sys/src/cmd/cwfs/auth.c

   1 #include "all.h"
   2 #include "io.h"
   3 #include <authsrv.h>
   4 #include <auth.h>
   5
   6 Nvrsafe nvr;
   7
   8 static int gotnvr;      /* flag: nvr contains nvram; it could be bad */
   9
  10 char*
  11 nvrgetconfig(void)
  12 {
  13         return conf.confdev;
  14 }
  15
  16 /*
  17  * we shouldn't be writing nvram any more.
  18  * the secstore/config field is now just secstore key.
  19  * we still use authid, authdom and machkey for authentication.
  20  */
  21
  22 int
  23 nvrcheck(void)
  24 {
  25         uchar csum;
  26
  27         if (readnvram(&nvr, NVread) < 0) {
  28                 print("nvrcheck: can't read nvram\n");
  29                 return 1;
  30         } else
  31                 gotnvr = 1;
  32         print("nvr read\n");
  33
  34         csum = nvcsum(nvr.machkey, sizeof nvr.machkey);
  35         if(csum != nvr.machsum) {
  36                 print("\n\n ** NVR key checksum is incorrect  **\n");
  37                 print(" ** set password to allow attaches **\n\n");
  38                 memset(nvr.machkey, 0, sizeof nvr.machkey);
  39                 return 1;
  40         }
  41
  42         return 0;
  43 }
  44
  45 int
  46 nvrsetconfig(char* word)
  47 {
  48         /* config block is on device `word' */
  49         USED(word);
  50         return 0;
  51 }
  52
  53 int
  54 conslock(void)
  55 {
  56         char *ln;
  57         char nkey1[DESKEYLEN];
  58         static char zeroes[DESKEYLEN];
  59
  60         if(memcmp(nvr.machkey, zeroes, DESKEYLEN) == 0) {
  61                 print("no password set\n");
  62                 return 0;
  63         }
  64
  65         for(;;) {
  66                 print("%s password:", service);
  67                 /* could turn off echo here */
  68
  69                 if ((ln = Brdline(&bin, '\n')) == nil)
  70                         return 0;
  71                 ln[Blinelen(&bin)-1] = '\0';
  72
  73                 /* could turn on echo here */
  74                 memset(nkey1, 0, DESKEYLEN);
  75                 passtokey(nkey1, ln);
  76                 if(memcmp(nkey1, nvr.machkey, DESKEYLEN) == 0) {
  77                         prdate();
  78                         break;
  79                 }
  80
  81                 print("Bad password\n");
  82                 delay(1000);
  83         }
  84         return 1;
  85 }
  86
  87 /* authentication structure */
  88 struct  Auth
  89 {
  90         int     inuse;
  91         char    uname[NAMELEN]; /* requestor's remote user name */
  92         char    aname[NAMELEN]; /* requested aname */
  93         Userid  uid;            /* uid decided on */
  94         AuthRpc *rpc;
  95 };
  96
  97 Auth*   auths;
  98 Lock    authlock;
  99
 100 void
 101 authinit(void)
 102 {
 103         auths = malloc(conf.nauth * sizeof(*auths));
 104 }
 105
 106 static int
 107 failure(Auth *s, char *why)
 108 {
 109         AuthRpc *rpc;
 110
 111         if(why && *why)print("authentication failed: %s: %r\n", why);
 112         s->uid = -1;
 113         if(rpc = s->rpc){
 114                 s->rpc = 0;
 115                 auth_freerpc(rpc);
 116         }
 117         return -1;
 118 }
 119
 120 Auth*
 121 authnew(char *uname, char *aname)
 122 {
 123         static int si = 0;
 124         int afd, i, nwrap;
 125         Auth *s;
 126
 127         i = si;
 128         nwrap = 0;
 129         for(;;){
 130                 if(i < 0 || i >= conf.nauth){
 131                         if(++nwrap > 1)
 132                                 return nil;
 133                         i = 0;
 134                 }
 135                 s = &auths[i++];
 136                 if(s->inuse)
 137                         continue;
 138                 lock(&authlock);
 139                 if(s->inuse == 0){
 140                         s->inuse = 1;
 141                         strncpy(s->uname, uname, NAMELEN-1);
 142                         strncpy(s->aname, aname, NAMELEN-1);
 143                         failure(s, "");
 144                         si = i;
 145                         unlock(&authlock);
 146                         break;
 147                 }
 148                 unlock(&authlock);
 149         }
 150         if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0){
 151                 failure(s, "open /mnt/factotum/rpc");
 152                 return s;
 153         }
 154         if((s->rpc = auth_allocrpc(afd)) == 0){
 155                 failure(s, "auth_allocrpc");
 156                 close(afd);
 157                 return s;
 158         }
 159         if(auth_rpc(s->rpc, "start", "proto=p9any role=server", 23) != ARok)
 160                 failure(s, "auth_rpc: start");
 161         return s;
 162 }
 163
 164 void
 165 authfree(Auth *s)
 166 {
 167         if(s){
 168                 failure(s, "");
 169                 s->inuse = 0;
 170         }
 171 }
 172
 173 int
 174 authread(File* file, uchar* data, int n)
 175 {
 176         AuthInfo *ai;
 177         Auth *s;
 178
 179         s = file->auth;
 180         if(s == nil)
 181                 return -1;
 182         if(s->rpc == nil)
 183                 return -1;
 184         switch(auth_rpc(s->rpc, "read", nil, 0)){
 185         default:
 186                 failure(s, "auth_rpc: read");
 187                 break;
 188         case ARdone:
 189                 if((ai = auth_getinfo(s->rpc)) == nil){
 190                         failure(s, "auth_getinfo failed");
 191                         break;
 192                 }
 193                 if(ai->cuid == nil || *ai->cuid == '\0'){
 194                         failure(s, "auth with no cuid");
 195                         auth_freeAI(ai);
 196                         break;
 197                 }
 198                 failure(s, "");
 199                 s->uid = strtouid(ai->cuid);
 200                 auth_freeAI(ai);
 201                 return 0;
 202         case ARok:
 203                 if(n < s->rpc->narg)
 204                         break;
 205                 memmove(data, s->rpc->arg, s->rpc->narg);
 206                 return s->rpc->narg;
 207         }
 208         return -1;
 209 }
 210
 211 int
 212 authwrite(File* file, uchar *data, int n)
 213 {
 214         Auth *s;
 215
 216         s = file->auth;
 217         if(s == nil)
 218                 return -1;
 219         if(s->rpc == nil)
 220                 return -1;
 221         if(auth_rpc(s->rpc, "write", data, n) != ARok){
 222                 failure(s, "auth_rpc: write");
 223                 return -1;
 224         }
 225         return n;
 226 }
 227
 228 int
 229 authuid(Auth* s)
 230 {
 231         return s->uid;
 232 }
 233
 234 char*
 235 authaname(Auth* s)
 236 {
 237         return s->aname;
 238 }
 239
 240 char*
 241 authuname(Auth* s)
 242 {
 243         return s->uname;
 244 }