cwfs: remove p9sk1 code, use factotum
This commit is contained in:
cinap_lenrek
parent
0159ee648e
commit
11f3fac32c
3 changed files with 61 additions and 141 deletions
|
|
@ -214,7 +214,7 @@ out:
|
|||
return error;
|
||||
}
|
||||
|
||||
int
|
||||
static int
|
||||
authorize(Chan* chan, Fcall* f)
|
||||
{
|
||||
File* af;
|
||||
|
|
@ -244,6 +244,10 @@ authorize(Chan* chan, Fcall* f)
|
|||
print("authorize: af == nil\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* fake read to get auth info */
|
||||
authread(af, nil, 0);
|
||||
|
||||
if(af->auth == nil){
|
||||
if(db)
|
||||
print("authorize: af->auth == nil\n");
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
#include "all.h"
|
||||
#include "io.h"
|
||||
#include <authsrv.h>
|
||||
#include <auth.h>
|
||||
|
||||
Nvrsafe nvr;
|
||||
|
||||
|
|
@ -83,35 +84,6 @@ conslock(void)
|
|||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* authentication specific to 9P2000
|
||||
*/
|
||||
|
||||
/* authentication states */
|
||||
enum
|
||||
{
|
||||
HaveProtos=1,
|
||||
NeedProto,
|
||||
HaveOK,
|
||||
NeedCchal,
|
||||
HaveSinfo,
|
||||
NeedTicket,
|
||||
HaveSauthenticator,
|
||||
SSuccess,
|
||||
};
|
||||
|
||||
char *phasename[] =
|
||||
{
|
||||
[HaveProtos] "HaveProtos",
|
||||
[NeedProto] "NeedProto",
|
||||
[HaveOK] "HaveOK",
|
||||
[NeedCchal] "NeedCchal",
|
||||
[HaveSinfo] "HaveSinfo",
|
||||
[NeedTicket] "NeedTicket",
|
||||
[HaveSauthenticator] "HaveSauthenticator",
|
||||
[SSuccess] "SSuccess",
|
||||
};
|
||||
|
||||
/* authentication structure */
|
||||
struct Auth
|
||||
{
|
||||
|
|
@ -119,11 +91,7 @@ struct Auth
|
|||
char uname[NAMELEN]; /* requestor's remote user name */
|
||||
char aname[NAMELEN]; /* requested aname */
|
||||
Userid uid; /* uid decided on */
|
||||
int phase;
|
||||
char cchal[CHALLEN];
|
||||
char tbuf[TICKETLEN+AUTHENTLEN]; /* server ticket */
|
||||
Ticket t;
|
||||
Ticketreq tr;
|
||||
AuthRpc *rpc;
|
||||
};
|
||||
|
||||
Auth* auths;
|
||||
|
|
@ -138,17 +106,14 @@ authinit(void)
|
|||
static int
|
||||
failure(Auth *s, char *why)
|
||||
{
|
||||
int i;
|
||||
AuthRpc *rpc;
|
||||
|
||||
if(*why)print("authentication failed: %s: %s\n", phasename[s->phase], why);
|
||||
srand((uintptr)s + time(nil));
|
||||
for(i = 0; i < CHALLEN; i++)
|
||||
s->tr.chal[i] = nrand(256);
|
||||
if(why && *why)print("authentication failed: %s: %r\n", why);
|
||||
s->uid = -1;
|
||||
strncpy(s->tr.authid, nvr.authid, NAMELEN);
|
||||
strncpy(s->tr.authdom, nvr.authdom, DOMLEN);
|
||||
memmove(s->cchal, s->tr.chal, sizeof(s->cchal));
|
||||
s->phase = HaveProtos;
|
||||
if(rpc = s->rpc){
|
||||
s->rpc = 0;
|
||||
auth_freerpc(rpc);
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -156,7 +121,7 @@ Auth*
|
|||
authnew(char *uname, char *aname)
|
||||
{
|
||||
static int si = 0;
|
||||
int i, nwrap;
|
||||
int afd, i, nwrap;
|
||||
Auth *s;
|
||||
|
||||
i = si;
|
||||
|
|
@ -182,129 +147,82 @@ authnew(char *uname, char *aname)
|
|||
}
|
||||
unlock(&authlock);
|
||||
}
|
||||
if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0){
|
||||
failure(s, "open /mnt/factotum/rpc");
|
||||
return s;
|
||||
}
|
||||
if((s->rpc = auth_allocrpc(afd)) == 0){
|
||||
failure(s, "auth_allocrpc");
|
||||
close(afd);
|
||||
return s;
|
||||
}
|
||||
if(auth_rpc(s->rpc, "start", "proto=p9any role=server", 23) != ARok)
|
||||
failure(s, "auth_rpc: start");
|
||||
return s;
|
||||
}
|
||||
|
||||
void
|
||||
authfree(Auth *s)
|
||||
{
|
||||
if(s != nil)
|
||||
if(s){
|
||||
failure(s, "");
|
||||
s->inuse = 0;
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
authread(File* file, uchar* data, int n)
|
||||
{
|
||||
AuthInfo *ai;
|
||||
Auth *s;
|
||||
int m;
|
||||
|
||||
s = file->auth;
|
||||
if(s == nil)
|
||||
return -1;
|
||||
|
||||
switch(s->phase){
|
||||
if(s->rpc == nil)
|
||||
return -1;
|
||||
switch(auth_rpc(s->rpc, "read", nil, 0)){
|
||||
default:
|
||||
return failure(s, "unexpected phase");
|
||||
case HaveProtos:
|
||||
m = snprint((char*)data, n, "v.2 p9sk1@%s", nvr.authdom) + 1;
|
||||
s->phase = NeedProto;
|
||||
break;
|
||||
case HaveOK:
|
||||
m = 3;
|
||||
if(n < m)
|
||||
return failure(s, "read too short");
|
||||
strcpy((char*)data, "OK");
|
||||
s->phase = NeedCchal;
|
||||
break;
|
||||
case HaveSinfo:
|
||||
m = TICKREQLEN;
|
||||
if(n < m)
|
||||
return failure(s, "read too short");
|
||||
convTR2M(&s->tr, (char*)data);
|
||||
s->phase = NeedTicket;
|
||||
break;
|
||||
case HaveSauthenticator:
|
||||
m = AUTHENTLEN;
|
||||
if(n < m)
|
||||
return failure(s, "read too short");
|
||||
memmove(data, s->tbuf+TICKETLEN, m);
|
||||
s->phase = SSuccess;
|
||||
failure(s, "auth_rpc: read");
|
||||
break;
|
||||
case ARdone:
|
||||
if((ai = auth_getinfo(s->rpc)) == nil){
|
||||
failure(s, "auth_getinfo failed");
|
||||
break;
|
||||
}
|
||||
if(ai->cuid == nil || *ai->cuid == '\0'){
|
||||
failure(s, "auth with no cuid");
|
||||
auth_freeAI(ai);
|
||||
break;
|
||||
}
|
||||
failure(s, "");
|
||||
s->uid = strtouid(ai->cuid);
|
||||
auth_freeAI(ai);
|
||||
return 0;
|
||||
case ARok:
|
||||
if(n < s->rpc->narg)
|
||||
break;
|
||||
memmove(data, s->rpc->arg, s->rpc->narg);
|
||||
return s->rpc->narg;
|
||||
}
|
||||
return m;
|
||||
return -1;
|
||||
}
|
||||
|
||||
int
|
||||
authwrite(File* file, uchar *data, int n)
|
||||
{
|
||||
Auth *s;
|
||||
int m;
|
||||
char *p, *d;
|
||||
Authenticator a;
|
||||
|
||||
s = file->auth;
|
||||
if(s == nil)
|
||||
return -1;
|
||||
|
||||
switch(s->phase){
|
||||
default:
|
||||
return failure(s, "unknown phase");
|
||||
case NeedProto:
|
||||
p = (char*)data;
|
||||
if(p[n-1] != 0)
|
||||
return failure(s, "proto missing terminator");
|
||||
d = strchr(p, ' ');
|
||||
if(d == nil)
|
||||
return failure(s, "proto missing separator");
|
||||
*d++ = 0;
|
||||
if(strcmp(p, "p9sk1") != 0)
|
||||
return failure(s, "unknown proto");
|
||||
if(strcmp(d, nvr.authdom) != 0)
|
||||
return failure(s, "unknown domain");
|
||||
s->phase = HaveOK;
|
||||
m = n;
|
||||
break;
|
||||
case NeedCchal:
|
||||
m = CHALLEN;
|
||||
if(n < m)
|
||||
return failure(s, "client challenge too short");
|
||||
memmove(s->cchal, data, sizeof(s->cchal));
|
||||
s->phase = HaveSinfo;
|
||||
break;
|
||||
case NeedTicket:
|
||||
m = TICKETLEN+AUTHENTLEN;
|
||||
if(n < m)
|
||||
return failure(s, "ticket+auth too short");
|
||||
|
||||
convM2T((char*)data, &s->t, nvr.machkey);
|
||||
if(s->t.num != AuthTs
|
||||
|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0)
|
||||
return failure(s, "bad ticket");
|
||||
|
||||
convM2A((char*)data+TICKETLEN, &a, s->t.key);
|
||||
if(a.num != AuthAc
|
||||
|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
|
||||
|| a.id != 0)
|
||||
return failure(s, "bad authenticator");
|
||||
|
||||
/* at this point, we're convinced */
|
||||
s->uid = strtouid(s->t.suid);
|
||||
if(s->uid < 0)
|
||||
return failure(s, "unknown user");
|
||||
if(cons.flags & authdebugflag)
|
||||
print("user %s = %d authenticated\n",
|
||||
s->t.suid, s->uid);
|
||||
|
||||
/* create an authenticator to send back */
|
||||
a.num = AuthAs;
|
||||
memmove(a.chal, s->cchal, sizeof(a.chal));
|
||||
a.id = 0;
|
||||
convA2M(&a, s->tbuf+TICKETLEN, s->t.key);
|
||||
|
||||
s->phase = HaveSauthenticator;
|
||||
break;
|
||||
if(s->rpc == nil)
|
||||
return -1;
|
||||
if(auth_rpc(s->rpc, "write", data, n) != ARok){
|
||||
failure(s, "auth_rpc: write");
|
||||
return -1;
|
||||
}
|
||||
return m;
|
||||
return n;
|
||||
}
|
||||
|
||||
int
|
||||
|
|
|
|||
|
|
@ -101,10 +101,8 @@ netinit(void)
|
|||
net->dialstr = annstrs[net - netif];
|
||||
if (net->dialstr == nil)
|
||||
continue;
|
||||
net->annfd = announce(net->dialstr, net->anndir);
|
||||
/* /bin/service/tcp564 may already have grabbed the port */
|
||||
if (net->annfd < 0)
|
||||
sysfatal("can't announce %s: %r", net->dialstr);
|
||||
if((net->annfd = announce(net->dialstr, net->anndir)) < 0)
|
||||
print("can't announce %s: %r", net->dialstr);
|
||||
print("netinit: announced on %s\n", net->dialstr);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue