auth.c 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417
  1. #include "all.h"
  2. #include "io.h"
  3. #include <authsrv.h>
  4. Nvrsafe nvr;
  5. char*
  6. nvrgetconfig(void)
  7. {
  8. return nvr.config;
  9. }
  10. int
  11. nvrsetconfig(char* word)
  12. {
  13. int c;
  14. c = strlen(word);
  15. if(c >= sizeof(nvr.config)) {
  16. print("config string too long\n");
  17. return 1;
  18. }
  19. memset(nvr.config, 0, sizeof(nvr.config));
  20. memmove(nvr.config, word, c);
  21. nvr.configsum = nvcsum(nvr.config, sizeof(nvr.config));
  22. nvwrite(NVRAUTHADDR, &nvr, sizeof(nvr));
  23. return 0;
  24. }
  25. int
  26. nvrcheck(void)
  27. {
  28. uchar csum;
  29. print("nvr read\n");
  30. nvread(NVRAUTHADDR, &nvr, sizeof(nvr));
  31. csum = nvcsum(nvr.authkey, sizeof(nvr.authkey));
  32. if(csum != nvr.authsum) {
  33. print("\n\n ** NVR key checksum is incorrect **\n");
  34. print(" ** set password to allow attaches **\n\n");
  35. memset(nvr.authkey, 0, sizeof(nvr.authkey));
  36. return 1;
  37. }
  38. csum = nvcsum(nvr.config, sizeof(nvr.config));
  39. if(csum != nvr.configsum) {
  40. print("\n\n ** NVR config checksum is incorrect **\n");
  41. memset(nvr.config, 0, sizeof(nvr.config));
  42. return 1;
  43. }
  44. return 0;
  45. }
  46. void
  47. cmd_passwd(int, char *[])
  48. {
  49. char passwd[32];
  50. static char zeros[DESKEYLEN];
  51. char nkey1[DESKEYLEN], nkey2[DESKEYLEN];
  52. char authid[NAMELEN];
  53. char authdom[DOMLEN];
  54. if(memcmp(nvr.authkey, zeros, sizeof(nvr.authkey))) {
  55. print("Old password:");
  56. getstring(passwd, sizeof(passwd), 0);
  57. memset(nkey1, 0, DESKEYLEN);
  58. passtokey(nkey1, passwd);
  59. if(memcmp(nkey1, nvr.authkey, DESKEYLEN)) {
  60. print("Bad password\n");
  61. delay(1000);
  62. return;
  63. }
  64. }
  65. print("New password:");
  66. getstring(passwd, sizeof(passwd), 0);
  67. memset(nkey1, 0, DESKEYLEN);
  68. passtokey(nkey1, passwd);
  69. print("Confirm password:");
  70. getstring(passwd, sizeof(passwd), 0);
  71. memset(nkey2, 0, DESKEYLEN);
  72. passtokey(nkey2, passwd);
  73. if(memcmp(nkey1, nkey2, DESKEYLEN)) {
  74. print("don't match\n");
  75. return;
  76. }
  77. memmove(nvr.authkey, nkey1, DESKEYLEN);
  78. nvr.authsum = nvcsum(nvr.authkey, DESKEYLEN);
  79. print("Authentication id:");
  80. getstring(authid, sizeof(authid), 1);
  81. if(authid[0]){
  82. memset(nvr.authid, 0, NAMELEN);
  83. strcpy(nvr.authid, authid);
  84. nvr.authidsum = nvcsum(nvr.authid, NAMELEN);
  85. }
  86. print("Authentication domain:");
  87. getstring(authdom, sizeof(authdom), 1);
  88. if(authdom[0]){
  89. memset(nvr.authdom, 0, NAMELEN);
  90. strcpy(nvr.authdom, authdom);
  91. nvr.authdomsum = nvcsum(nvr.authdom, NAMELEN);
  92. }
  93. nvwrite(NVRAUTHADDR, &nvr, sizeof(nvr));
  94. }
  95. void
  96. getstring(char *str, int n, int doecho)
  97. {
  98. int c;
  99. char *p, *e;
  100. memset(str, 0, n);
  101. p = str;
  102. e = str+n-1;
  103. echo = doecho;
  104. for(;;) {
  105. if(p == e) {
  106. *p = '\0';
  107. goto out;
  108. }
  109. c = getc();
  110. switch(c) {
  111. case '\n':
  112. *p = '\0';
  113. print("\n");
  114. goto out;
  115. case '\b':
  116. if(p > str)
  117. p--;
  118. break;
  119. case 'U' - '@':
  120. p = str;
  121. break;
  122. default:
  123. *p++ = c;
  124. }
  125. }
  126. out:
  127. echo = 1;
  128. }
  129. int
  130. conslock(void)
  131. {
  132. static char zeroes[DESKEYLEN];
  133. char passwd[128];
  134. char nkey1[DESKEYLEN];
  135. if(memcmp(nvr.authkey, zeroes, DESKEYLEN) == 0) {
  136. print("no password set\n");
  137. return 0;
  138. }
  139. for(;;) {
  140. print("%s password:", service);
  141. getstring(passwd, sizeof(passwd), 0);
  142. memset(nkey1, 0, DESKEYLEN);
  143. passtokey(nkey1, passwd);
  144. if(memcmp(nkey1, nvr.authkey, DESKEYLEN) == 0) {
  145. prdate();
  146. return 1;
  147. }
  148. print("Bad password\n");
  149. delay(1000);
  150. }
  151. return 0;
  152. }
  153. /*
  154. * authentication specific to 9P2000
  155. */
  156. /* authentication states */
  157. enum
  158. {
  159. HaveProtos=1,
  160. NeedProto,
  161. HaveOK,
  162. NeedCchal,
  163. HaveSinfo,
  164. NeedTicket,
  165. HaveSauthenticator,
  166. SSuccess,
  167. };
  168. char *phasename[] =
  169. {
  170. [HaveProtos] "HaveProtos",
  171. [NeedProto] "NeedProto",
  172. [HaveOK] "HaveOK",
  173. [NeedCchal] "NeedCchal",
  174. [HaveSinfo] "HaveSinfo",
  175. [NeedTicket] "NeedTicket",
  176. [HaveSauthenticator] "HaveSauthenticator",
  177. [SSuccess] "SSuccess",
  178. };
  179. /* authentication structure */
  180. struct Auth
  181. {
  182. int inuse;
  183. char uname[NAMELEN]; /* requestor's remote user name */
  184. char aname[NAMELEN]; /* requested aname */
  185. short uid; /* uid decided on */
  186. int phase;
  187. char cchal[CHALLEN];
  188. char tbuf[TICKETLEN+AUTHENTLEN]; /* server ticket */
  189. Ticket t;
  190. Ticketreq tr;
  191. };
  192. Auth* auths;
  193. Lock authlock;
  194. void
  195. authinit(void)
  196. {
  197. auths = ialloc(conf.nauth * sizeof(*auths), 0);
  198. }
  199. static int
  200. failure(Auth *s, char *why)
  201. {
  202. int i;
  203. if(*why)print("authentication failed: %s: %s\n", phasename[s->phase], why);
  204. srand((ulong)s + m->ticks);
  205. for(i = 0; i < CHALLEN; i++)
  206. s->tr.chal[i] = nrand(256);
  207. s->uid = -1;
  208. strncpy(s->tr.authid, nvr.authid, NAMELEN);
  209. strncpy(s->tr.authdom, nvr.authdom, DOMLEN);
  210. memmove(s->cchal, s->tr.chal, sizeof(s->cchal));
  211. s->phase = HaveProtos;
  212. return -1;
  213. }
  214. Auth*
  215. authnew(char *uname, char *aname)
  216. {
  217. static int si = 0;
  218. int i, nwrap;
  219. Auth *s;
  220. i = si;
  221. nwrap = 0;
  222. for(;;){
  223. if(i < 0 || i >= conf.nauth){
  224. if(++nwrap > 1)
  225. return nil;
  226. i = 0;
  227. }
  228. s = &auths[i++];
  229. if(s->inuse)
  230. continue;
  231. lock(&authlock);
  232. if(s->inuse == 0){
  233. s->inuse = 1;
  234. strncpy(s->uname, uname, NAMELEN-1);
  235. strncpy(s->aname, aname, NAMELEN-1);
  236. failure(s, "");
  237. si = i;
  238. unlock(&authlock);
  239. break;
  240. }
  241. unlock(&authlock);
  242. }
  243. return s;
  244. }
  245. void
  246. authfree(Auth *s)
  247. {
  248. if(s != nil)
  249. s->inuse = 0;
  250. }
  251. int
  252. authread(File* file, uchar* data, int n)
  253. {
  254. Auth *s;
  255. int m;
  256. s = file->auth;
  257. if(s == nil)
  258. return -1;
  259. switch(s->phase){
  260. default:
  261. return failure(s, "unexpected phase");
  262. case HaveProtos:
  263. m = snprint((char*)data, n, "v.2 p9sk1@%s", nvr.authdom) + 1;
  264. s->phase = NeedProto;
  265. break;
  266. case HaveOK:
  267. m = 3;
  268. if(n < m)
  269. return failure(s, "read too short");
  270. strcpy((char*)data, "OK");
  271. s->phase = NeedCchal;
  272. break;
  273. case HaveSinfo:
  274. m = TICKREQLEN;
  275. if(n < m)
  276. return failure(s, "read too short");
  277. convTR2M(&s->tr, (char*)data);
  278. s->phase = NeedTicket;
  279. break;
  280. case HaveSauthenticator:
  281. m = AUTHENTLEN;
  282. if(n < m)
  283. return failure(s, "read too short");
  284. memmove(data, s->tbuf+TICKETLEN, m);
  285. s->phase = SSuccess;
  286. break;
  287. }
  288. return m;
  289. }
  290. int
  291. authwrite(File* file, uchar *data, int n)
  292. {
  293. Auth *s;
  294. int m;
  295. char *p, *d;
  296. Authenticator a;
  297. s = file->auth;
  298. if(s == nil)
  299. return -1;
  300. switch(s->phase){
  301. default:
  302. return failure(s, "unknown phase");
  303. case NeedProto:
  304. p = (char*)data;
  305. if(p[n-1] != 0)
  306. return failure(s, "proto missing terminator");
  307. d = strchr((char*)p, ' ');
  308. if(d == nil)
  309. return failure(s, "proto missing separator");
  310. *d++ = 0;
  311. if(strcmp(p, "p9sk1") != 0)
  312. return failure(s, "unknown proto");
  313. if(strcmp(d, nvr.authdom) != 0)
  314. return failure(s, "unknown domain");
  315. s->phase = HaveOK;
  316. m = n;
  317. break;
  318. case NeedCchal:
  319. m = CHALLEN;
  320. if(n < m)
  321. return failure(s, "client challenge too short");
  322. memmove(s->cchal, data, sizeof(s->cchal));
  323. s->phase = HaveSinfo;
  324. break;
  325. case NeedTicket:
  326. m = TICKETLEN+AUTHENTLEN;
  327. if(n < m)
  328. return failure(s, "ticket+auth too short");
  329. convM2T((char*)data, &s->t, nvr.authkey);
  330. if(s->t.num != AuthTs
  331. || memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0)
  332. return failure(s, "bad ticket");
  333. convM2A((char*)data+TICKETLEN, &a, s->t.key);
  334. if(a.num != AuthAc
  335. || memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
  336. || a.id != 0)
  337. return failure(s, "bad authenticator");
  338. /* at this point, we're convinced */
  339. s->uid = strtouid(s->t.suid);
  340. if(s->uid < 0)
  341. return failure(s, "unknown user");
  342. if(cons.flags & authdebugflag)
  343. print("user %s = %d authenticated\n", s->t.suid, s->uid);
  344. /* create an authenticator to send back */
  345. a.num = AuthAs;
  346. memmove(a.chal, s->cchal, sizeof(a.chal));
  347. a.id = 0;
  348. convA2M(&a, s->tbuf+TICKETLEN, s->t.key);
  349. s->phase = HaveSauthenticator;
  350. break;
  351. }
  352. return m;
  353. }
  354. int
  355. authuid(Auth* s)
  356. {
  357. return s->uid;
  358. }
  359. char*
  360. authaname(Auth* s)
  361. {
  362. return s->aname;
  363. }
  364. char*
  365. authuname(Auth* s)
  366. {
  367. return s->uname;
  368. }