/*
* get key info out of nvram. since there isn't room in the PC's nvram use
* a disk partition there.
*/
int
readnvram(Nvrsafe *safep, int flag)
{
int err;
char buf[512], in[128]; /* 512 for floppy i/o */
Nvrsafe *safe;
Nvrwhere loc;
err = 0;
safe = (Nvrsafe*)buf;
memset(&loc, 0, sizeof loc);
findnvram(&loc);
if (loc.safelen < 0)
loc.safelen = sizeof *safe;
else if (loc.safelen > sizeof buf)
loc.safelen = sizeof buf;
if (loc.safeoff < 0) {
fprint(2, "readnvram: can't find nvram\n");
if(!(flag&NVwritemem))
memset(safep, 0, sizeof(*safep));
safe = safep;
/*
* allow user to type the data for authentication,
* even if there's no nvram to store it in.
*/
}
if(flag&NVwritemem)
safe = safep;
else {
memset(safep, 0, sizeof(*safep));
if(loc.fd >= 0)
werrstr("");
if(loc.fd < 0
|| seek(loc.fd, loc.safeoff, 0) < 0
|| read(loc.fd, buf, loc.safelen) != loc.safelen){
err = 1;
if(flag&(NVwrite|NVwriteonerr)) {
if(loc.fd < 0 && nvrfile != nil)
fprint(2, "can't open %s: %r\n", nvrfile);
else if(loc.fd < 0){
/* this will have been printed above */
// fprint(2, "can't find nvram: %r\n");
}else if (seek(loc.fd, loc.safeoff, 0) < 0)
fprint(2, "can't seek %s to %d: %r\n",
nvrfile, loc.safeoff);
else
fprint(2, "can't read %d bytes from %s: %r\n",
loc.safelen, nvrfile);
}
/* start from scratch */
memset(safep, 0, sizeof(*safep));
safe = safep;
}else{
*safep = *safe; /* overwrite arg with data read */
safe = safep;
/* verify data read */
err |= check(safe->machkey, DESKEYLEN, safe->machsum,
"bad authentication password");
// err |= check(safe->config, CONFIGLEN, safe->configsum,
// "bad secstore password");
err |= check(safe->authid, ANAMELEN, safe->authidsum,
"bad authentication id");
err |= check(safe->authdom, DOMLEN, safe->authdomsum,
"bad authentication domain");
if(err == 0)
if(safe->authid[0]==0 || safe->authdom[0]==0){
fprint(2, "empty nvram authid or authdom\n");
err = 1;
}
}
}
if((flag&(NVwrite|NVwritemem)) || (err && (flag&NVwriteonerr))){
if (!(flag&NVwritemem)) {
readcons("authid", nil, 0, safe->authid,
sizeof safe->authid);
readcons("authdom", nil, 0, safe->authdom,
sizeof safe->authdom);
for(;;){
if(readcons("auth password", nil, 1, in,
sizeof in) == nil)
goto Out;
if(passtokey(safe->machkey, in))
break;
}
readcons("secstore password", nil, 1, safe->config,
sizeof safe->config);
}
// safe->authsum = nvcsum(safe->authkey, DESKEYLEN);
safe->machsum = nvcsum(safe->machkey, DESKEYLEN);
safe->configsum = nvcsum(safe->config, CONFIGLEN);
safe->authidsum = nvcsum(safe->authid, sizeof safe->authid);
safe->authdomsum = nvcsum(safe->authdom, sizeof safe->authdom);
*(Nvrsafe*)buf = *safe;
if(loc.fd >= 0)
werrstr("");
if(loc.fd < 0
|| seek(loc.fd, loc.safeoff, 0) < 0
|| write(loc.fd, buf, loc.safelen) != loc.safelen){
fprint(2, "can't write key to nvram: %r\n");
err = 1;
}else
err = 0;
}
Out:
if (loc.fd >= 0)
close(loc.fd);
return err? -1: 0;
}
/*
* get key info out of nvram. since there isn't room in the PC's nvram use
* a disk partition there.
*/
int
readnvram(Nvrsafe *safep, int flag)
{
char buf[1024], in[128], *cputype, *nvrfile, *nvrlen, *nvroff, *v[2];
int fd, err, i, safeoff, safelen;
Nvrsafe *safe;
err = 0;
memset(safep, 0, sizeof(*safep));
nvrfile = getenv("nvram");
cputype = getenv("cputype");
if(cputype == nil)
cputype = "mips";
if(strcmp(cputype, "386")==0 || strcmp(cputype, "alpha")==0)
cputype = "pc";
fd = -1;
safeoff = -1;
safelen = -1;
if(nvrfile != nil){
/* accept device and device!file */
i = gettokens(nvrfile, v, nelem(v), "!");
fd = open(v[0], ORDWR);
safelen = sizeof(Nvrsafe);
if(strstr(v[0], "/9fat") == nil)
safeoff = 0;
nvrlen = getenv("nvrlen");
if(nvrlen != nil)
safelen = atoi(nvrlen);
nvroff = getenv("nvroff");
if(nvroff != nil){
if(strcmp(nvroff, "dos") == 0)
safeoff = -1;
else
safeoff = atoi(nvroff);
}
if(safeoff < 0 && fd >= 0){
safelen = 512;
safeoff = finddosfile(fd, i == 2 ? v[1] : "plan9.nvr");
if(safeoff < 0){
close(fd);
fd = -1;
}
}
free(nvrfile);
if(nvrlen != nil)
free(nvrlen);
if(nvroff != nil)
free(nvroff);
}else{
for(i=0; i<nelem(nvtab); i++){
if(strcmp(cputype, nvtab[i].cputype) != 0)
continue;
if((fd = open(nvtab[i].file, ORDWR)) < 0)
continue;
safeoff = nvtab[i].off;
safelen = nvtab[i].len;
if(safeoff == -1){
safeoff = finddosfile(fd, "plan9.nvr");
if(safeoff < 0){
close(fd);
fd = -1;
continue;
}
}
break;
}
}
if(fd < 0
|| seek(fd, safeoff, 0) < 0
|| read(fd, buf, safelen) != safelen){
err = 1;
if(flag&(NVwrite|NVwriteonerr))
fprint(2, "can't read nvram: %r\n");
memset(safep, 0, sizeof(*safep));
safe = safep;
}else{
memmove(safep, buf, sizeof *safep);
safe = safep;
err |= check(safe->machkey, DESKEYLEN, safe->machsum, "bad nvram key");
/* err |= check(safe->config, CONFIGLEN, safe->configsum, "bad secstore key"); */
err |= check(safe->authid, ANAMELEN, safe->authidsum, "bad authentication id");
err |= check(safe->authdom, DOMLEN, safe->authdomsum, "bad authentication domain");
}
if((flag&NVwrite) || (err && (flag&NVwriteonerr))){
xreadcons("authid", nil, 0, safe->authid, sizeof(safe->authid));
xreadcons("authdom", nil, 0, safe->authdom, sizeof(safe->authdom));
xreadcons("secstore key", nil, 1, safe->config, sizeof(safe->config));
for(;;){
if(xreadcons("password", nil, 1, in, sizeof in) == nil)
goto Out;
if(passtokey(safe->machkey, in))
break;
}
safe->machsum = nvcsum(safe->machkey, DESKEYLEN);
safe->configsum = nvcsum(safe->config, CONFIGLEN);
safe->authidsum = nvcsum(safe->authid, sizeof(safe->authid));
safe->authdomsum = nvcsum(safe->authdom, sizeof(safe->authdom));
memmove(buf, safe, sizeof *safe);
if(seek(fd, safeoff, 0) < 0
|| write(fd, buf, safelen) != safelen){
fprint(2, "can't write key to nvram: %r\n");
err = 1;
}else
err = 0;
}
Out:
close(fd);
return err ? -1 : 0;
}
