summaryrefslogtreecommitdiff
path: root/sys/src/libauthsrv
diff options
context:
space:
mode:
authorcinap_lenrek <cinap_lenrek@felloff.net>2015-08-19 21:06:17 +0200
committercinap_lenrek <cinap_lenrek@felloff.net>2015-08-19 21:06:17 +0200
commit02cfcfeab46f36aad95263ed40d19df7bd5eddef (patch)
tree30f67204be8d474b2c761e8944c20d042df1a08b /sys/src/libauthsrv
parentf785d4da07349c7bb250eb00a3f2bed3eb170828 (diff)
libauthsrv: generalize ticket service, not hardcoding ticket format and DES encryption
this is in preparation for replacing DES ticket encryption with something better. but first need to make the code stop making assumptions. the wire encoding of the Ticket might be variable length with TICKETLEN just giving an upper bound. the details will be handled by libauthsrv _asgetticket() and _asgetresp() funciotns. the Authenticator and Passwordreq structures are encrypted with the random ticket key. The encryption schmeme will depend on the Ticket format used, so we pass the Ticket* structure instead of the DES key. introduce Authkey structure that will hold all the required cryptographic keys instead of passing DES key.
Diffstat (limited to 'sys/src/libauthsrv')
-rw-r--r--sys/src/libauthsrv/_asgetticket.c8
-rw-r--r--sys/src/libauthsrv/convA2M.c10
-rw-r--r--sys/src/libauthsrv/convM2A.c20
-rw-r--r--sys/src/libauthsrv/convM2PR.c20
-rw-r--r--sys/src/libauthsrv/convM2T.c21
-rw-r--r--sys/src/libauthsrv/convM2TR.c11
-rw-r--r--sys/src/libauthsrv/convPR2M.c10
-rw-r--r--sys/src/libauthsrv/convT2M.c8
-rw-r--r--sys/src/libauthsrv/convTR2M.c7
-rw-r--r--sys/src/libauthsrv/mkfile2
-rw-r--r--sys/src/libauthsrv/passtokey.c8
-rw-r--r--sys/src/libauthsrv/readnvram.c9
12 files changed, 88 insertions, 46 deletions
diff --git a/sys/src/libauthsrv/_asgetticket.c b/sys/src/libauthsrv/_asgetticket.c
index 46283bd5a..11a344621 100644
--- a/sys/src/libauthsrv/_asgetticket.c
+++ b/sys/src/libauthsrv/_asgetticket.c
@@ -5,11 +5,13 @@
static char *pbmsg = "AS protocol botch";
int
-_asgetticket(int fd, char *trbuf, char *tbuf)
+_asgetticket(int fd, Ticketreq *tr, char *tbuf, int tbuflen)
{
- if(write(fd, trbuf, TICKREQLEN) < 0){
+ if(_asrequest(fd, tr) < 0){
werrstr(pbmsg);
return -1;
}
- return _asrdresp(fd, tbuf, 2*TICKETLEN);
+ if(tbuflen > 2*TICKETLEN)
+ tbuflen = 2*TICKETLEN;
+ return _asrdresp(fd, tbuf, tbuflen);
}
diff --git a/sys/src/libauthsrv/convA2M.c b/sys/src/libauthsrv/convA2M.c
index 2799cbf56..d285ad770 100644
--- a/sys/src/libauthsrv/convA2M.c
+++ b/sys/src/libauthsrv/convA2M.c
@@ -9,17 +9,19 @@
#define STRING(x,n) memmove(p, f->x, n); p += n
int
-convA2M(Authenticator *f, char *ap, char *key)
+convA2M(Authenticator *f, char *ap, int n, Ticket *t)
{
- int n;
uchar *p;
+ if(n < AUTHENTLEN)
+ return 0;
+
p = (uchar*)ap;
CHAR(num);
STRING(chal, CHALLEN);
LONG(id);
n = p - (uchar*)ap;
- if(key)
- encrypt(key, ap, n);
+ if(t)
+ encrypt(t->key, ap, n);
return n;
}
diff --git a/sys/src/libauthsrv/convM2A.c b/sys/src/libauthsrv/convM2A.c
index 3d58f9b59..b0d6712ca 100644
--- a/sys/src/libauthsrv/convM2A.c
+++ b/sys/src/libauthsrv/convM2A.c
@@ -8,16 +8,24 @@
#define LONG(x) VLONG(f->x)
#define STRING(x,n) memmove(f->x, p, n); p += n
-void
-convM2A(char *ap, Authenticator *f, char *key)
+int
+convM2A(char *ap, int n, Authenticator *f, Ticket *t)
{
- uchar *p;
+ uchar *p, buf[AUTHENTLEN];
- if(key)
- decrypt(key, ap, AUTHENTLEN);
+ memset(f, 0, sizeof(Authenticator));
+ if(n < AUTHENTLEN)
+ return -AUTHENTLEN;
+
+ if(t) {
+ memmove(buf, ap, AUTHENTLEN);
+ ap = (char*)buf;
+ decrypt(t->key, ap, AUTHENTLEN);
+ }
p = (uchar*)ap;
CHAR(num);
STRING(chal, CHALLEN);
LONG(id);
- USED(p);
+ n = p - (uchar*)ap;
+ return n;
}
diff --git a/sys/src/libauthsrv/convM2PR.c b/sys/src/libauthsrv/convM2PR.c
index 21df5b508..c7bd4974d 100644
--- a/sys/src/libauthsrv/convM2PR.c
+++ b/sys/src/libauthsrv/convM2PR.c
@@ -8,14 +8,21 @@
#define LONG(x) VLONG(f->x)
#define STRING(x,n) memmove(f->x, p, n); p += n
-void
-convM2PR(char *ap, Passwordreq *f, char *key)
+int
+convM2PR(char *ap, int n, Passwordreq *f, Ticket *t)
{
- uchar *p;
+ uchar *p, buf[PASSREQLEN];
+ memset(f, 0, sizeof(Passwordreq));
+ if(n < PASSREQLEN)
+ return -PASSREQLEN;
+
+ if(t){
+ memmove(buf, ap, PASSREQLEN);
+ ap = (char*)buf;
+ decrypt(t->key, ap, PASSREQLEN);
+ }
p = (uchar*)ap;
- if(key)
- decrypt(key, ap, PASSREQLEN);
CHAR(num);
STRING(old, ANAMELEN);
f->old[ANAMELEN-1] = 0;
@@ -24,5 +31,6 @@ convM2PR(char *ap, Passwordreq *f, char *key)
CHAR(changesecret);
STRING(secret, SECRETLEN);
f->secret[SECRETLEN-1] = 0;
- USED(p);
+ n = p - (uchar*)ap;
+ return n;
}
diff --git a/sys/src/libauthsrv/convM2T.c b/sys/src/libauthsrv/convM2T.c
index 372825a87..425ebefdd 100644
--- a/sys/src/libauthsrv/convM2T.c
+++ b/sys/src/libauthsrv/convM2T.c
@@ -8,13 +8,20 @@
#define LONG(x) VLONG(f->x)
#define STRING(x,n) memmove(f->x, p, n); p += n
-void
-convM2T(char *ap, Ticket *f, char *key)
+int
+convM2T(char *ap, int n, Ticket *f, Authkey *key)
{
- uchar *p;
+ uchar *p, buf[TICKETLEN];
- if(key)
- decrypt(key, ap, TICKETLEN);
+ memset(f, 0, sizeof(Ticket));
+ if(n < TICKETLEN)
+ return -TICKETLEN;
+
+ if(key){
+ memmove(buf, ap, TICKETLEN);
+ ap = (char*)buf;
+ decrypt(key->des, ap, TICKETLEN);
+ }
p = (uchar*)ap;
CHAR(num);
STRING(chal, CHALLEN);
@@ -23,6 +30,6 @@ convM2T(char *ap, Ticket *f, char *key)
STRING(suid, ANAMELEN);
f->suid[ANAMELEN-1] = 0;
STRING(key, DESKEYLEN);
- USED(p);
+ n = p - (uchar*)ap;
+ return n;
}
-
diff --git a/sys/src/libauthsrv/convM2TR.c b/sys/src/libauthsrv/convM2TR.c
index ffad75c77..d6491705b 100644
--- a/sys/src/libauthsrv/convM2TR.c
+++ b/sys/src/libauthsrv/convM2TR.c
@@ -8,11 +8,15 @@
#define LONG(x) VLONG(f->x)
#define STRING(x,n) memmove(f->x, p, n); p += n
-void
-convM2TR(char *ap, Ticketreq *f)
+int
+convM2TR(char *ap, int n, Ticketreq *f)
{
uchar *p;
+ memset(f, 0, sizeof(Ticketreq));
+ if(n < TICKREQLEN)
+ return -TICKREQLEN;
+
p = (uchar*)ap;
CHAR(type);
STRING(authid, ANAMELEN);
@@ -24,5 +28,6 @@ convM2TR(char *ap, Ticketreq *f)
f->hostid[ANAMELEN-1] = 0;
STRING(uid, ANAMELEN);
f->uid[ANAMELEN-1] = 0;
- USED(p);
+ n = p - (uchar*)ap;
+ return n;
}
diff --git a/sys/src/libauthsrv/convPR2M.c b/sys/src/libauthsrv/convPR2M.c
index 8b2422f1b..d5c0ee7ac 100644
--- a/sys/src/libauthsrv/convPR2M.c
+++ b/sys/src/libauthsrv/convPR2M.c
@@ -9,11 +9,13 @@
#define STRING(x,n) memmove(p, f->x, n); p += n
int
-convPR2M(Passwordreq *f, char *ap, char *key)
+convPR2M(Passwordreq *f, char *ap, int n, Ticket *t)
{
- int n;
uchar *p;
+ if(n < PASSREQLEN)
+ return 0;
+
p = (uchar*)ap;
CHAR(num);
STRING(old, ANAMELEN);
@@ -21,8 +23,8 @@ convPR2M(Passwordreq *f, char *ap, char *key)
CHAR(changesecret);
STRING(secret, SECRETLEN);
n = p - (uchar*)ap;
- if(key)
- encrypt(key, ap, n);
+ if(t)
+ encrypt(t->key, ap, n);
return n;
}
diff --git a/sys/src/libauthsrv/convT2M.c b/sys/src/libauthsrv/convT2M.c
index 810ba5c67..77edcef1f 100644
--- a/sys/src/libauthsrv/convT2M.c
+++ b/sys/src/libauthsrv/convT2M.c
@@ -9,11 +9,13 @@
#define STRING(x,n) memmove(p, f->x, n); p += n
int
-convT2M(Ticket *f, char *ap, char *key)
+convT2M(Ticket *f, char *ap, int n, Authkey *key)
{
- int n;
uchar *p;
+ if(n < TICKETLEN)
+ return 0;
+
p = (uchar*)ap;
CHAR(num);
STRING(chal, CHALLEN);
@@ -22,6 +24,6 @@ convT2M(Ticket *f, char *ap, char *key)
STRING(key, DESKEYLEN);
n = p - (uchar*)ap;
if(key)
- encrypt(key, ap, n);
+ encrypt(key->des, ap, n);
return n;
}
diff --git a/sys/src/libauthsrv/convTR2M.c b/sys/src/libauthsrv/convTR2M.c
index 3a7610a71..0bbe9cb6f 100644
--- a/sys/src/libauthsrv/convTR2M.c
+++ b/sys/src/libauthsrv/convTR2M.c
@@ -9,11 +9,13 @@
#define STRING(x,n) memmove(p, f->x, n); p += n
int
-convTR2M(Ticketreq *f, char *ap)
+convTR2M(Ticketreq *f, char *ap, int n)
{
- int n;
uchar *p;
+ if(n < TICKREQLEN)
+ return 0;
+
p = (uchar*)ap;
CHAR(type);
STRING(authid, 28); /* BUG */
@@ -24,4 +26,3 @@ convTR2M(Ticketreq *f, char *ap)
n = p - (uchar*)ap;
return n;
}
-
diff --git a/sys/src/libauthsrv/mkfile b/sys/src/libauthsrv/mkfile
index b3e59b670..d46fa52d7 100644
--- a/sys/src/libauthsrv/mkfile
+++ b/sys/src/libauthsrv/mkfile
@@ -3,6 +3,8 @@
LIB=/$objtype/lib/libauthsrv.a
OFILES=\
_asgetticket.$O\
+ _asgetresp.$O\
+ _asrequest.$O\
_asrdresp.$O\
authdial.$O\
convA2M.$O\
diff --git a/sys/src/libauthsrv/passtokey.c b/sys/src/libauthsrv/passtokey.c
index cde9a2422..44963cec6 100644
--- a/sys/src/libauthsrv/passtokey.c
+++ b/sys/src/libauthsrv/passtokey.c
@@ -3,7 +3,7 @@
#include <authsrv.h>
int
-passtokey(char *key, char *p)
+passtokey(Authkey *key, char *p)
{
uchar buf[ANAMELEN], *t;
int i, n;
@@ -15,10 +15,10 @@ passtokey(char *key, char *p)
t = buf;
strncpy((char*)t, p, n);
t[n] = 0;
- memset(key, 0, DESKEYLEN);
+ memset(key, 0, sizeof(Authkey));
for(;;){
for(i = 0; i < DESKEYLEN; i++)
- key[i] = (t[i] >> i) + (t[i+1] << (8 - (i+1)));
+ key->des[i] = (t[i] >> i) + (t[i+1] << (8 - (i+1)));
if(n <= 8)
return 1;
n -= 8;
@@ -27,6 +27,6 @@ passtokey(char *key, char *p)
t -= 8 - n;
n = 8;
}
- encrypt(key, t, 8);
+ encrypt(key->des, t, 8);
}
}
diff --git a/sys/src/libauthsrv/readnvram.c b/sys/src/libauthsrv/readnvram.c
index ef9c91249..5d054725d 100644
--- a/sys/src/libauthsrv/readnvram.c
+++ b/sys/src/libauthsrv/readnvram.c
@@ -292,11 +292,14 @@ readnvram(Nvrsafe *safep, int flag)
readcons("secstore key", nil, 1, safe->config,
sizeof safe->config);
for(;;){
- if(readcons("password", nil, 1, in, sizeof in)
- == nil)
+ Authkey k;
+
+ if(readcons("password", nil, 1, in, sizeof in) == nil)
goto Out;
- if(passtokey(safe->machkey, in))
+ if(passtokey(&k, in)){
+ memmove(safe->machkey, k.des, DESKEYLEN);
break;
+ }
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 07:28:04 +0000