ref: e14690517e49cef5ab3f096f0494d45bf2010385
parent: c22fa6d5eb2ee6751c8e0946ab35e1328597a9b4
parent: 1645f3314c751e985de4c56b4e86a14197c0ed2e
author: aiju <[email protected]>
date: Thu Feb 23 20:02:43 EST 2017
merge
--- a/sys/man/4/keyfs
+++ b/sys/man/4/keyfs
@@ -14,6 +14,9 @@
.BI -m mntpt
]
[
+.B -r
+]
+[
.I keyfile
]
.PP
@@ -83,6 +86,10 @@
If any changes are made to the database that affect the information stored in
.IR keyfile ,
a new version of the file is written.
+.PP
+If the
+.B -r
+option is given, the database is mounted `read-only' and no changes are permitted.
.PP
There are two authentication databases,
one for Plan 9 user information,
--- /dev/null
+++ b/sys/src/cmd/auth/asaudit.c
@@ -1,0 +1,106 @@
+#include <u.h>
+#include <libc.h>
+#include <bio.h>
+#include <authsrv.h>
+#include <ndb.h>
+
+int havenvram;
+Nvrsafe nvr;
+char eve[128];
+Ndb *db;
+
+void
+geteve(void)
+{
+ int fd;
+
+ fd = open("#c/hostowner", OREAD);
+ if(fd < 0) sysfatal("open: %r");
+ memset(eve, 0, sizeof(eve));
+ if(read(fd, eve, sizeof(eve)-1) < 0) sysfatal("read: %r");
+ close(fd);
+ if(strcmp(getuser(), eve) != 0) print("hostowner is %#q, but running as %#q\n", eve, getuser());
+}
+
+void
+ndb(void)
+{
+ db = ndbopen(nil);
+ if(db == nil){
+ print("ndbopen: %r");
+ return;
+ }
+}
+
+void
+nvram(void)
+{
+ char *auth;
+
+ if(readnvram(&nvr, 0) < 0){
+ print("readnvram: %r\n");
+ return;
+ }
+ havenvram = 1;
+ print("found nvram key for user '%s@%s'\n", nvr.authid, nvr.authdom);
+ if(strcmp(eve, nvr.authid) != 0) print("nvram authid doesn't match hostowner %#q\n", eve);
+ if(db != nil){
+ auth = ndbgetvalue(db, nil, "authdom", nvr.authdom, "auth", nil);
+ if(auth == nil) print("authdom %#q not found in ndb\n", nvr.authdom);
+ else{
+ print("ndb says authdom %#q corresponds to auth server %#q\n", nvr.authdom, auth);
+ free(auth);
+ }
+ }
+}
+
+void
+keyfs(void)
+{
+ char *buf;
+ int fd;
+ char aes[AESKEYLEN];
+
+ if(!havenvram) return;
+ if(access("/adm/keys", AREAD) < 0){
+ print("no access to /adm/keys\n");
+ return;
+ }
+ print("starting keyfs\n");
+ rfork(RFNAMEG);
+ switch(fork()){
+ case -1:
+ sysfatal("fork: %r");
+ case 0:
+ if(execl("/bin/auth/keyfs", "auth/keyfs", "-r", nil) < 0)
+ sysfatal("execl: %r");
+ }
+ waitpid();
+ buf = smprint("/mnt/keys/%s/aeskey", nvr.authid);
+ fd = open(buf, OREAD);
+ if(fd < 0){
+ print("can't get key from keyfs: %r");
+ return;
+ }
+ werrstr("short read");
+ if(read(fd, aes, sizeof(aes)) < sizeof(aes)){
+ print("read: %r");
+ close(fd);
+ return;
+ }
+ if(memcmp(nvr.aesmachkey, aes, AESKEYLEN) != 0)
+ print("key in keyfs does not match nvram\n");
+ else
+ print("key in keyfs matches nvram\n");
+ close(fd);
+}
+
+void
+main()
+{
+ quotefmtinstall();
+ geteve();
+ ndb();
+ nvram();
+ keyfs();
+}
--- a/sys/src/cmd/auth/keyfs.c
+++ b/sys/src/cmd/auth/keyfs.c
@@ -92,6 +92,7 @@
ulong uniq = 1;
Fcall rhdr, thdr;
int usepass;
+int readonly;
char *warnarg;
uchar mdata[8192 + IOHDRSZ];
int messagesize = sizeof mdata;
@@ -137,7 +138,7 @@
static void
usage(void)
{
- fprint(2, "usage: %s [-p] [-m mtpt] [-w warn] [keyfile]\n", argv0);
+ fprint(2, "usage: %s [-p] [-r] [-m mtpt] [-w warn] [keyfile]\n", argv0);
exits("usage");
}
@@ -165,6 +166,9 @@
case 'w':
warnarg = EARGF(usage());
break;
+ case 'r':
+ readonly = 1;
+ break;
default:
usage();
break;
@@ -390,6 +394,8 @@
if(!f->busy)
return "create of unused fid";
+ if(readonly)
+ return "mounted read-only";
name = rhdr.name;
if(f->user != nil){
return "permission denied";
@@ -531,6 +537,8 @@
if(!f->busy)
return "permission denied";
+ if(readonly)
+ return "mounted read-only";
n = rhdr.count;
data = rhdr.data;
switch(f->qtype){
@@ -613,6 +621,10 @@
{
if(!f->busy)
return "permission denied";
+ if(readonly){
+ Clunk(f);
+ return "mounted read-only";
+ }
if(f->qtype == Qwarnings)
f->user->warnings = 0;
else if(f->qtype == Quser)
@@ -649,6 +661,8 @@
if(!f->busy || f->qtype != Quser)
return "permission denied";
+ if(readonly)
+ return "mounted read-only";
if(rhdr.nstat > sizeof buf)
return "wstat buffer too big";
if(convM2D(rhdr.stat, rhdr.nstat, &d, buf) == 0)
@@ -711,6 +725,11 @@
User *u;
uchar *p, *buf;
ulong expire;
+
+ if(readonly){
+ fprint(2, "writeusers called while read-only; shouldn't happen\n");
+ return;
+ }
/* what format to use */
keydblen = KEYDBLEN;
--- a/sys/src/cmd/auth/mkfile
+++ b/sys/src/cmd/auth/mkfile
@@ -4,6 +4,7 @@
#
TARG=\
as\
+ asaudit\
asn12dsa\
asn12rsa\
authsrv\