int
ticketrequest(Ticketreq *tr)
{
char akey[DESKEYLEN];
char hkey[DESKEYLEN];
Ticket t;
char tbuf[2*TICKETLEN+1];
if(findkey(KEYDB, tr->authid, akey) == 0){
/* make one up so caller doesn't know it was wrong */
mkkey(akey);
if(debug)
syslog(0, AUTHLOG, "tr-fail authid %s", raddr);
}
if(findkey(KEYDB, tr->hostid, hkey) == 0){
/* make one up so caller doesn't know it was wrong */
mkkey(hkey);
if(debug)
syslog(0, AUTHLOG, "tr-fail hostid %s(%s)", tr->hostid, raddr);
}
memset(&t, 0, sizeof(t));
memmove(t.chal, tr->chal, CHALLEN);
strcpy(t.cuid, tr->uid);
if(speaksfor(tr->hostid, tr->uid))
strcpy(t.suid, tr->uid);
else {
mkkey(akey);
mkkey(hkey);
if(debug)
syslog(0, AUTHLOG, "tr-fail %s@%s(%s) -> %s@%s no speaks for",
tr->uid, tr->hostid, raddr, tr->uid, tr->authid);
}
mkkey(t.key);
tbuf[0] = AuthOK;
t.num = AuthTc;
convT2M(&t, tbuf+1, hkey);
t.num = AuthTs;
convT2M(&t, tbuf+1+TICKETLEN, akey);
if(write(1, tbuf, 2*TICKETLEN+1) < 0){
if(debug)
syslog(0, AUTHLOG, "tr-fail %s@%s(%s): hangup",
tr->uid, tr->hostid, raddr);
exits(0);
}
if(debug)
syslog(0, AUTHLOG, "tr-ok %s@%s(%s) -> %s@%s",
tr->uid, tr->hostid, raddr, tr->uid, tr->authid);
return 0;
}
SHELL void line_list()
{
uint i;
lo_line("リスト");
for (i=0;i<varsize(stages->kind);++i)
{
prt(nps(mkkey(i,stages->kind),8),":",nps(getnvar(i,stages->kind),32)
," [",line_mptr(mkkey(i,stages->kind))>0?"●":" ","]\n",NULL);
}
lo_line1();
}
struct kb_item * kb_item_get_all(struct kb_item ** kb, char * name)
{
unsigned h = mkkey(name);
struct kb_item * k;
struct kb_item *ret = NULL;
if ( kb == NULL || name == NULL)
return NULL;
k = kb[h];
while ( k != NULL )
{
if( strcmp(k->name, name) == 0 )
{
struct kb_item * p;
p = emalloc(sizeof(struct kb_item));
memcpy(p, k, sizeof(struct kb_item));
p->next = ret;
ret = p;
}
k = k->next;
}
return ret;
}
void kb_item_rm_all(struct kb_item ** kb, char * name)
{
int h = mkkey(name);
struct kb_item * k, * prev = NULL;
if ( kb == NULL )
return;
k = kb[h];
while ( k != NULL )
{
if(strcmp(k->name, name) == 0)
{
struct kb_item * next;
if(k->type == ARG_STRING)
efree(&k->v.v_str);
efree(&k->name);
next = k->next;
efree(&k);
if(prev != NULL) prev->next = next;
else kb[h] = next;
k = next;
}
else {
prev = k;
k = k->next;
}
}
}
static int
sendbatch(struct hotspotread_state * C)
{
while (C->Nip < 4096) {
/* Do we need to pick a new batch? */
if (C->Y == 65536) {
C->X = (size_t)random() % C->Xmax;
C->Y = 0;
}
/* Generate a key. */
mkkey(C->X, C->Y++, C->key->buf);
/* Send the request. */
if (proto_kvlds_request_get(C->Q, C->key,
callback_get, C))
goto err0;
C->Nip += 1;
}
/* Success! */
return (0);
err0:
/* Failure! */
return (-1);
}
SHELL void user_chk(uint u)
{
char i,f;
char *p,*s;
f=0;
if (user.number==0)
return;
for (i=0;i<varsize(user.defs);++i)
{
p=mkkey(i,user.defs);
if (p==NULL)
break;
if (toupper(*getvar(p,user.defs))!='T')
s=getvar(p,user.var); else
{
if (u==0)
continue;
}
if (s==NULL||*s=='\0'||u==1)
{
if (f==0)
{
f=1;
msgout("");
msgout(IC_ok"二三、あなたについてお聞きしたい事が有ります。");
}
user_def(p);
}
}
/* varview(user.var); */
}
void
test(const char *key, size_t keylen, const char *expected)
{
void *v = ipmapnearest(&root, mkkey(key), keylen);
if (v != expected) {
const char *exp = expected ? expected : "NULL";
printf("ipmapnearest(&root, \"%s\", %zu) != %s (%p -> %s)\n",
key, keylen, exp, v, (v == NULL) ? "NULL" : (char *)v);
}
}
void
http(Ticketreq *tr)
{
Ticket t;
char tbuf[TICKETLEN+1];
char key[DESKEYLEN];
char *p;
Biobuf *b;
int n;
n = strlen(tr->uid);
b = Bopen("/sys/lib/httppasswords", OREAD);
if(b == nil){
replyerror("no password file", raddr);
return;
}
/* find key */
for(;;){
p = Brdline(b, '\n');
if(p == nil)
break;
p[Blinelen(b)-1] = 0;
if(strncmp(p, tr->uid, n) == 0)
if(p[n] == ' ' || p[n] == '\t'){
p += n;
break;
}
}
Bterm(b);
if(p == nil) {
randombytes((uchar*)key, DESKEYLEN);
} else {
while(*p == ' ' || *p == '\t')
p++;
passtokey(key, p);
}
/* send back a ticket encrypted with the key */
randombytes((uchar*)t.chal, CHALLEN);
mkkey(t.key);
tbuf[0] = AuthOK;
t.num = AuthHr;
safecpy(t.cuid, tr->uid, sizeof(t.cuid));
safecpy(t.suid, tr->uid, sizeof(t.suid));
convT2M(&t, tbuf+1, key);
write(1, tbuf, sizeof(tbuf));
}
/*
* READ the knowledge base
*/
struct kb_item * kb_item_get_single(struct kb_item ** kb, char * name, int type)
{
unsigned int h = mkkey(name);
struct kb_item * ret;
if ( kb == NULL || name == NULL ) return NULL;
ret = kb[h];
while ( ret != NULL )
{
if( (strcmp(ret->name, name) == 0) && (type == 0 || (ret->type == type)) ) return ret;
ret = ret->next;
}
return ret;
}
static int kb_item_addset_int(struct kb_item ** kb, char * name, int value, int replace)
{
/*
* Before we write anything to the KB, we need to make sure that the same
* (name,value) pair is not present already
*/
int h = mkkey(name);
struct kb_item * item;
if ( kb == NULL )
return -1;
item = kb[h];
while ( item != NULL )
{
if ( strcmp(item->name, name) == 0 )
{
if(item->type == KB_TYPE_INT &&
item->v.v_int == value)
return -1;
if ( replace != 0 )
{
if ( item->type == KB_TYPE_STR )
efree(&item->v.v_str);
item->type = KB_TYPE_INT;
item->v.v_int = value;
return 0;
}
}
item = item->next;
}
item = emalloc(sizeof(struct kb_item));
item->name = estrdup(name);
item->v.v_int = value;
item->type = KB_TYPE_INT;
item->next = kb[h];
kb[h] = item;
return 0;
}
void
setup(void)
{
memset(&root, 0, sizeof(root));
memset(&rroot, 0, sizeof(rroot));
memset(&a, 0, sizeof(a));
memset(&b, 0, sizeof(b));
memset(&c, 0, sizeof(c));
memset(&d, 0, sizeof(d));
root.key = 0;
root.keylen = 0;
root.datum = NULL;
root.left = &rroot;
root.right = NULL;
rroot.key = revbits(mkkey("44.0.0.0"));
rroot.keylen = 8;
rroot.datum = (void *)rv;
rroot.left = &a;
rroot.right = &b;
a.key = (revbits(mkkey("44.0.0.1")) >> 8);
a.keylen = 24;
a.datum = (void *)av;
a.left = NULL;
a.right = NULL;
b.key = (revbits(mkkey("44.130.0.0")) >> 8);
b.keylen = 8;
b.datum = (void *)bv;
b.left = &c;
b.right = &d;
c.key = (revbits(mkkey("44.130.24.0")) >> 16);
c.keylen = 8;
c.datum = (void *)cv;
c.left = &e;
c.right = NULL;
d.key = (revbits(mkkey("44.130.130.0")) >> 16);
d.keylen = 8;
d.datum = (void *)dv;
d.left = NULL;
d.right = NULL;
e.key = (revbits(mkkey("44.130.24.25")) >> 24);
e.keylen = 8;
e.datum = (void *)ev;
e.left = NULL;
e.right = NULL;
}
/*
* reply with ticket and authenticator
*/
int
tickauthreply(Ticketreq *tr, char *hkey)
{
Ticket t;
Authenticator a;
char buf[TICKETLEN+AUTHENTLEN+1];
memset(&t, 0, sizeof(t));
memmove(t.chal, tr->chal, CHALLEN);
safecpy(t.cuid, tr->uid, sizeof t.cuid);
safecpy(t.suid, tr->uid, sizeof t.suid);
mkkey(t.key);
buf[0] = AuthOK;
t.num = AuthTs;
convT2M(&t, buf+1, hkey);
memmove(a.chal, t.chal, CHALLEN);
a.num = AuthAc;
a.id = 0;
convA2M(&a, buf+TICKETLEN+1, t.key);
if(write(1, buf, TICKETLEN+AUTHENTLEN+1) < 0)
return -1;
return 0;
}
void
__franken_fdinit_create()
{
int fd, ret, flags;
int root = 0;
char key[16], rkey[16], num[16];
int n_reg = 0, n_block = 0;
struct ufs_args ufs;
if (__franken_fd[0].valid) {
mkkey(key, num, "/dev/vfile", n_reg++, 0);
rump_pub_etfs_register(key, num, RUMP_ETFS_REG);
fd = rump___sysimpl_open(key, O_RDONLY);
if (fd != -1) {
rump___sysimpl_dup2(fd, 0);
rump___sysimpl_close(fd);
}
}
if (__franken_fd[1].valid) {
mkkey(key, num, "/dev/vfile", n_reg++, 1);
rump_pub_etfs_register(key, num, RUMP_ETFS_REG);
fd = rump___sysimpl_open(key, O_WRONLY);
if (fd != -1) {
rump___sysimpl_dup2(fd, 1);
rump___sysimpl_close(fd);
}
}
if (__franken_fd[2].valid) {
mkkey(key, num, "/dev/vfile", n_reg++, 2);
rump_pub_etfs_register(key, num, RUMP_ETFS_REG);
fd = rump___sysimpl_open(key, O_WRONLY);
if (fd != -1) {
rump___sysimpl_dup2(fd, 2);
rump___sysimpl_close(fd);
}
}
for (fd = 3; fd < MAXFD; fd++) {
if (__franken_fd[fd].valid == 0)
break;
switch (__franken_fd[fd].st.st_mode & S_IFMT) {
case S_IFREG:
mkkey(key, num, "/dev/vfile", n_reg++, fd);
rump_pub_etfs_register(key, num, RUMP_ETFS_REG);
flags = __franken_fd[fd].flags & O_ACCMODE;
rump___sysimpl_open(key, flags);
break;
case S_IFBLK:
mkkey(key, num, "/dev/block", n_block, fd);
mkkey(rkey, num, "/dev/rblock", n_block, fd);
n_block++;
rump_pub_etfs_register_withsize(key, num,
RUMP_ETFS_BLK, 0, __franken_fd[fd].st.st_size);
rump_pub_etfs_register_withsize(rkey, num,
RUMP_ETFS_CHR, 0, __franken_fd[fd].st.st_size);
if (root == 0) {
ufs.fspec = key;
flags = __franken_fd[fd].flags & O_ACCMODE;
if (flags == O_RDWR)
flags = MNT_LOG;
else
flags = MNT_RDONLY;
ret = rump___sysimpl_mount50("ffs", "/", flags, &ufs, sizeof(struct ufs_args));
if (ret == 0) {
root = 1;
} else {
if (flags == MNT_LOG)
flags = 0;
ret = rump___sysimpl_mount50("ext2fs", "/", flags, &ufs, sizeof(struct ufs_args));
if (ret == 0) {
root = 1;
}
}
if (root == 1)
atexit(unmount_atexit);
}
break;
case S_IFSOCK:
mkkey(key, num, "virt", fd, fd);
ret = rump_pub_netconfig_ifcreate(key);
if (ret == 0) {
ret = rump___sysimpl_socket30(AF_INET6, SOCK_STREAM, 0);
if (ret != -1) {
rump_pub_netconfig_auto_ipv6(key);
rump___sysimpl_close(ret);
}
ret = rump___sysimpl_socket30(AF_INET, SOCK_STREAM, 0);
if (ret != -1) {
rump_pub_netconfig_dhcp_ipv4_oneshot(key);
rump___sysimpl_close(ret);
}
}
break;
}
}
}
void
changepasswd(Ticketreq *tr)
{
Ticket t;
char tbuf[TICKETLEN+1];
char prbuf[PASSREQLEN];
Passwordreq pr;
char okey[DESKEYLEN], nkey[DESKEYLEN];
char *err;
if(findkey(KEYDB, tr->uid, okey) == 0){
/* make one up so caller doesn't know it was wrong */
mkkey(okey);
syslog(0, AUTHLOG, "cp-fail uid %s", raddr);
}
/* send back a ticket with a new key */
memmove(t.chal, tr->chal, CHALLEN);
mkkey(t.key);
tbuf[0] = AuthOK;
t.num = AuthTp;
safecpy(t.cuid, tr->uid, sizeof(t.cuid));
safecpy(t.suid, tr->uid, sizeof(t.suid));
convT2M(&t, tbuf+1, okey);
write(1, tbuf, sizeof(tbuf));
/* loop trying passwords out */
for(;;){
if(readn(0, prbuf, PASSREQLEN) < 0)
exits(0);
convM2PR(prbuf, &pr, t.key);
if(pr.num != AuthPass){
replyerror("protocol botch1: %s", raddr);
exits(0);
}
passtokey(nkey, pr.old);
if(memcmp(nkey, okey, DESKEYLEN)){
replyerror("protocol botch2: %s", raddr);
continue;
}
if(*pr.new){
err = okpasswd(pr.new);
if(err){
replyerror("%s %s", err, raddr);
continue;
}
passtokey(nkey, pr.new);
}
if(pr.changesecret && setsecret(KEYDB, tr->uid, pr.secret) == 0){
replyerror("can't write secret %s", raddr);
continue;
}
if(*pr.new && setkey(KEYDB, tr->uid, nkey) == 0){
replyerror("can't write key %s", raddr);
continue;
}
break;
}
prbuf[0] = AuthOK;
write(1, prbuf, 1);
succeed(tr->uid);
return;
}
void
challengebox(Ticketreq *tr)
{
long chal;
char *key, *netkey;
char kbuf[DESKEYLEN], nkbuf[DESKEYLEN], hkey[DESKEYLEN];
char buf[NETCHLEN+1];
char *err;
key = findkey(KEYDB, tr->uid, kbuf);
netkey = findkey(NETKEYDB, tr->uid, nkbuf);
if(key == 0 && netkey == 0){
/* make one up so caller doesn't know it was wrong */
mkkey(nkbuf);
netkey = nkbuf;
if(debug)
syslog(0, AUTHLOG, "cr-fail uid %s@%s", tr->uid, raddr);
}
if(findkey(KEYDB, tr->hostid, hkey) == 0){
/* make one up so caller doesn't know it was wrong */
mkkey(hkey);
if(debug)
syslog(0, AUTHLOG, "cr-fail hostid %s %s@%s", tr->hostid,
tr->uid, raddr);
}
/*
* challenge-response
*/
memset(buf, 0, sizeof(buf));
buf[0] = AuthOK;
chal = lnrand(MAXNETCHAL);
snprint(buf+1, sizeof buf - 1, "%lud", chal);
if(write(1, buf, NETCHLEN+1) < 0)
exits(0);
if(readn(0, buf, NETCHLEN) < 0)
exits(0);
if(!(key && netcheck(key, chal, buf))
&& !(netkey && netcheck(netkey, chal, buf))
&& (err = secureidcheck(tr->uid, buf)) != nil){
replyerror("cr-fail %s %s %s", err, tr->uid, raddr);
logfail(tr->uid);
if(debug)
syslog(0, AUTHLOG, "cr-fail %s@%s(%s): bad resp",
tr->uid, tr->hostid, raddr);
return;
}
succeed(tr->uid);
/*
* reply with ticket & authenticator
*/
if(tickauthreply(tr, hkey) < 0){
if(debug)
syslog(0, AUTHLOG, "cr-fail %s@%s(%s): hangup",
tr->uid, tr->hostid, raddr);
exits(0);
}
if(debug)
syslog(0, AUTHLOG, "cr-ok %s@%s(%s)",
tr->uid, tr->hostid, raddr);
}
