1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
#include <u.h>
#include <libc.h>
#include <auth.h>
#include "../boot/boot.h"
static char *pbmsg = "AS protocol botch";
static char *ccmsg = "can't connect to AS";
long
readn(int fd, void *buf, long len)
{
int m, n;
char *p;
p = buf;
for(n = 0; n < len; n += m){
m = read(fd, p+n, len-n);
if(m <= 0)
return -1;
}
return n;
}
static char*
fromauth(Method *mp, char *trbuf, char *tbuf)
{
int afd;
char t;
char *msg;
static char error[2*ERRMAX];
if(mp->auth == 0)
fatal("no method for accessing auth server");
afd = (*mp->auth)();
if(afd < 0) {
sprint(error, "%s: %r", ccmsg);
return error;
}
if(write(afd, trbuf, TICKREQLEN) < 0 || read(afd, &t, 1) != 1){
close(afd);
sprint(error, "%s: %r", pbmsg);
return error;
}
switch(t){
case AuthOK:
msg = 0;
if(readn(afd, tbuf, 2*TICKETLEN) < 0) {
sprint(error, "%s: %r", pbmsg);
msg = error;
}
break;
case AuthErr:
if(readn(afd, error, ERRMAX) < 0) {
sprint(error, "%s: %r", pbmsg);
msg = error;
}
else {
error[ERRMAX-1] = 0;
msg = error;
}
break;
default:
msg = pbmsg;
break;
}
close(afd);
return msg;
}
void
doauthenticate(int fd, Method *mp)
{
char *msg;
char trbuf[TICKREQLEN];
char tbuf[2*TICKETLEN];
print("session...");
if(fsession(fd, trbuf, sizeof trbuf) < 0)
fatal("session command failed");
/* no authentication required? */
memset(tbuf, 0, 2*TICKETLEN);
if(trbuf[0] == 0)
return;
/* try getting to an auth server */
print("getting ticket...");
msg = fromauth(mp, trbuf, tbuf);
print("authenticating...");
if(msg == 0)
if(fauth(fd, tbuf) >= 0)
return;
/* didn't work, go for the security hole */
fprint(2, "no authentication server (%s), using your key as server key\n", msg);
}
char*
checkkey(Method *mp, char *name, char *key)
{
char *msg;
Ticketreq tr;
Ticket t;
char trbuf[TICKREQLEN];
char tbuf[TICKETLEN];
memset(&tr, 0, sizeof tr);
tr.type = AuthTreq;
strcpy(tr.authid, name);
strcpy(tr.hostid, name);
strcpy(tr.uid, name);
convTR2M(&tr, trbuf);
msg = fromauth(mp, trbuf, tbuf);
if(msg == ccmsg){
fprint(2, "boot: can't contact auth server, passwd unchecked\n");
return 0;
}
if(msg)
return msg;
convM2T(tbuf, &t, key);
if(t.num == AuthTc && strcmp(name, t.cuid)==0)
return 0;
return "no match";
}
|
