From 02cfcfeab46f36aad95263ed40d19df7bd5eddef Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Wed, 19 Aug 2015 21:06:17 +0200 Subject: libauthsrv: generalize ticket service, not hardcoding ticket format and DES encryption this is in preparation for replacing DES ticket encryption with something better. but first need to make the code stop making assumptions. the wire encoding of the Ticket might be variable length with TICKETLEN just giving an upper bound. the details will be handled by libauthsrv _asgetticket() and _asgetresp() funciotns. the Authenticator and Passwordreq structures are encrypted with the random ticket key. The encryption schmeme will depend on the Ticket format used, so we pass the Ticket* structure instead of the DES key. introduce Authkey structure that will hold all the required cryptographic keys instead of passing DES key. --- sys/src/cmd/auth/keyfs.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'sys/src/cmd/auth/keyfs.c') diff --git a/sys/src/cmd/auth/keyfs.c b/sys/src/cmd/auth/keyfs.c index 193acf27e..8c6c01748 100644 --- a/sys/src/cmd/auth/keyfs.c +++ b/sys/src/cmd/auth/keyfs.c @@ -13,7 +13,7 @@ #pragma varargck type "W" char* -char authkey[8]; +Authkey authkey; typedef struct Fid Fid; typedef struct User User; @@ -170,9 +170,9 @@ main(int argc, char *argv[]) error("can't make pipe: %r"); if(usepass) { - getpass(authkey, nil, 0, 0); + getpass(&authkey, nil, 0, 0); } else { - if(!getauthkey(authkey)) + if(!getauthkey(&authkey)) print("keyfs: warning: can't read NVRAM\n"); } @@ -690,7 +690,7 @@ passline(Biobuf *b, void *vbuf) if(Bread(b, buf, KEYDBLEN) != KEYDBLEN) return 0; - decrypt(authkey, buf, KEYDBLEN); + decrypt(authkey.des, buf, KEYDBLEN); buf[Namelen-1] = '\0'; return 1; } @@ -780,7 +780,7 @@ writeusers(void) } /* encrypt */ - oldCBCencrypt(authkey, buf, p - buf); + oldCBCencrypt(authkey.des, buf, p - buf); /* write file */ fd = create(userkeys, OWRITE, 0660); @@ -888,7 +888,7 @@ readusers(void) /* decrypt */ n -= n % KEYDBLEN; - oldCBCdecrypt(authkey, buf, n); + oldCBCdecrypt(authkey.des, buf, n); /* unpack */ nu = 0; -- cgit v1.2.3