2 * cpu.c - Make a connection to a cpu server
4 * Invoked by listen as 'cpu -R | -N service net netdir'
5 * by users as 'cpu [-h system] [-c cmd args ...]'
17 void remoteside(void);
18 void fatal(char*, ...);
19 void lclnoteproc(int);
20 void rmtnoteproc(void);
21 void catcher(void*, char*);
23 void writestr(int, char*, char*, int);
24 int readstr(int, char*, int);
25 char *rexcall(int*, char*, char*);
39 char *srvname = "ncpu";
40 char *exportfs = "/bin/exportfs";
41 char *ealgs = "rc4_256 sha1";
43 /* message size for exportfs; may be larger so we can do big graphics in CPU window */
44 int msgsize = Maxfdata+IOHDRSZ;
46 /* encryption mechanisms */
47 static int clear(int);
49 int (*encryption)(int) = clear;
51 /* authentication mechanisms */
52 static int netkeyauth(int);
53 static int netkeysrvauth(int, char*);
54 static int p9auth(int);
55 static int srvp9auth(int, char*);
56 static int noauth(int);
57 static int srvnoauth(int, char*);
59 typedef struct AuthMethod AuthMethod;
61 char *name; /* name of method */
62 int (*cf)(int); /* client side authentication */
63 int (*sf)(int, char*); /* server side authentication */
65 { "p9", p9auth, srvp9auth,},
66 { "netkey", netkeyauth, netkeysrvauth,},
67 { "none", noauth, srvnoauth,},
70 AuthMethod *am = authmethod; /* default is p9 */
74 char *aan = "/bin/aan";
75 char *anstring = "tcp!*!0";
78 int filter(int fd, char *host);
83 fprint(2, "usage: cpu [-p] [-h system] [-u user] [-a authmethod] "
84 "[-e 'crypt hash'] [-k keypattern] [-P patternfile] "
85 "[-c cmd arg ...]\n");
90 * reading /proc/pid/args yields either "name args" or "name [display args]",
91 * so return only args or display args.
100 snprint(buf, sizeof buf, "#p/%d/args", getpid());
101 if((fd = open(buf, OREAD)) < 0)
104 n = read(fd, buf, sizeof buf-1);
108 if ((lp = strchr(buf, '[')) == nil || (rp = strrchr(buf, ']')) == nil) {
109 lp = strchr(buf, ' ');
120 main(int argc, char **argv)
122 char dat[MaxStr], buf[MaxStr], cmd[MaxStr], *p, *s, *err;
123 int ac, fd, ms, data;
127 origargs = procgetname();
128 /* see if we should use a larger message size */
129 fd = open("/dev/draw", OREAD);
132 if(msgsize < ms+IOHDRSZ)
133 msgsize = ms+IOHDRSZ;
139 fatal("can't read user name: %r");
144 fatal("unknown auth method %s", p);
147 ealgs = EARGF(usage());
148 if(*ealgs == 0 || strcmp(ealgs, "clear") == 0)
155 /* ignored but accepted for compatibility */
158 /* must be specified before -R/-O */
162 anstring = EARGF(usage());
164 case 'R': /* From listen */
168 system = EARGF(usage());
176 s = seprint(s, cmd+sizeof(cmd), " %q", p);
179 keyspec = smprint("%s %s", keyspec, EARGF(usage()));
182 patternfile = EARGF(usage());
185 user = EARGF(usage());
186 keyspec = smprint("%s user=%s", keyspec, user);
206 if(err = rexcall(&data, system, srvname))
207 fatal("%s: %s: %r", err, system);
209 procsetname("%s", origargs);
210 /* Tell the remote side the command to execute and where our working directory is */
212 writestr(data, cmd, "command", 0);
213 if(getwd(dat, sizeof(dat)) == 0)
214 writestr(data, "NO", "dir", 0);
216 writestr(data, dat, "dir", 0);
218 /* start up a process to pass along notes */
222 * Wait for the other end to execute and start our file service
225 if(readstr(data, buf, sizeof(buf)) < 0)
226 fatal("waiting for FS: %r");
227 if(strncmp("FS", buf, 2) != 0) {
228 print("remote cpu: %s", buf);
232 /* Begin serving the gnot namespace */
237 sprint(buf, "%d", msgsize);
244 if(patternfile != nil){
246 av[ac++] = patternfile;
250 fatal("starting exportfs: %r");
254 fatal(char *fmt, ...)
260 vsnprint(buf, sizeof(buf), fmt, arg);
262 fprint(2, "cpu: %s\n", buf);
263 syslog(0, "cpu", "%s", buf);
267 char *negstr = "negotiating authentication method";
269 /* Invoked with stdin and stdout connected to the network connection */
273 char user[MaxStr], buf[MaxStr], xdir[MaxStr], cmd[MaxStr];
274 int i, n, fd, badchdir, gotcmd;
277 putenv("service", "cpu");
280 /* negotiate authentication mechanism */
281 n = readstr(fd, cmd, sizeof(cmd));
283 fatal("authenticating: %r");
285 if(strcmp(cmd, "aan") == 0){
287 writestr(fd, "", nil, 1);
288 n = readstr(fd, cmd, sizeof(cmd));
290 fatal("authenticating: %r");
292 if(setamalg(cmd) < 0 || (nflag == 0 && am->sf == srvnoauth)) {
293 writestr(fd, "unsupported auth method", nil, 0);
294 fatal("bad auth method %s", cmd);
296 writestr(fd, "", "", 1);
298 if((fd = (*am->sf)(fd, user)) < 0)
299 fatal("srvauth: %r");
300 if((fd = filter(fd, nil)) < 0)
302 if((fd = encryption(fd)) < 0)
303 fatal("encrypt: %r");
305 /* Now collect invoking cpu's current directory or possibly a command */
307 if(readstr(fd, xdir, sizeof(xdir)) < 0)
308 fatal("dir/cmd: %r");
310 strcpy(cmd, &xdir[1]);
312 if(readstr(fd, xdir, sizeof(xdir)) < 0)
316 /* Establish the new process at the current working directory of the gnot */
318 if(strcmp(xdir, "NO") != 0)
322 /* Start the gnot serving its namespace */
323 writestr(fd, "FS", "FS", 0);
324 writestr(fd, "/", "exportfs dir", 0);
326 n = read(fd, buf, sizeof(buf));
327 if(n != 2 || buf[0] != 'O' || buf[1] != 'K')
328 exits("remote tree");
330 /* make sure buffers are big by doing fversion explicitly; pick a huge number; other side will trim */
331 strcpy(buf, VERSION9P);
332 if(fversion(fd, 64*1024, buf, sizeof buf) < 0)
333 exits("fversion failed");
334 if(mount(fd, -1, "/mnt/term", MCREATE|MREPL, "") == -1)
335 exits("mount failed");
339 /* the remote noteproc uses the mount so it must follow it */
342 for(i = 0; i < 3; i++)
345 if(open("/mnt/term/dev/cons", OREAD) != 0)
347 if(open("/mnt/term/dev/cons", OWRITE) != 1)
348 exits("open stdout");
352 print("cpu: failed to chdir to '%s'\n", xdir);
355 execl("/bin/rc", "rc", "-lc", cmd, nil);
357 execl("/bin/rc", "rc", "-li", nil);
358 fatal("exec shell: %r");
362 rexcall(int *fd, char *host, char *service)
369 na = netmkaddr(host, 0, service);
370 procsetname("dialing %s", na);
371 if((*fd = dial(na, 0, 0, 0)) < 0)
374 /* negotiate aan filter extension */
376 writestr(*fd, "aan", "negotiating aan", 0);
377 n = readstr(*fd, err, sizeof err);
379 return "negotiating aan";
381 errstr(err, sizeof err);
386 /* negotiate authentication mechanism */
388 snprint(msg, sizeof(msg), "%s %s", am->name, ealgs);
390 snprint(msg, sizeof(msg), "%s", am->name);
391 procsetname("writing %s", msg);
392 writestr(*fd, msg, negstr, 0);
393 procsetname("awaiting auth method");
394 n = readstr(*fd, err, sizeof err);
398 errstr(err, sizeof err);
403 procsetname("%s: auth via %s", origargs, am->name);
404 if((*fd = (*am->cf)(*fd)) < 0)
405 return "can't authenticate";
406 if((*fd = filter(*fd, system)) < 0)
407 return "can't filter";
408 if((*fd = encryption(*fd)) < 0)
409 return "can't encrypt";
414 writestr(int fd, char *str, char *thing, int ignore)
419 n = write(fd, str, l+1);
421 fatal("writing network: %s: %r", thing);
425 readstr(int fd, char *str, int len)
430 n = read(fd, str, 1);
442 readln(char *buf, int n)
447 n--; /* room for \0 */
450 if(read(0, p, 1) != 1)
452 if(*p == '\n' || *p == '\r')
461 * chown network connection
464 setnetuser(int fd, char *user)
474 * user level challenge/response
482 strecpy(chall, chall+sizeof chall, getuser());
483 print("user[%s]: ", chall);
484 if(readln(resp, sizeof(resp)) < 0)
488 writestr(fd, chall, "challenge/response", 1);
491 if(readstr(fd, chall, sizeof chall) < 0)
495 print("challenge: %s\nresponse: ", chall);
496 if(readln(resp, sizeof(resp)) < 0)
498 writestr(fd, resp, "challenge/response", 1);
504 netkeysrvauth(int fd, char *user)
511 if(readstr(fd, user, MaxStr) < 0)
516 for(tries = 0; tries < 10; tries++){
517 if((ch = auth_challenge("proto=p9cr role=server user=%q", user)) == nil)
519 writestr(fd, ch->chal, "challenge", 1);
520 if(readstr(fd, response, sizeof response) < 0)
523 ch->nresp = strlen(response);
524 if((ai = auth_response(ch)) != nil)
530 writestr(fd, "", "challenge", 1);
531 if(auth_chuid(ai, 0) < 0)
533 setnetuser(fd, ai->cuid);
544 static char sslsecret[2][21];
549 return pushssl(fd, ealgs, sslsecret[0], sslsecret[1], nil);
553 mksecret(char *t, uchar *f)
555 sprint(t, "%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux",
556 f[0], f[1], f[2], f[3], f[4], f[5], f[6], f[7], f[8], f[9]);
560 sslsetup(int fd, uchar *secret, int nsecret, int isclient)
562 uchar key[16], digest[SHA1dlen];
569 werrstr("secret too small to ssl");
572 memmove(key+4, secret, 8);
574 /* exchange random numbers */
578 for(i = 0; i < 4; i++)
580 if(write(fd, key, 4) != 4)
582 if(readn(fd, key+12, 4) != 4)
585 for(i = 0; i < 4; i++)
587 if(readn(fd, key, 4) != 4)
589 if(write(fd, key+12, 4) != 4)
593 /* scramble into two secrets */
594 sha1(key, sizeof(key), digest, nil);
595 mksecret(sslsecret[isclient == 0], digest);
596 mksecret(sslsecret[isclient != 0], digest+10);
598 encryption = sslencrypt;
604 * plan9 authentication followed by rc4 encryption
611 ai = auth_proxy(fd, auth_getkey, "proto=p9any role=client %s", keyspec);
614 fd = sslsetup(fd, ai->secret, ai->nsecret, 1);
627 srvnoauth(int fd, char *user)
629 strecpy(user, user+MaxStr, getuser());
636 srvp9auth(int fd, char *user)
640 ai = auth_proxy(fd, nil, "proto=p9any role=server %s", keyspec);
643 if(auth_chuid(ai, nil) < 0)
645 setnetuser(fd, ai->cuid);
646 snprint(user, MaxStr, "%s", ai->cuid);
647 fd = sslsetup(fd, ai->secret, ai->nsecret, 0);
653 * set authentication mechanism
658 for(am = authmethod; am->name != nil; am++)
659 if(strcmp(am->name, name) == 0)
666 * set authentication mechanism and encryption/hash algs
671 ealgs = strchr(s, ' ');
678 filter(int fd, char *host)
680 char addr[128], buf[256], *s, *file, *argv[16];
681 int p[2], lfd, flags, len, argc;
685 procsetname("filter %s", filterp);
686 flags = RFNOWAIT|RFPROC|RFMEM|RFFDG|RFREND;
689 if(announce(anstring, addr) < 0)
690 fatal("filter: Cannot announce %s: %r", anstring);
691 snprint(buf, sizeof(buf), "%s/local", addr);
692 if((lfd = open(buf, OREAD)) < 0)
693 fatal("filter: Cannot open %s: %r", buf);
694 if((len = read(lfd, buf, sizeof buf - 1)) < 0)
695 fatal("filter: Cannot read %s: %r", buf);
698 if(s = strchr(buf, '\n'))
700 if(write(fd, buf, len) != len)
701 fatal("filter: cannot write port; %r");
705 if((len = read(fd, buf, sizeof buf - 1)) < 0)
706 fatal("filter: cannot read port; %r");
708 if((s = strrchr(buf, '!')) == nil)
709 fatal("filter: malformed remote port: %s", buf);
710 strecpy(addr, addr+sizeof(addr), netmkaddr(host, "tcp", s+1));
711 strecpy(strrchr(addr, '!'), addr+sizeof(addr), s);
714 snprint(buf, sizeof(buf), "%s", filterp);
715 if((argc = tokenize(buf, argv, nelem(argv)-3)) <= 0)
716 fatal("filter: empty command");
722 if(s = strrchr(argv[0], '/'))
726 fatal("filter: pipe; %r");
728 switch(rfork(flags)) {
730 fatal("filter: rfork; %r\n");
732 if (dup(p[0], 1) < 0)
733 fatal("filter: Cannot dup to 1; %r");
734 if (dup(p[0], 0) < 0)
735 fatal("filter: Cannot dup to 0; %r");
739 fatal("filter: exec; %r");
747 char *rmtnotefile = "/mnt/term/dev/cpunote";
750 * loop reading /mnt/term/dev/note looking for notes.
751 * The child returns to start the shell.
756 int n, fd, pid, notepid;
759 /* new proc returns to start shell */
760 pid = rfork(RFPROC|RFFDG|RFNOTEG|RFNAMEG|RFMEM);
763 syslog(0, "cpu", "cpu -R: can't start noteproc: %r");
769 /* new proc reads notes from other side and posts them to shell */
770 switch(notepid = rfork(RFPROC|RFFDG|RFMEM)){
772 syslog(0, "cpu", "cpu -R: can't start wait proc: %r");
775 fd = open(rmtnotefile, OREAD);
780 n = read(fd, buf, sizeof(buf)-1);
782 postnote(PNGROUP, pid, "hangup");
786 postnote(PNGROUP, pid, buf);
790 /* original proc waits for shell proc to die and kills note proc */
793 if(n < 0 || n == pid)
796 postnote(PNPROC, notepid, "kill");
814 [Qdir] { ".", {Qdir, 0, QTDIR}, DMDIR|0555 },
815 [Qcpunote] { "cpunote", {Qcpunote, 0}, 0444 },
818 typedef struct Note Note;
825 typedef struct Request Request;
832 typedef struct Fid Fid;
843 Note *nfirst, *nlast;
844 Request *rfirst, *rlast;
848 fsreply(int fd, Fcall *f)
850 uchar buf[IOHDRSZ+Maxfdata];
854 fprint(2, "notefs: <-%F\n", f);
855 n = convS2M(f, buf, sizeof buf);
857 if(write(fd, buf, n) != n){
865 /* match a note read request with a note, reply to the request */
877 if(rp == nil || np == nil){
881 nfs.rfirst = rp->next;
882 nfs.nfirst = np->next;
886 rp->f.count = strlen(np->msg);
887 rp->f.data = np->msg;
888 rv = fsreply(fd, &rp->f);
903 for(l = &nfs.rfirst; *l != nil; l = &(*l)->next){
905 if(rp->f.tag == tag){
921 for(i = 0; i < Nfid; i++){
922 if(freefid < 0 && fids[i].file < 0)
924 if(fids[i].fid == fid)
928 fids[freefid].fid = fid;
929 return &fids[freefid];
935 fsstat(int fd, Fid *fid, Fcall *f)
940 memset(&d, 0, sizeof(d));
941 d.name = fstab[fid->file].name;
945 d.qid = fstab[fid->file].qid;
946 d.mode = fstab[fid->file].perm;
947 d.atime = d.mtime = time(0);
949 f->nstat = convD2M(&d, statbuf, sizeof statbuf);
950 return fsreply(fd, f);
954 fsread(int fd, Fid *fid, Fcall *f)
964 if(f->offset == 0 && f->count >0){
965 memset(&d, 0, sizeof(d));
966 d.name = fstab[Qcpunote].name;
970 d.qid = fstab[Qcpunote].qid;
971 d.mode = fstab[Qcpunote].perm;
972 d.atime = d.mtime = time(0);
973 f->count = convD2M(&d, buf, sizeof buf);
974 f->data = (char*)buf;
977 return fsreply(fd, f);
979 rp = mallocz(sizeof(*rp), 1);
984 if(nfs.rfirst == nil)
987 nfs.rlast->next = rp;
994 char Eperm[] = "permission denied";
995 char Enofile[] = "out of files";
996 char Enotdir[] = "not a directory";
1001 uchar buf[IOHDRSZ+Maxfdata];
1009 fmtinstall('F', fcallfmt);
1011 for(n = 0; n < Nfid; n++){
1018 n = read9pmsg(fd, buf, sizeof(buf));
1019 if(n <= 0 || convM2S(buf, n, &f) != n)
1022 fprint(2, "notefs: ->%F\n", &f);
1024 fid = getfid(f.fid);
1035 f.ename = "unknown type";
1041 if(f.msize > IOHDRSZ+Maxfdata)
1042 f.msize = IOHDRSZ+Maxfdata;
1046 f.ename = "authentication not required";
1049 f.qid = fstab[Qdir].qid;
1054 if(f.newfid != f.fid){
1055 nfid = getfid(f.newfid);
1058 nfid->file = fid->file;
1061 for(i=0; i<f.nwname && i<MAXWELEM; i++){
1062 if(fid->file != Qdir){
1067 if(strcmp(f.wname[i], "..") == 0){
1068 wqid[i] = fstab[Qdir].qid;
1071 if(strcmp(f.wname[i], "cpunote") != 0){
1074 f.ename = "file does not exist";
1078 fid->file = Qcpunote;
1079 wqid[i] = fstab[Qcpunote].qid;
1081 if(nfid != nil && (f.type == Rerror || i < f.nwname))
1083 if(f.type != Rerror){
1085 for(i=0; i<f.nwqid; i++)
1086 f.wqid[i] = wqid[i];
1090 if(f.mode != OREAD){
1095 fid->omode = f.mode;
1096 if(fid->file == Qcpunote)
1098 f.qid = fstab[fid->file].qid;
1102 if(fsread(fd, fid, &f) < 0)
1107 if(fid->omode != -1 && fid->file == Qcpunote){
1109 if(ncpunote == 0) /* remote side is done */
1116 if(fsstat(fd, fid, &f) < 0)
1129 if(fsreply(fd, &f) < 0)
1134 fprint(2, "notefs exiting: %r\n");
1136 postnote(PNGROUP, exportpid, "kill");
1138 fprint(2, "postnote PNGROUP %d: %r\n", exportpid);
1142 char notebuf[ERRMAX];
1145 catcher(void*, char *text)
1150 if(n >= sizeof(notebuf))
1151 n = sizeof(notebuf)-1;
1152 memmove(notebuf, text, n);
1158 * mount in /dev a note file for the remote side to read.
1161 lclnoteproc(int netfd)
1169 fprint(2, "cpu: can't start note proc: pipe: %r\n");
1173 /* new proc mounts and returns to start exportfs */
1174 switch(pid = rfork(RFPROC|RFNAMEG|RFFDG|RFMEM)){
1179 fprint(2, "cpu: can't start note proc: rfork: %r\n");
1183 if(mount(pfd[1], -1, "/dev", MBEFORE, "") == -1)
1184 fprint(2, "cpu: can't mount note proc: %r\n");
1192 /* new proc listens for note file system rpc's */
1193 switch(rfork(RFPROC|RFNAMEG|RFMEM)){
1195 fprint(2, "cpu: can't start note proc: rfork1: %r\n");
1202 /* original proc waits for notes */
1212 np = mallocz(sizeof(Note), 1);
1214 strcpy(np->msg, notebuf);
1216 if(nfs.nfirst == nil)
1219 nfs.nlast->next = np;
1225 } else if(w->pid == exportpid)
1232 /* exits(w->msg); */