xref: /plan9-contrib/sys/src/cmd/auth/guard.srv.c (revision ec59a3ddbfceee0efe34584c2c9981a5e5ff1ec4) 
1 #include <u.h>
2 #include <libc.h>
3 #include <fcall.h>
4 #include <bio.h>
5 #include <ndb.h>
6 #include <authsrv.h>
7 #include "authcmdlib.h"
8 
9 /*
10  * c -> a	client
11  * a -> c	challenge prompt
12  * c -> a	KC'{challenge}
13  * a -> c	OK or NO
14  */
15 
16 void	catchalarm(void*, char*);
17 void	getraddr(char*);
18 
19 char	user[ANAMELEN];
20 char	raddr[128];
21 int	debug;
22 Ndb	*db;
23 
24 void
25 main(int argc, char *argv[])
26 {
27 	char ukey[DESKEYLEN], resp[32], buf[NETCHLEN];
28 	long chal;
29 	int n;
30 	Ndb *db2;
31 	char *err;
32 
33 	ARGBEGIN{
34 	case 'd':
35 		debug = 1;
36 		break;
37 	}ARGEND;
38 
39 	db = ndbopen("/lib/ndb/auth");
40 	if(db == 0)
41 		syslog(0, AUTHLOG, "no /lib/ndb/auth");
42 	db2 = ndbopen(0);
43 	if(db2 == 0)
44 		syslog(0, AUTHLOG, "no /lib/ndb/local");
45 	db = ndbcat(db, db2);
46 
47 	strcpy(raddr, "unknown");
48 	if(argc >= 1)
49 		getraddr(argv[argc-1]);
50 
51 	argv0 = "guard";
52 	srand((getpid()*1103515245)^time(0));
53 	notify(catchalarm);
54 
55 	/*
56 	 * read the host and client and get their keys
57 	 */
58 	if(readarg(0, user, sizeof user) < 0)
59 		fail(0);
60 
61 	/*
62 	 * challenge-response
63 	 */
64 	chal = lnrand(MAXNETCHAL);
65 	sprint(buf, "challenge: %lud\nresponse: ", chal);
66 	n = strlen(buf) + 1;
67 	if(write(1, buf, n) != n){
68 		if(debug)
69 			syslog(0, AUTHLOG, "g-fail %s@%s :%r sending chal",
70 				user, raddr);
71 		exits("replying to server");
72 	}
73 	alarm(3*60*1000);
74 	if(readarg(0, resp, sizeof resp) < 0){
75 		if(debug)
76 			syslog(0, AUTHLOG, "g-fail %s@%s :%r reading resp",
77 				user, raddr);
78 		fail(0);
79 	}
80 	alarm(0);
81 
82 	if(!findkey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
83 	/* if(!findkey(KEYDB, user, ukey) || !netcheck(ukey, chal, resp)) /* remove password login from guard.research.bell-labs.com, sucre, etc. */
84 	if((err = secureidcheck(user, resp)) != nil){
85 		print("NO %s", err);
86 		write(1, "NO", 2);
87 		if(debug)
88 			syslog(0, AUTHLOG, "g-fail %s@%s: %s %s to %lud",
89 				err, user, raddr, resp, chal);
90 		fail(user);
91 	}
92 	write(1, "OK", 2);
93 	if(debug)
94 		syslog(0, AUTHLOG, "g-ok %s@%s", user, raddr);
95 	succeed(user);
96 	exits(0);
97 }
98 
99 void
100 catchalarm(void *x, char *msg)
101 {
102 	USED(x, msg);
103 	if(debug)
104 		syslog(0, AUTHLOG, "g-timed out %s", raddr);
105 	fail(0);
106 }
107 
108 void
109 getraddr(char *dir)
110 {
111 	int n, fd;
112 	char *cp;
113 	char file[128];
114 
115 	snprint(file, sizeof(file), "%s/remote", dir);
116 	fd = open(file, OREAD);
117 	if(fd < 0)
118 		return;
119 	n = read(fd, raddr, sizeof(raddr)-1);
120 	close(fd);
121 	if(n <= 0)
122 		return;
123 	raddr[n] = 0;
124 	cp = strchr(raddr, '\n');
125 	if(cp)
126 		*cp = 0;
127 	cp = strchr(raddr, '!');
128 	if(cp)
129 		*cp = 0;
130 }
131