int
opendatabase(void)
{
char netdbnm[256];
Ndb *xdb, *netdb;
if (db)
return 0;
xdb = ndbopen(dbfile); /* /lib/ndb */
snprint(netdbnm, sizeof netdbnm, "%s/ndb", mntpt);
for(netdb = xdb; netdb; netdb = netdb->next)
if(strcmp(netdb->file, netdbnm) == 0){
db = xdb;
return 0;
}
netdb = ndbopen(netdbnm); /* /net/ndb */
if(netdb)
netdb->nohash = 1;
db = ndbcat(netdb, xdb); /* both */
return db? 0: -1;
}
static void ndbinit(void)
{
db = ndbopen(dbfile);
if (db == NULL)
error(1, 0, "%s: %r", "can't open network database");
netdb = ndbopen(netndb);
if (netdb != NULL) {
netdb->nohash = 1;
db = ndbcat(netdb, db);
}
}
void
main(int argc, char **argv)
{
Ndb *db2;
if(argc!=2){
fprint(2, "usage: %s pinsecurid\n", argv[0]);
exits("usage");
}
db = ndbopen("/lib/ndb/auth");
if(db == 0)
syslog(0, "secstore", "no /lib/ndb/auth");
db2 = ndbopen(0);
if(db2 == 0)
syslog(0, "secstore", "no /lib/ndb/local");
db = ndbcat(db, db2);
print("user=%s\n", getenv("user"));
print("%s\n", secureidcheck(getenv("user"), argv[1]));
exits(0);
}
void
main(int argc, char *argv[])
{
int n;
int32_t chal;
char *err;
char ukey[DESKEYLEN], resp[32], buf[NETCHLEN];
Ndb *db2;
ARGBEGIN{
case 'd':
debug = 1;
break;
}ARGEND;
db = ndbopen("/lib/ndb/auth");
if(db == 0)
syslog(0, AUTHLOG, "no /lib/ndb/auth");
db2 = ndbopen(0);
if(db2 == 0)
syslog(0, AUTHLOG, "no /lib/ndb/local");
db = ndbcat(db, db2);
werrstr("");
strcpy(raddr, "unknown");
if(argc >= 1)
getraddr(argv[argc-1]);
argv0 = "guard";
srand((getpid()*1103515245)^time(0));
notify(catchalarm);
/*
* read the host and client and get their keys
*/
if(readarg(0, user, sizeof user) < 0)
fail(0);
/*
* challenge-response
*/
chal = lnrand(MAXNETCHAL);
snprint(buf, sizeof buf, "challenge: %lud\nresponse: ", chal);
n = strlen(buf) + 1;
if(write(1, buf, n) != n){
if(debug)
syslog(0, AUTHLOG, "g-fail %s@%s: %r sending chal",
user, raddr);
exits("replying to server");
}
alarm(3*60*1000);
werrstr("");
if(readarg(0, resp, sizeof resp) < 0){
if(debug)
syslog(0, AUTHLOG, "g-fail %s@%s: %r reading resp",
user, raddr);
fail(0);
}
alarm(0);
/* remove password login from guard.research.bell-labs.com, sucre, etc. */
// if(!findkey(KEYDB, user, ukey) || !netcheck(ukey, chal, resp))
if(!findkey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
if((err = secureidcheck(user, resp)) != nil){
print("NO %s", err);
write(1, "NO", 2);
if(debug) {
char *r;
/*
* don't log the entire response, since the first
* Pinlen digits may be the user's secure-id pin.
*/
if (strlen(resp) < Pinlen)
r = strdup("<too short for pin>");
else if (strlen(resp) == Pinlen)
r = strdup("<pin only>");
else
r = smprint("%.*s%s", Pinlen,
"******************", resp + Pinlen);
syslog(0, AUTHLOG,
"g-fail %s@%s: %s: resp %s to chal %lud",
user, raddr, err, r, chal);
free(r);
}
fail(user);
}
write(1, "OK", 2);
if(debug)
syslog(0, AUTHLOG, "g-ok %s@%s", user, raddr);
succeed(user);
exits(0);
}
void
main(int argc, char **argv)
{
int afd, dfd, lcfd, forceSTA = 0;
char aserve[128], net[128], adir[40], ldir[40];
char *remote, *serve = "tcp!*!5356", *S = "secstore";
Ndb *db2;
setnetmtpt(net, sizeof(net), nil);
ARGBEGIN{
case 'R':
forceSTA = 1;
break;
case 's':
serve = EARGF(usage());
break;
case 'S':
S = EARGF(usage());
break;
case 'x':
setnetmtpt(net, sizeof(net), EARGF(usage()));
break;
case 'v':
verbose++;
break;
default:
usage();
}ARGEND;
if(!verbose)
switch(rfork(RFNOTEG|RFPROC|RFFDG)) {
case -1:
sysfatal("fork: %r");
case 0:
break;
default:
exits(0);
}
snprint(aserve, sizeof aserve, "%s/%s", net, serve);
afd = announce(aserve, adir);
if(afd < 0)
sysfatal("%s: %r", aserve);
syslog(0, LOG, "ANNOUNCE %s", aserve);
for(;;){
if((lcfd = listen(adir, ldir)) < 0)
exits("can't listen");
switch(fork()){
case -1:
fprint(2, "secstore forking: %r\n");
close(lcfd);
break;
case 0:
/*
* "/lib/ndb/common.radius does not exist"
* if db set before fork.
*/
db = ndbopen("/lib/ndb/auth");
if(db == 0)
syslog(0, LOG, "no /lib/ndb/auth");
db2 = ndbopen(0);
if(db2 == 0)
syslog(0, LOG, "no /lib/ndb/local");
db = ndbcat(db, db2);
if((dfd = accept(lcfd, ldir)) < 0)
exits("can't accept");
alarm(30*60*1000); /* 30 min */
remote = remoteIP(ldir);
syslog(0, LOG, "secstore from %s", remote);
free(remote);
dologin(dfd, S, forceSTA);
exits(nil);
default:
close(lcfd);
break;
}
}
}
