81. 	alarm(3*60*1000);
    82. 

  82. 	werrstr("");
    83. 

  83. 	if(readarg(0, resp, sizeof resp) < 0){
    84. 

  84. 		if(debug)
    85. 

  85. 			syslog(0, AUTHLOG, "g-fail %s@%s: %r reading resp",
    86. 

  86. 				user, raddr);
    87. 

  87. 		fail(0);
    88. 

  88. 	}
    89. 

  89. 	alarm(0);
    90. 

  90. 

  91. 	/* remove password login from guard.research.bell-labs.com, sucre, etc. */
    92. 

  92. //	if(!findkey(KEYDB,    user, ukey) || !netcheck(ukey, chal, resp))
    93. 

  93. 	if(!findkey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
    94. 

  94. 	if((err = secureidcheck(user, resp)) != nil){
    95. 

  95. 		print("NO %s", err);
    96. 

  96. 		write(1, "NO", 2);
    97. 

  97. 		if(debug) {
    98. 

  98. 			char *r;
    99. 

  99. 

  100. 			/*
    101. 

  101. 			 * don't log the entire response, since the first
    102. 

  102. 			 * Pinlen digits may be the user's secure-id pin.
    103. 

  103. 			 */
    104. 

  104. 			if (strlen(resp) < Pinlen)
    105. 

  105. 				r = strdup("<too short for pin>");
    106. 

  106. 			else if (strlen(resp) == Pinlen)
    107. 

  107. 				r = strdup("<pin only>");
    108. 

  108. 			else
    109. 

  109. 				r = smprint("%.*s%s", Pinlen,
    110. 

  110. 					"******************", resp + Pinlen);
    111. 

  111. 			syslog(0, AUTHLOG,
    112. 

  112. 				"g-fail %s@%s: %s: resp %s to chal %lud",
    113. 

  113. 				user, raddr, err, r, chal);
    114. 

  114. 			free(r);
    115. 

  115. 		}
    116. 

  116. 		fail(user);
    117. 

  117. 	}
    118. 

  118. 	write(1, "OK", 2);
    119. 

  119. 	if(debug)
    120. 

  120. 		syslog(0, AUTHLOG, "g-ok %s@%s", user, raddr);
    121. 

  121. 	succeed(user);
    122. 

  122. 	exits(0);
    123. 

  123. }
    124. 

  124. 

  125. void
    126. 

  126. catchalarm(void *x, char *msg)
    127. 

  127. {
    128. 

  128. 	USED(x, msg);
    129. 

  129. 	if(debug)
    130. 

  130. 		syslog(0, AUTHLOG, "g-timed out %s", raddr);
    131. 

  131. 	fail(0);
    132. 

  132. }
    133. 

  133. 

  134. void
    135. 

  135. getraddr(char *dir)
    136. 

  136. {
    137. 

  137. 	int n, fd;
    138. 

  138. 	char *cp;
    139. 

  139. 	char file[128];
    140. 

  140. 

  141. 	snprint(file, sizeof(file), "%s/remote", dir);
    142. 

  142. 	fd = open(file, OREAD);
    143. 

  143. 	if(fd < 0)
    144. 

  144. 		return;
    145. 

  145. 	n = read(fd, raddr, sizeof(raddr)-1);
    146. 

  146. 	close(fd);
    147. 

  147. 	if(n <= 0)
    148. 

  148. 		return;
    149. 

  149. 	raddr[n] = 0;
    150. 

  150. 	cp = strchr(raddr, '\n');
    151. 

  151. 	if(cp)
    152. 

  152. 		*cp = 0;
    153. 

  153. 	cp = strchr(raddr, '!');
    154. 

  154. 	if(cp)
    155. 

  155. 		*cp = 0;
    156. 

  156. }
    157.