code: 9ferno

Download patch

ref: d468a21a8275e1af3c23a46d50b1531415e65e33
parent: 3e5c13c337cf5b7679a924a1890a0719108c9f0f
author: 9ferno <gophone2015@gmail.com>
date: Tue Sep 14 17:57:19 EDT 2021

debugging authentication

--- a/appl/cmd/auth/changelogin.b
+++ b/appl/cmd/auth/changelogin.b
@@ -161,7 +161,7 @@
 		dbdir = keydb+"/"+id;
 		fd := sys->create(dbdir, Sys->OREAD, Sys->DMDIR|8r700);
 		if(fd == nil){
-			sys->fprint(stderr, "%s: can't create account %s: %r\n", argv0, id);
+			sys->fprint(stderr, "%s: can't create account %s: %r creating %s\n", argv0, id, dbdir);
 			raise "fail:create user";
 		}
 	}
--- a/appl/lib/auth.b
+++ b/appl/lib/auth.b
@@ -85,7 +85,8 @@
 
 	# mutual authentication
 	(id_or_err, secret) := kr->auth(fd, ai, 0);
-	if(secret == nil)
+	if(secret == nil){
+sys->print("client secret == nil\n");
 		return (nil, id_or_err);
 
 	# send algorithm
--- a/dis/svc/net
+++ b/dis/svc/net
@@ -3,4 +3,4 @@
 or {ftest -e /net/dns} {ftest -e /env/emuhost} {ndb/dns}
 or {ftest -e /net/cs} {ndb/cs}
 svc/registry
-svc/styx
+/dis/svc/styx
--- a/lib/sh/daemon
+++ b/lib/sh/daemon
@@ -10,8 +10,8 @@
 # the following scripts seem more robust than this
 # run /lib/sh/srv
 
-svc/net
-svc/auth
+/dis/svc/net
+/dis/svc/auth
 
 # until I sort out the authentication
 #	but this is killing /mnt/keys, so do not start it here
@@ -18,4 +18,5 @@
 # styxlisten -A 'tcp!*!17001' export /
 
 ls -l /mnt/keys
+netstat
 sh -l # for a shell prompt
--- a/lib/sh/profile
+++ b/lib/sh/profile
@@ -9,11 +9,6 @@
 # build the user's namespace in $home/
 and {ftest -e namespace}	{nsbuild}
 
-# Networking
-ndb/dns -r
-ndb/cs
-# bind -a '#scs' /net
-
 if{~ $#emuhost 0 && ~ $#emuwdir 0}{
 	# running native
 
@@ -24,7 +19,6 @@
 
 	# dis/init has set this up already for native booting
 	mount {mntgen} /n
-	mount {mntgen} /mnt
 }
 
 # Run the user's profile
--- a/libinterp/ipint.c
+++ b/libinterp/ipint.c
@@ -178,6 +178,12 @@
 	retstr(buf, f->ret);
 }
 
+void
+ipinttostr(void *ip, int base, char *buf, int buflen)
+{
+	mptoa(MP(ip), base, buf, buflen);
+}
+
 static IPints_IPint*
 strtoipint(String *s, int base)
 {
--- a/libinterp/ipint.h
+++ b/libinterp/ipint.h
@@ -8,5 +8,6 @@
 mpint*	checkIPint(void*);
 void	freeIPint(Heap*, int);
 void	ipintsmodinit(void);
+void	ipinttostr(void *ip, int base, char *buf, int buflen);
 
 extern	Type*	TIPint;
--- a/libinterp/keyring.c
+++ b/libinterp/keyring.c
@@ -90,6 +90,9 @@
 	BFstate	state;
 };
 
+/* for debugging */
+void printauthinfo(char *msg, Keyring_Authinfo *ai);
+
 /* convert a Big to base64 ascii */
 int
 bigtobase64(mpint* b, char *buf, int len)
@@ -1000,6 +1003,15 @@
 	release();
 	c->signa = (*sa->vec->sign)(b, sk->key);
 	acquire();
+
+	/* verification is failing on the client, hence check before sending */
+	/* verify */
+	release();
+	n = (*sa->vec->verify)(b, c->signa, (*sa->vec->sk2pk)(sk->key));
+	/* print("(*sa->vec->verify)(b, c->signa, pk->key) n %d sa->vec->name %s\n", n,sa->vec->name); */
+	acquire();
+	/* verification is failing on the client, hence check before sending */
+
 	mpfree(b);
 }
 
@@ -1045,8 +1057,10 @@
 
 	sa = checkSigAlg(c->x.sa);
 	pksa = checkSigAlg(pk->x.sa);
-	if(sa->vec != pksa->vec)
+	if(sa->vec != pksa->vec){
+		print("sa->vec != pksa->vec return 0\n");
 		return 0;
+	}
 
 	/* add signer name and expiration time to hash */
 	buf = malloc(Maxbuf);
@@ -1073,8 +1087,10 @@
 
 	/* turn message into a big integer */
 	b = betomp(digest, n, nil);
-	if(b == nil)
+	if(b == nil){
+		print("b == nil return 0\n");
 		return 0;
+	}
 	/* verify */
 	release();
 	n = (*sa->vec->verify)(b, c->signa, pk->key);
@@ -1942,6 +1958,7 @@
 	 *  file2chan.
 	 */
 	release();
+	/* printauthinfo("Keyring_writeauthinfo", f->info); */
 	fd = kopen(string2c(f->filename), OTRUNC|OWRITE);
 	if(fd < 0)
 		fd = kcreate(string2c(f->filename), OWRITE, 0600);
@@ -1987,6 +2004,72 @@
 }
 
 void
+printauthinfo(char *msg, Keyring_Authinfo *ai)
+{
+	SigAlg *sa;
+	char alphabuf[MaxBigBytes] = "\0", pbuf[MaxBigBytes] = "\0",
+		signabuf[Maxbuf] = "\0", pkbuf[Maxbuf] = "\0",
+		spkbuf[Maxbuf] = "\0", skbuf[Maxbuf] = "\0",
+		balphabuf[MaxBigBytes] = "\0", bpbuf[MaxBigBytes] = "\0";
+	mpint *p, *alpha;
+
+
+	alpha = checkIPint(ai->alpha);
+	p = checkIPint(ai->p);
+	ipinttostr(ai->alpha, 64, alphabuf, MaxBigBytes);
+	bigtobase64(alpha, balphabuf, Maxbuf);
+	ipinttostr(ai->p, 64, pbuf, MaxBigBytes);
+	bigtobase64(p, bpbuf, Maxbuf);
+	sa = checkSigAlg(ai->cert->sa);
+	(*sa->vec->sig2str)(((Certificate*)ai->cert)->signa, signabuf, Maxbuf);
+	sa = checkSigAlg(ai->mypk->sa);
+	(*sa->vec->pk2str)(((PK*)ai->mypk)->key, pkbuf, Maxbuf);
+	sa = checkSigAlg(ai->spk->sa);
+	(*sa->vec->pk2str)(((PK*)ai->spk)->key, spkbuf, Maxbuf);
+	sa = checkSigAlg(ai->mysk->sa);
+	(*sa->vec->pk2str)(((PK*)ai->mysk)->key, skbuf, Maxbuf);
+	print("%s Authinfo\n"
+		"	spk signers public key\n"
+		"		owner %s Signature Algorithm %s\n"
+		"		key %s\n",
+		msg,
+		string2c(ai->spk->owner),
+		string2c(ai->spk->sa->name),
+		spkbuf);
+	print("	cert certificate\n"
+		"		Signature Algorithm %s\n"
+		"		hash ha %s\n"
+		"		signer %s\n"
+		"		expiry date exp 0x%zx\n"
+		"		signature signa %s\n",
+		string2c(ai->cert->sa->name),
+		string2c(ai->cert->ha),
+		string2c(ai->cert->signer),
+		ai->cert->exp,
+		signabuf);
+	print("	sk my secret key\n"
+		"		owner %s Signature Algorithm %s\n"
+		"		key %s\n",
+		string2c(ai->mysk->owner),
+		string2c(ai->mysk->sa->name),
+		skbuf);
+	print("	pk my public key\n"
+		"		owner %s Signature Algorithm %s\n"
+		"		key %s\n",
+		string2c(ai->mypk->owner),
+		string2c(ai->mypk->sa->name),
+		pkbuf);
+	print("	alpha %s\n"
+		"		big %s\n",
+		alphabuf,
+		balphabuf);
+	print("	p %s\n"
+		"		big %s\n",
+		pbuf,
+		bpbuf);
+}
+
+void
 Keyring_readauthinfo(void *fp)
 {
 	F_Keyring_readauthinfo *f;
@@ -2076,6 +2159,7 @@
 	free(buf);
 	if(fd >= 0){
 		release();
+		/* printauthinfo("Keyring_readauthinfo", ai); */
 		kclose(fd);
 		acquire();
 		kwerrstr("%q: %s", string2c(f->filename), MSG);
--- a/usr/inferno/lib/profile
+++ b/usr/inferno/lib/profile
@@ -3,24 +3,3 @@
 echo starting /usr/inferno/lib/profile
 
 cp /locale/US_Arizona /locale/timezone
-
-if{~ $"sysname vmx9ferno}{
-	# serve the cd
-	styxlisten -A -v tcp!192.168.88.118!17001 export /n/cd/
-	# serve the root - TODO use svc/styx(8) instead of this
-	styxlisten -A -v tcp!192.168.88.118!17002 export /
-}
-
-if{~ $"sysname 9ferno}{
-
-	# serve the root - TODO use svc/styx(8) instead of this
-	styxlisten -A -v tcp!192.168.88.113!17001 export /
-
-	bind -a '#I1' /net.alt
-	bind -a '#l1' /net.alt
-	<>/net.alt/ipifc/clone {
-		x=`{read}
-		and {echo bind ether /net.alt/ether1 > /net.alt/ipifc/^$x^/ctl} {
-			ip/dhcp -h $"sysname^'.1' -p /net.alt/ipifc/$x}
-	}
-}