1 #include <u.h>
2 #include <libc.h>
3 #include <auth.h>
4 #include "../boot/boot.h"
5
6 static char *pbmsg = "AS protocol botch";
7 static char *ccmsg = "can't connect to AS";
8
9 long
10 readn(int fd, void *buf, long len)
11 {
12 int m, n;
13 char *p;
14
15 p = buf;
16 for(n = 0; n < len; n += m){
17 m = read(fd, p+n, len-n);
18 if(m <= 0)
19 return -1;
20 }
21 return n;
22 }
23
24 static char*
25 fromauth(Method *mp, char *trbuf, char *tbuf)
26 {
27 int afd;
28 char t;
29 char *msg;
30 static char error[2*ERRMAX];
31
32 if(mp->auth == 0)
33 fatal("no method for accessing auth server");
34 afd = (*mp->auth)();
35 if(afd < 0) {
36 sprint(error, "%s: %r", ccmsg);
37 return error;
38 }
39
40 if(write(afd, trbuf, TICKREQLEN) < 0 || read(afd, &t, 1) != 1){
41 close(afd);
42 sprint(error, "%s: %r", pbmsg);
43 return error;
44 }
45 switch(t){
46 case AuthOK:
47 msg = 0;
48 if(readn(afd, tbuf, 2*TICKETLEN) < 0) {
49 sprint(error, "%s: %r", pbmsg);
50 msg = error;
51 }
52 break;
53 case AuthErr:
54 if(readn(afd, error, ERRMAX) < 0) {
55 sprint(error, "%s: %r", pbmsg);
56 msg = error;
57 }
58 else {
59 error[ERRMAX-1] = 0;
60 msg = error;
61 }
62 break;
63 default:
64 msg = pbmsg;
65 break;
66 }
67
68 close(afd);
69 return msg;
70 }
71
72 void
73 doauthenticate(int fd, Method *mp)
74 {
75 char *msg;
76 char trbuf[TICKREQLEN];
77 char tbuf[2*TICKETLEN];
78
79 print("session...");
80 if(fsession(fd, trbuf, sizeof trbuf) < 0)
81 fatal("session command failed");
82
83 /* no authentication required? */
84 memset(tbuf, 0, 2*TICKETLEN);
85 if(trbuf[0] == 0)
86 return;
87
88 /* try getting to an auth server */
89 print("getting ticket...");
90 msg = fromauth(mp, trbuf, tbuf);
91 print("authenticating...");
92 if(msg == 0)
93 if(fauth(fd, tbuf) >= 0)
94 return;
95
96 /* didn't work, go for the security hole */
97 fprint(2, "no authentication server (%s), using your key as server key\n", msg);
98 }
99
100 char*
101 checkkey(Method *mp, char *name, char *key)
102 {
103 char *msg;
104 Ticketreq tr;
105 Ticket t;
106 char trbuf[TICKREQLEN];
107 char tbuf[TICKETLEN];
108
109 memset(&tr, 0, sizeof tr);
110 tr.type = AuthTreq;
111 strcpy(tr.authid, name);
112 strcpy(tr.hostid, name);
113 strcpy(tr.uid, name);
114 convTR2M(&tr, trbuf);
115 msg = fromauth(mp, trbuf, tbuf);
116 if(msg == ccmsg){
117 fprint(2, "boot: can't contact auth server, passwd unchecked\n");
118 return 0;
119 }
120 if(msg)
121 return msg;
122 convM2T(tbuf, &t, key);
123 if(t.num == AuthTc && strcmp(name, t.cuid)==0)
124 return 0;
125 return "no match";
126 }
Cache object: 0d0e164c612771f4e021a3870d3b4589
|