xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

cwfs: remove p9sk1 code, use factotum

Browse source
This commit is contained in:
cinap_lenrek 2011-04-17 02:14:26 +00:00
parent 0159ee648e
commit 11f3fac32c
3 changed files with 61 additions and 141 deletions
Download patch file Download diff file Expand all files Collapse all files

6
sys/src/cmd/cwfs/9p2.c
View file

@ -214,7 +214,7 @@ out:
return error; return error;
} }
int static int
authorize(Chan* chan, Fcall* f) authorize(Chan* chan, Fcall* f)
{ {
File* af; File* af;
@ -244,6 +244,10 @@ authorize(Chan* chan, Fcall* f)
print("authorize: af == nil\n"); print("authorize: af == nil\n");
return -1; return -1;
} }
/* fake read to get auth info */
authread(af, nil, 0);
if(af->auth == nil){ if(af->auth == nil){
if(db) if(db)
print("authorize: af->auth == nil\n"); print("authorize: af->auth == nil\n");

190
sys/src/cmd/cwfs/auth.c
View file

@ -1,6 +1,7 @@
#include "all.h" #include "all.h"
#include "io.h" #include "io.h"
#include <authsrv.h> #include <authsrv.h>
#include <auth.h>
Nvrsafe nvr; Nvrsafe nvr;
@ -83,35 +84,6 @@ conslock(void)
return 1; return 1;
} }
/*
* authentication specific to 9P2000
*/
/* authentication states */
enum
{
HaveProtos=1,
NeedProto,
HaveOK,
NeedCchal,
HaveSinfo,
NeedTicket,
HaveSauthenticator,
SSuccess,
};
char *phasename[] =
{
[HaveProtos] "HaveProtos",
[NeedProto] "NeedProto",
[HaveOK] "HaveOK",
[NeedCchal] "NeedCchal",
[HaveSinfo] "HaveSinfo",
[NeedTicket] "NeedTicket",
[HaveSauthenticator] "HaveSauthenticator",
[SSuccess] "SSuccess",
};
/* authentication structure */ /* authentication structure */
struct Auth struct Auth
{ {
@ -119,11 +91,7 @@ struct Auth
char uname[NAMELEN]; /* requestor's remote user name */ char uname[NAMELEN]; /* requestor's remote user name */
char aname[NAMELEN]; /* requested aname */ char aname[NAMELEN]; /* requested aname */
Userid uid; /* uid decided on */ Userid uid; /* uid decided on */
int phase; AuthRpc *rpc;
char cchal[CHALLEN];
char tbuf[TICKETLEN+AUTHENTLEN]; /* server ticket */
Ticket t;
Ticketreq tr;
}; };
Auth* auths; Auth* auths;
@ -138,17 +106,14 @@ authinit(void)
static int static int
failure(Auth *s, char *why) failure(Auth *s, char *why)
{ {
int i; AuthRpc *rpc;
if(*why)print("authentication failed: %s: %s\n", phasename[s->phase], why); if(why && *why)print("authentication failed: %s: %r\n", why);
srand((uintptr)s + time(nil));
for(i = 0; i < CHALLEN; i++)
s->tr.chal[i] = nrand(256);
s->uid = -1; s->uid = -1;
strncpy(s->tr.authid, nvr.authid, NAMELEN); if(rpc = s->rpc){
strncpy(s->tr.authdom, nvr.authdom, DOMLEN); s->rpc = 0;
memmove(s->cchal, s->tr.chal, sizeof(s->cchal)); auth_freerpc(rpc);
s->phase = HaveProtos; }
return -1; return -1;
} }
@ -156,7 +121,7 @@ Auth*
authnew(char *uname, char *aname) authnew(char *uname, char *aname)
{ {
static int si = 0; static int si = 0;
int i, nwrap; int afd, i, nwrap;
Auth *s; Auth *s;
i = si; i = si;
@ -182,129 +147,82 @@ authnew(char *uname, char *aname)
} }
unlock(&authlock); unlock(&authlock);
} }
if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0){
failure(s, "open /mnt/factotum/rpc");
return s;
}
if((s->rpc = auth_allocrpc(afd)) == 0){
failure(s, "auth_allocrpc");
close(afd);
return s;
}
if(auth_rpc(s->rpc, "start", "proto=p9any role=server", 23) != ARok)
failure(s, "auth_rpc: start");
return s; return s;
} }
void void
authfree(Auth *s) authfree(Auth *s)
{ {
if(s != nil) if(s){
failure(s, "");
s->inuse = 0; s->inuse = 0;
}
} }
int int
authread(File* file, uchar* data, int n) authread(File* file, uchar* data, int n)
{ {
AuthInfo *ai;
Auth *s; Auth *s;
int m;
s = file->auth; s = file->auth;
if(s == nil) if(s == nil)
return -1; return -1;
if(s->rpc == nil)
switch(s->phase){ return -1;
switch(auth_rpc(s->rpc, "read", nil, 0)){
default: default:
return failure(s, "unexpected phase"); failure(s, "auth_rpc: read");
case HaveProtos:
m = snprint((char*)data, n, "v.2 p9sk1@%s", nvr.authdom) + 1;
s->phase = NeedProto;
break;
case HaveOK:
m = 3;
if(n < m)
return failure(s, "read too short");
strcpy((char*)data, "OK");
s->phase = NeedCchal;
break;
case HaveSinfo:
m = TICKREQLEN;
if(n < m)
return failure(s, "read too short");
convTR2M(&s->tr, (char*)data);
s->phase = NeedTicket;
break;
case HaveSauthenticator:
m = AUTHENTLEN;
if(n < m)
return failure(s, "read too short");
memmove(data, s->tbuf+TICKETLEN, m);
s->phase = SSuccess;
break; break;
case ARdone:
if((ai = auth_getinfo(s->rpc)) == nil){
failure(s, "auth_getinfo failed");
break;
}
if(ai->cuid == nil || *ai->cuid == '\0'){
failure(s, "auth with no cuid");
auth_freeAI(ai);
break;
}
failure(s, "");
s->uid = strtouid(ai->cuid);
auth_freeAI(ai);
return 0;
case ARok:
if(n < s->rpc->narg)
break;
memmove(data, s->rpc->arg, s->rpc->narg);
return s->rpc->narg;
} }
return m; return -1;
} }
int int
authwrite(File* file, uchar *data, int n) authwrite(File* file, uchar *data, int n)
{ {
Auth *s; Auth *s;
int m;
char *p, *d;
Authenticator a;
s = file->auth; s = file->auth;
if(s == nil) if(s == nil)
return -1; return -1;
if(s->rpc == nil)
switch(s->phase){ return -1;
default: if(auth_rpc(s->rpc, "write", data, n) != ARok){
return failure(s, "unknown phase"); failure(s, "auth_rpc: write");
case NeedProto: return -1;
p = (char*)data;
if(p[n-1] != 0)
return failure(s, "proto missing terminator");
d = strchr(p, ' ');
if(d == nil)
return failure(s, "proto missing separator");
*d++ = 0;
if(strcmp(p, "p9sk1") != 0)
return failure(s, "unknown proto");
if(strcmp(d, nvr.authdom) != 0)
return failure(s, "unknown domain");
s->phase = HaveOK;
m = n;
break;
case NeedCchal:
m = CHALLEN;
if(n < m)
return failure(s, "client challenge too short");
memmove(s->cchal, data, sizeof(s->cchal));
s->phase = HaveSinfo;
break;
case NeedTicket:
m = TICKETLEN+AUTHENTLEN;
if(n < m)
return failure(s, "ticket+auth too short");
convM2T((char*)data, &s->t, nvr.machkey);
if(s->t.num != AuthTs
|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0)
return failure(s, "bad ticket");
convM2A((char*)data+TICKETLEN, &a, s->t.key);
if(a.num != AuthAc
|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
|| a.id != 0)
return failure(s, "bad authenticator");
/* at this point, we're convinced */
s->uid = strtouid(s->t.suid);
if(s->uid < 0)
return failure(s, "unknown user");
if(cons.flags & authdebugflag)
print("user %s = %d authenticated\n",
s->t.suid, s->uid);
/* create an authenticator to send back */
a.num = AuthAs;
memmove(a.chal, s->cchal, sizeof(a.chal));
a.id = 0;
convA2M(&a, s->tbuf+TICKETLEN, s->t.key);
s->phase = HaveSauthenticator;
break;
} }
return m; return n;
} }
int int

6
sys/src/cmd/cwfs/net.c
View file

@ -101,10 +101,8 @@ netinit(void)
net->dialstr = annstrs[net - netif]; net->dialstr = annstrs[net - netif];
if (net->dialstr == nil) if (net->dialstr == nil)
continue; continue;
net->annfd = announce(net->dialstr, net->anndir); if((net->annfd = announce(net->dialstr, net->anndir)) < 0)
/* /bin/service/tcp564 may already have grabbed the port */ print("can't announce %s: %r", net->dialstr);
if (net->annfd < 0)
sysfatal("can't announce %s: %r", net->dialstr);
print("netinit: announced on %s\n", net->dialstr); print("netinit: announced on %s\n", net->dialstr);
} }
} }