static int buildns(int newns, char *user, char *file) { Biobuf *b; char home[4*ANAMELEN]; int afd, cdroot; char *path; AuthRpc *rpc; rpc = nil; /* try for factotum now because later is impossible */ afd = open("/mnt/factotum/rpc", ORDWR); if(afd < 0 && newnsdebug) fprint(2, "open /mnt/factotum/rpc: %r\n"); if(afd >= 0){ rpc = auth_allocrpc(afd); if(rpc == nil) close(afd); } /* rpc != nil iff afd >= 0 */ if(file == nil){ if(!newns){ werrstr("no namespace file specified"); return freecloserpc(rpc); } file = "/lib/namespace"; } b = Bopen(file, OREAD); if(b == 0){ werrstr("can't open %s: %r", file); return freecloserpc(rpc); } if(newns){ rfork(RFENVG|RFCNAMEG); setenv("user", user); snprint(home, sizeof home, "/usr/%s", user); setenv("home", home); } cdroot = nsfile(newns ? "newns" : "addns", b, rpc); Bterm(b); freecloserpc(rpc); /* make sure we managed to cd into the new name space */ if(newns && !cdroot){ path = malloc(1024); if(path == nil || getwd(path, 1024) == 0 || chdir(path) < 0) chdir("/"); if(path != nil) free(path); } return 0; }
UserPasswd* auth_getuserpasswd(AuthGetkey *getkey, char *fmt, ...) { AuthRpc *rpc; char *f[3], *p, *params; int fd; va_list arg; UserPasswd *up; up = nil; rpc = nil; params = nil; fd = open("/mnt/factotum/rpc", ORDWR); if(fd < 0) goto out; rpc = auth_allocrpc(fd); if(rpc == nil) goto out; quotefmtinstall(); /* just in case */ va_start(arg, fmt); params = vsmprint(fmt, arg); va_end(arg); if(params == nil) goto out; if(dorpc(rpc, "start", params, strlen(params), getkey) != ARok || dorpc(rpc, "read", nil, 0, getkey) != ARok) goto out; rpc->arg[rpc->narg] = '\0'; if(tokenize(rpc->arg, f, 2) != 2){ werrstr("bad answer from factotum"); goto out; } up = malloc(sizeof(*up)+rpc->narg+1); if(up == nil) goto out; p = (char*)&up[1]; strcpy(p, f[0]); up->user = p; p += strlen(p)+1; strcpy(p, f[1]); up->passwd = p; out: free(params); auth_freerpc(rpc); close(fd); return up; }
void main(int argc, char **argv) { char buf[128], bufu[128]; int afd, n; AuthInfo *ai; AuthRpc *rpc; Chalstate *c; ARGBEGIN{ default: usage(); }ARGEND if(argc != 1) usage(); if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0) sysfatal("open /mnt/factotum/rpc: %r"); rpc = auth_allocrpc(afd); if(rpc == nil) sysfatal("auth_allocrpc: %r"); if((c = auth_challenge("%s", argv[0])) == nil) sysfatal("auth_challenge: %r"); print("challenge: %s\n", c->chal); print("user:"******"response: "); n = read(0, buf, sizeof buf); if(n < 0) sysfatal("read: %r"); if(n == 0) exits(nil); c->nresp = n-1; c->resp = buf; if((ai = auth_response(c)) == nil) sysfatal("auth_response: %r"); print("%s %s\n", ai->cuid, ai->suid); }
int auth_respond(void *chal, uint nchal, char *user, uint nuser, void *resp, uint nresp, AuthGetkey *getkey, char *fmt, ...) { char *p, *s; va_list arg; int afd; AuthRpc *rpc; Attr *a; if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0) return -1; if((rpc = auth_allocrpc(afd)) == nil){ close(afd); return -1; } quotefmtinstall(); /* just in case */ va_start(arg, fmt); p = vsmprint(fmt, arg); va_end(arg); if(p==nil || dorpc(rpc, "start", p, strlen(p), getkey) != ARok || dorpc(rpc, "write", chal, nchal, getkey) != ARok || dorpc(rpc, "read", nil, 0, getkey) != ARok){ free(p); close(afd); auth_freerpc(rpc); return -1; } free(p); if(rpc->narg < nresp) nresp = rpc->narg; memmove(resp, rpc->arg, nresp); if((a = auth_attr(rpc)) != nil && (s = _strfindattr(a, "user")) != nil && strlen(s) < nuser) strcpy(user, s); else if(nuser > 0) user[0] = '\0'; _freeattr(a); close(afd); auth_freerpc(rpc); return nresp; }
void auth9p(Req *r) { char *spec; Afid *afid; afid = emalloc9p(sizeof(Afid)); afid->afd = open("/mnt/factotum/rpc", ORDWR); if(afid->afd < 0) goto error; if((afid->rpc = auth_allocrpc(afid->afd)) == nil) goto error; if(r->ifcall.uname[0] == 0) goto error; afid->uname = estrdup9p(r->ifcall.uname); afid->aname = estrdup9p(r->ifcall.aname); spec = r->srv->keyspec; if(spec == nil) spec = "proto=p9any role=server"; if(auth_rpc(afid->rpc, "start", spec, strlen(spec)) != ARok) goto error; r->afid->qid.type = QTAUTH; r->afid->qid.path = ++authgen; r->afid->qid.vers = 0; r->afid->omode = ORDWR; r->ofcall.qid = r->afid->qid; r->afid->aux = afid; respond(r, nil); return; error: if(afid->rpc) auth_freerpc(afid->rpc); if(afid->uname) free(afid->uname); if(afid->aname) free(afid->aname); if(afid->afd >= 0) close(afid->afd); free(afid); responderror(r); }
/* * make factotum add wep keys to an 802.11 device */ int auth_wep(char *dev, char *fmt, ...) { AuthRpc *rpc; char *params, *p; int fd; va_list arg; int rv; rv = -1; if(dev == nil){ werrstr("no device specified"); return rv; } fd = open("/mnt/factotum/rpc", ORDWR); if(fd < 0) return rv; rpc = auth_allocrpc(fd); if(rpc != nil){ quotefmtinstall(); /* just in case */ va_start(arg, fmt); params = vsmprint(fmt, arg); va_end(arg); if(params != nil){ p = smprint("proto=wep %s", params); if(p != nil){ if(auth_rpc(rpc, "start", p, strlen(p)) == ARok && auth_rpc(rpc, "write", dev, strlen(dev)) == ARok) rv = 0; free(p); } free(params); } auth_freerpc(rpc); } close(fd); return rv; }
Chalstate* auth_challenge(char *fmt, ...) { char *p; va_list arg; Chalstate *c; quotefmtinstall(); /* just in case */ va_start(arg, fmt); p = vsmprint(fmt, arg); va_end(arg); if(p == nil) return nil; c = mallocz(sizeof(*c), 1); if(c == nil){ free(p); return nil; } if((c->afd = open("/mnt/factotum/rpc", ORDWR)) < 0){ Error: auth_freechal(c); free(p); return nil; } if((c->rpc=auth_allocrpc(c->afd)) == nil || auth_rpc(c->rpc, "start", p, strlen(p)) != ARok || auth_rpc(c->rpc, "read", nil, 0) != ARok) goto Error; if(c->rpc->narg > sizeof(c->chal)-1){ werrstr("buffer too small for challenge"); goto Error; } memmove(c->chal, c->rpc->arg, c->rpc->narg); c->nchal = c->rpc->narg; free(p); return c; }
void* authnew(void) { AuthRpc *rpc; int fd; if(access("/mnt/factotum", 0) < 0) if((fd = open("/srv/factotum", ORDWR)) >= 0) mount(fd, -1, "/mnt", MBEFORE, ""); if((fd = open("/mnt/factotum/rpc", ORDWR)) < 0) return nil; if((rpc = auth_allocrpc(fd)) == nil){ close(fd); return nil; } if(auth_rpc(rpc, "start", keyspec, strlen(keyspec)) != ARok){ authfree(rpc); return nil; } return rpc; }
AuthInfo* fsauth_proxy(CFid *fid, AuthGetkey *getkey, char *fmt, ...) { char *p; va_list arg; AuthInfo *ai; AuthRpc *rpc; quotefmtinstall(); /* just in case */ va_start(arg, fmt); p = vsmprint(fmt, arg); va_end(arg); rpc = auth_allocrpc(); if(rpc == nil){ free(p); return nil; } ai = fsfauth_proxy(fid, rpc, getkey, p); free(p); auth_freerpc(rpc); return ai; }
/* returns 0 if auth succeeded (or unneeded), -1 otherwise */ int authhostowner(Session *s) { Fid *af, *f; int rv = -1; int afd; AuthInfo *ai; AuthRpc *rpc; /* get a fid to authenticate over */ f = nil; af = newfid(s); s->f.afid = af - s->fids; s->f.uname = getuser(); s->f.aname = s->spec; if(xmesg(s, Tauth)){ /* not needed */ rv = 0; goto out; } quotefmtinstall(); /* just in case */ afd = open("/mnt/factotum/rpc", ORDWR); if(afd < 0){ werrstr("opening /mnt/factotum/rpc: %r"); goto out; } rpc = auth_allocrpc(afd); if(rpc == nil) goto out; ai = authproto(s, af, rpc, auth_getkey, "proto=p9any role=client"); if(ai != nil){ rv = 0; auth_freeAI(ai); } auth_freerpc(rpc); close(afd); /* try attaching with the afid */ chat("attaching as hostowner..."); f = newfid(s); s->f.fid = f - s->fids; s->f.afid = af - s->fids;; s->f.uname = getuser(); s->f.aname = s->spec; if(xmesg(s, Tattach) == 0) rv = 0; out: if(af != nil){ putfid(s, af); s->f.fid = af - s->fids; xmesg(s, Tclunk); } if(f != nil){ putfid(s, f); s->f.fid = f - s->fids; xmesg(s, Tclunk); } return rv; }
static int authrsafn(Conn *c) { uint8_t chalbuf[32+SESSIDLEN], response[MD5dlen]; char *s, *p; int afd, ret; AuthRpc *rpc; Msg *m; mpint *chal, *decr, *unpad, *mod; debug(DBG_AUTH, "rsa!\n"); if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0){ debug(DBG_AUTH, "open /mnt/factotum/rpc: %r\n"); return -1; } if((rpc = auth_allocrpc(afd)) == nil){ debug(DBG_AUTH, "auth_allocrpc: %r\n"); close(afd); return -1; } s = "proto=rsa role=client"; if(auth_rpc(rpc, "start", s, strlen(s)) != ARok){ debug(DBG_AUTH, "auth_rpc start %s failed: %r\n", s); auth_freerpc(rpc); close(afd); return -1; } ret = -1; debug(DBG_AUTH, "trying factotum rsa keys\n"); while(auth_rpc(rpc, "read", nil, 0) == ARok){ debug(DBG_AUTH, "try %s\n", (char*)rpc->arg); mod = strtomp(rpc->arg, nil, 16, nil); m = allocmsg(c, SSH_CMSG_AUTH_RSA, 16+(mpsignif(mod)+7/8)); putmpint(m, mod); sendmsg(m); mpfree(mod); m = recvmsg(c, -1); switch(m->type){ case SSH_SMSG_FAILURE: debug(DBG_AUTH, "\tnot accepted %s\n", (char*)rpc->arg); free(m); continue; default: badmsg(m, 0); case SSH_SMSG_AUTH_RSA_CHALLENGE: break; } chal = getmpint(m); debug(DBG_AUTH, "\tgot challenge %B\n", chal); free(m); p = mptoa(chal, 16, nil, 0); mpfree(chal); if(p == nil){ debug(DBG_AUTH, "\tmptoa failed: %r\n"); unpad = mpnew(0); goto Keepgoing; } if(auth_rpc(rpc, "write", p, strlen(p)) != ARok){ debug(DBG_AUTH, "\tauth_rpc write failed: %r\n"); free(p); unpad = mpnew(0); /* it will fail, we'll go round again */ goto Keepgoing; } free(p); if(auth_rpc(rpc, "read", nil, 0) != ARok){ debug(DBG_AUTH, "\tauth_rpc read failed: %r\n"); unpad = mpnew(0); goto Keepgoing; } decr = strtomp(rpc->arg, nil, 16, nil); debug(DBG_AUTH, "\tdecrypted %B\n", decr); unpad = rsaunpad(decr); debug(DBG_AUTH, "\tunpadded %B\n", unpad); mpfree(decr); Keepgoing: mptoberjust(unpad, chalbuf, 32); mpfree(unpad); debug(DBG_AUTH, "\trjusted %.*H\n", 32, chalbuf); memmove(chalbuf+32, c->sessid, SESSIDLEN); debug(DBG_AUTH, "\tappend sesskey %.*H\n", 32, chalbuf); md5(chalbuf, 32+SESSIDLEN, response, nil); m = allocmsg(c, SSH_CMSG_AUTH_RSA_RESPONSE, MD5dlen); putbytes(m, response, MD5dlen); sendmsg(m); m = recvmsg(c, -1); switch(m->type){ case SSH_SMSG_FAILURE: free(m); continue; default: badmsg(m, 0); case SSH_SMSG_SUCCESS: break; } ret = 0; break; } auth_freerpc(rpc); close(afd); return ret; }
void sshserverhandshake(Conn *c) { char *p, buf[128]; Biobuf *b; Attr *a; int i, afd; mpint *m; AuthRpc *rpc; RSApub *key; /* * BUG: should use `attr' to get the key attributes * after the read, but that's not implemented yet. */ if((b = Bopen("/mnt/factotum/ctl", OREAD)) == nil) sysfatal("open /mnt/factotum/ctl: %r"); while((p = Brdline(b, '\n')) != nil){ p[Blinelen(b)-1] = '\0'; if(strstr(p, " proto=rsa ") && strstr(p, " service=sshserve ")) break; } if(p == nil) sysfatal("no sshserve keys found in /mnt/factotum/ctl"); a = _parseattr(p); Bterm(b); key = emalloc(sizeof(*key)); if((p = _strfindattr(a, "n")) == nil) sysfatal("no n in sshserve key"); if((key->n = strtomp(p, &p, 16, nil)) == nil || *p != 0) sysfatal("bad n in sshserve key"); if((p = _strfindattr(a, "ek")) == nil) sysfatal("no ek in sshserve key"); if((key->ek = strtomp(p, &p, 16, nil)) == nil || *p != 0) sysfatal("bad ek in sshserve key"); _freeattr(a); if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0) sysfatal("open /mnt/factotum/rpc: %r"); if((rpc = auth_allocrpc(afd)) == nil) sysfatal("auth_allocrpc: %r"); p = "proto=rsa role=client service=sshserve"; if(auth_rpc(rpc, "start", p, strlen(p)) != ARok) sysfatal("auth_rpc start %s: %r", p); if(auth_rpc(rpc, "read", nil, 0) != ARok) sysfatal("auth_rpc read: %r"); m = strtomp(rpc->arg, nil, 16, nil); if(mpcmp(m, key->n) != 0) sysfatal("key in /mnt/factotum/ctl does not match rpc key"); mpfree(m); c->hostkey = key; /* send id string */ fprint(c->fd[0], "SSH-1.5-Plan9\n"); /* receive id string */ if(readstrnl(c->fd[0], buf, sizeof buf) < 0) sysfatal("reading server version: %r"); /* id string is "SSH-m.n-comment". We need m=1, n>=5. */ if(strncmp(buf, "SSH-", 4) != 0 || strtol(buf+4, &p, 10) != 1 || *p != '.' || strtol(p+1, &p, 10) < 5 || *p != '-') sysfatal("protocol mismatch; got %s, need SSH-1.x for x>=5", buf); for(i=0; i<COOKIELEN; i++) c->cookie[i] = fastrand(); calcsessid(c); send_ssh_smsg_public_key(c); recv_ssh_cmsg_session_key(c, rpc); auth_freerpc(rpc); close(afd); c->cstate = (*c->cipher->init)(c, 1); /* turns on encryption */ sendmsg(allocmsg(c, SSH_SMSG_SUCCESS, 0)); authsrvuser(c); }
static int dorsa(mpint *mod, mpint *exp, mpint *chal, uint8_t chalbuf[32]) { int afd; AuthRpc *rpc; mpint *m; char buf[4096], *p; mpint *decr, *unpad; USED(exp); snprint(buf, sizeof buf, "proto=rsa service=ssh role=client"); if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0){ debug(DBG_AUTH, "open /mnt/factotum/rpc: %r\n"); return -1; } if((rpc = auth_allocrpc(afd)) == nil){ debug(DBG_AUTH, "auth_allocrpc: %r\n"); close(afd); return -1; } if(auth_rpc(rpc, "start", buf, strlen(buf)) != ARok){ debug(DBG_AUTH, "auth_rpc start failed: %r\n"); Die: auth_freerpc(rpc); close(afd); return -1; } m = nil; debug(DBG_AUTH, "trying factotum rsa keys\n"); while(auth_rpc(rpc, "read", nil, 0) == ARok){ debug(DBG_AUTH, "try %s\n", (char*)rpc->arg); m = strtomp(rpc->arg, nil, 16, nil); if(mpcmp(m, mod) == 0) break; mpfree(m); m = nil; } if(m == nil) goto Die; mpfree(m); p = mptoa(chal, 16, nil, 0); if(p == nil){ debug(DBG_AUTH, "\tmptoa failed: %r\n"); goto Die; } if(auth_rpc(rpc, "write", p, strlen(p)) != ARok){ debug(DBG_AUTH, "\tauth_rpc write failed: %r\n"); free(p); goto Die; } free(p); if(auth_rpc(rpc, "read", nil, 0) != ARok){ debug(DBG_AUTH, "\tauth_rpc read failed: %r\n"); goto Die; } decr = strtomp(rpc->arg, nil, 16, nil); if(decr == nil){ debug(DBG_AUTH, "\tdecr %s failed\n", rpc->arg); goto Die; } debug(DBG_AUTH, "\tdecrypted %B\n", decr); unpad = rsaunpad(decr); if(unpad == nil){ debug(DBG_AUTH, "\tunpad %B failed\n", decr); mpfree(decr); goto Die; } debug(DBG_AUTH, "\tunpadded %B\n", unpad); mpfree(decr); mptoberjust(unpad, chalbuf, 32); mpfree(unpad); auth_freerpc(rpc); close(afd); return 0; }