2018-01-02 01:00:07 +01:00
|
|
|
/* Copyright (C) Charles Forsyth
|
|
|
|
* See /doc/license/NOTICE.Plan9-9k.txt for details about the licensing.
|
|
|
|
*/
|
|
|
|
/* Portions of this file are Copyright (C) 2015-2018 Giacomo Tesio <giacomo@tesio.it>
|
|
|
|
* See /doc/license/gpl-2.0.txt for details about the licensing.
|
2016-11-25 17:18:40 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <u.h>
|
|
|
|
#include <libc.h>
|
|
|
|
#include <auth.h>
|
|
|
|
#include "../boot/boot.h"
|
|
|
|
|
|
|
|
static char *pbmsg = "AS protocol botch";
|
|
|
|
static char *ccmsg = "can't connect to AS";
|
|
|
|
|
|
|
|
int32_t
|
|
|
|
readn(int fd, void *buf, int32_t len)
|
|
|
|
{
|
|
|
|
int m, n;
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
p = buf;
|
|
|
|
for(n = 0; n < len; n += m){
|
2019-11-26 02:25:23 +01:00
|
|
|
m = jehanne_read(fd, p+n, len-n);
|
2016-11-25 17:18:40 +01:00
|
|
|
if(m <= 0)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
|
|
|
static char*
|
|
|
|
fromauth(Method *mp, char *trbuf, char *tbuf)
|
|
|
|
{
|
|
|
|
int afd;
|
|
|
|
char t;
|
|
|
|
char *msg;
|
|
|
|
static char error[2*ERRMAX];
|
|
|
|
|
|
|
|
if(mp->auth == 0)
|
|
|
|
fatal("no method for accessing auth server");
|
|
|
|
afd = (*mp->auth)();
|
|
|
|
if(afd < 0) {
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_sprint(error, "%s: %r", ccmsg);
|
2016-11-25 17:18:40 +01:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2019-11-26 02:25:23 +01:00
|
|
|
if(jehanne_write(afd, trbuf, TICKREQLEN) < 0 || jehanne_read(afd, &t, 1) != 1){
|
|
|
|
sys_close(afd);
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_sprint(error, "%s: %r", pbmsg);
|
2016-11-25 17:18:40 +01:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
switch(t){
|
|
|
|
case AuthOK:
|
|
|
|
msg = 0;
|
2017-04-19 23:33:14 +02:00
|
|
|
if(jehanne_readn(afd, tbuf, 2*TICKETLEN) < 0) {
|
|
|
|
jehanne_sprint(error, "%s: %r", pbmsg);
|
2016-11-25 17:18:40 +01:00
|
|
|
msg = error;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case AuthErr:
|
2017-04-19 23:33:14 +02:00
|
|
|
if(jehanne_readn(afd, error, ERRMAX) < 0) {
|
|
|
|
jehanne_sprint(error, "%s: %r", pbmsg);
|
2016-11-25 17:18:40 +01:00
|
|
|
msg = error;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
error[ERRMAX-1] = 0;
|
|
|
|
msg = error;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
msg = pbmsg;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2019-11-26 02:25:23 +01:00
|
|
|
sys_close(afd);
|
2016-11-25 17:18:40 +01:00
|
|
|
return msg;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
doauthenticate(int fd, Method *mp)
|
|
|
|
{
|
|
|
|
char *msg;
|
|
|
|
char trbuf[TICKREQLEN];
|
|
|
|
char tbuf[2*TICKETLEN];
|
|
|
|
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_print("session...");
|
2016-11-25 17:18:40 +01:00
|
|
|
if(fsession(fd, trbuf, sizeof trbuf) < 0)
|
|
|
|
fatal("session command failed");
|
|
|
|
|
|
|
|
/* no authentication required? */
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_memset(tbuf, 0, 2*TICKETLEN);
|
2016-11-25 17:18:40 +01:00
|
|
|
if(trbuf[0] == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* try getting to an auth server */
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_print("getting ticket...");
|
2016-11-25 17:18:40 +01:00
|
|
|
msg = fromauth(mp, trbuf, tbuf);
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_print("authenticating...");
|
2016-11-25 17:18:40 +01:00
|
|
|
if(msg == 0)
|
2019-11-26 02:25:23 +01:00
|
|
|
if(sys_fauth(fd, tbuf) >= 0)
|
2016-11-25 17:18:40 +01:00
|
|
|
return;
|
|
|
|
|
|
|
|
/* didn't work, go for the security hole */
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_fprint(2, "no authentication server (%s), using your key as server key\n", msg);
|
2016-11-25 17:18:40 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
char*
|
|
|
|
checkkey(Method *mp, char *name, char *key)
|
|
|
|
{
|
|
|
|
char *msg;
|
|
|
|
Ticketreq tr;
|
|
|
|
Ticket t;
|
|
|
|
char trbuf[TICKREQLEN];
|
|
|
|
char tbuf[TICKETLEN];
|
|
|
|
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_memset(&tr, 0, sizeof tr);
|
2016-11-25 17:18:40 +01:00
|
|
|
tr.type = AuthTreq;
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_strcpy(tr.authid, name);
|
|
|
|
jehanne_strcpy(tr.hostid, name);
|
|
|
|
jehanne_strcpy(tr.uid, name);
|
2016-11-25 17:18:40 +01:00
|
|
|
convTR2M(&tr, trbuf);
|
|
|
|
msg = fromauth(mp, trbuf, tbuf);
|
|
|
|
if(msg == ccmsg){
|
2017-04-19 23:33:14 +02:00
|
|
|
jehanne_fprint(2, "boot: can't contact auth server, passwd unchecked\n");
|
2016-11-25 17:18:40 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if(msg)
|
|
|
|
return msg;
|
|
|
|
convM2T(tbuf, &t, key);
|
2017-04-19 23:33:14 +02:00
|
|
|
if(t.num == AuthTc && jehanne_strcmp(name, t.cuid)==0)
|
2016-11-25 17:18:40 +01:00
|
|
|
return 0;
|
|
|
|
return "no match";
|
|
|
|
}
|