// // log in to IMAP4 server, select mailbox, no SSL at the moment // static char* imap4login(Imap *imap) { char *s; UserPasswd *up; imap->tag = 0; s = imap4resp(imap); if(!isokay(s)) return "error in initial IMAP handshake"; if(imap->user != nil) up = auth_getuserpasswd(auth_getkey, "proto=pass service=imap server=%q user=%q", imap->host, imap->user); else up = auth_getuserpasswd(auth_getkey, "proto=pass service=imap server=%q", imap->host); if(up == nil) return "cannot find IMAP password"; imap->tag = 1; imap4cmd(imap, "LOGIN %Z %Z", up->user, up->passwd); free(up); if(!isokay(s = imap4resp(imap))) return s; imap4cmd(imap, "SELECT %Z", imap->mbox); if(!isokay(s = imap4resp(imap))) return s; return nil; }
static char * doauth(char *methods) { char *buf, *err; UserPasswd *p; int n; DS ds; dial_string_parse(ddomain, &ds); if(user != nil) p = auth_getuserpasswd(nil, "proto=pass service=smtp server=%q user=%q", ds.host, user); else p = auth_getuserpasswd(nil, "proto=pass service=smtp server=%q", ds.host); if (p == nil) return Giveup; err = Retry; if (strstr(methods, "LOGIN")){ dBprint("AUTH LOGIN\r\n"); if (getreply() != 3) goto out; dBprint("%.*[\r\n", strlen(p->user), p->user); if (getreply() != 3) goto out; dBprint("%.*[\r\n", strlen(p->passwd), p->passwd); if (getreply() != 2) goto out; err = nil; } else if (strstr(methods, "PLAIN")){ n = strlen(p->user) + strlen(p->passwd) + 2; buf = malloc(n+1); if (buf == nil) { free(buf); goto out; /* Out of memory */ } snprint(buf, n, "%c%s%c%s", 0, p->user, 0, p->passwd); dBprint("AUTH PLAIN %.*[\r\n", n, buf); memset(buf, 0, n); free(buf); if (getreply() != 2) goto out; err = nil; } else err = "No supported AUTH method"; out: memset(p->user, 0, strlen(p->user)); memset(p->passwd, 0, strlen(p->passwd)); free(p); return err; }
static int authpasswordfn(Conn *c) { Msg *m; UserPasswd *up; up = auth_getuserpasswd(c->interactive ? auth_getkey : nil, "proto=pass service=ssh server=%q user=%q", c->host, c->user); if(up == nil){ debug(DBG_AUTH, "getuserpasswd returned nothing (interactive=%d)\n", c->interactive); return -1; } debug(DBG_AUTH, "try using password from factotum\n"); m = allocmsg(c, SSH_CMSG_AUTH_PASSWORD, 4+strlen(up->passwd)); putstring(m, up->passwd); sendmsg(m); m = recvmsg(c, -1); switch(m->type){ default: badmsg(m, 0); case SSH_SMSG_SUCCESS: free(m); return 0; case SSH_SMSG_FAILURE: free(m); return -1; } }
static Auth * auth_plain(char *windom, char *keyp, uchar *chal, int len) { UserPasswd *up; static Auth *ap; USED(chal, len); up = auth_getuserpasswd(auth_getkey, "windom=%s proto=pass service=cifs %s", windom, keyp); if(! up) sysfatal("cannot get key - %r"); ap = emalloc9p(sizeof(Auth)); memset(ap, 0, sizeof(ap)); ap->user = estrdup9p(up->user); ap->windom = estrdup9p(windom); ap->resp[0] = estrdup9p(up->passwd); ap->len[0] = strlen(up->passwd); memset(up->passwd, 0, strlen(up->passwd)); free(up); return ap; }
void initauth() { UserPasswd *up; up = auth_getuserpasswd(auth_getkey, "proto=pass service=http server=%q realm=%q", TWITTER_SERVER, TWITTER_REALM); if(up == nil) sysfatal("auth_getuserpasswd: %r"); }
void wwwauthenticate(HttpState *hs, char *line) { char cred[64], *user, *pass, *realm, *s, *spec, *name; Fmt fmt; UserPasswd *up; spec = nil; up = nil; cred[0] = 0; hs->autherror[0] = 0; if(cistrncmp(line, "basic ", 6) != 0){ werrstr("unknown auth: %s", line); goto error; } line += 6; if(cistrncmp(line, "realm=", 6) != 0){ werrstr("missing realm: %s", line); goto error; } line += 6; user = hs->c->url->user; pass = hs->c->url->passwd; if(user==nil || pass==nil){ realm = unquote(line, &line); fmtstrinit(&fmt); name = servername(hs->netaddr); fmtprint(&fmt, "proto=pass service=http server=%q realm=%q", name, realm); free(name); if(hs->c->url->user) fmtprint(&fmt, " user=%q", hs->c->url->user); spec = fmtstrflush(&fmt); if(spec == nil) goto error; if((up = auth_getuserpasswd(nil, "%s", spec)) == nil) goto error; user = up->user; pass = up->passwd; } if((s = smprint("%s:%s", user, pass)) == nil) goto error; free(up); enc64(cred, sizeof(cred), (uint8_t*)s, strlen(s)); memset(s, 0, strlen(s)); free(s); hs->credentials = smprint("Basic %s", cred); if(hs->credentials == nil) goto error; return; error: free(up); free(spec); snprint(hs->autherror, sizeof hs->autherror, "%r"); fprint(2, "%s: Authentication failed: %r\n", argv0); }
/* * login to remote system */ void rlogin(char *rsys, char *keyspec) { char *line; char pass[128]; UserPasswd *up; up = nil; for(;;){ if(up == nil && os != Plan9) up = auth_getuserpasswd(auth_getkey, "proto=pass server=%s service=ftp %s", rsys, keyspec); if(up != nil){ sendrequest("USER", up->user); } else { print("User[default = %s]: ", user); line = Brdline(&stdin, '\n'); if(line == 0) exits(0); line[Blinelen(&stdin)-1] = 0; if(*line){ free(user); user = strdup(line); } sendrequest("USER", user); } switch(getreply(&ctlin, msg, sizeof(msg), 1)){ case Success: goto out; case Incomplete: break; case TempFail: case PermFail: continue; } if(up != nil){ sendrequest("PASS", up->passwd); } else { if(getpassword(pass, pass+sizeof(pass)) < 0) exits(0); sendrequest("PASS", pass); } if(getreply(&ctlin, msg, sizeof(msg), 1) == Success){ if(strstr(msg, "Sess#")) defos = MVS; break; } } out: if(up != nil){ memset(up, 0, sizeof(*up)); free(up); } }
void main(int argc, char **argv) { int auth, x; char *mtpt, *service, *where, *user; Netbuf n; UserPasswd *up; mtpt = "/mnt/news"; service = nil; memset(&n, 0, sizeof n); user = nil; auth = 0; ARGBEGIN{ case 'D': chatty9p++; break; case 'N': netdebug = 1; break; case 'a': auth = 1; break; case 'u': user = EARGF(usage()); break; case 's': service = EARGF(usage()); break; case 'm': mtpt = EARGF(usage()); break; default: usage(); }ARGEND if(argc > 1) usage(); if(argc==0) where = "$nntp"; else where = argv[0]; now = time(0); net = &n; if(auth) { n.auth = 1; if(user) up = auth_getuserpasswd(auth_getkey, "proto=pass service=nntp server=%q user=%q", where, user); else up = auth_getuserpasswd(auth_getkey, "proto=pass service=nntp server=%q", where); if(up == nil) sysfatal("no password: %r"); n.user = up->user; n.pass = up->passwd; } n.addr = netmkaddr(where, "tcp", "nntp"); root = emalloc(sizeof *root); root->name = estrdup(""); root->parent = root; n.fd = -1; if(nntpconnect(&n) < 0) sysfatal("nntpconnect: %s", n.response); x=netdebug; netdebug=0; nntprefreshall(&n); netdebug=x; // dumpgroups(root, 0); postmountsrv(&nntpsrv, service, mtpt, MREPL); exits(nil); }
// // log in using APOP if possible, password if allowed by user // static char* pop3login(Pop *pop) { int n; char *s, *p, *q; char ubuf[128], user[128]; char buf[500]; UserPasswd *up; s = pop3resp(pop); if(!isokay(s)) return "error in initial handshake"; if(pop->user) snprint(ubuf, sizeof ubuf, " user=%q", pop->user); else ubuf[0] = '\0'; // look for apop banner if(pop->ppop==0 && (p = strchr(s, '<')) && (q = strchr(p+1, '>'))) { *++q = '\0'; if((n=auth_respond(p, q-p, user, sizeof user, buf, sizeof buf, auth_getkey, "proto=apop role=client server=%q%s", pop->host, ubuf)) < 0) return "factotum failed"; if(user[0]=='\0') return "factotum did not return a user name"; if(s = pop3capa(pop)) return s; pop3cmd(pop, "APOP %s %.*s", user, n, buf); if(!isokay(s = pop3resp(pop))) return s; return nil; } else { if(pop->ppop == 0) return "no APOP hdr from server"; if(s = pop3capa(pop)) return s; if(pop->needtls && !pop->encrypted) return "could not negotiate TLS"; up = auth_getuserpasswd(auth_getkey, "proto=pass service=pop dom=%q%s", pop->host, ubuf); if(up == nil) return "no usable keys found"; pop3cmd(pop, "USER %s", up->user); if(!isokay(s = pop3resp(pop))){ free(up); return s; } pop3cmd(pop, "PASS %s", up->passwd); free(up); if(!isokay(s = pop3resp(pop))) return s; return nil; } }
static Auth * auth_ntlmv2(char *windom, char *keyp, uchar *chal, int len) { int i, n; Rune r; char *p, *u; uchar v1hash[MD5dlen], blip[Bliplen], blob[1024], v2hash[MD5dlen]; uchar c, lm_hmac[MD5dlen], nt_hmac[MD5dlen], nt_sesskey[MD5dlen], lm_sesskey[MD5dlen]; DigestState *ds; UserPasswd *up; static Auth *ap; up = auth_getuserpasswd(auth_getkey, "windom=%s proto=pass service=cifs-ntlmv2 %s", windom, keyp); if(!up) sysfatal("cannot get key - %r"); ap = emalloc9p(sizeof(Auth)); memset(ap, 0, sizeof(ap)); /* Standard says unlimited length, experience says 128 max */ if((n = strlen(up->passwd)) > 128) n = 128; ds = md4(nil, 0, nil, nil); for(i=0, p=up->passwd; i < n; i++) { p += chartorune(&r, p); c = r; md4(&c, 1, nil, ds); c = r >> 8; md4(&c, 1, nil, ds); } md4(nil, 0, v1hash, ds); /* * Some documentation insists that the username must be forced to * uppercase, but the domain name should not be. Other shows both * being forced to uppercase. I am pretty sure this is irrevevant as the * domain name passed from the remote server always seems to be in * uppercase already. */ ds = hmac_t64(nil, 0, v1hash, MD5dlen, nil, nil); u = up->user; while(*u){ u += chartorune(&r, u); r = toupperrune(r); c = r; hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds); c = r >> 8; hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds); } u = windom; while(*u){ u += chartorune(&r, u); c = r; hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds); c = r >> 8; hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds); } hmac_t64(nil, 0, v1hash, MD5dlen, v2hash, ds); ap->user = estrdup9p(up->user); ap->windom = estrdup9p(windom); /* LM v2 */ genrandom(blip, Bliplen); ds = hmac_t64(chal, len, v2hash, MD5dlen, nil, nil); hmac_t64(blip, Bliplen, v2hash, MD5dlen, lm_hmac, ds); ap->len[0] = MD5dlen+Bliplen; ap->resp[0] = emalloc9p(ap->len[0]); memcpy(ap->resp[0], lm_hmac, MD5dlen); memcpy(ap->resp[0]+MD5dlen, blip, Bliplen); /* LM v2 session key */ hmac_t64(lm_hmac, MD5dlen, v2hash, MD5dlen, lm_sesskey, nil); /* LM v2 MAC key */ ap->mackey[0] = emalloc9p(MACkeylen); memcpy(ap->mackey[0], lm_sesskey, MD5dlen); memcpy(ap->mackey[0]+MD5dlen, ap->resp[0], MACkeylen-MD5dlen); /* NTLM v2 */ n = ntv2_blob(blob, sizeof(blob), windom); ds = hmac_t64(chal, len, v2hash, MD5dlen, nil, nil); hmac_t64(blob, n, v2hash, MD5dlen, nt_hmac, ds); ap->len[1] = MD5dlen+n; ap->resp[1] = emalloc9p(ap->len[1]); memcpy(ap->resp[1], nt_hmac, MD5dlen); memcpy(ap->resp[1]+MD5dlen, blob, n); /* * v2hash definitely OK by * the time we get here. */ /* NTLM v2 session key */ hmac_t64(nt_hmac, MD5dlen, v2hash, MD5dlen, nt_sesskey, nil); /* NTLM v2 MAC key */ ap->mackey[1] = emalloc9p(MACkeylen); memcpy(ap->mackey[1], nt_sesskey, MD5dlen); memcpy(ap->mackey[1]+MD5dlen, ap->resp[1], MACkeylen-MD5dlen); free(up); return ap; }
static char * doauth(char *methods) { char *buf, *base64; int n; DS ds; UserPasswd *p; dial_string_parse(ddomain, &ds); if(user != nil) p = auth_getuserpasswd(nil, "proto=pass service=smtp server=%q user=%q", ds.host, user); else p = auth_getuserpasswd(nil, "proto=pass service=smtp server=%q", ds.host); if (p == nil) return Giveup; if (strstr(methods, "LOGIN")){ dBprint("AUTH LOGIN\r\n"); if (getreply() != 3) return Retry; n = strlen(p->user); base64 = malloc(2*n); if (base64 == nil) return Retry; /* Out of memory */ enc64(base64, 2*n, (uchar *)p->user, n); dBprint("%s\r\n", base64); if (getreply() != 3) return Retry; n = strlen(p->passwd); base64 = malloc(2*n); if (base64 == nil) return Retry; /* Out of memory */ enc64(base64, 2*n, (uchar *)p->passwd, n); dBprint("%s\r\n", base64); if (getreply() != 2) return Retry; free(base64); } else if (strstr(methods, "PLAIN")){ n = strlen(p->user) + strlen(p->passwd) + 3; buf = malloc(n); base64 = malloc(2 * n); if (buf == nil || base64 == nil) { free(buf); return Retry; /* Out of memory */ } snprint(buf, n, "%c%s%c%s", 0, p->user, 0, p->passwd); enc64(base64, 2 * n, (uchar *)buf, n - 1); free(buf); dBprint("AUTH PLAIN %s\r\n", base64); free(base64); if (getreply() != 2) return Retry; } else return "No supported AUTH method"; return(0); }