cwfs: remove p9sk1 code, use factotum

author: cinap_lenrek <cinap_lenrek@localhost> 2011-04-17 02:14:26 +0000
committer: cinap_lenrek <cinap_lenrek@localhost> 2011-04-17 02:14:26 +0000
commit: 11f3fac32cc34ae2b0dd7d12ef6e0ab59690cc4e (patch)
tree: 80588d6158a357148b3a12e4a1575ff85610cedc
parent: 0159ee648e182cb6617596bf4f3ff45bf632610b (diff)
3 files changed, 61 insertions, 141 deletions
diff --git a/sys/src/cmd/cwfs/9p2.c b/sys/src/cmd/cwfs/9p2.c
index c36c613eb..947db5fa6 100644
--- a/sys/src/cmd/cwfs/9p2.c
+++ b/sys/src/cmd/cwfs/9p2.c
@@ -214,7 +214,7 @@ out:
 	return error;
 }
 
-int
+static int
 authorize(Chan* chan, Fcall* f)
 {
 	File* af;
@@ -244,6 +244,10 @@ authorize(Chan* chan, Fcall* f)
 			print("authorize: af == nil\n");
 		return -1;
 	}
+
+	/* fake read to get auth info */
+	authread(af, nil, 0);
+
 	if(af->auth == nil){
 		if(db)
 			print("authorize: af->auth == nil\n");
diff --git a/sys/src/cmd/cwfs/auth.c b/sys/src/cmd/cwfs/auth.c
index 4fba59ca8..a7726a4a7 100644
--- a/sys/src/cmd/cwfs/auth.c
+++ b/sys/src/cmd/cwfs/auth.c
@@ -1,6 +1,7 @@
 #include "all.h"
 #include "io.h"
 #include <authsrv.h>
+#include <auth.h>
 
 Nvrsafe	nvr;
 
@@ -83,35 +84,6 @@ conslock(void)
 	return 1;
 }
 
-/*
- *  authentication specific to 9P2000
- */
-
-/* authentication states */
-enum
-{
-	HaveProtos=1,
-	NeedProto,
-	HaveOK,
-	NeedCchal,
-	HaveSinfo,
-	NeedTicket,
-	HaveSauthenticator,
-	SSuccess,
-};
-
-char *phasename[] =
-{
-[HaveProtos]	"HaveProtos",
-[NeedProto]	"NeedProto",
-[HaveOK]	"HaveOK",
-[NeedCchal]	"NeedCchal",
-[HaveSinfo]	"HaveSinfo",
-[NeedTicket]	"NeedTicket",
-[HaveSauthenticator]	"HaveSauthenticator",
-[SSuccess]	"SSuccess",
-};
-
 /* authentication structure */
 struct	Auth
 {
@@ -119,11 +91,7 @@ struct	Auth
 	char	uname[NAMELEN];	/* requestor's remote user name */
 	char	aname[NAMELEN];	/* requested aname */
 	Userid	uid;		/* uid decided on */
-	int	phase;
-	char	cchal[CHALLEN];
-	char	tbuf[TICKETLEN+AUTHENTLEN];	/* server ticket */
-	Ticket	t;
-	Ticketreq tr;
+	AuthRpc *rpc;
 };
 
 Auth*	auths;
@@ -138,17 +106,14 @@ authinit(void)
 static int
 failure(Auth *s, char *why)
 {
-	int i;
+	AuthRpc *rpc;
 
-if(*why)print("authentication failed: %s: %s\n", phasename[s->phase], why);
-	srand((uintptr)s + time(nil));
-	for(i = 0; i < CHALLEN; i++)
-		s->tr.chal[i] = nrand(256);
+	if(why && *why)print("authentication failed: %s: %r\n", why);
 	s->uid = -1;
-	strncpy(s->tr.authid, nvr.authid, NAMELEN);
-	strncpy(s->tr.authdom, nvr.authdom, DOMLEN);
-	memmove(s->cchal, s->tr.chal, sizeof(s->cchal));
-	s->phase = HaveProtos;
+	if(rpc = s->rpc){
+		s->rpc = 0;
+		auth_freerpc(rpc);
+	}
 	return -1;
 }
 
@@ -156,7 +121,7 @@ Auth*
 authnew(char *uname, char *aname)
 {
 	static int si = 0;
-	int i, nwrap;
+	int afd, i, nwrap;
 	Auth *s;
 
 	i = si;
@@ -182,129 +147,82 @@ authnew(char *uname, char *aname)
 		}
 		unlock(&authlock);
 	}
+	if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0){
+		failure(s, "open /mnt/factotum/rpc");
+		return s;
+	}
+	if((s->rpc = auth_allocrpc(afd)) == 0){
+		failure(s, "auth_allocrpc");
+		close(afd);
+		return s;
+	}
+	if(auth_rpc(s->rpc, "start", "proto=p9any role=server", 23) != ARok)
+		failure(s, "auth_rpc: start");
 	return s;
 }
 
 void
 authfree(Auth *s)
 {
-	if(s != nil)
+	if(s){
+		failure(s, "");
 		s->inuse = 0;
+	}
 }
 
 int
 authread(File* file, uchar* data, int n)
 {
+	AuthInfo *ai;
 	Auth *s;
-	int m;
 
 	s = file->auth;
 	if(s == nil)
 		return -1;
-
-	switch(s->phase){
+	if(s->rpc == nil)
+		return -1;
+	switch(auth_rpc(s->rpc, "read", nil, 0)){
 	default:
-		return failure(s, "unexpected phase");
-	case HaveProtos:
-		m = snprint((char*)data, n, "v.2 p9sk1@%s", nvr.authdom) + 1;
-		s->phase = NeedProto;
-		break;
-	case HaveOK:
-		m = 3;
-		if(n < m)
-			return failure(s, "read too short");
-		strcpy((char*)data, "OK");
-		s->phase = NeedCchal;
-		break;
-	case HaveSinfo:
-		m = TICKREQLEN;
-		if(n < m)
-			return failure(s, "read too short");
-		convTR2M(&s->tr, (char*)data);
-		s->phase = NeedTicket;
-		break;
-	case HaveSauthenticator:
-		m = AUTHENTLEN;
-		if(n < m)
-			return failure(s, "read too short");
-		memmove(data, s->tbuf+TICKETLEN, m);
-		s->phase = SSuccess;
+		failure(s, "auth_rpc: read");
 		break;
+	case ARdone:
+		if((ai = auth_getinfo(s->rpc)) == nil){
+			failure(s, "auth_getinfo failed");
+			break;
+		}
+		if(ai->cuid == nil || *ai->cuid == '\0'){
+			failure(s, "auth with no cuid");
+			auth_freeAI(ai);
+			break;
+		}
+		failure(s, "");
+		s->uid = strtouid(ai->cuid);
+		auth_freeAI(ai);
+		return 0;
+	case ARok:
+		if(n < s->rpc->narg)
+			break;
+		memmove(data, s->rpc->arg, s->rpc->narg);
+		return s->rpc->narg;
 	}
-	return m;
+	return -1;
 }
 
 int
 authwrite(File* file, uchar *data, int n)
 {
 	Auth *s;
-	int m;
-	char *p, *d;
-	Authenticator a;
 
 	s = file->auth;
 	if(s == nil)
 		return -1;
-
-	switch(s->phase){
-	default:
-		return failure(s, "unknown phase");
-	case NeedProto:
-		p = (char*)data;
-		if(p[n-1] != 0)
-			return failure(s, "proto missing terminator");
-		d = strchr(p, ' ');
-		if(d == nil)
-			return failure(s, "proto missing separator");
-		*d++ = 0;
-		if(strcmp(p, "p9sk1") != 0)
-			return failure(s, "unknown proto");
-		if(strcmp(d, nvr.authdom) != 0)
-			return failure(s, "unknown domain");
-		s->phase = HaveOK;
-		m = n;
-		break;
-	case NeedCchal:
-		m = CHALLEN;
-		if(n < m)
-			return failure(s, "client challenge too short");
-		memmove(s->cchal, data, sizeof(s->cchal));
-		s->phase = HaveSinfo;
-		break;
-	case NeedTicket:
-		m = TICKETLEN+AUTHENTLEN;
-		if(n < m)
-			return failure(s, "ticket+auth too short");
-
-		convM2T((char*)data, &s->t, nvr.machkey);
-		if(s->t.num != AuthTs
-		|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0)
-			return failure(s, "bad ticket");
-
-		convM2A((char*)data+TICKETLEN, &a, s->t.key);
-		if(a.num != AuthAc
-		|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
-		|| a.id != 0)
-			return failure(s, "bad authenticator");
-
-		/* at this point, we're convinced */
-		s->uid = strtouid(s->t.suid);
-		if(s->uid < 0)
-			return failure(s, "unknown user");
-		if(cons.flags & authdebugflag)
-			print("user %s = %d authenticated\n",
-				s->t.suid, s->uid);
-
-		/* create an authenticator to send back */
-		a.num = AuthAs;
-		memmove(a.chal, s->cchal, sizeof(a.chal));
-		a.id = 0;
-		convA2M(&a, s->tbuf+TICKETLEN, s->t.key);
-
-		s->phase = HaveSauthenticator;
-		break;
+	if(s->rpc == nil)
+		return -1;
+	if(auth_rpc(s->rpc, "write", data, n) != ARok){
+		failure(s, "auth_rpc: write");
+		return -1;
 	}
-	return m;
+	return n;
 }
 
 int
diff --git a/sys/src/cmd/cwfs/net.c b/sys/src/cmd/cwfs/net.c
index b2f2b7272..3cd8f08ca 100644
--- a/sys/src/cmd/cwfs/net.c
+++ b/sys/src/cmd/cwfs/net.c
@@ -101,10 +101,8 @@ netinit(void)
 		net->dialstr = annstrs[net - netif];
 		if (net->dialstr == nil)
 			continue;
-		net->annfd = announce(net->dialstr, net->anndir);
-		/* /bin/service/tcp564 may already have grabbed the port */
-		if (net->annfd < 0)
-			sysfatal("can't announce %s: %r", net->dialstr);
+		if((net->annfd = announce(net->dialstr, net->anndir)) < 0)
+			print("can't announce %s: %r", net->dialstr);
 		print("netinit: announced on %s\n", net->dialstr);
 	}
 }
author	cinap_lenrek <cinap_lenrek@localhost>	2011-04-17 02:14:26 +0000
committer	cinap_lenrek <cinap_lenrek@localhost>	2011-04-17 02:14:26 +0000
commit	11f3fac32cc34ae2b0dd7d12ef6e0ab59690cc4e (patch)
tree	80588d6158a357148b3a12e4a1575ff85610cedc
parent	0159ee648e182cb6617596bf4f3ff45bf632610b (diff)