xref: /plan9/sys/src/9/boot/doauthenticate.c (revision 9a747e4fd48b9f4522c70c07e8f882a15030f964) 
1 #include <u.h>
2 #include <libc.h>
3 #include <auth.h>
4 #include "../boot/boot.h"
5 
6 static char *pbmsg = "AS protocol botch";
7 static char *ccmsg = "can't connect to AS";
8 
9 long
readn(int fd,void * buf,long len)10 readn(int fd, void *buf, long len)
11 {
12 	int m, n;
13 	char *p;
14 
15 	p = buf;
16 	for(n = 0; n < len; n += m){
17 		m = read(fd, p+n, len-n);
18 		if(m <= 0)
19 			return -1;
20 	}
21 	return n;
22 }
23 
24 static char*
fromauth(Method * mp,char * trbuf,char * tbuf)25 fromauth(Method *mp, char *trbuf, char *tbuf)
26 {
27 	int afd;
28 	char t;
29 	char *msg;
30 	static char error[2*ERRMAX];
31 
32 	if(mp->auth == 0)
33 		fatal("no method for accessing auth server");
34 	afd = (*mp->auth)();
35 	if(afd < 0) {
36 		sprint(error, "%s: %r", ccmsg);
37 		return error;
38 	}
39 
40 	if(write(afd, trbuf, TICKREQLEN) < 0 || read(afd, &t, 1) != 1){
41 		close(afd);
42 		sprint(error, "%s: %r", pbmsg);
43 		return error;
44 	}
45 	switch(t){
46 	case AuthOK:
47 		msg = 0;
48 		if(readn(afd, tbuf, 2*TICKETLEN) < 0) {
49 			sprint(error, "%s: %r", pbmsg);
50 			msg = error;
51 		}
52 		break;
53 	case AuthErr:
54 		if(readn(afd, error, ERRMAX) < 0) {
55 			sprint(error, "%s: %r", pbmsg);
56 			msg = error;
57 		}
58 		else {
59 			error[ERRMAX-1] = 0;
60 			msg = error;
61 		}
62 		break;
63 	default:
64 		msg = pbmsg;
65 		break;
66 	}
67 
68 	close(afd);
69 	return msg;
70 }
71 
72 void
doauthenticate(int fd,Method * mp)73 doauthenticate(int fd, Method *mp)
74 {
75 	char *msg;
76 	char trbuf[TICKREQLEN];
77 	char tbuf[2*TICKETLEN];
78 
79 	print("session...");
80 	if(fsession(fd, trbuf, sizeof trbuf) < 0)
81 		fatal("session command failed");
82 
83 	/* no authentication required? */
84 	memset(tbuf, 0, 2*TICKETLEN);
85 	if(trbuf[0] == 0)
86 		return;
87 
88 	/* try getting to an auth server */
89 	print("getting ticket...");
90 	msg = fromauth(mp, trbuf, tbuf);
91 	print("authenticating...");
92 	if(msg == 0)
93 		if(fauth(fd, tbuf) >= 0)
94 			return;
95 
96 	/* didn't work, go for the security hole */
97 	fprint(2, "no authentication server (%s), using your key as server key\n", msg);
98 }
99 
100 char*
checkkey(Method * mp,char * name,char * key)101 checkkey(Method *mp, char *name, char *key)
102 {
103 	char *msg;
104 	Ticketreq tr;
105 	Ticket t;
106 	char trbuf[TICKREQLEN];
107 	char tbuf[TICKETLEN];
108 
109 	memset(&tr, 0, sizeof tr);
110 	tr.type = AuthTreq;
111 	strcpy(tr.authid, name);
112 	strcpy(tr.hostid, name);
113 	strcpy(tr.uid, name);
114 	convTR2M(&tr, trbuf);
115 	msg = fromauth(mp, trbuf, tbuf);
116 	if(msg == ccmsg){
117 		fprint(2, "boot: can't contact auth server, passwd unchecked\n");
118 		return 0;
119 	}
120 	if(msg)
121 		return msg;
122 	convM2T(tbuf, &t, key);
123 	if(t.num == AuthTc && strcmp(name, t.cuid)==0)
124 		return 0;
125 	return "no match";
126 }
127