/* * get key info out of nvram. since there isn't room in the PC's nvram use * a disk partition there. */ int readnvram(Nvrsafe *safep, int flag) { int err; char buf[512], in[128]; /* 512 for floppy i/o */ Nvrsafe *safe; Nvrwhere loc; err = 0; safe = (Nvrsafe*)buf; memset(&loc, 0, sizeof loc); findnvram(&loc); if (loc.safelen < 0) loc.safelen = sizeof *safe; else if (loc.safelen > sizeof buf) loc.safelen = sizeof buf; if (loc.safeoff < 0) { fprint(2, "readnvram: can't find nvram\n"); if(!(flag&NVwritemem)) memset(safep, 0, sizeof(*safep)); safe = safep; /* * allow user to type the data for authentication, * even if there's no nvram to store it in. */ } if(flag&NVwritemem) safe = safep; else { memset(safep, 0, sizeof(*safep)); if(loc.fd >= 0) werrstr(""); if(loc.fd < 0 || seek(loc.fd, loc.safeoff, 0) < 0 || read(loc.fd, buf, loc.safelen) != loc.safelen){ err = 1; if(flag&(NVwrite|NVwriteonerr)) { if(loc.fd < 0 && nvrfile != nil) fprint(2, "can't open %s: %r\n", nvrfile); else if(loc.fd < 0){ /* this will have been printed above */ // fprint(2, "can't find nvram: %r\n"); }else if (seek(loc.fd, loc.safeoff, 0) < 0) fprint(2, "can't seek %s to %d: %r\n", nvrfile, loc.safeoff); else fprint(2, "can't read %d bytes from %s: %r\n", loc.safelen, nvrfile); } /* start from scratch */ memset(safep, 0, sizeof(*safep)); safe = safep; }else{ *safep = *safe; /* overwrite arg with data read */ safe = safep; /* verify data read */ err |= check(safe->machkey, DESKEYLEN, safe->machsum, "bad authentication password"); // err |= check(safe->config, CONFIGLEN, safe->configsum, // "bad secstore password"); err |= check(safe->authid, ANAMELEN, safe->authidsum, "bad authentication id"); err |= check(safe->authdom, DOMLEN, safe->authdomsum, "bad authentication domain"); if(err == 0) if(safe->authid[0]==0 || safe->authdom[0]==0){ fprint(2, "empty nvram authid or authdom\n"); err = 1; } } } if((flag&(NVwrite|NVwritemem)) || (err && (flag&NVwriteonerr))){ if (!(flag&NVwritemem)) { readcons("authid", nil, 0, safe->authid, sizeof safe->authid); readcons("authdom", nil, 0, safe->authdom, sizeof safe->authdom); for(;;){ if(readcons("auth password", nil, 1, in, sizeof in) == nil) goto Out; if(passtokey(safe->machkey, in)) break; } readcons("secstore password", nil, 1, safe->config, sizeof safe->config); } // safe->authsum = nvcsum(safe->authkey, DESKEYLEN); safe->machsum = nvcsum(safe->machkey, DESKEYLEN); safe->configsum = nvcsum(safe->config, CONFIGLEN); safe->authidsum = nvcsum(safe->authid, sizeof safe->authid); safe->authdomsum = nvcsum(safe->authdom, sizeof safe->authdom); *(Nvrsafe*)buf = *safe; if(loc.fd >= 0) werrstr(""); if(loc.fd < 0 || seek(loc.fd, loc.safeoff, 0) < 0 || write(loc.fd, buf, loc.safelen) != loc.safelen){ fprint(2, "can't write key to nvram: %r\n"); err = 1; }else err = 0; } Out: if (loc.fd >= 0) close(loc.fd); return err? -1: 0; }
/* * get key info out of nvram. since there isn't room in the PC's nvram use * a disk partition there. */ int readnvram(Nvrsafe *safep, int flag) { char buf[1024], in[128], *cputype, *nvrfile, *nvrlen, *nvroff, *v[2]; int fd, err, i, safeoff, safelen; Nvrsafe *safe; err = 0; memset(safep, 0, sizeof(*safep)); nvrfile = getenv("nvram"); cputype = getenv("cputype"); if(cputype == nil) cputype = "mips"; if(strcmp(cputype, "386")==0 || strcmp(cputype, "alpha")==0) cputype = "pc"; fd = -1; safeoff = -1; safelen = -1; if(nvrfile != nil){ /* accept device and device!file */ i = gettokens(nvrfile, v, nelem(v), "!"); fd = open(v[0], ORDWR); safelen = sizeof(Nvrsafe); if(strstr(v[0], "/9fat") == nil) safeoff = 0; nvrlen = getenv("nvrlen"); if(nvrlen != nil) safelen = atoi(nvrlen); nvroff = getenv("nvroff"); if(nvroff != nil){ if(strcmp(nvroff, "dos") == 0) safeoff = -1; else safeoff = atoi(nvroff); } if(safeoff < 0 && fd >= 0){ safelen = 512; safeoff = finddosfile(fd, i == 2 ? v[1] : "plan9.nvr"); if(safeoff < 0){ close(fd); fd = -1; } } free(nvrfile); if(nvrlen != nil) free(nvrlen); if(nvroff != nil) free(nvroff); }else{ for(i=0; i<nelem(nvtab); i++){ if(strcmp(cputype, nvtab[i].cputype) != 0) continue; if((fd = open(nvtab[i].file, ORDWR)) < 0) continue; safeoff = nvtab[i].off; safelen = nvtab[i].len; if(safeoff == -1){ safeoff = finddosfile(fd, "plan9.nvr"); if(safeoff < 0){ close(fd); fd = -1; continue; } } break; } } if(fd < 0 || seek(fd, safeoff, 0) < 0 || read(fd, buf, safelen) != safelen){ err = 1; if(flag&(NVwrite|NVwriteonerr)) fprint(2, "can't read nvram: %r\n"); memset(safep, 0, sizeof(*safep)); safe = safep; }else{ memmove(safep, buf, sizeof *safep); safe = safep; err |= check(safe->machkey, DESKEYLEN, safe->machsum, "bad nvram key"); /* err |= check(safe->config, CONFIGLEN, safe->configsum, "bad secstore key"); */ err |= check(safe->authid, ANAMELEN, safe->authidsum, "bad authentication id"); err |= check(safe->authdom, DOMLEN, safe->authdomsum, "bad authentication domain"); } if((flag&NVwrite) || (err && (flag&NVwriteonerr))){ xreadcons("authid", nil, 0, safe->authid, sizeof(safe->authid)); xreadcons("authdom", nil, 0, safe->authdom, sizeof(safe->authdom)); xreadcons("secstore key", nil, 1, safe->config, sizeof(safe->config)); for(;;){ if(xreadcons("password", nil, 1, in, sizeof in) == nil) goto Out; if(passtokey(safe->machkey, in)) break; } safe->machsum = nvcsum(safe->machkey, DESKEYLEN); safe->configsum = nvcsum(safe->config, CONFIGLEN); safe->authidsum = nvcsum(safe->authid, sizeof(safe->authid)); safe->authdomsum = nvcsum(safe->authdom, sizeof(safe->authdom)); memmove(buf, safe, sizeof *safe); if(seek(fd, safeoff, 0) < 0 || write(fd, buf, safelen) != safelen){ fprint(2, "can't write key to nvram: %r\n"); err = 1; }else err = 0; } Out: close(fd); return err ? -1 : 0; }