diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-07-31 20:16:25 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-07-31 20:16:25 +0200 |
| commit | 261e3190929acd3e8e00507894789a5575fb815f (patch) | |
| tree | 8d877d68090967ed4231c457dabed6d64d8bc002 /sys/src/cmd/auth/lib/readwrite.c | |
| parent | a75f4de5c9f1782b3a7e0a9648e24b360031a0d5 (diff) | |
auth: various cleanups, use common readcons() from libauthsrv, zero keys after use
Diffstat (limited to 'sys/src/cmd/auth/lib/readwrite.c')
| -rw-r--r-- | sys/src/cmd/auth/lib/readwrite.c | 54 |
1 files changed, 21 insertions, 33 deletions
diff --git a/sys/src/cmd/auth/lib/readwrite.c b/sys/src/cmd/auth/lib/readwrite.c index ccc08a6a4..c573ec303 100644 --- a/sys/src/cmd/auth/lib/readwrite.c +++ b/sys/src/cmd/auth/lib/readwrite.c @@ -1,9 +1,12 @@ #include <u.h> #include <libc.h> -#include <authsrv.h> #include <bio.h> +#include <libsec.h> +#include <authsrv.h> #include "authcmdlib.h" +static uchar zeros[16]; + int readfile(char *file, char *buf, int n) { @@ -35,29 +38,23 @@ writefile(char *file, char *buf, int n) char* finddeskey(char *db, char *user, char *key) { - int n; char filename[Maxpath]; snprint(filename, sizeof filename, "%s/%s/key", db, user); - n = readfile(filename, key, DESKEYLEN); - if(n != DESKEYLEN) + if(readfile(filename, key, DESKEYLEN) != DESKEYLEN) return nil; - else - return key; + return key; } uchar* findaeskey(char *db, char *user, uchar *key) { - int n; char filename[Maxpath]; snprint(filename, sizeof filename, "%s/%s/aeskey", db, user); - n = readfile(filename, (char*)key, AESKEYLEN); - if(n != AESKEYLEN) + if(readfile(filename, (char*)key, AESKEYLEN) != AESKEYLEN) return nil; - else - return key; + return key; } int @@ -67,8 +64,9 @@ findkey(char *db, char *user, Authkey *key) memset(key, 0, sizeof(Authkey)); ret = findaeskey(db, user, key->aes) != nil; - if(ret){ + if(ret && tsmemcmp(key->aes, zeros, AESKEYLEN) != 0){ char filename[Maxpath]; + snprint(filename, sizeof filename, "%s/%s/pakhash", db, user); if(readfile(filename, (char*)key->pakhash, PAKHASHLEN) != PAKHASHLEN) authpak_hash(key, user); @@ -84,40 +82,32 @@ findsecret(char *db, char *user, char *secret) char filename[Maxpath]; snprint(filename, sizeof filename, "%s/%s/secret", db, user); - n = readfile(filename, secret, SECRETLEN-1); - secret[n]=0; - if(n <= 0) + if((n = readfile(filename, secret, SECRETLEN-1)) <= 0) return nil; - else - return secret; + secret[n]=0; + return secret; } char* setdeskey(char *db, char *user, char *key) { - int n; char filename[Maxpath]; snprint(filename, sizeof filename, "%s/%s/key", db, user); - n = writefile(filename, key, DESKEYLEN); - if(n != DESKEYLEN) + if(writefile(filename, key, DESKEYLEN) != DESKEYLEN) return nil; - else - return key; + return key; } uchar* setaeskey(char *db, char *user, uchar *key) { - int n; char filename[Maxpath]; snprint(filename, sizeof filename, "%s/%s/aeskey", db, user); - n = writefile(filename, (char*)key, AESKEYLEN); - if(n != AESKEYLEN) + if(writefile(filename, (char*)key, AESKEYLEN) != AESKEYLEN) return nil; - else - return key; + return key; } int @@ -126,20 +116,18 @@ setkey(char *db, char *user, Authkey *key) int ret; ret = setdeskey(db, user, key->des) != nil; - ret |= setaeskey(db, user, key->aes) != nil; + if(tsmemcmp(key->aes, zeros, AESKEYLEN) != 0) + ret |= setaeskey(db, user, key->aes) != nil; return ret; } char* setsecret(char *db, char *user, char *secret) { - int n; char filename[Maxpath]; snprint(filename, sizeof filename, "%s/%s/secret", db, user); - n = writefile(filename, secret, strlen(secret)); - if(n != strlen(secret)) + if(writefile(filename, secret, strlen(secret)) != strlen(secret)) return nil; - else - return secret; + return secret; } |