sys/src/cmd/cwfs/auth.c

   1 #include "all.h"
   2 #include "io.h"
   3 #include <authsrv.h>
   4 #include <auth.h>
   5
   6 Nvrsafe nvr;
   7
   8 static int gotnvr;      /* flag: nvr contains nvram; it could be bad */
   9
  10 char*
  11 nvrgetconfig(void)
  12 {
  13         return conf.confdev;
  14 }
  15
  16 /*
  17  * we shouldn't be writing nvram any more.
  18  * the secstore/config field is now just secstore key.
  19  */
  20
  21 int
  22 nvrcheck(void)
  23 {
  24         uchar csum;
  25
  26         if (readnvram(&nvr, NVread) < 0) {
  27                 print("nvrcheck: can't read nvram\n");
  28                 return 1;
  29         } else
  30                 gotnvr = 1;
  31         print("nvr read\n");
  32
  33         csum = nvcsum(nvr.machkey, sizeof nvr.machkey);
  34         if(csum != nvr.machsum) {
  35                 print("\n\n ** NVR key checksum is incorrect  **\n");
  36                 print(" ** set password to allow attaches **\n\n");
  37                 memset(nvr.machkey, 0, sizeof nvr.machkey);
  38                 return 1;
  39         }
  40
  41         return 0;
  42 }
  43
  44 int
  45 nvrsetconfig(char* word)
  46 {
  47         /* config block is on device `word' */
  48         USED(word);
  49         return 0;
  50 }
  51
  52 int
  53 conslock(void)
  54 {
  55         char *ln;
  56         char nkey1[DESKEYLEN];
  57         static char zeroes[DESKEYLEN];
  58
  59         if(memcmp(nvr.machkey, zeroes, DESKEYLEN) == 0) {
  60                 print("no password set\n");
  61                 return 0;
  62         }
  63
  64         for(;;) {
  65                 print("%s password:", service);
  66                 /* could turn off echo here */
  67
  68                 if ((ln = Brdline(&bin, '\n')) == nil)
  69                         return 0;
  70                 ln[Blinelen(&bin)-1] = '\0';
  71
  72                 /* could turn on echo here */
  73                 memset(nkey1, 0, DESKEYLEN);
  74                 passtokey(nkey1, ln);
  75                 if(memcmp(nkey1, nvr.machkey, DESKEYLEN) == 0) {
  76                         prdate();
  77                         break;
  78                 }
  79
  80                 print("Bad password\n");
  81                 delay(1000);
  82         }
  83         return 1;
  84 }
  85
  86 static char *keyspec = "proto=p9any role=server";
  87
  88 void*
  89 authnew(void)
  90 {
  91         AuthRpc *rpc;
  92         int fd;
  93
  94         if(access("/mnt/factotum", 0) < 0)
  95                 if((fd = open("/srv/factotum", ORDWR)) >= 0)
  96                         mount(fd, -1, "/mnt", MBEFORE, "");
  97         if((fd = open("/mnt/factotum/rpc", ORDWR)) < 0)
  98                 return nil;
  99         if((rpc = auth_allocrpc(fd)) == nil){
 100                 close(fd);
 101                 return nil;
 102         }
 103         if(auth_rpc(rpc, "start", keyspec, strlen(keyspec)) != ARok){
 104                 auth_freerpc(rpc);
 105                 return nil;
 106         }
 107         return rpc;
 108 }
 109
 110 void
 111 authfree(void *auth)
 112 {
 113         AuthRpc *rpc;
 114
 115         if(rpc = auth)
 116                 auth_freerpc(rpc);
 117 }
 118
 119 int
 120 authread(File *file, uchar *data, int count)
 121 {
 122         AuthInfo *ai;
 123         AuthRpc *rpc;
 124
 125         if((rpc = file->auth) == nil)
 126                 return -1;
 127         switch(auth_rpc(rpc, "read", nil, 0)){
 128         case ARdone:
 129                 if((ai = auth_getinfo(rpc)) == nil)
 130                         return -1;
 131                 file->uid = strtouid(ai->cuid);
 132                 auth_freeAI(ai);
 133                 if(file->uid < 0)
 134                         return -1;
 135                 return 0;
 136         case ARok:
 137                 if(count < rpc->narg)
 138                         return -1;
 139                 memmove(data, rpc->arg, rpc->narg);
 140                 return rpc->narg;
 141         case ARphase:
 142                 return -1;
 143         default:
 144                 return -1;
 145         }
 146 }
 147
 148 int
 149 authwrite(File *file, uchar *data, int count)
 150 {
 151         AuthRpc *rpc;
 152
 153         if((rpc = file->auth) == nil)
 154                 return -1;
 155         if(auth_rpc(rpc, "write", data, count) != ARok)
 156                 return -1;
 157         return count;
 158 }
 159