libauthsrv: generalize ticket service, not hardcoding ticket format and DES encryption

this is in preparation for replacing DES ticket encryption with
something better. but first need to make the code stop making
assumptions.

the wire encoding of the Ticket might be variable length
with TICKETLEN just giving an upper bound. the details will be
handled by libauthsrv _asgetticket() and _asgetresp() funciotns.

the Authenticator and Passwordreq structures are encrypted
with the random ticket key. The encryption schmeme will depend
on the Ticket format used, so we pass the Ticket* structure
instead of the DES key.

introduce Authkey structure that will hold all the required
cryptographic keys instead of passing DES key.

2 files changed, 7 insertions, 57 deletions

diff --git a/sys/src/libauth/auth_userpasswd.c b/sys/src/libauth/auth_userpasswd.c
index 292899281..e113d83a4 100644
--- a/sys/src/libauth/auth_userpasswd.c
+++ b/sys/src/libauth/auth_userpasswd.c
@@ -11,13 +11,13 @@
  * this was copied from inet's guard.
  */
 static void
-netresp(char *key, long chal, char *answer)
+netresp(Authkey *key, long chal, char *answer)
 {
 	uchar buf[8];
 
 	memset(buf, 0, sizeof buf);
 	snprint((char *)buf, sizeof buf, "%lud", chal);
-	if(encrypt(key, buf, 8) < 0)
+	if(encrypt(key->des, buf, 8) < 0)
 		abort();
 	sprint(answer, "%.8ux", buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3]);
 }
@@ -25,7 +25,8 @@ netresp(char *key, long chal, char *answer)
 AuthInfo*
 auth_userpasswd(char *user, char *passwd)
 {
-	char key[DESKEYLEN], resp[16];
+	char resp[16];
+	Authkey key;
 	AuthInfo *ai;
 	Chalstate *ch;
 
@@ -37,9 +38,9 @@ auth_userpasswd(char *user, char *passwd)
 	if((ch = auth_challenge("user=%q proto=p9cr role=server", user)) == nil)
 		return nil;
 
-	passtokey(key, passwd);
-	netresp(key, atol(ch->chal), resp);
-	memset(key, 0, sizeof key);
+	passtokey(&key, passwd);
+	netresp(&key, atol(ch->chal), resp);
+	memset(&key, 0, sizeof(Authkey));
 
 	ch->resp = resp;
 	ch->nresp = strlen(resp);
diff --git a/sys/src/libauth/httpauth.c b/sys/src/libauth/httpauth.c
deleted file mode 100644
index 9d1b0d26f..000000000
--- a/sys/src/libauth/httpauth.c
+++ /dev/null
@@ -1,51 +0,0 @@
-#include <u.h>
-#include <libc.h>
-#include <auth.h>
-#include <authsrv.h>
-
-/* deprecated.
-	This is the mechanism that put entries in /sys/lib/httpd.rewrite
-	and passwords on the authserver in /sys/lib/httppasswords, which
-	was awkward to administer.  Instead, use local .httplogin files,
-	which are implemented in sys/src/cmd/ip/httpd/authorize.c */
-
-int
-httpauth(char *name, char *password)
-{
-	int afd;
-	Ticketreq tr;
-	Ticket	t;
-	char key[DESKEYLEN];
-	char buf[512];
-
-	afd = authdial(nil, nil);
-	if(afd < 0)
-		return -1;
-
-	/* send ticket request to AS */
-	memset(&tr, 0, sizeof(tr));
-	strcpy(tr.uid, name);
-	tr.type = AuthHttp;
-	convTR2M(&tr, buf);
-	if(write(afd, buf, TICKREQLEN) != TICKREQLEN){
-		close(afd);
-		return -1;
-	}
-	if(_asrdresp(afd, buf, TICKETLEN) < 0){
-		close(afd);
-		return -1;
-	}
-	close(afd);
-
-	/*
-	 *  use password and try to decrypt the
-	 *  ticket.  If it doesn't work we've got a bad password,
-	 *  give up.
-	 */
-	passtokey(key, password);
-	convM2T(buf, &t, key);
-	if(t.num != AuthHr || strcmp(t.cuid, tr.uid))
-		return -1;
-
-	return 0;
-}