int opendatabase(void) { char netdbnm[256]; Ndb *xdb, *netdb; if (db) return 0; xdb = ndbopen(dbfile); /* /lib/ndb */ snprint(netdbnm, sizeof netdbnm, "%s/ndb", mntpt); for(netdb = xdb; netdb; netdb = netdb->next) if(strcmp(netdb->file, netdbnm) == 0){ db = xdb; return 0; } netdb = ndbopen(netdbnm); /* /net/ndb */ if(netdb) netdb->nohash = 1; db = ndbcat(netdb, xdb); /* both */ return db? 0: -1; }
static void ndbinit(void) { db = ndbopen(dbfile); if (db == NULL) error(1, 0, "%s: %r", "can't open network database"); netdb = ndbopen(netndb); if (netdb != NULL) { netdb->nohash = 1; db = ndbcat(netdb, db); } }
void main(int argc, char **argv) { Ndb *db; char *dbfile = 0; ARGBEGIN{ case 'f': dbfile = ARGF(); break; default: usage(); break; }ARGEND; if(argc < 3) usage(); db = ndbopen(dbfile); if(db == 0){ fprint(2, "no db files\n"); exits("no db"); } search(db, argv[0], argv[1], argv+2, argc-2); ndbclose(db); exits(0); }
void main(int argc, char **argv) { Ipinfo ii; uchar addrs[2][IPaddrlen]; int i, j; db = ndbopen(0); fmtinstall('E', eipconv); fmtinstall('I', eipconv); if(argc < 2) exits(0); if(strchr(argv[1], '.')){ if(ipinfo(db, 0, argv[1], 0, &ii) < 0) exits(0); } else { if(ipinfo(db, argv[1], 0, 0, &ii) < 0) exits(0); } print("a %I m %I n %I f %s e %E a %I\n", ii.ipaddr, ii.ipmask, ii.ipnet, ii.bootf, ii.etheraddr, ii.auip); i = lookupserver("auth", addrs, &ii); print("lookupserver returns %d\n", i); for(j = 0; j < i; j++) print("%I\n", addrs[j]); i = lookupserver("dns", addrs, &ii); print("lookupserver returns %d\n", i); for(j = 0; j < i; j++) print("%I\n", addrs[j]); }
static Ndb* dbopen(char* dbname) { Ndb *db; if((db = ndbopen(dbname)) == 0) error("dbopen: %s: %r\n", dbname); return db; }
void parse(char *file) { int i; Ndb *db; Ndbtuple *t, *nt, *tt, *ipnett; char *p; db = ndbopen(file); if(db == 0) exits("no database"); while(t = ndbparse(db)){ for(nt = t; nt; nt = nt->entry){ if(strcmp(nt->attr, "ip") == 0) break; if(strcmp(nt->attr, "flavor") == 0 && strcmp(nt->val, "console") == 0) return; } if(nt == 0){ ndbfree(t); continue; } /* dump anything not on our nets */ ipnett = 0; for(tt = t; tt; tt = tt->entry){ if(strcmp(tt->attr, "ipnet") == 0){ ipnett = tt; break; } if(strcmp(tt->attr, "dom") == 0){ i = strlen(tt->val); p = tt->val+i-domnamlen; if(p >= tt->val && strcmp(p, domname) == 0) break; } } if(tt == 0){ ndbfree(t); continue; } for(; nt; nt = nt->entry){ if(strcmp(nt->attr, "ip") != 0) continue; x[nx].it = nt; x[nx].nt = ipnett; x[nx++].t = t; } } }
void main(int argc, char **argv) { Ndb *db2; if(argc!=2){ fprint(2, "usage: %s pinsecurid\n", argv[0]); exits("usage"); } db = ndbopen("/lib/ndb/auth"); if(db == 0) syslog(0, "secstore", "no /lib/ndb/auth"); db2 = ndbopen(0); if(db2 == 0) syslog(0, "secstore", "no /lib/ndb/local"); db = ndbcat(db, db2); print("user=%s\n", getenv("user")); print("%s\n", secureidcheck(getenv("user"), argv[1])); exits(0); }
static void expand_meta(DS *ds) { static Ndb *db; Ndbs s; char *sys, *smtpserver; /* can't ask cs, so query database directly. */ sys = sysname(); if(db == nil) db = ndbopen(0); smtpserver = ndbgetvalue(db, &s, "sys", sys, "smtp", nil); snprint(ds->host, 128, "%s", smtpserver); }
void main(int argc, char **argv) { int reps = 1; char *rattr = nil, *dbfile = nil; Ndb *db; ARGBEGIN{ case 'a': all++; break; case 'm': multiple++; break; case 'f': dbfile = EARGF(usage()); break; default: usage(); }ARGEND; switch(argc){ case 4: reps = atoi(argv[3]); /* wtf use is this? */ /* fall through */ case 3: rattr = argv[2]; break; case 2: rattr = nil; break; default: usage(); } if(Binit(&bout, 1, OWRITE) == -1) sysfatal("Binit: %r"); db = ndbopen(dbfile); if(db == nil){ fprint(2, "%s: no db files\n", argv0); exits("no db"); } while(reps--) search(db, argv[0], argv[1], rattr); ndbclose(db); exits(0); }
/* * open ndbfile as db if not already open. also check for stale data * and reload as needed. */ static Ndb * opendb(void) { static ulong lastcheck; /* check no more often than once every minute */ if(db == nil) { db = ndbopen(ndbfile); if(db != nil) lastcheck = now; } else if(now >= lastcheck + 60) { if (ndbchanged(db)) ndbreopen(db); lastcheck = now; } return db; }
void main(int argc, char **argv) { Ipinfo ii; Ndb *db; db = ndbopen(0); fmtinstall('E', eipconv); fmtinstall('I', eipconv); if(argc < 2) exits(0); if(strchr(argv[1], '.')){ if(ipinfo(db, 0, argv[1], 0, &ii) < 0) exits(0); } else { if(ipinfo(db, argv[1], 0, 0, &ii) < 0) exits(0); } fprint(2, "a %I m %I n %I f %s e %E\n", ii.ipaddr, ii.ipmask, ii.ipnet, ii.bootf, ii.etheraddr); }
void main(int argc, char *argv[]) { int n; int32_t chal; char *err; char ukey[DESKEYLEN], resp[32], buf[NETCHLEN]; Ndb *db2; ARGBEGIN{ case 'd': debug = 1; break; }ARGEND; db = ndbopen("/lib/ndb/auth"); if(db == 0) syslog(0, AUTHLOG, "no /lib/ndb/auth"); db2 = ndbopen(0); if(db2 == 0) syslog(0, AUTHLOG, "no /lib/ndb/local"); db = ndbcat(db, db2); werrstr(""); strcpy(raddr, "unknown"); if(argc >= 1) getraddr(argv[argc-1]); argv0 = "guard"; srand((getpid()*1103515245)^time(0)); notify(catchalarm); /* * read the host and client and get their keys */ if(readarg(0, user, sizeof user) < 0) fail(0); /* * challenge-response */ chal = lnrand(MAXNETCHAL); snprint(buf, sizeof buf, "challenge: %lud\nresponse: ", chal); n = strlen(buf) + 1; if(write(1, buf, n) != n){ if(debug) syslog(0, AUTHLOG, "g-fail %s@%s: %r sending chal", user, raddr); exits("replying to server"); } alarm(3*60*1000); werrstr(""); if(readarg(0, resp, sizeof resp) < 0){ if(debug) syslog(0, AUTHLOG, "g-fail %s@%s: %r reading resp", user, raddr); fail(0); } alarm(0); /* remove password login from guard.research.bell-labs.com, sucre, etc. */ // if(!findkey(KEYDB, user, ukey) || !netcheck(ukey, chal, resp)) if(!findkey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp)) if((err = secureidcheck(user, resp)) != nil){ print("NO %s", err); write(1, "NO", 2); if(debug) { char *r; /* * don't log the entire response, since the first * Pinlen digits may be the user's secure-id pin. */ if (strlen(resp) < Pinlen) r = strdup("<too short for pin>"); else if (strlen(resp) == Pinlen) r = strdup("<pin only>"); else r = smprint("%.*s%s", Pinlen, "******************", resp + Pinlen); syslog(0, AUTHLOG, "g-fail %s@%s: %s: resp %s to chal %lud", user, raddr, err, r, chal); free(r); } fail(user); } write(1, "OK", 2); if(debug) syslog(0, AUTHLOG, "g-ok %s@%s", user, raddr); succeed(user); exits(0); }
void main(int argc, char **argv) { int afd, dfd, lcfd, forceSTA = 0; char aserve[128], net[128], adir[40], ldir[40]; char *remote, *serve = "tcp!*!5356", *S = "secstore"; Ndb *db2; setnetmtpt(net, sizeof(net), nil); ARGBEGIN{ case 'R': forceSTA = 1; break; case 's': serve = EARGF(usage()); break; case 'S': S = EARGF(usage()); break; case 'x': setnetmtpt(net, sizeof(net), EARGF(usage())); break; case 'v': verbose++; break; default: usage(); }ARGEND; if(!verbose) switch(rfork(RFNOTEG|RFPROC|RFFDG)) { case -1: sysfatal("fork: %r"); case 0: break; default: exits(0); } snprint(aserve, sizeof aserve, "%s/%s", net, serve); afd = announce(aserve, adir); if(afd < 0) sysfatal("%s: %r", aserve); syslog(0, LOG, "ANNOUNCE %s", aserve); for(;;){ if((lcfd = listen(adir, ldir)) < 0) exits("can't listen"); switch(fork()){ case -1: fprint(2, "secstore forking: %r\n"); close(lcfd); break; case 0: /* * "/lib/ndb/common.radius does not exist" * if db set before fork. */ db = ndbopen("/lib/ndb/auth"); if(db == 0) syslog(0, LOG, "no /lib/ndb/auth"); db2 = ndbopen(0); if(db2 == 0) syslog(0, LOG, "no /lib/ndb/local"); db = ndbcat(db, db2); if((dfd = accept(lcfd, ldir)) < 0) exits("can't accept"); alarm(30*60*1000); /* 30 min */ remote = remoteIP(ldir); syslog(0, LOG, "secstore from %s", remote); free(remote); dologin(dfd, S, forceSTA); exits(nil); default: close(lcfd); break; } } }
/* returns 0 on success, error message on failure */ char* secureidcheck(char *user, char *response) { Packet *req = nil, *resp = nil; ulong u[4]; uchar x[16]; char *radiussecret; char ruser[ 64]; char dest[3*IPaddrlen+20]; Secret shared, pass; char *rv = "authentication failed"; Ndbs s; Ndbtuple *t, *nt, *tt; uchar *ip; static Ndb *netdb; if(netdb == nil) netdb = ndbopen(0); /* bad responses make them disable the fob, avoid silly checks */ if(strlen(response) < 4 || strpbrk(response,"abcdefABCDEF") != nil) goto out; /* get radius secret */ radiussecret = ndbgetvalue(db, &s, "radius", "lra-radius", "secret", &t); if(radiussecret == nil){ syslog(0, AUTHLOG, "secureidcheck: nil radius secret: %r"); goto out; } /* translate user name if we have to */ strcpy(ruser, user); for(nt = t; nt; nt = nt->entry){ if(strcmp(nt->attr, "uid") == 0 && strcmp(nt->val, user) == 0) for(tt = nt->line; tt != nt; tt = tt->line) if(strcmp(tt->attr, "rid") == 0){ strcpy(ruser, tt->val); break; } } ndbfree(t); u[0] = fastrand(); u[1] = fastrand(); u[2] = fastrand(); u[3] = fastrand(); req = newRequest((uchar*)u); if(req == nil) goto out; shared.s = (uchar*)radiussecret; shared.len = strlen(radiussecret); ip = getipv4addr(); if(ip == nil){ syslog(0, AUTHLOG, "no interfaces: %r\n"); goto out; } if(setAttribute(req, R_NASIPAddress, ip + IPv4off, 4) < 0) goto out; if(setAttribute(req, R_UserName, (uchar*)ruser, strlen(ruser)) < 0) goto out; pass.s = (uchar*)response; pass.len = strlen(response); hide(&shared, req->authenticator, &pass, x); if(setAttribute(req, R_UserPassword, x, 16) < 0) goto out; t = ndbsearch(netdb, &s, "sys", "lra-radius"); if(t == nil){ syslog(0, AUTHLOG, "secureidcheck: nil radius sys search: %r\n"); goto out; } for(nt = t; nt; nt = nt->entry){ if(strcmp(nt->attr, "ip") != 0) continue; snprint(dest,sizeof dest,"udp!%s!oradius", nt->val); resp = rpc(dest, &shared, req); if(resp == nil){ syslog(0, AUTHLOG, "%s nil response", dest); continue; } if(resp->ID != req->ID){ syslog(0, AUTHLOG, "%s mismatched ID req=%d resp=%d", dest, req->ID, resp->ID); freePacket(resp); resp = nil; continue; } switch(resp->code){ case R_AccessAccept: syslog(0, AUTHLOG, "%s accepted ruser=%s", dest, ruser); rv = nil; break; case R_AccessReject: syslog(0, AUTHLOG, "%s rejected ruser=%s %s", dest, ruser, replymsg(resp)); rv = "secureid failed"; break; case R_AccessChallenge: syslog(0, AUTHLOG, "%s challenge ruser=%s %s", dest, ruser, replymsg(resp)); rv = "secureid out of sync"; break; default: syslog(0, AUTHLOG, "%s code=%d ruser=%s %s", dest, resp->code, ruser, replymsg(resp)); break; } break; /* we have a proper reply, no need to ask again */ } ndbfree(t); free(radiussecret); out: freePacket(req); freePacket(resp); return rv; }
void main(int argc, char **argv) { Ndbtuple *t, *nt; int n; Dir *d; uint8_t buf[8]; char file[128]; int fd; uint32_t off; uint8_t *p; if(argc != 3){ fprint(2, "usage: mkhash file attribute\n"); exits("usage"); } db = ndbopen(argv[1]); if(db == 0){ fprint(2, "mkhash: can't open %s\n", argv[1]); exits(syserr()); } /* try a bigger than normal buffer */ Binits(&db->b, Bfildes(&db->b), OREAD, nbuf, sizeof(nbuf)); /* count entries to calculate hash size */ n = 0; while(nt = ndbparse(db)){ for(t = nt; t; t = t->entry){ if(strcmp(t->attr, argv[2]) == 0) n++; } ndbfree(nt); } /* allocate an array large enough for worst case */ hlen = 2*n+1; n = hlen*NDBPLEN + hlen*2*NDBPLEN; ht = mallocz(n, 1); if(ht == 0){ fprint(2, "mkhash: not enough memory\n"); exits(syserr()); } for(p = ht; p < &ht[n]; p += NDBPLEN) NDBPUTP(NDBNAP, p); nextchain = hlen*NDBPLEN; /* create the in core hash table */ Bseek(&db->b, 0, 0); off = 0; while(nt = ndbparse(db)){ for(t = nt; t; t = t->entry){ if(strcmp(t->attr, argv[2]) == 0) enter(t->val, off); } ndbfree(nt); off = Boffset(&db->b); } /* create the hash file */ snprint(file, sizeof(file), "%s.%s", argv[1], argv[2]); fd = create(file, ORDWR, 0664); if(fd < 0){ fprint(2, "mkhash: can't create %s\n", file); exits(syserr()); } NDBPUTUL(db->mtime, buf); NDBPUTUL(hlen, buf+NDBULLEN); if(write(fd, buf, NDBHLEN) != NDBHLEN){ fprint(2, "mkhash: writing %s\n", file); exits(syserr()); } if(write(fd, ht, nextchain) != nextchain){ fprint(2, "mkhash: writing %s\n", file); exits(syserr()); } close(fd); /* make sure file didn't change while we were making the hash */ d = dirstat(argv[1]); if(d == nil || d->qid.path != db->qid.path || d->qid.vers != db->qid.vers){ fprint(2, "mkhash: %s changed underfoot\n", argv[1]); remove(file); exits("changed"); } exits(0); }
void main(int argc, char *argv[]) { char buf[TICKREQLEN]; Ticketreq tr; ARGBEGIN{ case 'd': debug++; }ARGEND strcpy(raddr, "unknown"); if(argc >= 1) getraddr(argv[argc-1]); alarm(10*60*1000); /* kill a connection after 10 minutes */ db = ndbopen("/lib/ndb/auth"); if(db == 0) syslog(0, AUTHLOG, "no /lib/ndb/auth"); srand(time(0)*getpid()); for(;;){ if(readn(0, buf, TICKREQLEN) <= 0) exits(0); convM2TR(buf, &tr); switch(buf[0]){ case AuthTreq: ticketrequest(&tr); break; case AuthChal: challengebox(&tr); break; case AuthPass: changepasswd(&tr); break; case AuthApop: apop(&tr, AuthApop); break; case AuthChap: chap(&tr); break; case AuthMSchap: mschap(&tr); break; case AuthCram: apop(&tr, AuthCram); break; case AuthHttp: http(&tr); break; case AuthVNC: vnc(&tr); break; default: syslog(0, AUTHLOG, "unknown ticket request type: %d", buf[0]); exits(0); } } /* not reached */ }