void
xfer(int from, int to)
{
uchar buf[4096];
int i, n, modified, ok, total, errs, dropped;
if(fork() == 0)
return;
total = ok = errs = dropped = 0;
for(;;){
n = read(from, buf, sizeof(buf));
if(n <= 0){
fprint(2, "%d -> %d EOF\n", from, to);
exits(0);
}
modified = 0;
if(errrate){
for(i = 0; i < n; i++){
if(lnrand(errrate) == 0){
buf[i] ^= 0xff;
modified = 1;
}
}
}
if(droprate && lnrand(droprate) == 0){
fprint(2, "!!!!!!!!!!!!!!%d -> %d dropped %d (%d/%d)\n", from, to, ok, dropped, total);
ok = 0;
dropped++;
total++;
continue;
}
if(modified){
fprint(2, "!!!!!!!!!!!!!!%d -> %d %d (%d/%d)\n", from, to, ok, errs, total);
ok = 0;
errs++;
} else
ok++;
total++;
if(debug > 1){
fprint(2, "%d -> %d (%d)", from, to, n);
printbuf(buf, n);
}
n = write(to, buf, n);
if(n < 0){
fprint(2, "%d -> %d write err\n", from, to);
exits(0);
}
}
}
void
main(int argc, char *argv[])
{
int n;
int32_t chal;
char *err;
char ukey[DESKEYLEN], resp[32], buf[NETCHLEN];
Ndb *db2;
ARGBEGIN{
case 'd':
debug = 1;
break;
}ARGEND;
db = ndbopen("/lib/ndb/auth");
if(db == 0)
syslog(0, AUTHLOG, "no /lib/ndb/auth");
db2 = ndbopen(0);
if(db2 == 0)
syslog(0, AUTHLOG, "no /lib/ndb/local");
db = ndbcat(db, db2);
werrstr("");
strcpy(raddr, "unknown");
if(argc >= 1)
getraddr(argv[argc-1]);
argv0 = "guard";
srand((getpid()*1103515245)^time(0));
notify(catchalarm);
/*
* read the host and client and get their keys
*/
if(readarg(0, user, sizeof user) < 0)
fail(0);
/*
* challenge-response
*/
chal = lnrand(MAXNETCHAL);
snprint(buf, sizeof buf, "challenge: %lud\nresponse: ", chal);
n = strlen(buf) + 1;
if(write(1, buf, n) != n){
if(debug)
syslog(0, AUTHLOG, "g-fail %s@%s: %r sending chal",
user, raddr);
exits("replying to server");
}
alarm(3*60*1000);
werrstr("");
if(readarg(0, resp, sizeof resp) < 0){
if(debug)
syslog(0, AUTHLOG, "g-fail %s@%s: %r reading resp",
user, raddr);
fail(0);
}
alarm(0);
/* remove password login from guard.research.bell-labs.com, sucre, etc. */
// if(!findkey(KEYDB, user, ukey) || !netcheck(ukey, chal, resp))
if(!findkey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
if((err = secureidcheck(user, resp)) != nil){
print("NO %s", err);
write(1, "NO", 2);
if(debug) {
char *r;
/*
* don't log the entire response, since the first
* Pinlen digits may be the user's secure-id pin.
*/
if (strlen(resp) < Pinlen)
r = strdup("<too short for pin>");
else if (strlen(resp) == Pinlen)
r = strdup("<pin only>");
else
r = smprint("%.*s%s", Pinlen,
"******************", resp + Pinlen);
syslog(0, AUTHLOG,
"g-fail %s@%s: %s: resp %s to chal %lud",
user, raddr, err, r, chal);
free(r);
}
fail(user);
}
write(1, "OK", 2);
if(debug)
syslog(0, AUTHLOG, "g-ok %s@%s", user, raddr);
succeed(user);
exits(0);
}
Source *
sourceCreate(Source *r, int dsize, int dir, uint32_t offset)
{
int i, epb, psize;
uint32_t bn, size;
Block *b;
Entry e;
Source *rr;
assert(sourceIsLocked(r));
if(!r->dir) {
vtSetError(ENotDir);
return nil;
}
epb = r->dsize/VtEntrySize;
psize = (dsize/VtScoreSize)*VtScoreSize;
size = sourceGetDirSize(r);
if(offset == 0) {
/*
* look at a random block to see if we can find an empty entry
*/
offset = lnrand(size+1);
offset -= offset % epb;
}
/* try the given block and then try the last block */
for(;;) {
bn = offset/epb;
b = sourceBlock(r, bn, OReadWrite);
if(b == nil)
return nil;
for(i=offset%r->epb; i<epb; i++) {
entryUnpack(&e, b->data, i);
if((e.flags&VtEntryActive) == 0 && e.gen != ~0)
goto Found;
}
blockPut(b);
if(offset == size) {
fprint(2, "sourceCreate: cannot happen\n");
vtSetError("sourceCreate: cannot happen");
return nil;
}
offset = size;
}
Found:
/* found an entry - gen already set */
e.psize = psize;
e.dsize = dsize;
assert(psize && dsize);
e.flags = VtEntryActive;
if(dir)
e.flags |= VtEntryDir;
e.depth = 0;
e.size = 0;
memmove(e.score, vtZeroScore, VtScoreSize);
e.tag = 0;
e.snap = 0;
e.archive = 0;
entryPack(&e, b->data, i);
blockDirty(b);
offset = bn*epb + i;
if(offset+1 > size) {
if(!sourceSetDirSize(r, offset+1)) {
blockPut(b);
return nil;
}
}
rr = sourceAlloc(r->fs, b, r, offset, OReadWrite, 0);
blockPut(b);
return rr;
}
VtFile*
_vtfilecreate(VtFile *r, int o, int psize, int dsize, int type)
{
int i;
VtBlock *b;
u32int bn, size;
VtEntry e;
int epb;
VtFile *rr;
u32int offset;
assert(ISLOCKED(r));
assert(psize <= VtMaxLumpSize);
assert(dsize <= VtMaxLumpSize);
assert(type == VtDirType || type == VtDataType);
if(!r->dir){
werrstr(ENotDir);
return nil;
}
epb = r->dsize/VtEntrySize;
size = vtfilegetdirsize(r);
/*
* look at a random block to see if we can find an empty entry
*/
if(o == -1){
offset = lnrand(size+1);
offset -= offset % epb;
}else
offset = o;
/* try the given block and then try the last block */
for(;;){
bn = offset/epb;
b = vtfileblock(r, bn, VtORDWR);
if(b == nil)
return nil;
for(i=offset%r->epb; i<epb; i++){
if(vtentryunpack(&e, b->data, i) < 0)
continue;
if((e.flags&VtEntryActive) == 0 && e.gen != ~0)
goto Found;
}
vtblockput(b);
if(offset == size){
fprint(2, "vtfilecreate: cannot happen\n");
werrstr("vtfilecreate: cannot happen");
return nil;
}
offset = size;
}
Found:
/* found an entry - gen already set */
e.psize = psize;
e.dsize = dsize;
e.flags = VtEntryActive;
e.type = type;
e.size = 0;
memmove(e.score, vtzeroscore, VtScoreSize);
vtentrypack(&e, b->data, i);
offset = bn*epb + i;
if(offset+1 > size){
if(vtfilesetdirsize(r, offset+1) < 0){
vtblockput(b);
return nil;
}
}
rr = vtfilealloc(r->c, b, r, offset, VtORDWR);
vtblockput(b);
return rr;
}
void
challengebox(Ticketreq *tr)
{
long chal;
char *key, *netkey;
char kbuf[DESKEYLEN], nkbuf[DESKEYLEN], hkey[DESKEYLEN];
char buf[NETCHLEN+1];
char *err;
key = findkey(KEYDB, tr->uid, kbuf);
netkey = findkey(NETKEYDB, tr->uid, nkbuf);
if(key == 0 && netkey == 0){
/* make one up so caller doesn't know it was wrong */
mkkey(nkbuf);
netkey = nkbuf;
if(debug)
syslog(0, AUTHLOG, "cr-fail uid %s@%s", tr->uid, raddr);
}
if(findkey(KEYDB, tr->hostid, hkey) == 0){
/* make one up so caller doesn't know it was wrong */
mkkey(hkey);
if(debug)
syslog(0, AUTHLOG, "cr-fail hostid %s %s@%s", tr->hostid,
tr->uid, raddr);
}
/*
* challenge-response
*/
memset(buf, 0, sizeof(buf));
buf[0] = AuthOK;
chal = lnrand(MAXNETCHAL);
snprint(buf+1, sizeof buf - 1, "%lud", chal);
if(write(1, buf, NETCHLEN+1) < 0)
exits(0);
if(readn(0, buf, NETCHLEN) < 0)
exits(0);
if(!(key && netcheck(key, chal, buf))
&& !(netkey && netcheck(netkey, chal, buf))
&& (err = secureidcheck(tr->uid, buf)) != nil){
replyerror("cr-fail %s %s %s", err, tr->uid, raddr);
logfail(tr->uid);
if(debug)
syslog(0, AUTHLOG, "cr-fail %s@%s(%s): bad resp",
tr->uid, tr->hostid, raddr);
return;
}
succeed(tr->uid);
/*
* reply with ticket & authenticator
*/
if(tickauthreply(tr, hkey) < 0){
if(debug)
syslog(0, AUTHLOG, "cr-fail %s@%s(%s): hangup",
tr->uid, tr->hostid, raddr);
exits(0);
}
if(debug)
syslog(0, AUTHLOG, "cr-ok %s@%s(%s)",
tr->uid, tr->hostid, raddr);
}
