ref: da7d6df6faf18e289fe0f3f61524dcc7fddeef18
dir: /appl/cmd/auth/secstore.b/
implement Secstorec; # # interact with the Plan 9 secstore # include "sys.m"; sys: Sys; include "draw.m"; include "dial.m"; dial: Dial; include "bufio.m"; bufio: Bufio; Iobuf: import bufio; include "secstore.m"; secstore: Secstore; include "arg.m"; Secstorec: module { init: fn(nil: ref Draw->Context, nil: list of string); }; Maxfilesize: con 128*1024; stderr: ref Sys->FD; conn: ref Dial->Connection; seckey: array of byte; filekey: array of byte; file: array of byte; verbose := 0; init(nil: ref Draw->Context, args: list of string) { sys = load Sys Sys->PATH; bufio = load Bufio Bufio->PATH; secstore = load Secstore Secstore->PATH; dial = load Dial Dial->PATH; sys->pctl(Sys->FORKFD, nil); stderr = sys->fildes(2); secstore->init(); secstore->privacy(); addr := "net!$auth!secstore"; user := readfile("/dev/user"); arg := load Arg Arg->PATH; arg->init(args); arg->setusage("auth/secstore [-iv] [-k key] [-p pin] [-s net!server!secstore] [-u user] [{drptx} file ...]"); iflag := 0; pass, pin: string; while((o := arg->opt()) != 0) case o { 'i' => iflag = 1; 'k' => pass = arg->earg(); 'v' => verbose = 1; 's' => addr = arg->earg(); 'u' => user = arg->earg(); 'p' => pin = arg->earg(); * => arg->usage(); } args = arg->argv(); op := -1; if(args != nil){ if(len hd args != 1) arg->usage(); op = (hd args)[0]; args = tl args; case op { 'd' or 'r' or 'p' or 'x' => if(args == nil) arg->usage(); 't' => ; * => arg->usage(); } } arg = nil; if(iflag){ buf := array[Secstore->Maxmsg] of byte; stdin := sys->fildes(0); for(nr := 0; nr < len buf && (n := sys->read(stdin, buf, len buf-nr)) > 0;) nr += n; s := string buf[0:nr]; secstore->erasekey(buf[0:nr]); (nf, flds) := sys->tokenize(s, "\n"); for(i := 0; i < len s; i++) s[i] = 0; if(nf < 1) error("no password on standard input"); pass = hd flds; if(nf > 1) pin = hd tl flds; } conn: ref Dial->Connection; Auth: for(;;){ if(!iflag) pass = readpassword("secstore password"); if(pass == nil) exit; erase(); seckey = secstore->mkseckey(pass); filekey = secstore->mkfilekey(pass); for(i := 0; i < len pass; i++) pass[i] = 0; # clear it conn = secstore->dial(dial->netmkaddr(addr, "net", "secstore")); if(conn == nil) error(sys->sprint("can't connect to secstore: %r")); (srvname, diag) := secstore->auth(conn, user, seckey); if(srvname == nil){ secstore->bye(conn); sys->fprint(stderr, "secstore: authentication failed: %s\n", diag); if(iflag) raise "fail:auth"; continue; } case diag { "" => if(verbose) sys->fprint(stderr, "server: %s\n", srvname); secstore->erasekey(seckey); seckey = nil; break Auth; "need pin" => if(!iflag){ pin = readpassword("STA PIN+SecureID"); if(len pin == 0){ sys->fprint(stderr, "cancelled"); exit; } }else if(pin == nil) raise "fail:no pin"; if(secstore->sendpin(conn, pin) < 0){ sys->fprint(stderr, "secstore: pin rejected: %r\n"); if(iflag) raise "fail:bad pin"; continue; } } } if(op == 't'){ erase(); # no longer need the keys entries := secstore->files(conn); for(; entries != nil; entries = tl entries){ (name, size, date, hash, nil) := hd entries; if(args != nil){ for(l := args; l != nil; l = tl l) if((hd args) == name) break; if(args == nil) continue; } if(verbose) sys->print("%-14q %10d %s %s\n", name, size, date, hash); else sys->print("%q\n", name); } exit; } for(; args != nil; args = tl args){ fname := hd args; case op { 'd' => checkname(fname, 1); if(secstore->remove(conn, fname) < 0) error(sys->sprint("can't remove %q: %r", fname)); verb('d', fname); 'p' => checkname(fname, 1); file = getfile(conn, fname, filekey); lines := secstore->lines(file); lno := 1; for(; lines != nil; lines = tl lines){ l := hd lines; if(sys->write(sys->fildes(1), l, len l) != len l) sys->fprint(sys->fildes(2), "secstore (%s:%d): %r\n", fname, lno); lno++; } secstore->erasekey(file); file = nil; verb('p', fname); 'x' => checkname(fname, 1); file = getfile(conn, fname, filekey); ofd := sys->create(fname, Sys->OWRITE, 8r600); if(ofd == nil) error(sys->sprint("can't create %q: %r", fname)); if(sys->write(ofd, file, len file) != len file) error(sys->sprint("error writing to %q: %r", fname)); secstore->erasekey(file); file = nil; verb('x', fname); 'r' => checkname(fname, 1); fd := sys->open(fname, sys->OREAD); if(fd == nil) error(sys->sprint("open %q: %r", fname)); (ok, dir) := sys->fstat(fd); if(ok != 0) error(sys->sprint("stat %q: %r", fname)); if(int dir.length > Maxfilesize) error(sys->sprint("length %bd > Maxfilesize %d", dir.length, Maxfilesize)); file = array[int dir.length] of byte; if(sys->readn(fd, file, len file) != len file) error(sys->sprint("short read: %r")); if(putfile(conn, fname, file, filekey) < 0) error(sys->sprint("putfile: %r")); secstore->erasekey(file); file = nil; verb('r', fname); * => error(sys->sprint("op %c not implemented", op)); } } erase(); } checkname(s: string, noslash: int): string { tail := s; for(i := 0; i < len s; i++){ if(s[i] == '/'){ if(noslash) break; tail = s[i+1:]; } if(s[i] == '\n' || s[i] <= ' ') break; } if(s == nil || tail == nil || i < len s || s == "..") error(sys->sprint("can't use %q as a secstore file name", s)); # server checks as well, of course return tail; } verb(op: int, n: string) { if(verbose) sys->fprint(stderr, "%c %q\n", op, n); } getfile(conn: ref Dial->Connection, fname: string, key: array of byte): array of byte { f := secstore->getfile(conn, fname, 0); if(f == nil) error(sys->sprint("can't fetch %q: %r", fname)); if(fname != "."){ f = secstore->decrypt(f, key); if(f == nil) error(sys->sprint("can't decrypt %q: %r", fname)); } return f; } putfile(conn: ref Dial->Connection, fname: string, data, key: array of byte): int { data = secstore->encrypt(data, key); if(data == nil) return -1; return secstore->putfile(conn, fname, data); } erase() { if(secstore != nil){ secstore->erasekey(seckey); secstore->erasekey(filekey); secstore->erasekey(file); } } error(s: string) { erase(); sys->fprint(stderr, "secstore: %s\n", s); raise "fail:error"; } readpassword(prompt: string): string { cons := sys->open("/dev/cons", Sys->ORDWR); if(cons == nil) return nil; stdin := bufio->fopen(cons, Sys->OREAD); if(stdin == nil) return nil; cfd := sys->open("/dev/consctl", Sys->OWRITE); if (cfd == nil || sys->fprint(cfd, "rawon") <= 0) sys->fprint(stderr, "secstore: warning: cannot hide typed password\n"); L: for(;;){ sys->fprint(cons, "%s: ", prompt); s := ""; while ((c := stdin.getc()) >= 0){ case c { '\n' or ('d'&8r037) => sys->fprint(cons, "\n"); return s; '\b' or 8r177 => if(len s > 0) s = s[0:len s - 1]; 'u' & 8r037 => sys->fprint(cons, "\n"); continue L; * => s[len s] = c; } } break; } return nil; } readfile(f: string): string { fd := sys->open(f, Sys->OREAD); if(fd == nil) return ""; buf := array[Sys->NAMEMAX] of byte; n := sys->read(fd, buf, len buf); if(n < 0) return ""; return string buf[0:n]; }