sys/src/cmd/cwfs/auth.c

   1 #include "all.h"
   2 #include "io.h"
   3 #include <authsrv.h>
   4 #include <auth.h>
   5
   6 Nvrsafe nvr;
   7
   8 static int gotnvr;      /* flag: nvr contains nvram; it could be bad */
   9
  10 char*
  11 nvrgetconfig(void)
  12 {
  13         return conf.confdev;
  14 }
  15
  16 /*
  17  * we shouldn't be writing nvram any more.
  18  * the secstore/config field is now just secstore key.
  19  */
  20
  21 int
  22 nvrcheck(void)
  23 {
  24         uchar csum;
  25
  26         if (readnvram(&nvr, NVread) < 0) {
  27                 fprint(2, "nvrcheck: can't read nvram\n");
  28                 return 1;
  29         } else
  30                 gotnvr = 1;
  31
  32         if(chatty)
  33                 print("nvr read\n");
  34
  35         csum = nvcsum(nvr.machkey, sizeof nvr.machkey);
  36         if(csum != nvr.machsum) {
  37                 fprint(2, "\n\n ** NVR key checksum is incorrect  **\n");
  38                 fprint(2, " ** set password to allow attaches **\n\n");
  39                 memset(nvr.machkey, 0, sizeof nvr.machkey);
  40                 return 1;
  41         }
  42
  43         return 0;
  44 }
  45
  46 int
  47 nvrsetconfig(char* word)
  48 {
  49         /* config block is on device `word' */
  50         USED(word);
  51         return 0;
  52 }
  53
  54 int
  55 conslock(void)
  56 {
  57         char *ln;
  58         char nkey1[DESKEYLEN];
  59         static char zeroes[DESKEYLEN];
  60
  61         if(memcmp(nvr.machkey, zeroes, DESKEYLEN) == 0) {
  62                 print("no password set\n");
  63                 return 0;
  64         }
  65
  66         for(;;) {
  67                 print("%s password:", service);
  68                 /* could turn off echo here */
  69
  70                 if ((ln = Brdline(&bin, '\n')) == nil)
  71                         return 0;
  72                 ln[Blinelen(&bin)-1] = '\0';
  73
  74                 /* could turn on echo here */
  75                 memset(nkey1, 0, DESKEYLEN);
  76                 passtokey(nkey1, ln);
  77                 if(memcmp(nkey1, nvr.machkey, DESKEYLEN) == 0) {
  78                         prdate();
  79                         break;
  80                 }
  81
  82                 print("Bad password\n");
  83                 delay(1000);
  84         }
  85         return 1;
  86 }
  87
  88 static char *keyspec = "proto=p9any role=server";
  89
  90 void*
  91 authnew(void)
  92 {
  93         AuthRpc *rpc;
  94         int fd;
  95
  96         if(access("/mnt/factotum", 0) < 0)
  97                 if((fd = open("/srv/factotum", ORDWR)) >= 0)
  98                         mount(fd, -1, "/mnt", MBEFORE, "");
  99         if((fd = open("/mnt/factotum/rpc", ORDWR)) < 0)
 100                 return nil;
 101         if((rpc = auth_allocrpc(fd)) == nil){
 102                 close(fd);
 103                 return nil;
 104         }
 105         if(auth_rpc(rpc, "start", keyspec, strlen(keyspec)) != ARok){
 106                 auth_freerpc(rpc);
 107                 return nil;
 108         }
 109         return rpc;
 110 }
 111
 112 void
 113 authfree(void *auth)
 114 {
 115         AuthRpc *rpc;
 116
 117         if(rpc = auth)
 118                 auth_freerpc(rpc);
 119 }
 120
 121 int
 122 authread(File *file, uchar *data, int count)
 123 {
 124         AuthInfo *ai;
 125         AuthRpc *rpc;
 126         Chan *chan;
 127
 128         chan = file->cp;
 129         if((rpc = file->auth) == nil){
 130                 snprint(chan->err, sizeof(chan->err),
 131                         "not an auth fid");
 132                 return -1;
 133         }
 134
 135         switch(auth_rpc(rpc, "read", nil, 0)){
 136         default:
 137                 snprint(chan->err, sizeof(chan->err),
 138                         "authread: auth protocol not finished");
 139                 return -1;
 140         case ARdone:
 141                 if((ai = auth_getinfo(rpc)) == nil)
 142                         goto Phase;
 143                 file->uid = strtouid(ai->cuid);
 144                 auth_freeAI(ai);
 145                 if(file->uid < 0){
 146                         snprint(chan->err, sizeof(chan->err),
 147                                 "unknown user '%s'", ai->cuid);
 148                         return -1;
 149                 }
 150                 return 0;
 151         case ARok:
 152                 if(count < rpc->narg){
 153                         snprint(chan->err, sizeof(chan->err),
 154                                 "not enough data in auth read");
 155                         return -1;
 156                 }
 157                 memmove(data, rpc->arg, rpc->narg);
 158                 return rpc->narg;
 159         case ARphase:
 160         Phase:
 161                 rerrstr(chan->err, sizeof(chan->err));
 162                 return -1;
 163         }
 164 }
 165
 166 int
 167 authwrite(File *file, uchar *data, int count)
 168 {
 169         AuthRpc *rpc;
 170         Chan *chan;
 171
 172         chan = file->cp;
 173         if((rpc = file->auth) == nil){
 174                 snprint(chan->err, sizeof(chan->err),
 175                         "not an auth fid");
 176                 return -1;
 177         }
 178         if(auth_rpc(rpc, "write", data, count) != ARok){
 179                 rerrstr(chan->err, sizeof(chan->err));
 180                 return -1;
 181         }
 182         return count;
 183 }
 184