ref: 5c9d398cd57adad601821c31bc810d71ca5106de
parent: f7b7d00715abf41532f7ffa87f088a23f6259314
author: cinap_lenrek <[email protected]>
date: Tue Jan 2 00:26:15 EST 2018
libauth: don't compile unneeded (for drawterm) units, update _attrfmt() and auth.h header
--- a/include/auth.h
+++ b/include/auth.h
@@ -17,7 +17,7 @@
enum
{
MAXCHLEN= 256, /* max challenge length */
- AMAXNAMELEN= 256, /* maximum name length */
+ MAXNAMELEN= 256, /* maximum name length */
MD5LEN= 16,
ARok = 0, /* rpc return values */
@@ -37,7 +37,7 @@
struct AuthRpc
{
int afd;
- char ibuf[AuthRpcMax];
+ char ibuf[AuthRpcMax+1]; /* +1 for NUL in auth_rpc.c */
char obuf[AuthRpcMax];
char *arg;
uint narg;
@@ -63,7 +63,7 @@
/* for implementation only */
int afd; /* to factotum */
AuthRpc *rpc; /* to factotum */
- char userbuf[AMAXNAMELEN]; /* temp space if needed */
+ char userbuf[MAXNAMELEN]; /* temp space if needed */
int userinchal; /* user was sent to obtain challenge */
};
@@ -91,16 +91,13 @@
extern int noworld(char*);
extern int amount(int, char*, int, char*);
-/* these two may get generalized away -rsc */
extern int login(char*, char*, char*);
-extern int httpauth(char*, char*);
typedef struct Attr Attr;
-typedef struct String String;
enum {
AttrNameval, /* name=val -- when matching, must have name=val */
AttrQuery, /* name? -- when matching, must be present */
- AttrDefault, /* name:=val -- when matching, if present must match INTERNAL */
+ AttrDefault, /* name=val -- when matching, if present must match INTERNAL */
};
struct Attr
{
@@ -141,11 +138,9 @@
extern Attr* auth_attr(AuthRpc *rpc);
extern void auth_freerpc(AuthRpc *rpc);
extern uint auth_rpc(AuthRpc *rpc, char *verb, void *a, int n);
-extern int auth_wep(char*, char*, ...);
-
#ifdef VARARGCK
#pragma varargck argpos auth_proxy 3
#pragma varargck argpos auth_challenge 1
-#pragma varargck argpos auth_respond 3
+#pragma varargck argpos auth_respond 8
#pragma varargck argpos auth_getuserpasswd 2
#endif
--- a/libauth/Makefile
+++ b/libauth/Makefile
@@ -5,12 +5,8 @@
OFILES=\
attr.$O\
auth_attr.$O\
- auth_challenge.$O\
- auth_getuserpasswd.$O\
auth_proxy.$O\
- auth_respond.$O\
auth_rpc.$O\
- auth_userpasswd.$O\
default: $(LIB)
$(LIB): $(OFILES)
--- a/libauth/attr.c
+++ b/libauth/attr.c
@@ -5,28 +5,26 @@
int
_attrfmt(Fmt *fmt)
{
- char *b, buf[1024], *ebuf;
Attr *a;
+ int first = 1;
- ebuf = buf+sizeof buf;
- b = buf;
- strcpy(buf, " ");
- for(a=va_arg(fmt->args, Attr*); a; a=a->next){
+ for(a=va_arg(fmt->args, Attr*); a != nil; a=a->next){
if(a->name == nil)
continue;
switch(a->type){
+ default:
+ continue;
case AttrQuery:
- b = seprint(b, ebuf, " %q?", a->name);
+ fmtprint(fmt, first+" %q?", a->name);
break;
case AttrNameval:
- b = seprint(b, ebuf, " %q=%q", a->name, a->val);
- break;
case AttrDefault:
- b = seprint(b, ebuf, " %q:=%q", a->name, a->val);
+ fmtprint(fmt, first+" %q=%q", a->name, a->val);
break;
}
+ first = 0;
}
- return fmtstrcpy(fmt, buf+1);
+ return 0;
}
Attr*
--- a/libauth/auth_challenge.c
+++ /dev/null
@@ -1,116 +1,0 @@
-#include <u.h>
-#include <libc.h>
-#include <auth.h>
-#include "authlocal.h"
-
-Chalstate*
-auth_challenge(char *fmt, ...)
-{
- char *p;
- va_list arg;
- Chalstate *c;
-
- quotefmtinstall(); /* just in case */
- va_start(arg, fmt);
- p = vsmprint(fmt, arg);
- va_end(arg);
- if(p == nil)
- return nil;
-
- c = mallocz(sizeof(*c), 1);
- if(c == nil){
- free(p);
- return nil;
- }
-
- if((c->afd = open("/mnt/factotum/rpc", ORDWR)) < 0){
- Error:
- auth_freechal(c);
- free(p);
- return nil;
- }
-
- if((c->rpc=auth_allocrpc(c->afd)) == nil
- || auth_rpc(c->rpc, "start", p, strlen(p)) != ARok
- || auth_rpc(c->rpc, "read", nil, 0) != ARok)
- goto Error;
-
- if(c->rpc->narg > sizeof(c->chal)-1){
- werrstr("buffer too small for challenge");
- goto Error;
- }
- memmove(c->chal, c->rpc->arg, c->rpc->narg);
- c->nchal = c->rpc->narg;
- free(p);
- return c;
-}
-
-AuthInfo*
-auth_response(Chalstate *c)
-{
- int ret;
- AuthInfo *ai;
-
- ai = nil;
- if(c->afd < 0){
- werrstr("auth_response: connection not open");
- return nil;
- }
- if(c->resp == nil){
- werrstr("auth_response: nil response");
- return nil;
- }
- if(c->nresp == 0){
- werrstr("auth_response: unspecified response length");
- return nil;
- }
-
- if(c->user){
- if(auth_rpc(c->rpc, "write", c->user, strlen(c->user)) != ARok){
- /*
- * if this fails we're out of phase with factotum.
- * give up.
- */
- goto Out;
- }
- }
-
- if(auth_rpc(c->rpc, "write", c->resp, c->nresp) != ARok){
- /*
- * don't close the connection -- maybe we'll try again.
- */
- return nil;
- }
-
- switch(ret = auth_rpc(c->rpc, "read", nil, 0)){
- case ARok:
- default:
- werrstr("factotum protocol botch %d %s", ret, c->rpc->ibuf);
- break;
- case ARdone:
- ai = auth_getinfo(c->rpc);
- break;
- }
-
-Out:
- close(c->afd);
- auth_freerpc(c->rpc);
- c->afd = -1;
- c->rpc = nil;
- return ai;
-}
-
-void
-auth_freechal(Chalstate *c)
-{
- if(c == nil)
- return;
-
- if(c->afd >= 0)
- close(c->afd);
- if(c->rpc != nil)
- auth_freerpc(c->rpc);
-
- memset(c, 0xBB, sizeof(*c));
- free(c);
-}
--- a/libauth/auth_getuserpasswd.c
+++ /dev/null
@@ -1,75 +1,0 @@
-#include <u.h>
-#include <libc.h>
-#include <auth.h>
-#include "authlocal.h"
-
-enum {
- ARgiveup = 100,
-};
-
-static int
-dorpc(AuthRpc *rpc, char *verb, char *val, int len, AuthGetkey *getkey)
-{
- int ret;
-
- for(;;){
- if((ret = auth_rpc(rpc, verb, val, len)) != ARneedkey && ret != ARbadkey)
- return ret;
- if(getkey == nil)
- return ARgiveup; /* don't know how */
- if((*getkey)(rpc->arg) < 0)
- return ARgiveup; /* user punted */
- }
-}
-
-UserPasswd*
-auth_getuserpasswd(AuthGetkey *getkey, char *fmt, ...)
-{
- AuthRpc *rpc;
- char *f[3], *p, *params;
- int fd;
- va_list arg;
- UserPasswd *up;
-
- up = nil;
- rpc = nil;
- params = nil;
-
- fd = open("/mnt/factotum/rpc", ORDWR);
- if(fd < 0)
- goto out;
- rpc = auth_allocrpc(fd);
- if(rpc == nil)
- goto out;
- quotefmtinstall(); /* just in case */
- va_start(arg, fmt);
- params = vsmprint(fmt, arg);
- va_end(arg);
- if(params == nil)
- goto out;
-
- if(dorpc(rpc, "start", params, strlen(params), getkey) != ARok
- || dorpc(rpc, "read", nil, 0, getkey) != ARok)
- goto out;
-
- rpc->arg[rpc->narg] = '\0';
- if(tokenize(rpc->arg, f, 2) != 2){
- werrstr("bad answer from factotum");
- goto out;
- }
- up = malloc(sizeof(*up)+rpc->narg+1);
- if(up == nil)
- goto out;
- p = (char*)&up[1];
- strcpy(p, f[0]);
- up->user = p;
- p += strlen(p)+1;
- strcpy(p, f[1]);
- up->passwd = p;
-
-out:
- free(params);
- auth_freerpc(rpc);
- close(fd);
- return up;
-}
--- a/libauth/auth_respond.c
+++ /dev/null
@@ -1,72 +1,0 @@
-#include <u.h>
-#include <libc.h>
-#include <auth.h>
-#include "authlocal.h"
-
-enum {
- ARgiveup = 100,
-};
-
-static int
-dorpc(AuthRpc *rpc, char *verb, char *val, int len, AuthGetkey *getkey)
-{
- int ret;
-
- for(;;){
- if((ret = auth_rpc(rpc, verb, val, len)) != ARneedkey && ret != ARbadkey)
- return ret;
- if(getkey == nil)
- return ARgiveup; /* don't know how */
- if((*getkey)(rpc->arg) < 0)
- return ARgiveup; /* user punted */
- }
-}
-
-int
-auth_respond(void *chal, uint nchal, char *user, uint nuser, void *resp, uint nresp, AuthGetkey *getkey, char *fmt, ...)
-{
- char *p, *s;
- va_list arg;
- int afd;
- AuthRpc *rpc;
- Attr *a;
-
- if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0)
- return -1;
-
- if((rpc = auth_allocrpc(afd)) == nil){
- close(afd);
- return -1;
- }
-
- quotefmtinstall(); /* just in case */
- va_start(arg, fmt);
- p = vsmprint(fmt, arg);
- va_end(arg);
-
- if(p==nil
- || dorpc(rpc, "start", p, strlen(p), getkey) != ARok
- || dorpc(rpc, "write", chal, nchal, getkey) != ARok
- || dorpc(rpc, "read", nil, 0, getkey) != ARok){
- free(p);
- close(afd);
- auth_freerpc(rpc);
- return -1;
- }
- free(p);
-
- if(rpc->narg < nresp)
- nresp = rpc->narg;
- memmove(resp, rpc->arg, nresp);
-
- if((a = auth_attr(rpc)) != nil
- && (s = _strfindattr(a, "user")) != nil && strlen(s) < nuser)
- strcpy(user, s);
- else if(nuser > 0)
- user[0] = '\0';
-
- _freeattr(a);
- close(afd);
- auth_freerpc(rpc);
- return nresp;
-}
--- a/libauth/auth_userpasswd.c
+++ /dev/null
@@ -1,49 +1,0 @@
-#include <u.h>
-#include <libc.h>
-#include <auth.h>
-#include <authsrv.h>
-#include "authlocal.h"
-
-/*
- * compute the proper response. We encrypt the ascii of
- * challenge number, with trailing binary zero fill.
- * This process was derived empirically.
- * this was copied from inet's guard.
- */
-static void
-netresp(char key[DESKEYLEN], long chal, char *answer)
-{
- uchar buf[8];
-
- memset(buf, 0, sizeof buf);
- snprint((char *)buf, sizeof buf, "%lud", chal);
- if(encrypt(key, buf, 8) < 0)
- abort();
- sprint(answer, "%.8ux", buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3]);
-}
-
-AuthInfo*
-auth_userpasswd(char *user, char *passwd)
-{
- char resp[16], key[DESKEYLEN];
- AuthInfo *ai;
- Chalstate *ch;
-
- /*
- * Probably we should have a factotum protocol
- * to check a raw password. For now, we use
- * p9cr, which is simplest to speak.
- */
- if((ch = auth_challenge("user=%q proto=p9cr role=server", user)) == nil)
- return nil;
-
- passtodeskey(key, passwd);
- netresp(key, atol(ch->chal), resp);
- memset(key, 0, sizeof(key));
-
- ch->resp = resp;
- ch->nresp = strlen(resp);
- ai = auth_response(ch);
- auth_freechal(ch);
- return ai;
-}
--- a/libauth/httpauth.c
+++ /dev/null
@@ -1,51 +1,0 @@
-#include <u.h>
-#include <libc.h>
-#include <auth.h>
-#include <authsrv.h>
-
-/* deprecated.
- This is the mechanism that put entries in /sys/lib/httpd.rewrite
- and passwords on the authserver in /sys/lib/httppasswords, which
- was awkward to administer. Instead, use local .httplogin files,
- which are implemented in sys/src/cmd/ip/httpd/authorize.c */
-
-int
-httpauth(char *name, char *password)
-{
- int afd;
- Ticketreq tr;
- Ticket t;
- char key[DESKEYLEN];
- char buf[512];
-
- afd = authdial(nil, nil);
- if(afd < 0)
- return -1;
-
- /* send ticket request to AS */
- memset(&tr, 0, sizeof(tr));
- strcpy(tr.uid, name);
- tr.type = AuthHttp;
- convTR2M(&tr, buf);
- if(write(afd, buf, TICKREQLEN) != TICKREQLEN){
- close(afd);
- return -1;
- }
- if(_asrdresp(afd, buf, TICKETLEN) < 0){
- close(afd);
- return -1;
- }
- close(afd);
-
- /*
- * use password and try to decrypt the
- * ticket. If it doesn't work we've got a bad password,
- * give up.
- */
- passtokey(key, password);
- convM2T(buf, &t, key);
- if(t.num != AuthHr || strcmp(t.cuid, tr.uid))
- return -1;
-
- return 0;
-}