git: 9front

Info  •  Files  •  Log  •  Branches

cwfs: remove p9sk1 code, use factotum

--- a/sys/src/cmd/cwfs/9p2.c

+++ b/sys/src/cmd/cwfs/9p2.c

@@ -214,7 +214,7 @@

 	return error;

 }

-int

+static int

 authorize(Chan* chan, Fcall* f)

 {

 	File* af;

@@ -244,6 +244,10 @@

 			print("authorize: af == nil\n");

 		return -1;

 	}

+

+	/* fake read to get auth info */

+	authread(af, nil, 0);

+

 	if(af->auth == nil){

 		if(db)

 			print("authorize: af->auth == nil\n");

--- a/sys/src/cmd/cwfs/auth.c

+++ b/sys/src/cmd/cwfs/auth.c

@@ -1,6 +1,7 @@

 #include "all.h"

 #include "io.h"

 #include <authsrv.h>

+#include <auth.h>

 Nvrsafe	nvr;

@@ -83,35 +84,6 @@

 	return 1;

 }

-/*

- *  authentication specific to 9P2000

- */

-

-/* authentication states */

-enum

-{

-	HaveProtos=1,

-	NeedProto,

-	HaveOK,

-	NeedCchal,

-	HaveSinfo,

-	NeedTicket,

-	HaveSauthenticator,

-	SSuccess,

-};

-

-char *phasename[] =

-{

-[HaveProtos]	"HaveProtos",

-[NeedProto]	"NeedProto",

-[HaveOK]	"HaveOK",

-[NeedCchal]	"NeedCchal",

-[HaveSinfo]	"HaveSinfo",

-[NeedTicket]	"NeedTicket",

-[HaveSauthenticator]	"HaveSauthenticator",

-[SSuccess]	"SSuccess",

-};

-

 /* authentication structure */

 struct	Auth

 {

@@ -119,11 +91,7 @@

 	char	uname[NAMELEN];	/* requestor's remote user name */

 	char	aname[NAMELEN];	/* requested aname */

 	Userid	uid;		/* uid decided on */

-	int	phase;

-	char	cchal[CHALLEN];

-	char	tbuf[TICKETLEN+AUTHENTLEN];	/* server ticket */

-	Ticket	t;

-	Ticketreq tr;

+	AuthRpc *rpc;

 };

 Auth*	auths;

@@ -138,17 +106,14 @@

 static int

 failure(Auth *s, char *why)

 {

-	int i;

+	AuthRpc *rpc;

-if(*why)print("authentication failed: %s: %s\n", phasename[s->phase], why);

-	srand((uintptr)s + time(nil));

-	for(i = 0; i < CHALLEN; i++)

-		s->tr.chal[i] = nrand(256);

+	if(why && *why)print("authentication failed: %s: %r\n", why);

 	s->uid = -1;

-	strncpy(s->tr.authid, nvr.authid, NAMELEN);

-	strncpy(s->tr.authdom, nvr.authdom, DOMLEN);

-	memmove(s->cchal, s->tr.chal, sizeof(s->cchal));

-	s->phase = HaveProtos;

+	if(rpc = s->rpc){

+		s->rpc = 0;

+		auth_freerpc(rpc);

+	}

 	return -1;

 }

@@ -156,7 +121,7 @@

 authnew(char *uname, char *aname)

 {

 	static int si = 0;

-	int i, nwrap;

+	int afd, i, nwrap;

 	Auth *s;

 	i = si;

@@ -182,6 +147,17 @@

 		}

 		unlock(&authlock);

 	}

+	if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0){

+		failure(s, "open /mnt/factotum/rpc");

+		return s;

+	}

+	if((s->rpc = auth_allocrpc(afd)) == 0){

+		failure(s, "auth_allocrpc");

+		close(afd);

+		return s;

+	}

+	if(auth_rpc(s->rpc, "start", "proto=p9any role=server", 23) != ARok)

+		failure(s, "auth_rpc: start");

 	return s;

 }

@@ -188,50 +164,48 @@

 void

 authfree(Auth *s)

 {

-	if(s != nil)

+	if(s){

+		failure(s, "");

 		s->inuse = 0;

+	}

 }

 int

 authread(File* file, uchar* data, int n)

 {

+	AuthInfo *ai;

 	Auth *s;

-	int m;

 	s = file->auth;

 	if(s == nil)

 		return -1;

-

-	switch(s->phase){

+	if(s->rpc == nil)

+		return -1;

+	switch(auth_rpc(s->rpc, "read", nil, 0)){

 	default:

-		return failure(s, "unexpected phase");

-	case HaveProtos:

-		m = snprint((char*)data, n, "v.2 p9sk1@%s", nvr.authdom) + 1;

-		s->phase = NeedProto;

+		failure(s, "auth_rpc: read");

 		break;

-	case HaveOK:

-		m = 3;

-		if(n < m)

-			return failure(s, "read too short");

-		strcpy((char*)data, "OK");

-		s->phase = NeedCchal;

-		break;

-	case HaveSinfo:

-		m = TICKREQLEN;

-		if(n < m)

-			return failure(s, "read too short");

-		convTR2M(&s->tr, (char*)data);

-		s->phase = NeedTicket;

-		break;

-	case HaveSauthenticator:

-		m = AUTHENTLEN;

-		if(n < m)

-			return failure(s, "read too short");

-		memmove(data, s->tbuf+TICKETLEN, m);

-		s->phase = SSuccess;

-		break;

+	case ARdone:

+		if((ai = auth_getinfo(s->rpc)) == nil){

+			failure(s, "auth_getinfo failed");

+			break;

+		}

+		if(ai->cuid == nil || *ai->cuid == '\0'){

+			failure(s, "auth with no cuid");

+			auth_freeAI(ai);

+			break;

+		}

+		failure(s, "");

+		s->uid = strtouid(ai->cuid);

+		auth_freeAI(ai);

+		return 0;

+	case ARok:

+		if(n < s->rpc->narg)

+			break;

+		memmove(data, s->rpc->arg, s->rpc->narg);

+		return s->rpc->narg;

 	}

-	return m;

+	return -1;

 }

 int

@@ -238,73 +212,17 @@

 authwrite(File* file, uchar *data, int n)

 {

 	Auth *s;

-	int m;

-	char *p, *d;

-	Authenticator a;

 	s = file->auth;

 	if(s == nil)

 		return -1;

-

-	switch(s->phase){

-	default:

-		return failure(s, "unknown phase");

-	case NeedProto:

-		p = (char*)data;

-		if(p[n-1] != 0)

-			return failure(s, "proto missing terminator");

-		d = strchr(p, ' ');

-		if(d == nil)

-			return failure(s, "proto missing separator");

-		*d++ = 0;

-		if(strcmp(p, "p9sk1") != 0)

-			return failure(s, "unknown proto");

-		if(strcmp(d, nvr.authdom) != 0)

-			return failure(s, "unknown domain");

-		s->phase = HaveOK;

-		m = n;

-		break;

-	case NeedCchal:

-		m = CHALLEN;

-		if(n < m)

-			return failure(s, "client challenge too short");

-		memmove(s->cchal, data, sizeof(s->cchal));

-		s->phase = HaveSinfo;

-		break;

-	case NeedTicket:

-		m = TICKETLEN+AUTHENTLEN;

-		if(n < m)

-			return failure(s, "ticket+auth too short");

-

-		convM2T((char*)data, &s->t, nvr.machkey);

-		if(s->t.num != AuthTs

-		|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0)

-			return failure(s, "bad ticket");

-

-		convM2A((char*)data+TICKETLEN, &a, s->t.key);

-		if(a.num != AuthAc

-		|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0

-		|| a.id != 0)

-			return failure(s, "bad authenticator");

-

-		/* at this point, we're convinced */

-		s->uid = strtouid(s->t.suid);

-		if(s->uid < 0)

-			return failure(s, "unknown user");

-		if(cons.flags & authdebugflag)

-			print("user %s = %d authenticated\n",

-				s->t.suid, s->uid);

-

-		/* create an authenticator to send back */

-		a.num = AuthAs;

-		memmove(a.chal, s->cchal, sizeof(a.chal));

-		a.id = 0;

-		convA2M(&a, s->tbuf+TICKETLEN, s->t.key);

-

-		s->phase = HaveSauthenticator;

-		break;

+	if(s->rpc == nil)

+		return -1;

+	if(auth_rpc(s->rpc, "write", data, n) != ARok){

+		failure(s, "auth_rpc: write");

+		return -1;

 	}

-	return m;

+	return n;

 }

 int

--- a/sys/src/cmd/cwfs/net.c

+++ b/sys/src/cmd/cwfs/net.c

@@ -101,10 +101,8 @@

 		net->dialstr = annstrs[net - netif];

 		if (net->dialstr == nil)

 			continue;

-		net->annfd = announce(net->dialstr, net->anndir);

-		/* /bin/service/tcp564 may already have grabbed the port */

-		if (net->annfd < 0)

-			sysfatal("can't announce %s: %r", net->dialstr);

+		if((net->annfd = announce(net->dialstr, net->anndir)) < 0)

+			print("can't announce %s: %r", net->dialstr);

 		print("netinit: announced on %s\n", net->dialstr);

 	}

 }

-- 

⑨