1 #include <u.h> 2 #include <libc.h> 3 #include <auth.h> 4 #include <libsec.h> 5 6 enum { 7 Encnone, 8 Encssl, 9 Enctls, 10 }; 11 12 static char *encprotos[] = { 13 [Encnone] = "clear", 14 [Encssl] = "ssl", 15 [Enctls] = "tls", 16 nil, 17 }; 18 19 char *keyspec = ""; 20 char *filterp; 21 char *ealgs = "rc4_256 sha1"; 22 int encproto = Encnone; 23 char *aan = "/bin/aan"; 24 AuthInfo *ai; 25 int debug; 26 27 int connect(char*, char*, int); 28 int passive(void); 29 int old9p(int); 30 void catcher(void*, char*); 31 void sysfatal(char*, ...); 32 void usage(void); 33 int filter(int, char *, char *); 34 35 static void mksecret(char *, uchar *); 36 37 void 38 post(char *name, char *envname, int srvfd) 39 { 40 int fd; 41 char buf[32]; 42 43 fd = create(name, OWRITE, 0600); 44 if(fd < 0) 45 return; 46 sprint(buf, "%d",srvfd); 47 if(write(fd, buf, strlen(buf)) != strlen(buf)) 48 sysfatal("srv write: %r"); 49 close(fd); 50 putenv(envname, name); 51 } 52 53 static int 54 lookup(char *s, char *l[]) 55 { 56 int i; 57 58 for (i = 0; l[i] != 0; i++) 59 if (strcmp(l[i], s) == 0) 60 return i; 61 return -1; 62 } 63 64 void 65 main(int argc, char **argv) 66 { 67 char *mntpt; 68 int fd, mntflags; 69 int oldserver; 70 char *srvpost, srvfile[64]; 71 int backwards = 0; 72 73 srvpost = nil; 74 oldserver = 0; 75 mntflags = MREPL; 76 ARGBEGIN{ 77 case 'a': 78 mntflags = MAFTER; 79 break; 80 case 'b': 81 mntflags = MBEFORE; 82 break; 83 case 'c': 84 mntflags |= MCREATE; 85 break; 86 case 'C': 87 mntflags |= MCACHE; 88 break; 89 case 'd': 90 debug++; 91 break; 92 case 'f': 93 /* ignored but allowed for compatibility */ 94 break; 95 case 'O': 96 case 'o': 97 oldserver = 1; 98 break; 99 case 'E': 100 if ((encproto = lookup(EARGF(usage()), encprotos)) < 0) 101 usage(); 102 break; 103 case 'e': 104 ealgs = EARGF(usage()); 105 if(*ealgs == 0 || strcmp(ealgs, "clear") == 0) 106 ealgs = nil; 107 break; 108 case 'k': 109 keyspec = EARGF(usage()); 110 break; 111 case 'p': 112 filterp = aan; 113 break; 114 case 's': 115 srvpost = EARGF(usage()); 116 break; 117 case 'B': 118 backwards = 1; 119 break; 120 default: 121 usage(); 122 }ARGEND; 123 124 mntpt = 0; /* to shut up compiler */ 125 if(backwards){ 126 switch(argc) { 127 case 1: 128 mntpt = argv[0]; 129 break; 130 default: 131 usage(); 132 } 133 } else { 134 switch(argc) { 135 case 2: 136 mntpt = argv[1]; 137 break; 138 case 3: 139 mntpt = argv[2]; 140 break; 141 default: 142 usage(); 143 } 144 } 145 146 if (encproto == Enctls) 147 sysfatal("%s: tls has not yet been implemented\n", argv[0]); 148 149 notify(catcher); 150 alarm(60*1000); 151 152 if(backwards) 153 fd = passive(); 154 else 155 fd = connect(argv[0], argv[1], oldserver); 156 157 if (!oldserver) 158 fprint(fd, "impo %s %s\n", filterp? "aan": "nofilter", encprotos[encproto]); 159 160 if (encproto != Encnone && ealgs && ai) { 161 uchar key[16]; 162 uchar digest[SHA1dlen]; 163 char fromclientsecret[21]; 164 char fromserversecret[21]; 165 int i; 166 167 memmove(key+4, ai->secret, ai->nsecret); 168 169 /* exchange random numbers */ 170 srand(truerand()); 171 for(i = 0; i < 4; i++) 172 key[i] = rand(); 173 if(write(fd, key, 4) != 4) 174 sysfatal("can't write key part: %r"); 175 if(readn(fd, key+12, 4) != 4) 176 sysfatal("can't read key part: %r"); 177 178 /* scramble into two secrets */ 179 sha1(key, sizeof(key), digest, nil); 180 mksecret(fromclientsecret, digest); 181 mksecret(fromserversecret, digest+10); 182 183 if (filterp) 184 fd = filter(fd, filterp, argv[0]); 185 186 /* set up encryption */ 187 fd = pushssl(fd, ealgs, fromclientsecret, fromserversecret, nil); 188 if(fd < 0) 189 sysfatal("can't establish ssl connection: %r"); 190 } 191 else if (filterp) 192 fd = filter(fd, filterp, argv[0]); 193 194 if(srvpost){ 195 sprint(srvfile, "/srv/%s", srvpost); 196 remove(srvfile); 197 post(srvfile, srvpost, fd); 198 } 199 if(mount(fd, -1, mntpt, mntflags, "") < 0) 200 sysfatal("can't mount %s: %r", argv[1]); 201 alarm(0); 202 exits(0); 203 } 204 205 void 206 catcher(void*, char *msg) 207 { 208 if(strcmp(msg, "alarm") == 0) 209 noted(NCONT); 210 noted(NDFLT); 211 } 212 213 int 214 old9p(int fd) 215 { 216 int p[2]; 217 218 if(pipe(p) < 0) 219 sysfatal("pipe: %r"); 220 221 switch(rfork(RFPROC|RFFDG|RFNAMEG)) { 222 case -1: 223 sysfatal("rfork srvold9p: %r"); 224 case 0: 225 if(fd != 1){ 226 dup(fd, 1); 227 close(fd); 228 } 229 if(p[0] != 0){ 230 dup(p[0], 0); 231 close(p[0]); 232 } 233 close(p[1]); 234 if(0){ 235 fd = open("/sys/log/cpu", OWRITE); 236 if(fd != 2){ 237 dup(fd, 2); 238 close(fd); 239 } 240 execl("/bin/srvold9p", "srvold9p", "-ds", 0); 241 } else 242 execl("/bin/srvold9p", "srvold9p", "-s", 0); 243 sysfatal("exec srvold9p: %r"); 244 default: 245 close(fd); 246 close(p[0]); 247 } 248 return p[1]; 249 } 250 251 int 252 connect(char *system, char *tree, int oldserver) 253 { 254 char buf[ERRMAX], dir[128], *na; 255 int fd, n; 256 char *authp; 257 258 na = netmkaddr(system, 0, "exportfs"); 259 if((fd = dial(na, 0, dir, 0)) < 0) 260 sysfatal("can't dial %s: %r", system); 261 262 if(oldserver) 263 authp = "p9sk2"; 264 else 265 authp = "p9any"; 266 267 ai = auth_proxy(fd, auth_getkey, "proto=%q role=client %s", authp, keyspec); 268 if(ai == nil) 269 sysfatal("%r: %s", system); 270 271 n = write(fd, tree, strlen(tree)); 272 if(n < 0) 273 sysfatal("can't write tree: %r"); 274 275 strcpy(buf, "can't read tree"); 276 277 n = read(fd, buf, sizeof buf - 1); 278 if(n!=2 || buf[0]!='O' || buf[1]!='K'){ 279 buf[sizeof buf - 1] = '\0'; 280 sysfatal("bad remote tree: %s", buf); 281 } 282 283 if(oldserver) 284 return old9p(fd); 285 return fd; 286 } 287 288 int 289 passive(void) 290 { 291 int fd; 292 293 ai = auth_proxy(0, auth_getkey, "proto=p9any role=server"); 294 if(ai == nil) 295 sysfatal("auth_proxy: %r"); 296 if(auth_chuid(ai, nil) < 0) 297 sysfatal("auth_chuid: %r"); 298 putenv("service", "import"); 299 300 fd = dup(0, -1); 301 close(0); 302 close(1); 303 304 return fd; 305 } 306 307 void 308 usage(void) 309 { 310 fprint(2, "usage: import [-abcC] [-E clear|ssl|tls] [-e 'crypt auth'|clear] [-k keypattern] [-p] host remotefs [mountpoint]\n"); 311 exits("usage"); 312 } 313 314 /* Network on fd1, mount driver on fd0 */ 315 int 316 filter(int fd, char *cmd, char *host) 317 { 318 int p[2], len, argc; 319 char newport[256], buf[256], *s; 320 char *argv[16], *file, *pbuf; 321 322 if ((len = read(fd, newport, sizeof newport - 1)) < 0) 323 sysfatal("filter: cannot write port; %r\n"); 324 newport[len] = '\0'; 325 326 if ((s = strchr(newport, '!')) == nil) 327 sysfatal("filter: illegally formatted port %s\n", newport); 328 329 strcpy(buf, netmkaddr(host, "tcp", "0")); 330 pbuf = strrchr(buf, '!'); 331 strcpy(pbuf, s); 332 333 if(debug) 334 fprint(2, "filter: remote port %s\n", newport); 335 336 argc = tokenize(cmd, argv, nelem(argv)-2); 337 if (argc == 0) 338 sysfatal("filter: empty command"); 339 argv[argc++] = "-c"; 340 argv[argc++] = buf; 341 argv[argc] = nil; 342 file = argv[0]; 343 if (s = strrchr(argv[0], '/')) 344 argv[0] = s+1; 345 346 if(pipe(p) < 0) 347 sysfatal("pipe: %r"); 348 349 switch(rfork(RFNOWAIT|RFPROC|RFFDG)) { 350 case -1: 351 sysfatal("rfork record module: %r"); 352 case 0: 353 dup(p[0], 1); 354 dup(p[0], 0); 355 close(p[0]); 356 close(p[1]); 357 exec(file, argv); 358 sysfatal("exec record module: %r"); 359 default: 360 close(fd); 361 close(p[0]); 362 } 363 return p[1]; 364 } 365 366 static void 367 mksecret(char *t, uchar *f) 368 { 369 sprint(t, "%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux%2.2ux", 370 f[0], f[1], f[2], f[3], f[4], f[5], f[6], f[7], f[8], f[9]); 371 } 372 373