xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

auth: various cleanups, use common readcons() from libauthsrv, zero keys after use

Browse source
This commit is contained in:
cinap_lenrek 2016-07-31 20:16:25 +02:00
parent a75f4de5c9
commit 261e319092
24 changed files with 229 additions and 474 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
sys/src/cmd/auth/authcmdlib.h
View file

@ -1,7 +1,6 @@
#pragma lib "./lib.$O.a"
enum{
PASSLEN = 10,
MAXNETCHAL = 100000, /* max securenet challenge */
Maxpath = 256,
};
@ -36,6 +35,7 @@ typedef struct {
extern Fs fs[3];
int answer(char*);
void checksum(char*, char*);
void error(char*, ...);
void fail(char*);
@ -46,7 +46,6 @@ char* findsecret(char*, char*, char*);
int getauthkey(Authkey*);
long getexpiration(char *db, char *u);
void getpass(Authkey*, char*, int, int);
int getsecret(int, char*);
int deskeyfmt(Fmt*);
void logfail(char*);
int netcheck(void*, long, char*);
@ -58,8 +57,6 @@ int querybio(char*, char*, Acctbio*);
void rdbio(char*, char*, Acctbio*);
int readarg(int, char*, int);
int readfile(char*, char*, int);
void readln(char*, char*, int, int);
long readn(int, void*, long);
char* secureidcheck(char*, char*);
int setkey(char*, char*, Authkey*);
char* setdeskey(char*, char*, char*);

1
sys/src/cmd/auth/authsrv.c
View file

@ -3,7 +3,6 @@
#include <bio.h>
#include <ndb.h>
#include <regexp.h>
#include <mp.h>
#include <libsec.h>
#include <authsrv.h>
#include "authcmdlib.h"

60
sys/src/cmd/auth/changeuser.c
View file

@ -1,13 +1,12 @@
#include <u.h>
#include <libc.h>
#include <bio.h>
#include <libsec.h>
#include <authsrv.h>
#include <ctype.h>
#include <bio.h>
#include "authcmdlib.h"
void install(char*, char*, Authkey*, long, int);
int exists (char*, char*);
int exists(char*, char*);
void
usage(void)
@ -19,7 +18,7 @@ usage(void)
void
main(int argc, char *argv[])
{
char *u, answer[32], p9pass[32];
char *u, pass[32];
int which, newkey, newbio, dosecret;
long t;
Authkey key;
@ -50,42 +49,34 @@ main(int argc, char *argv[])
if(!which)
which = Plan9;
private();
newbio = 0;
t = 0;
a.user = 0;
memset(&key, 0, sizeof(key));
if(which & Plan9){
f = &fs[Plan9];
newkey = 1;
if(exists(f->keys, u)){
readln("assign new password? [y/n]: ", answer, sizeof answer, 0);
if(answer[0] != 'y' && answer[0] != 'Y')
newkey = 0;
}
newkey = !exists(f->keys, u) || answer("assign new Plan 9 password?");
if(newkey)
getpass(&key, p9pass, 1, 1);
dosecret = getsecret(newkey, p9pass);
getpass(&key, pass, 1, 1);
dosecret = answer("assign new Inferno/POP secret?");
if(dosecret)
if(!newkey || !answer("make it the same as Plan 9 password?"))
getpass(nil, pass, 0, 1);
t = getexpiration(f->keys, u);
install(f->keys, u, &key, t, newkey);
if(dosecret && setsecret(KEYDB, u, p9pass) == 0)
error("error writing Inferno/pop secret");
newbio = querybio(f->who, u, &a);
if(newbio)
if(dosecret && setsecret(KEYDB, u, pass) == 0)
error("error writing Inferno/POP secret");
if(querybio(f->who, u, &a))
wrbio(f->who, &a);
print("user %s installed for Plan 9\n", u);
syslog(0, AUTHLOG, "user %s installed for plan 9", u);
}
if(which & Securenet){
f = &fs[Securenet];
newkey = 1;
if(exists(f->keys, u)){
readln("assign new key? [y/n]: ", answer, sizeof answer, 0);
if(answer[0] != 'y' && answer[0] != 'Y')
newkey = 0;
}
if(newkey){
memset(&key, 0, sizeof(key));
newkey = !exists(f->keys, u) || answer("assign new Securenet key?");
if(newkey)
genrandom((uchar*)key.des, DESKEYLEN);
}
if(a.user == 0){
t = getexpiration(f->keys, u);
newbio = querybio(f->who, u, &a);
@ -93,10 +84,11 @@ main(int argc, char *argv[])
install(f->keys, u, &key, t, newkey);
if(newbio)
wrbio(f->who, &a);
finddeskey(f->keys, u, key.des);
if(!finddeskey(f->keys, u, key.des))
error("error reading Securenet key");
print("user %s: SecureNet key: %K\n", u, key.des);
checksum(key.des, answer);
print("verify with checksum %s\n", answer);
checksum(key.des, pass);
print("verify with checksum %s\n", pass);
print("user %s installed for SecureNet\n", u);
syslog(0, AUTHLOG, "user %s installed for securenet", u);
}
@ -110,21 +102,19 @@ install(char *db, char *u, Authkey *key, long t, int newkey)
int fd;
if(!exists(db, u)){
sprint(buf, "%s/%s", db, u);
snprint(buf, sizeof(buf), "%s/%s", db, u);
fd = create(buf, OREAD, 0777|DMDIR);
if(fd < 0)
error("can't create user %s: %r", u);
close(fd);
}
if(newkey){
if(!setkey(db, u, key))
error("can't set key: %r");
}
if(newkey && !setkey(db, u, key))
error("can't set key: %r");
if(t == -1)
return;
sprint(buf, "%s/%s/expire", db, u);
snprint(buf, sizeof(buf), "%s/%s/expire", db, u);
fd = open(buf, OWRITE);
if(fd < 0 || fprint(fd, "%ld", t) < 0)
error("can't write expiration time");
@ -136,7 +126,7 @@ exists(char *db, char *u)
{
char buf[KEYDBBUF+ANAMELEN+6];
sprint(buf, "%s/%s/expire", db, u);
snprint(buf, sizeof(buf), "%s/%s/expire", db, u);
if(access(buf, 0) < 0)
return 0;
return 1;

1
sys/src/cmd/auth/convbio.c
View file

@ -2,6 +2,7 @@
#include <libc.h>
#include <bio.h>
#include <ctype.h>
#include <authsrv.h>
#include "authcmdlib.h"
void

6
sys/src/cmd/auth/convkeys.c
View file

@ -1,10 +1,8 @@
#include <u.h>
#include <libc.h>
#include <ctype.h>
#include <authsrv.h>
#include <mp.h>
#include <libsec.h>
#include <bio.h>
#include <libsec.h>
#include <authsrv.h>
#include "authcmdlib.h"
Authkey okey, nkey;

111
sys/src/cmd/auth/debug.c
View file

@ -44,78 +44,6 @@ usage(void)
exits("usage");
}
static char*
readcons(char *prompt, char *def, int raw, char *buf, int nbuf)
{
int fdin, fdout, ctl, n, m;
char line[10];
fdin = open("/dev/cons", OREAD);
if(fdin < 0)
fdin = 0;
fdout = open("/dev/cons", OWRITE);
if(fdout < 0)
fdout = 1;
if(def != nil)
fprint(fdout, "%s[%s]: ", prompt, def);
else
fprint(fdout, "%s: ", prompt);
if(raw){
ctl = open("/dev/consctl", OWRITE);
if(ctl >= 0)
write(ctl, "rawon", 5);
} else
ctl = -1;
m = 0;
for(;;){
n = read(fdin, line, 1);
if(n == 0){
close(ctl);
werrstr("readcons: EOF");
return nil;
}
if(n < 0){
close(ctl);
werrstr("can't read cons");
return nil;
}
if(line[0] == 0x7f)
exits(0);
if(n == 0 || line[0] == '\n' || line[0] == '\r'){
if(raw){
write(ctl, "rawoff", 6);
write(fdout, "\n", 1);
close(ctl);
}
buf[m] = '\0';
if(buf[0]=='\0' && def)
strcpy(buf, def);
return buf;
}
if(line[0] == '\b'){
if(m > 0)
m--;
}else if(line[0] == 0x15){ /* ^U: line kill */
m = 0;
if(def != nil)
fprint(fdout, "%s[%s]: ", prompt, def);
else
fprint(fdout, "%s: ", prompt);
}else{
if(m >= nbuf-1){
fprint(fdout, "line too long\n");
m = 0;
if(def != nil)
fprint(fdout, "%s[%s]: ", prompt, def);
else
fprint(fdout, "%s: ", prompt);
}else
buf[m++] = line[0];
}
}
}
void authdialfutz(char*, char*, char*);
void authfutz(char*, char*, char*);
@ -241,18 +169,22 @@ out:
void
authfutz(char *dom, char *user, char *proto)
{
int fd, nobootes, n, m;
char pw[128], prompt[128], tbuf[2*MAXTICKETLEN];
int fd, n, m;
char prompt[128], tbuf[2*MAXTICKETLEN], *pass;
Authkey key, booteskey;
Ticket t;
Ticketreq tr;
snprint(prompt, sizeof prompt, "\tpassword for %s@%s [hit enter to skip test]", user, dom);
readcons(prompt, nil, 1, pw, sizeof pw);
if(pw[0] == '\0')
pass = readcons(prompt, nil, 1);
if(pass == nil || *pass == 0){
free(pass);
return;
passtokey(&key, pw);
}
passtokey(&key, pass);
booteskey = key;
memset(pass, 0, strlen(pass));
free(pass);
fd = authdial(nil, dom);
if(fd < 0){
@ -309,15 +241,22 @@ authfutz(char *dom, char *user, char *proto)
/* try ticket request using bootes key */
snprint(prompt, sizeof prompt, "\tcpu server owner for domain %s ", dom);
readcons(prompt, "glenda", 0, tr.authid, sizeof tr.authid);
snprint(prompt, sizeof prompt, "\tpassword for %s@%s [hit enter to skip test]", tr.authid, dom);
readcons(prompt, nil, 1, pw, sizeof pw);
if(pw[0] == '\0'){
nobootes=1;
user = readcons(prompt, "glenda", 0);
if(user == nil || *user == '\0'){
free(user);
goto Nobootes;
}
nobootes = 0;
passtokey(&booteskey, pw);
strecpy(tr.authid, tr.authid+sizeof tr.authid, user);
free(user);
snprint(prompt, sizeof prompt, "\tpassword for %s@%s [hit enter to skip test]", tr.authid, dom);
pass = readcons(prompt, nil, 1);
if(pass == nil || *pass == '\0'){
free(pass);
goto Nobootes;
}
passtokey(&booteskey, pass);
memset(pass, 0, strlen(pass));
free(pass);
if(strcmp(proto, "dp9ik") == 0 && getpakkeys(fd, &tr, &booteskey, &key) < 0){
print("\tgetpakkeys failed: %r\n");
@ -333,7 +272,7 @@ authfutz(char *dom, char *user, char *proto)
m = convM2T(tbuf, n, &t, &key);
if(t.num != AuthTc){
print("\tcannot decrypt ticket1 from auth server (bad t.num=0x%.2ux)\n", t.num);
print("\tauth server and you do not agree on key for %s@%s\n", user, dom);
print("\tauth server and you do not agree on key for %s@%s\n", tr.hostid, dom);
return;
}
if(memcmp(t.chal, tr.chal, sizeof tr.chal) != 0){
@ -358,8 +297,6 @@ authfutz(char *dom, char *user, char *proto)
print("\tticket request using %s@%s key succeeded\n", tr.authid, dom);
Nobootes:;
USED(nobootes);
/* try p9sk1 exchange with local factotum to test that key is right */

1
sys/src/cmd/auth/guard.srv.c
View file

@ -89,7 +89,6 @@ main(int argc, char *argv[])
alarm(0);
/* remove password login from guard.research.bell-labs.com, sucre, etc. */
// if(!findkey(KEYDB, user, ukey) || !netcheck(ukey, chal, resp))
if(!finddeskey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
if((err = secureidcheck(user, resp)) != nil){
print("NO %s", err);

3
sys/src/cmd/auth/keyfs.c
View file

@ -4,11 +4,10 @@
#include <u.h>
#include <libc.h>
#include <ctype.h>
#include <authsrv.h>
#include <fcall.h>
#include <bio.h>
#include <mp.h>
#include <libsec.h>
#include <authsrv.h>
#include "authcmdlib.h"
#pragma varargck type "W" char*

18
sys/src/cmd/auth/lib/answer.c Normal file
View file

@ -0,0 +1,18 @@
#include <u.h>
#include <libc.h>
#include <bio.h>
#include <authsrv.h>
#include "authcmdlib.h"
int
answer(char *q)
{
char pr[128];
int y;
snprint(pr, sizeof(pr), "%s [y/n]", q);
q = readcons(pr, nil, 0);
y = q != nil && (*q == 'y' || *q == 'Y');
free(q);
return y;
}

29
sys/src/cmd/auth/lib/getauthkey.c
View file

@ -1,29 +1,22 @@
#include <u.h>
#include <libc.h>
#include <authsrv.h>
#include <bio.h>
#include <authsrv.h>
#include "authcmdlib.h"
static int
getkey(Authkey *authkey)
{
Nvrsafe safe;
if(readnvram(&safe, 0) < 0)
return -1;
memmove(authkey->des, safe.machkey, DESKEYLEN);
memmove(authkey->aes, safe.aesmachkey, AESKEYLEN);
memset(&safe, 0, sizeof safe);
return 0;
}
int
getauthkey(Authkey *authkey)
{
Nvrsafe safe;
memset(authkey, 0, sizeof(Authkey));
if(getkey(authkey) == 0)
return 1;
print("can't read NVRAM, please enter machine key\n");
getpass(authkey, nil, 0, 1);
if(readnvram(&safe, 0) < 0){
print("can't read NVRAM, please enter machine key\n");
getpass(authkey, nil, 0, 1);
} else {
memmove(authkey->des, safe.machkey, DESKEYLEN);
memmove(authkey->aes, safe.aesmachkey, AESKEYLEN);
memset(&safe, 0, sizeof safe);
}
return 1;
}

23
sys/src/cmd/auth/lib/getexpiration.c
View file

@ -31,8 +31,7 @@ long
getexpiration(char *db, char *u)
{
char buf[Maxpath];
char prompt[128];
char cdate[32];
char *cdate;
Tm date;
ulong secs, now;
int n, fd;
@ -57,20 +56,24 @@ getexpiration(char *db, char *u)
buf[5] = 0;
} else
strcpy(buf, "never");
sprint(prompt, "Expiration date (YYYYMMDD or never)[return = %s]: ", buf);
now = time(0);
for(;;){
readln(prompt, cdate, sizeof cdate, 0);
if(*cdate == 0)
return -1;
if(strcmp(cdate, "never") == 0)
return 0;
for(;;free(cdate)){
cdate = readcons("Expiration date (YYYYMMDD or never)", buf, 0);
if(cdate == nil || *cdate == 0){
secs = -1;
break;
}
if(strcmp(cdate, "never") == 0){
secs = 0;
break;
}
date = getdate(cdate);
secs = tm2sec(&date);
now = time(0);
if(secs > now && secs < now + 2*365*24*60*60)
break;
print("expiration time must fall between now and 2 years from now\n");
}
free(cdate);
return secs;
}

48
sys/src/cmd/auth/lib/getpass.c Normal file
View file

@ -0,0 +1,48 @@
#include <u.h>
#include <libc.h>
#include <bio.h>
#include <authsrv.h>
#include "authcmdlib.h"
void
getpass(Authkey *key, char *pass, int check, int confirm)
{
char buf[PASSWDLEN], *s, *err;
for(;; memset(s, 0, strlen(s)), free(s)){
s = readcons("Password", nil, 1);
if(s == nil)
break;
if(check){
if(err = okpasswd(s)){
print("%s, try again\n", err);
continue;
}
}
if(strlen(s) >= sizeof(buf)){
print("password longer than %d characters\n", sizeof(buf)-1);
continue;
}
strcpy(buf, s);
memset(s, 0, strlen(s));
free(s);
if(confirm){
s = readcons("Confirm password", nil, 1);
if(s == nil)
break;
if(strcmp(s, buf) != 0){
print("mismatch, try again\n");
continue;
}
memset(s, 0, strlen(s));
free(s);
}
if(key)
passtokey(key, buf);
if(pass)
strcpy(pass, buf);
memset(buf, 0, sizeof(buf));
return;
}
error("no password");
}

3
sys/src/cmd/auth/lib/mkfile
View file

@ -3,13 +3,14 @@
LIB=../lib.$O.a
OFILES=\
answer.$O\
keyfmt.$O\
netcheck.$O\
okpasswd.$O\
private.$O\
readwrite.$O\
readarg.$O\
readln.$O\
getpass.$O\
getauthkey.$O\
log.$O\
error.$O\

8
sys/src/cmd/auth/lib/okpasswd.c
View file

@ -1,7 +1,7 @@
#include <u.h>
#include <libc.h>
#include <authsrv.h>
#include <bio.h>
#include <authsrv.h>
#include "authcmdlib.h"
char *trivial[] = {
@ -17,14 +17,14 @@ char *trivial[] = {
char*
okpasswd(char *p)
{
char passwd[ANAMELEN];
char back[ANAMELEN];
char passwd[PASSWDLEN];
char back[PASSWDLEN];
int i, n;
strncpy(passwd, p, sizeof passwd - 1);
passwd[sizeof passwd - 1] = '\0';
n = strlen(passwd);
while(passwd[n - 1] == ' ')
while(n > 0 && passwd[n - 1] == ' ')
n--;
passwd[n] = '\0';
for(i = 0; i < n; i++)

67
sys/src/cmd/auth/lib/querybio.c
View file

@ -5,42 +5,31 @@
#include <authsrv.h>
#include "authcmdlib.h"
#define TABLEN 8
static char*
defreadln(char *prompt, char *def, int must, int *changed)
static void
ask(char *prompt, char **sp, int must, int *changed)
{
char pr[512];
char reply[256];
char pr[128], *def, *ans;
do {
if(def && *def){
if(must)
snprint(pr, sizeof pr, "%s[return = %s]: ", prompt, def);
else
snprint(pr, sizeof pr, "%s[return = %s, space = none]: ", prompt, def);
} else
snprint(pr, sizeof pr, "%s: ", prompt);
readln(pr, reply, sizeof(reply), 0);
switch(*reply){
case ' ':
break;
case 0:
return def;
default:
*changed = 1;
if(def)
free(def);
return strdup(reply);
}
} while(must);
if(def){
*changed = 1;
free(def);
def = *sp;
if(def && *def){
if(must)
snprint(pr, sizeof pr, "%s[return = %s]", prompt, def);
else
snprint(pr, sizeof pr, "%s[return = %s, space = none]", prompt, def);
} else
snprint(pr, sizeof pr, "%s", prompt);
ans = readcons(pr, nil, 0);
if(ans == nil || *ans == 0){
free(ans);
return;
}
return 0;
if(*ans == ' ' && !must){
free(ans);
ans = nil;
}
*sp = ans;
*changed = 1;
free(def);
}
/*
@ -53,15 +42,15 @@ querybio(char *file, char *user, Acctbio *a)
int changed;
rdbio(file, user, a);
a->postid = defreadln("Post id", a->postid, 0, &changed);
a->name = defreadln("User's full name", a->name, 1, &changed);
a->dept = defreadln("Department #", a->dept, 1, &changed);
a->email[0] = defreadln("User's email address", a->email[0], 1, &changed);
a->email[1] = defreadln("Sponsor's email address", a->email[1], 0, &changed);
ask("Post id", &a->postid, 0, &changed);
ask("User's full name", &a->name, 1, &changed);
ask("Department #", &a->dept, 1, &changed);
ask("User's email address", &a->email[0], 1, &changed);
ask("Sponsor's email address", &a->email[1], 0, &changed);
for(i = 2; i < Nemail; i++){
if(a->email[i-1] == 0)
break;
a->email[i] = defreadln("other email address", a->email[i], 0, &changed);
ask("other email address", &a->email[i], 0, &changed);
}
return changed;
}

111
sys/src/cmd/auth/lib/readln.c
View file

@ -1,111 +0,0 @@
#include <u.h>
#include <libc.h>
#include <authsrv.h>
#include <bio.h>
#include "authcmdlib.h"
void
getpass(Authkey *key, char *pass, int check, int confirm)
{
char rpass[32], npass[32];
char *err;
if(pass == nil)
pass = npass;
for(;;){
readln("Password: ", pass, sizeof npass, 1);
if(confirm){
readln("Confirm password: ", rpass, sizeof rpass, 1);
if(strcmp(pass, rpass) != 0){
print("mismatch, try again\n");
continue;
}
}
if(check)
if(err = okpasswd(pass)){
print("%s, try again\n", err);
continue;
}
passtokey(key, pass);
break;
}
}
int
getsecret(int passvalid, char *p9pass)
{
char answer[32];
readln("assign Inferno/POP secret? (y/n) ", answer, sizeof answer, 0);
if(*answer != 'y' && *answer != 'Y')
return 0;
if(passvalid){
readln("make it the same as the plan 9 password? (y/n) ",
answer, sizeof answer, 0);
if(*answer == 'y' || *answer == 'Y')
return 1;
}
for(;;){
readln("Secret: ", p9pass, sizeof answer, 1);
readln("Confirm: ", answer, sizeof answer, 1);
if(strcmp(p9pass, answer) == 0)
break;
print("mismatch, try again\n");
}
return 1;
}
void
readln(char *prompt, char *line, int len, int raw)
{
char *p;
int fdin, fdout, ctl, n, nr;
fdin = open("/dev/cons", OREAD);
fdout = open("/dev/cons", OWRITE);
fprint(fdout, "%s", prompt);
if(raw){
ctl = open("/dev/consctl", OWRITE);
if(ctl < 0)
error("couldn't set raw mode");
write(ctl, "rawon", 5);
} else
ctl = -1;
nr = 0;
p = line;
for(;;){
n = read(fdin, p, 1);
if(n < 0){
close(ctl);
error("can't read cons\n");
}
if(*p == 0x7f)
exits(0);
if(n == 0 || *p == '\n' || *p == '\r'){
*p = '\0';
if(raw){
write(ctl, "rawoff", 6);
write(fdout, "\n", 1);
}
close(ctl);
return;
}
if(*p == '\b'){
if(nr > 0){
nr--;
p--;
}
}else{
nr++;
p++;
}
if(nr == len){
fprint(fdout, "line too long; try again\n");
nr = 0;
p = line;
}
}
}

20
sys/src/cmd/auth/lib/readn.c
View file

@ -1,20 +0,0 @@
#include <u.h>
#include <libc.h>
#include <bio.h>
#include "authcmdlib.h"
/*
* read exactly len bytes
*/
int
readn(int fd, char *buf, int len)
{
int m, n;
for(n = 0; n < len; n += m){
m = read(fd, buf+n, len-n);
if(m <= 0)
return -1;
}
return n;
}

54
sys/src/cmd/auth/lib/readwrite.c
View file

@ -1,9 +1,12 @@
#include <u.h>
#include <libc.h>
#include <authsrv.h>
#include <bio.h>
#include <libsec.h>
#include <authsrv.h>
#include "authcmdlib.h"
static uchar zeros[16];
int
readfile(char *file, char *buf, int n)
{
@ -35,29 +38,23 @@ writefile(char *file, char *buf, int n)
char*
finddeskey(char *db, char *user, char *key)
{
int n;
char filename[Maxpath];
snprint(filename, sizeof filename, "%s/%s/key", db, user);
n = readfile(filename, key, DESKEYLEN);
if(n != DESKEYLEN)
if(readfile(filename, key, DESKEYLEN) != DESKEYLEN)
return nil;
else
return key;
return key;
}
uchar*
findaeskey(char *db, char *user, uchar *key)
{
int n;
char filename[Maxpath];
snprint(filename, sizeof filename, "%s/%s/aeskey", db, user);
n = readfile(filename, (char*)key, AESKEYLEN);
if(n != AESKEYLEN)
if(readfile(filename, (char*)key, AESKEYLEN) != AESKEYLEN)
return nil;
else
return key;
return key;
}
int
@ -67,8 +64,9 @@ findkey(char *db, char *user, Authkey *key)
memset(key, 0, sizeof(Authkey));
ret = findaeskey(db, user, key->aes) != nil;
if(ret){
if(ret && tsmemcmp(key->aes, zeros, AESKEYLEN) != 0){
char filename[Maxpath];
snprint(filename, sizeof filename, "%s/%s/pakhash", db, user);
if(readfile(filename, (char*)key->pakhash, PAKHASHLEN) != PAKHASHLEN)
authpak_hash(key, user);
@ -84,40 +82,32 @@ findsecret(char *db, char *user, char *secret)
char filename[Maxpath];
snprint(filename, sizeof filename, "%s/%s/secret", db, user);
n = readfile(filename, secret, SECRETLEN-1);
secret[n]=0;
if(n <= 0)
if((n = readfile(filename, secret, SECRETLEN-1)) <= 0)
return nil;
else
return secret;
secret[n]=0;
return secret;
}
char*
setdeskey(char *db, char *user, char *key)
{
int n;
char filename[Maxpath];
snprint(filename, sizeof filename, "%s/%s/key", db, user);
n = writefile(filename, key, DESKEYLEN);
if(n != DESKEYLEN)
if(writefile(filename, key, DESKEYLEN) != DESKEYLEN)
return nil;
else
return key;
return key;
}
uchar*
setaeskey(char *db, char *user, uchar *key)
{
int n;
char filename[Maxpath];
snprint(filename, sizeof filename, "%s/%s/aeskey", db, user);
n = writefile(filename, (char*)key, AESKEYLEN);
if(n != AESKEYLEN)
if(writefile(filename, (char*)key, AESKEYLEN) != AESKEYLEN)
return nil;
else
return key;
return key;
}
int
@ -126,20 +116,18 @@ setkey(char *db, char *user, Authkey *key)
int ret;
ret = setdeskey(db, user, key->des) != nil;
ret |= setaeskey(db, user, key->aes) != nil;
if(tsmemcmp(key->aes, zeros, AESKEYLEN) != 0)
ret |= setaeskey(db, user, key->aes) != nil;
return ret;
}
char*
setsecret(char *db, char *user, char *secret)
{
int n;
char filename[Maxpath];
snprint(filename, sizeof filename, "%s/%s/secret", db, user);
n = writefile(filename, secret, strlen(secret));
if(n != strlen(secret))
if(writefile(filename, secret, strlen(secret)) != strlen(secret))
return nil;
else
return secret;
return secret;
}

70
sys/src/cmd/auth/login.c
View file

@ -7,65 +7,6 @@
char *authdom;
void
readln(char *prompt, char *line, int len, int raw)
{
char *p;
int fdin, fdout, ctl, n, nr;
fdin = open("/dev/cons", OREAD);
fdout = open("/dev/cons", OWRITE);
fprint(fdout, "%s", prompt);
if(raw){
ctl = open("/dev/consctl", OWRITE);
if(ctl < 0){
fprint(2, "login: couldn't set raw mode");
exits("readln");
}
write(ctl, "rawon", 5);
} else
ctl = -1;
nr = 0;
p = line;
for(;;){
n = read(fdin, p, 1);
if(n < 0){
close(ctl);
close(fdin);
close(fdout);
fprint(2, "login: can't read cons");
exits("readln");
}
if(*p == 0x7f)
exits(0);
if(n == 0 || *p == '\n' || *p == '\r'){
*p = '\0';
if(raw){
write(ctl, "rawoff", 6);
write(fdout, "\n", 1);
}
close(ctl);
close(fdin);
close(fdout);
return;
}
if(*p == '\b'){
if(nr > 0){
nr--;
p--;
}
}else{
nr++;
p++;
}
if(nr == len){
fprint(fdout, "line too long; try again\n");
nr = 0;
p = line;
}
}
}
void
setenv(char *var, char *val)
{
@ -188,11 +129,10 @@ usage(void)
void
main(int argc, char *argv[])
{
char pass[ANAMELEN];
char buf[2*ANAMELEN];
char home[2*ANAMELEN];
char srvname[2*ANAMELEN];
char *user, *sysname, *tz, *cputype, *service;
char *user, *pass, *sysname, *tz, *cputype, *service;
AuthInfo *ai;
ARGBEGIN{
@ -217,8 +157,9 @@ main(int argc, char *argv[])
exits("usage");
}
user = argv[0];
memset(pass, 0, sizeof(pass));
readln("Password: ", pass, sizeof(pass), 1);
pass = readcons("Password", nil, 1);
if(pass == nil)
exits("no password");
/* authenticate */
ai = auth_userpasswd(user, pass);
@ -231,6 +172,9 @@ main(int argc, char *argv[])
/* start a new factotum and hand it a new key */
startfactotum(user, pass, srvname);
memset(pass, 0, strlen(pass));
free(pass);
/* set up new namespace */
newns(ai->cuid, nil);
auth_freeAI(ai);

12
sys/src/cmd/auth/netkey.c
View file

@ -4,7 +4,6 @@
#include <bio.h>
#include "authcmdlib.h"
void
usage(void)
{
@ -15,7 +14,7 @@ usage(void)
void
main(int argc, char *argv[])
{
char buf[32], pass[32], key[DESKEYLEN];
char buf[32], key[DESKEYLEN], *pass;
char *s;
int n;
@ -27,13 +26,18 @@ main(int argc, char *argv[])
usage();
s = getenv("service");
if(s && strcmp(s, "cpu") == 0){
if(s != nil && strcmp(s, "cpu") == 0){
fprint(2, "netkey must not be run on the cpu server\n");
exits("boofhead");
}
private();
readln("Password: ", pass, sizeof pass, 1);
pass = readcons("Password", nil, 1);
if(pass == nil)
exits("no password");
passtodeskey(key, pass);
memset(pass, 0, strlen(pass));
free(pass);
for(;;){
print("challenge: ");

43
sys/src/cmd/auth/passwd.c
View file

@ -15,11 +15,11 @@ main(int argc, char **argv)
char buf[512];
char *s, *user;
user = getuser();
ARGBEGIN{
}ARGEND
argv0 = "passwd";
user = getuser();
private();
s = nil;
@ -46,8 +46,7 @@ main(int argc, char **argv)
* give up.
*/
memset(&pr, 0, sizeof(pr));
readln("Plan 9 Password: ", pr.old, sizeof pr.old, 1);
passtokey(&key, pr.old);
getpass(&key, pr.old, 0, 0);
/*
* negotiate PAK key. we need to retry in case the AS does
@ -77,34 +76,18 @@ Retry:
/* loop trying new passwords */
for(;;){
pr.changesecret = 0;
*pr.new = 0;
readln("change Plan 9 Password? (y/n) ", buf, sizeof buf, 0);
if(*buf == 'y' || *buf == 'Y'){
readln("Password: ", pr.new, sizeof pr.new, 1);
readln("Confirm: ", buf, sizeof buf, 1);
if(strcmp(pr.new, buf)){
print("!mismatch\n");
continue;
}
}
readln("change Inferno/POP password? (y/n) ", buf, sizeof buf, 0);
if(*buf == 'y' || *buf == 'Y'){
pr.changesecret = 1;
readln("make it the same as your plan 9 password? (y/n) ",
buf, sizeof buf, 0);
if(*buf == 'y' || *buf == 'Y'){
if(*pr.new == 0)
strcpy(pr.secret, pr.old);
else
memset(pr.new, 0, sizeof(pr.new));
if(answer("change Plan 9 Password?"))
getpass(nil, pr.new, 0, 1);
pr.changesecret = answer("change Inferno/POP secret?");
if(pr.changesecret){
if(answer("make it the same as your plan 9 password?")){
if(*pr.new)
strcpy(pr.secret, pr.new);
else
strcpy(pr.secret, pr.old);
} else {
readln("Secret: ", pr.secret, sizeof pr.secret, 1);
readln("Confirm: ", buf, sizeof buf, 1);
if(strcmp(pr.secret, buf)){
print("!mismatch\n");
continue;
}
getpass(nil, pr.secret, 0, 1);
}
}
pr.num = AuthPass;

2
sys/src/cmd/auth/pemdecode.c
View file

@ -1,7 +1,5 @@
#include <u.h>
#include <libc.h>
#include <bio.h>
#include <mp.h>
#include <libsec.h>
void

2
sys/src/cmd/auth/pemencode.c
View file

@ -1,7 +1,5 @@
#include <u.h>
#include <libc.h>
#include <bio.h>
#include <mp.h>
#include <libsec.h>
void

5
sys/src/cmd/auth/secureidcheck.c
View file

@ -12,12 +12,11 @@
/* RFC2138 */
#include <u.h>
#include <libc.h>
#include <ip.h>
#include <ctype.h>
#include <mp.h>
#include <libsec.h>
#include <bio.h>
#include <ip.h>
#include <ndb.h>
#include <libsec.h>
#define AUTHLOG "auth"