add auth/asaudit
This commit is contained in:
aiju
parent
54ec7aed62
commit
1645f3314c
2 changed files with 107 additions and 0 deletions
106
sys/src/cmd/auth/asaudit.c
Normal file
106
sys/src/cmd/auth/asaudit.c
Normal file
|
|
@ -0,0 +1,106 @@
|
|||
#include <u.h>
|
||||
#include <libc.h>
|
||||
#include <bio.h>
|
||||
#include <authsrv.h>
|
||||
#include <ndb.h>
|
||||
|
||||
int havenvram;
|
||||
Nvrsafe nvr;
|
||||
char eve[128];
|
||||
Ndb *db;
|
||||
|
||||
void
|
||||
geteve(void)
|
||||
{
|
||||
int fd;
|
||||
|
||||
fd = open("#c/hostowner", OREAD);
|
||||
if(fd < 0) sysfatal("open: %r");
|
||||
memset(eve, 0, sizeof(eve));
|
||||
if(read(fd, eve, sizeof(eve)-1) < 0) sysfatal("read: %r");
|
||||
close(fd);
|
||||
if(strcmp(getuser(), eve) != 0) print("hostowner is %#q, but running as %#q\n", eve, getuser());
|
||||
}
|
||||
|
||||
void
|
||||
ndb(void)
|
||||
{
|
||||
db = ndbopen(nil);
|
||||
if(db == nil){
|
||||
print("ndbopen: %r");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
nvram(void)
|
||||
{
|
||||
char *auth;
|
||||
|
||||
if(readnvram(&nvr, 0) < 0){
|
||||
print("readnvram: %r\n");
|
||||
return;
|
||||
}
|
||||
havenvram = 1;
|
||||
print("found nvram key for user '%s@%s'\n", nvr.authid, nvr.authdom);
|
||||
if(strcmp(eve, nvr.authid) != 0) print("nvram authid doesn't match hostowner %#q\n", eve);
|
||||
if(db != nil){
|
||||
auth = ndbgetvalue(db, nil, "authdom", nvr.authdom, "auth", nil);
|
||||
if(auth == nil) print("authdom %#q not found in ndb\n", nvr.authdom);
|
||||
else{
|
||||
print("ndb says authdom %#q corresponds to auth server %#q\n", nvr.authdom, auth);
|
||||
free(auth);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
keyfs(void)
|
||||
{
|
||||
char *buf;
|
||||
int fd;
|
||||
char aes[AESKEYLEN];
|
||||
|
||||
if(!havenvram) return;
|
||||
if(access("/adm/keys", AREAD) < 0){
|
||||
print("no access to /adm/keys\n");
|
||||
return;
|
||||
}
|
||||
print("starting keyfs\n");
|
||||
rfork(RFNAMEG);
|
||||
switch(fork()){
|
||||
case -1:
|
||||
sysfatal("fork: %r");
|
||||
case 0:
|
||||
if(execl("/bin/auth/keyfs", "auth/keyfs", "-r", nil) < 0)
|
||||
sysfatal("execl: %r");
|
||||
}
|
||||
waitpid();
|
||||
buf = smprint("/mnt/keys/%s/aeskey", nvr.authid);
|
||||
fd = open(buf, OREAD);
|
||||
if(fd < 0){
|
||||
print("can't get key from keyfs: %r");
|
||||
return;
|
||||
}
|
||||
werrstr("short read");
|
||||
if(read(fd, aes, sizeof(aes)) < sizeof(aes)){
|
||||
print("read: %r");
|
||||
close(fd);
|
||||
return;
|
||||
}
|
||||
if(memcmp(nvr.aesmachkey, aes, AESKEYLEN) != 0)
|
||||
print("key in keyfs does not match nvram\n");
|
||||
else
|
||||
print("key in keyfs matches nvram\n");
|
||||
close(fd);
|
||||
}
|
||||
|
||||
void
|
||||
main()
|
||||
{
|
||||
quotefmtinstall();
|
||||
geteve();
|
||||
ndb();
|
||||
nvram();
|
||||
keyfs();
|
||||
}
|
||||
|
|
@ -4,6 +4,7 @@
|
|||
#
|
||||
TARG=\
|
||||
as\
|
||||
asaudit\
|
||||
asn12dsa\
|
||||
asn12rsa\
|
||||
authsrv\
|
||||
|
|
|
|||
Loading…
Reference in a new issue