ref: e72da62915b09d5673b0c0179ba8dfe045aeb8c3
dir: /sys/src/lib9p/auth.c/
#include <u.h>
#include <libc.h>
#include <fcall.h>
#include <thread.h>
#include <9p.h>
#include <auth.h>
typedef struct Afid Afid;
struct Afid
{
AuthRpc *rpc;
char *uname;
char *aname;
int authok;
int afd;
};
static uvlong authgen = 1ULL<<63;
void
auth9p(Req *r)
{
char *spec;
Afid *afid;
afid = emalloc9p(sizeof(Afid));
afid->afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC);
if(afid->afd < 0)
goto error;
if((afid->rpc = auth_allocrpc(afid->afd)) == nil)
goto error;
if(r->ifcall.uname[0] == 0)
goto error;
afid->uname = estrdup9p(r->ifcall.uname);
afid->aname = estrdup9p(r->ifcall.aname);
spec = r->srv->keyspec;
if(spec == nil)
spec = "proto=p9any role=server";
if(auth_rpc(afid->rpc, "start", spec, strlen(spec)) != ARok)
goto error;
r->afid->qid.type = QTAUTH;
r->afid->qid.path = ++authgen;
r->afid->qid.vers = 0;
r->afid->omode = ORDWR;
r->ofcall.qid = r->afid->qid;
r->afid->aux = afid;
respond(r, nil);
return;
error:
if(afid->rpc)
auth_freerpc(afid->rpc);
if(afid->uname)
free(afid->uname);
if(afid->aname)
free(afid->aname);
if(afid->afd >= 0)
close(afid->afd);
free(afid);
responderror(r);
}
static int
_authread(Afid *afid, void *data, int count)
{
AuthInfo *ai;
switch(auth_rpc(afid->rpc, "read", nil, 0)){
case ARdone:
ai = auth_getinfo(afid->rpc);
if(ai == nil)
return -1;
auth_freeAI(ai);
if(chatty9p)
fprint(2, "authenticate %s/%s: ok\n", afid->uname, afid->aname);
afid->authok = 1;
return 0;
case ARok:
if(count < afid->rpc->narg){
werrstr("authread count too small");
return -1;
}
count = afid->rpc->narg;
memmove(data, afid->rpc->arg, count);
return count;
case ARphase:
default:
werrstr("authrpc botch");
return -1;
}
}
void
authread(Req *r)
{
int n;
Afid *afid;
Fid *fid;
fid = r->fid;
afid = fid->aux;
if(afid == nil || r->fid->qid.type != QTAUTH){
respond(r, "not an auth fid");
return;
}
n = _authread(afid, r->ofcall.data, r->ifcall.count);
if(n < 0){
responderror(r);
return;
}
r->ofcall.count = n;
respond(r, nil);
}
void
authwrite(Req *r)
{
Afid *afid;
Fid *fid;
fid = r->fid;
afid = fid->aux;
if(afid == nil || r->fid->qid.type != QTAUTH){
respond(r, "not an auth fid");
return;
}
if(auth_rpc(afid->rpc, "write", r->ifcall.data, r->ifcall.count) != ARok){
responderror(r);
return;
}
r->ofcall.count = r->ifcall.count;
respond(r, nil);
}
void
authdestroy(Fid *fid)
{
Afid *afid;
if((fid->qid.type & QTAUTH) && (afid = fid->aux) != nil){
if(afid->rpc)
auth_freerpc(afid->rpc);
close(afid->afd);
free(afid->uname);
free(afid->aname);
free(afid);
fid->aux = nil;
}
}
int
authattach(Req *r)
{
Afid *afid;
char buf[ERRMAX];
if(r->afid == nil){
respond(r, "not authenticated");
return -1;
}
afid = r->afid->aux;
if((r->afid->qid.type&QTAUTH) == 0 || afid == nil){
respond(r, "not an auth fid");
return -1;
}
if(!afid->authok){
if(_authread(afid, buf, 0) < 0){
responderror(r);
return -1;
}
}
if(strcmp(afid->uname, r->ifcall.uname) != 0){
snprint(buf, sizeof buf, "auth uname mismatch: %s vs %s",
afid->uname, r->ifcall.uname);
respond(r, buf);
return -1;
}
if(strcmp(afid->aname, r->ifcall.aname) != 0){
snprint(buf, sizeof buf, "auth aname mismatch: %s vs %s",
afid->aname, r->ifcall.aname);
respond(r, buf);
return -1;
}
return 0;
}