jehanne/sys/src/lib/9p/auth.c

#include <u.h>
#include <libc.h>
#include <auth.h>
#include <9P2000.h>
#include <thread.h>
#include <9p.h>

typedef struct Afid Afid;

struct Afid
{
	AuthRpc *rpc;
	char *uname;
	char *aname;
	int authok;
	int afd;
};

static uint64_t authgen = 1ULL<<63;

void
auth9p(Req *r)
{
	char *spec;
	Afid *afid;
	
	afid = emalloc9p(sizeof(Afid));
	afid->afd = open("/mnt/factotum/rpc", ORDWR);
	if(afid->afd < 0)
		goto error;

	if((afid->rpc = auth_allocrpc(afid->afd)) == nil)
		goto error;

	if(r->ifcall.uname[0] == 0)
		goto error;
	afid->uname = estrdup9p(r->ifcall.uname);
	afid->aname = estrdup9p(r->ifcall.aname);

	spec = r->srv->keyspec;
	if(spec == nil)
		spec = "proto=p9any role=server";

	if(auth_rpc(afid->rpc, "start", spec, strlen(spec)) != ARok)
		goto error;

	r->afid->qid.type = QTAUTH;
	r->afid->qid.path = ++authgen;
	r->afid->qid.vers = 0;
	r->afid->omode = ORDWR;
	r->ofcall.qid = r->afid->qid;
	r->afid->aux = afid;
	respond(r, nil);
	return;

error:
	if(afid->rpc)
		auth_freerpc(afid->rpc);
	if(afid->uname)
		free(afid->uname);
	if(afid->aname)
		free(afid->aname);
	if(afid->afd >= 0)
		close(afid->afd);
	free(afid);
	responderror(r);
}

static int
_authread(Afid *afid, void *data, int count)
{
	AuthInfo *ai;
	
	switch(auth_rpc(afid->rpc, "read", nil, 0)){
	case ARdone:
		ai = auth_getinfo(afid->rpc);
		if(ai == nil)
			return -1;
		auth_freeAI(ai);
		if(chatty9p)
			fprint(2, "authenticate %s/%s: ok\n", afid->uname, afid->aname);
		afid->authok = 1;
		return 0;

	case ARok:
		if(count < afid->rpc->narg){
			werrstr("authread count too small");
			return -1;
		}
		count = afid->rpc->narg;
		memmove(data, afid->rpc->arg, count);
		return count;
	
	case ARphase:
	default:
		werrstr("authrpc botch");
		return -1;
	}
}

void
authread(Req *r)
{
	int n;
	Afid *afid;
	Fid *fid;
	
	fid = r->fid;
	afid = fid->aux;
	if(afid == nil || r->fid->qid.type != QTAUTH){
		respond(r, "not an auth fid");
		return;
	}
	n = _authread(afid, r->ofcall.data, r->ifcall.count);
	if(n < 0){
		responderror(r);
		return;
	}
	r->ofcall.count = n;
	respond(r, nil);
}

void
authwrite(Req *r)
{
	Afid *afid;
	Fid *fid;
	
	fid = r->fid;
	afid = fid->aux;
	if(afid == nil || r->fid->qid.type != QTAUTH){
		respond(r, "not an auth fid");
		return;
	}
	if(auth_rpc(afid->rpc, "write", r->ifcall.data, r->ifcall.count) != ARok){
		responderror(r);
		return;
	}
	r->ofcall.count = r->ifcall.count;
	respond(r, nil);
}

void
authdestroy(Fid *fid)
{
	Afid *afid;
	
	if((fid->qid.type & QTAUTH) && (afid = fid->aux) != nil){
		if(afid->rpc)
			auth_freerpc(afid->rpc);
		close(afid->afd);
		free(afid->uname);
		free(afid->aname);
		free(afid);
		fid->aux = nil;
	}
}

int
authattach(Req *r)
{
	Afid *afid;
	char buf[ERRMAX];
	
	if(r->afid == nil){
		respond(r, "not authenticated");
		return -1;
	}

	afid = r->afid->aux;
	if((r->afid->qid.type&QTAUTH) == 0 || afid == nil){
		respond(r, "not an auth fid");
		return -1;
	}

	if(!afid->authok){
		if(_authread(afid, buf, 0) < 0){
			responderror(r);
			return -1;
		}
	}
	
	if(strcmp(afid->uname, r->ifcall.uname) != 0){
		snprint(buf, sizeof buf, "auth uname mismatch: %s vs %s", 
			afid->uname, r->ifcall.uname);
		respond(r, buf);
		return -1;
	}

	if(strcmp(afid->aname, r->ifcall.aname) != 0){
		snprint(buf, sizeof buf, "auth aname mismatch: %s vs %s", 
			afid->aname, r->ifcall.aname);
		respond(r, buf);
		return -1;
	}
	return 0;
}