xref: /plan9-contrib/sys/src/cmd/fossil/9auth.c (revision 61201b97c59a869e2c270447f4a2b461b8eb7f07) 
1 #include "stdinc.h"
2 
3 #include "9.h"
4 
5 int
6 authRead(Fid* afid, void* data, int count)
7 {
8 	AuthInfo *ai;
9 	AuthRpc *rpc;
10 
11 	if((rpc = afid->rpc) == nil)
12 		return -1;
13 
14 	switch(auth_rpc(rpc, "read", nil, 0)){
15 	default:
16 		return -1;
17 	case ARdone:
18 		if((ai = auth_getinfo(rpc)) == nil)
19 			break;
20 		if(ai->cuid == nil || *ai->cuid == '\0'){
21 			auth_freeAI(ai);
22 			break;
23 		}
24 		assert(afid->cuname == nil);
25 		afid->cuname = vtStrDup(ai->cuid);
26 		auth_freeAI(ai);
27 		if(Dflag)
28 			fprint(2, "authRead cuname %s\n", afid->cuname);
29 		assert(afid->uid == nil);
30 		if((afid->uid = uidByUname(afid->cuname)) == nil)
31 			break;
32 		return 0;
33 	case ARok:
34 		if(count < rpc->narg)
35 			break;
36 		memmove(data, rpc->arg, rpc->narg);
37 		return rpc->narg;
38 	case ARphase:
39 		break;
40 	}
41 	return -1;
42 }
43 
44 int
45 authWrite(Fid* afid, void* data, int count)
46 {
47 	assert(afid->rpc != nil);
48 	if(auth_rpc(afid->rpc, "write", data, count) != ARok)
49 		return -1;
50 	return count;
51 }
52 
53 int
54 authCheck(Fcall* t, Fid* fid, Fs* fsys)
55 {
56 	Fid *afid;
57 	uchar buf[1];
58 
59 	/*
60 	 * Can't lookup with FidWlock here as there may be
61 	 * protocol to do. Use a separate lock to protect altering
62 	 * the auth information inside afid.
63 	 */
64 	if(t->afid == NOFID){
65 		/*
66 		 * If no authentication is asked for, allow
67 		 * "none" provided the connection has already
68 		 * been authenticatated.
69 		 *
70 		 * The console is allowed to attach without
71 		 * authentication.
72 		 */
73 		if(!fid->con->isconsole &&
74 		(strcmp(fid->uname, unamenone) != 0 || !fid->con->aok)){
75 			consPrint("attach %s as %s: connection not authenticated, not console\n", fsysGetName(fsys), fid->uname);
76 			return 0;
77 		}
78 
79 		if((fid->uid = uidByUname(fid->uname)) == nil){
80 			consPrint("attach %s as %s: unknown uname\n", fsysGetName(fsys), fid->uname);
81 			return 0;
82 		}
83 		return 1;
84 	}
85 
86 	if((afid = fidGet(fid->con, t->afid, 0)) == nil){
87 		consPrint("attach %s as %s: bad afid\n", fsysGetName(fsys), fid->uname);
88 		return 0;
89 	}
90 
91 	/*
92 	 * Check valid afid;
93 	 * check uname and aname match.
94 	 */
95 	if(!(afid->qid.type & QTAUTH)){
96 		consPrint("attach %s as %s: afid not an auth file\n", fsysGetName(fsys), fid->uname);
97 		fidPut(afid);
98 		return 0;
99 	}
100 	if(strcmp(afid->uname, fid->uname) != 0 || afid->fsys != fsys){
101 		consPrint("attach %s as %s: afid is for %s as %s\n", fsysGetName(fsys), fid->uname, fsysGetName(afid->fsys), afid->uname);
102 		fidPut(afid);
103 		return 0;
104 	}
105 
106 	vtLock(afid->alock);
107 	if(afid->cuname == nil){
108 		if(authRead(afid, buf, 0) != 0 || afid->cuname == nil){
109 			vtUnlock(afid->alock);
110 			consPrint("attach %s as %s: auth protocol not finished\n", fsysGetName(fsys), fid->uname);
111 			fidPut(afid);
112 			return 0;
113 		}
114 	}
115 	vtUnlock(afid->alock);
116 
117 	assert(fid->uid == nil);
118 	if((fid->uid = uidByUname(afid->cuname)) == nil){
119 		consPrint("attach %s as %s: unknown cuname %s\n", fsysGetName(fsys), fid->uname, afid->cuname);
120 		fidPut(afid);
121 		return 0;
122 	}
123 
124 	vtMemFree(fid->uname);
125 	fid->uname = vtStrDup(afid->cuname);
126 	fidPut(afid);
127 
128 	/*
129 	 * Allow "none" once the connection has been authenticated.
130 	 */
131 	fid->con->aok = 1;
132 
133 	return 1;
134 }
135