## diffname port/auth.c 1993/0330 ## diff -e /dev/null /n/bootesdump/1993/0330/sys/src/9/port/auth.c 0a #include "u.h" #include "../port/lib.h" #include "mem.h" #include "dat.h" #include "fns.h" #include "io.h" #include "../port/error.h" typedef struct Crypt Crypt; struct Crypt { Crypt *next; Ticket t; Authenticator a; char tbuf[TICKETLEN]; /* remote ticket */ }; typedef struct Session Session; struct Session { Lock; Crypt *cache; /* cache of tickets */ char cchal[CHALLEN]; /* client challenge */ char schal[CHALLEN]; /* server challenge */ char authid[NAMELEN]; /* server encryption uid */ char authdom[DOMLEN]; /* server encryption domain */ ulong cid; /* challenge id */ }; struct { Lock; Crypt *free; } cryptalloc; char eve[NAMELEN] = "bootes"; char evekey[DESKEYLEN]; char hostdomain[DOMLEN]; /* * return true if current user is eve */ int iseve(void) { return strcmp(eve, u->p->user) == 0; } /* * crypt entries are allocated from a pool rather than allocated using malloc so * the memory can be protected from reading by devproc. The base and top of the * crypt arena is stored in palloc for devproc. */ Crypt* newcrypt(void) { Crypt *c; lock(&cryptalloc); if(cryptalloc.free) { c = cryptalloc.free; cryptalloc.free = c->next; unlock(&cryptalloc); memset(c, 0, sizeof(Crypt)); return c; } cryptalloc.free = xalloc(sizeof(Crypt)*conf.nproc); if(cryptalloc.free == 0) panic("newcrypt"); for(c = cryptalloc.free; c < cryptalloc.free+conf.nproc-1; c++) c->next = c+1; palloc.cmembase = (ulong)cryptalloc.free; palloc.cmemtop = palloc.cmembase+(sizeof(Crypt)*conf.nproc); unlock(&cryptalloc); return newcrypt(); } void freecrypt(Crypt *c) { lock(&cryptalloc); c->next = cryptalloc.free; cryptalloc.free = c; unlock(&cryptalloc); } /* * return the info received in the session message on this channel. * if no session message has been exchanged, do it. */ long sysfsession(ulong *arg) { int i, n; Chan *c; Fcall *f; char *buf; Crypt *cp; Session *s; Ticketreq tr; validaddr(arg[1], TICKREQLEN, 1); f = malloc(sizeof(Fcall)); if(f == 0) error(Enomem); buf = malloc(MAXMSG); if(buf == 0){ free(f); error(Enomem); } c = fdtochan(arg[0], OWRITE, 0, 1); s = 0; if(waserror()) { if(s) free(s); close(c); free(buf); free(f); nexterror(); } s = c->session; if(s == 0){ /* exchange a session message with the server */ s = malloc(sizeof(Session)); if(s == 0) error(Enomem); memset(s, 0, sizeof(Session)); for(i = 0; i < CHALLEN; i++) s->cchal[i] = nrand(256); f->type = Tsession; memmove(f->chal, s->cchal, CHALLEN); n = convS2M(f, buf); if((*devtab[c->type].write)(c, buf, n, 0) != n) error(Emountrpc); n = (*devtab[c->type].read)(c, buf, MAXMSG, 0); if(convM2S(buf, f, n) == 0) error(Emountrpc); if(f->type == Rsession){ memmove(s->schal, f->chal, CHALLEN); memmove(s->authid, f->authid, NAMELEN); memmove(s->authdom, f->authdom, DOMLEN); } s->cid = 0; c->session = s; } /* * If server requires no ticket, or user is "none", or a ticket * is already cached, zero the request type */ tr.type = AuthTreq; if(strcmp(u->p->user, "none") == 0 || c->session->authid[0] == 0) tr.type = 0; else for(cp = s->cache; cp; cp = cp->next) if(strcmp(cp->t.cuid, u->p->user) == 0){ tr.type = 0; break; } /* create ticket request */ memmove(tr.chal, c->session->schal, CHALLEN); memmove(tr.authid, c->session->authid, NAMELEN); memmove(tr.authdom, c->session->authdom, DOMLEN); memmove(tr.uid, u->p->user, NAMELEN); memmove(tr.hostid, eve, NAMELEN); convTR2M(&tr, (char*)arg[1]); poperror(); close(c); free(buf); free(f); return 0; } /* * attach tickets to a session */ long sysfauth(ulong *arg) { Chan *c; char *ta; Session *s; Crypt *cp, *ncp, **l; char tbuf[2*TICKETLEN]; validaddr(arg[1], 2*TICKETLEN, 0); c = fdtochan(arg[0], OWRITE, 0, 1); s = c->session; if(s == 0) error("fauth must follow fsession"); cp = newcrypt(); if(waserror()){ freecrypt(cp); nexterror(); } /* ticket supplied, use it */ ta = (char*)arg[1]; memmove(tbuf, ta, 2*TICKETLEN); convM2T(tbuf, &cp->t, evekey); if(cp->t.num != AuthTc) error("bad AuthTc in ticket"); if(strncmp(u->p->user, cp->t.cuid, NAMELEN) != 0) error("bad uid in ticket"); if(memcmp(cp->t.chal, s->schal, CHALLEN) != 0) error("bad chal in ticket"); memmove(cp->tbuf, tbuf+TICKETLEN, TICKETLEN); /* string onto local list, replace old version */ lock(s); l = &s->cache; for(ncp = s->cache; ncp; ncp = *l){ if(strcmp(ncp->t.cuid, u->p->user) == 0){ *l = ncp->next; freecrypt(ncp); break; } l = &ncp->next; } cp->next = s->cache; s->cache = cp; unlock(s); poperror(); return 0; } /* * free a session created by fsession */ void freesession(Session *s) { Crypt *cp; for(cp = s->cache; cp; cp = cp->next) freecrypt(cp); free(s); } /* * called by mattach() to fill in the Tattach message */ ulong authrequest(Session *s, Fcall *f) { Crypt *cp; ulong id, dofree; /* no authentication if user is "none" or if no ticket required by remote */ if(s == 0 || s->authid[0] == 0 || strcmp(u->p->user, "none") == 0){ memset(f->ticket, 0, TICKETLEN); memset(f->auth, 0, AUTHENTLEN); return 0; } /* look for ticket in cache */ dofree = 0; for(cp = s->cache; cp; cp = cp->next) if(strcmp(cp->t.cuid, u->p->user) == 0) break; if(cp == 0){ /* * create a ticket using hostkey, this solves the * chicken and egg problem */ cp = newcrypt(); cp->t.num = AuthTs; memmove(cp->t.chal, s->schal, CHALLEN); memmove(cp->t.cuid, u->p->user, NAMELEN); memmove(cp->t.suid, u->p->user, NAMELEN); memmove(cp->t.key, evekey, DESKEYLEN); convT2M(&cp->t, f->ticket, evekey); dofree = 1; } else memmove(f->ticket, cp->tbuf, TICKETLEN); lock(s); id = s->cid++; unlock(s); /* create an authenticator */ memmove(cp->a.chal, s->schal, CHALLEN); cp->a.num = AuthAc; cp->a.id = id; convA2M(&cp->a, f->auth, cp->t.key); if(dofree) freecrypt(cp); return id; } /* * called by mattach() to check the Rattach message */ void authreply(Session *s, ulong id, Fcall *f) { Crypt *cp; if(s == 0) return; for(cp = s->cache; cp; cp = cp->next) if(strcmp(cp->t.cuid, u->p->user) == 0) break; /* we're getting around authentication */ if(s == 0 || cp == 0 || s->authid[0] == 0 || strcmp(u->p->user, "none") == 0) return; convM2A(f->rauth, &cp->a, cp->t.key); if(cp->a.num != AuthAs){ print("bad encryption type\n"); error("server lies"); } if(memcmp(cp->a.chal, s->cchal, sizeof(cp->a.chal))){ print("bad returned challenge\n"); error("server lies"); } if(cp->a.id != id){ print("bad returned id\n"); error("server lies"); } } /* * called by devcons() for #c/authenticate * * The protocol is * 1) read ticket request from #c/authenticate * 2) write ticket to #c/authenticate. if it matchs the challenge the * user is changed to the suid field of the ticket * 3) read authenticator (to confirm this is the server advertised) */ long authread(Chan *c, char *a, int n) { Crypt *cp; int i; Ticketreq tr; if(c->aux == 0){ /* * first read returns a ticket request */ if(n != TICKREQLEN) error(Ebadarg); c->aux = newcrypt(); cp = c->aux; memset(&tr, 0, sizeof(tr)); tr.type = AuthTreq; strcpy(tr.hostid, eve); strcpy(tr.authid, eve); strcpy(tr.authdom, hostdomain); strcpy(tr.uid, u->p->user); for(i = 0; i < CHALLEN; i++) tr.chal[i] = nrand(256); memmove(cp->a.chal, tr.chal, CHALLEN); convTR2M(&tr, a); } else { /* * subsequent read returns an authenticator */ if(n != AUTHENTLEN) error(Ebadarg); cp = c->aux; cp->a.num = AuthAs; memmove(cp->a.chal, cp->t.chal, CHALLEN); cp->a.id = 0; convA2M(&cp->a, a, cp->t.key); freecrypt(cp); c->aux = 0; } return n; } long authwrite(Chan *c, char *a, int n) { Crypt *cp; if(n != TICKETLEN) error(Ebadarg); if(c->aux == 0) error(Ebadarg); cp = c->aux; convM2T(a, &cp->t, evekey); if(cp->t.num != AuthTs || memcmp(cp->a.chal, cp->t.chal, CHALLEN)) error(Eperm); memmove(u->p->user, cp->t.suid, NAMELEN); return n; } /* * called by devcons() for #c/authcheck * * a write of a ticket+authenticator succeeds if they match */ long authcheck(Chan *c, char *a, int n) { Crypt *cp; if(n != TICKETLEN+AUTHENTLEN) error(Ebadarg); if(c->aux == 0) c->aux = newcrypt(); cp = c->aux; convM2T(a, &cp->t, evekey); if(cp->t.num != AuthTc || strcmp(u->p->user, cp->t.cuid)) error(Ebadarg); convM2A(a+TICKETLEN, &cp->a, cp->t.key); if(cp->a.num != AuthAs || memcmp(cp->t.chal, cp->a.chal, CHALLEN)) error(Eperm); return n; } void authclose(Chan *c) { if(c->aux) freecrypt(c->aux); c->aux = 0; } /* * called by devcons() for key device */ long keyread(char *a, int n, long offset) { if(n= NAMELEN) error(Ebadarg); if(strcmp(a, "none") != 0) error(Eperm); memset(u->p->user, 0, NAMELEN); strcpy(u->p->user, "none"); return n; } /* * called by devcons() for host owner/domain * * writing hostowner also sets user */ long hostownerwrite(char *a, int n) { char buf[NAMELEN]; if(!iseve()) error(Eperm); if(n >= NAMELEN) error(Ebadarg); memset(buf, 0, NAMELEN); strncpy(buf, a, n); if(buf[0] == 0) error(Ebadarg); memmove(eve, buf, NAMELEN); memmove(u->p->user, buf, NAMELEN); return n; } long hostdomainwrite(char *a, int n) { char buf[DOMLEN]; if(!iseve()) error(Eperm); if(n >= DOMLEN) error(Ebadarg); memset(buf, 0, DOMLEN); strncpy(buf, a, n); if(buf[0] == 0) error(Ebadarg); memmove(hostdomain, buf, DOMLEN); return n; } . ## diffname port/auth.c 1993/0402 ## diff -e /n/bootesdump/1993/0330/sys/src/9/port/auth.c /n/bootesdump/1993/0402/sys/src/9/port/auth.c 413a if(strcmp(u->p->user, cp->t.cuid)) error(cp->t.cuid); . 412c if(cp->t.num != AuthTc) . 138a if(n == 2 && buf[0] == 'O' && buf[1] == 'K') goto dkhack; . 137a dkhack: . ## diffname port/auth.c 1993/0403 ## diff -e /n/bootesdump/1993/0402/sys/src/9/port/auth.c /n/bootesdump/1993/0403/sys/src/9/port/auth.c 310a unlock(s); . 307a lock(s); . 283,285d 267a id = s->cid++; unlock(s); . 264a lock(s); . 243a } . 242c for(cp = s->cache; cp; cp = next) { next = cp->next; . 240c Crypt *cp, *next; . 132a f->tag = NOTAG; . ## diffname port/auth.c 1993/0407 ## diff -e /n/bootesdump/1993/0403/sys/src/9/port/auth.c /n/bootesdump/1993/0407/sys/src/9/port/auth.c 177,178c poperror(); . 175d 150d 131,148c /* * Exchange a session message with the server. * If an error occurs reading or writing, * assume this is a mount of a mount and turn off * authentication. */ if(!waserror()){ for(i = 0; i < CHALLEN; i++) s->cchal[i] = nrand(256); f.tag = NOTAG; f.type = Tsession; memmove(f.chal, s->cchal, CHALLEN); n = convS2M(&f, buf); if((*devtab[c->type].write)(c, buf, n, 0) != n) error(Emountrpc); n = (*devtab[c->type].read)(c, buf, sizeof buf, 0); if(n == 2 && buf[0] == 'O' && buf[1] == 'K') n = (*devtab[c->type].read)(c, buf, sizeof buf, 0); poperror(); if(convM2S(buf, &f, n) == 0){ free(s); error(Emountrpc); } switch(f.type){ case Rsession: memmove(s->schal, f.chal, CHALLEN); memmove(s->authid, f.authid, NAMELEN); memmove(s->authdom, f.authdom, DOMLEN); break; case Rerror: free(s); error(f.ename); default: free(s); error(Emountrpc); } . 126c /* * no session exchanged yet */ . 123a /* * if two processes get here at the same * time with no session exchanged, we have * a race. */ . 120,121d 115,118c if(waserror()){ . 106,113d 103a Fcall f; char buf[MAXMSG]; . 99,100d ## diffname port/auth.c 1993/0408 ## diff -e /n/bootesdump/1993/0407/sys/src/9/port/auth.c /n/bootesdump/1993/0408/sys/src/9/port/auth.c 181,183c memmove(tr.chal, s->schal, CHALLEN); memmove(tr.authid, s->authid, NAMELEN); memmove(tr.authdom, s->authdom, DOMLEN); . 174,178c else{ lock(s); for(cp = s->cache; cp; cp = cp->next) if(strcmp(cp->t.cuid, u->p->user) == 0){ tr.type = 0; break; } unlock(s); } . 172c if(strcmp(u->p->user, "none") == 0 || s->authid[0] == 0) . 165a unlock(&s->send); . 164c s->valid = 1; . 160c unlock(s); . 157c unlock(s); . 147c unlock(s); . 126a /* back off if someone else is doing an fsession */ while(!canlock(&s->send)) sched(); if(s->valid == 0){ . 125c } c->session = s; } unlock(c); . 123c if(s == 0){ unlock(c); . 119,121d 112,116c /* add a session structure to the channel if it has none */ lock(c); . 27a int valid; . 21a Lock send; . ## diffname port/auth.c 1993/0411 ## diff -e /n/bootesdump/1993/0408/sys/src/9/port/auth.c /n/bootesdump/1993/0411/sys/src/9/port/auth.c 165c unlock(&s->send); . 162c unlock(&s->send); . 152c unlock(&s->send); . ## diffname port/auth.c 1993/0427 ## diff -e /n/bootesdump/1993/0411/sys/src/9/port/auth.c /n/bootesdump/1993/0427/sys/src/9/port/auth.c 165a print("error using %d bytes %ux %ux %ux\n", n, buf[0], buf[1], buf[2]); . 152a print("error converting %d bytes %ux %ux %ux\n", n, buf[0], buf[1], buf[2]); . ## diffname port/auth.c 1993/0428 ## diff -e /n/bootesdump/1993/0427/sys/src/9/port/auth.c /n/bootesdump/1993/0428/sys/src/9/port/auth.c 451a return n; } /* * called by devcons() for #c/authenticator * * a read after a write of a ticket returns an authenticator * for that ticket. */ long authentwrite(Chan *c, char *a, int n) { Crypt *cp; if(n != TICKETLEN) error(Ebadarg); if(c->aux == 0) c->aux = newcrypt(); cp = c->aux; memmove(cp->tbuf, a, TICKETLEN); convM2T(cp->tbuf, &cp->t, evekey); if(cp->t.num != AuthTc || strcmp(cp->t.cuid, u->p->user)){ freecrypt(cp); c->aux = 0; error(Ebadarg); } return n; } long authentread(Chan *c, char *a, int n) { Crypt *cp; cp = c->aux; if(cp == 0) error("authenticator read must follow a write"); cp->a.num = AuthAc; memmove(cp->a.chal, cp->t.chal, CHALLEN); cp->a.id = 0; convA2M(&cp->a, cp->tbuf, cp->t.key); memmove(a, cp->tbuf, AUTHENTLEN); . 449c memmove(cp->tbuf, a+TICKETLEN, AUTHENTLEN); convM2A(cp->tbuf, &cp->a, cp->t.key); . 444c memmove(cp->tbuf, a, TICKETLEN); convM2T(cp->tbuf, &cp->t, evekey); . 424a memmove(cp->tbuf, a+TICKETLEN, AUTHENTLEN); convM2A(cp->tbuf, &cp->a, cp->t.key); if(cp->a.num != AuthAc || memcmp(cp->a.chal, cp->t.chal, CHALLEN)) error(Eperm); . 422c memmove(cp->tbuf, a, TICKETLEN); convM2T(cp->tbuf, &cp->t, evekey); . 417c if(n != TICKETLEN+AUTHENTLEN) . 405c convA2M(&cp->a, cp->tbuf, cp->t.key); memmove(a, cp->tbuf, AUTHENTLEN); . 401a . 384a . 366,367c * 2) write ticket+authenticator to #c/authenticate. if it matches * the challenge the user is changed to the suid field of the ticket . 167d 153d ## diffname port/auth.c 1993/0501 ## diff -e /n/bootesdump/1993/0428/sys/src/9/port/auth.c /n/fornaxdump/1993/0501/sys/src/brazil/port/auth.c 584c memmove(up->user, buf, NAMELEN); . 560,561c memset(up->user, 0, NAMELEN); strcpy(up->user, "none"); . 470,514d 466d 461,463c convM2A(a+TICKETLEN, &cp->a, cp->t.key); . 459c if(strcmp(up->user, cp->t.cuid)) . 454,456c convM2T(a, &cp->t, evekey); . 429,435c memmove(up->user, cp->t.suid, NAMELEN); . 424,426c convM2T(a, &cp->t, evekey); . 419c if(n != TICKETLEN) . 405,407c convA2M(&cp->a, a, cp->t.key); . 401d 389c strcpy(tr.uid, up->user); . 383d 364,365c * 2) write ticket to #c/authenticate. if it matchs the challenge the * user is changed to the suid field of the ticket . 341c if(s == 0 || cp == 0 || s->authid[0] == 0 || strcmp(up->user, "none") == 0) . 336c if(strcmp(cp->t.cuid, up->user) == 0) . 305,306c memmove(cp->t.cuid, up->user, NAMELEN); memmove(cp->t.suid, up->user, NAMELEN); . 291c if(strcmp(cp->t.cuid, up->user) == 0) . 281c if(s == 0 || s->authid[0] == 0 || strcmp(up->user, "none") == 0){ . 242c if(strcmp(ncp->t.cuid, up->user) == 0){ . 232c if(strncmp(up->user, cp->t.cuid, NAMELEN) != 0) . 191,194c memmove(tr.chal, c->session->schal, CHALLEN); memmove(tr.authid, c->session->authid, NAMELEN); memmove(tr.authdom, c->session->authdom, DOMLEN); memmove(tr.uid, up->user, NAMELEN); . 180,188c else for(cp = s->cache; cp; cp = cp->next) if(strcmp(cp->t.cuid, up->user) == 0){ tr.type = 0; break; } . 178c if(strcmp(up->user, "none") == 0 || c->session->authid[0] == 0) . 171d 169c c->session = s; . 165c free(s); . 162c free(s); . 152c free(s); . 149c goto dkhack; . 146a dkhack: . 127,131d 122,125c memset(s, 0, sizeof(Session)); . 119,120c if(s == 0) . 117a /* * no session exchanged yet */ . 114,115c /* * if two processes get here at the same * time with no session exchanged, we have * a race. */ . 48c return strcmp(eve, up->user) == 0; . 29d 22d 18d ## diffname port/auth.c 1993/0731 ## diff -e /n/fornaxdump/1993/0501/sys/src/brazil/port/auth.c /n/fornaxdump/1993/0731/sys/src/brazil/port/auth.c 439a return n; } /* * called by devcons() for #c/authenticator * * a read after a write of a ticket (or ticket+id) returns an authenticator * for that ticket. */ long authentwrite(Chan *c, char *a, int n) { Crypt *cp; if(n != TICKETLEN && n != TICKETLEN+4) error(Ebadarg); if(c->aux == 0) c->aux = newcrypt(); cp = c->aux; memmove(cp->tbuf, a, TICKETLEN); convM2T(cp->tbuf, &cp->t, evekey); if(cp->t.num != AuthTc || strcmp(cp->t.cuid, up->user)){ freecrypt(cp); c->aux = 0; error(Ebadarg); } if(n == TICKETLEN+4){ uchar *p = (uchar *)&a[TICKETLEN]; cp->a.id = p[0] | (p[1]<<8) | (p[2]<<16) | (p[3]<<24); }else cp->a.id = 0; return n; } long authentread(Chan *c, char *a, int n) { Crypt *cp; cp = c->aux; if(cp == 0) error("authenticator read must follow a write"); cp->a.num = AuthAc; memmove(cp->a.chal, cp->t.chal, CHALLEN); convA2M(&cp->a, cp->tbuf, cp->t.key); memmove(a, cp->tbuf, AUTHENTLEN); . 437,438c memmove(cp->tbuf, a+TICKETLEN, AUTHENTLEN); convM2A(cp->tbuf, &cp->a, cp->t.key); if(n == TICKETLEN+AUTHENTLEN+CHALLEN+4){ uchar *p = (uchar *)&a[TICKETLEN+AUTHENTLEN+CHALLEN]; id = p[0] | (p[1]<<8) | (p[2]<<16) | (p[3]<<24); chal = &a[TICKETLEN+AUTHENTLEN]; }else{ id = 0; chal = cp->t.chal; } if(cp->a.num != AuthAs || memcmp(chal, cp->a.chal, CHALLEN) || cp->a.id != id) . 432c memmove(cp->tbuf, a, TICKETLEN); convM2T(cp->tbuf, &cp->t, evekey); . 427c if(n != TICKETLEN+AUTHENTLEN && n != TICKETLEN+AUTHENTLEN+CHALLEN+4) . 425a char *chal; ulong id; . 420c * a write of a ticket+authenticator [+challenge+id] succeeds if they match . 412a memmove(cp->tbuf, a+TICKETLEN, AUTHENTLEN); convM2A(cp->tbuf, &cp->a, cp->t.key); if(cp->a.num != AuthAc || memcmp(cp->a.chal, cp->t.chal, CHALLEN)) error(Eperm); . 410c memmove(cp->tbuf, a, TICKETLEN); convM2T(cp->tbuf, &cp->t, evekey); . 405c if(n != TICKETLEN+AUTHENTLEN) . 393c convA2M(&cp->a, cp->tbuf, cp->t.key); memmove(a, cp->tbuf, AUTHENTLEN); . 389a . 372a . 354,355c * 2) write ticket+authenticator to #c/authenticate. if it matches * the challenge the user is changed to the suid field of the ticket . 181,183c memmove(tr.chal, s->schal, CHALLEN); memmove(tr.authid, s->authid, NAMELEN); memmove(tr.authdom, s->authdom, DOMLEN); . 174,178c else{ lock(s); for(cp = s->cache; cp; cp = cp->next) if(strcmp(cp->t.cuid, up->user) == 0){ tr.type = 0; break; } unlock(s); } . 172c if(strcmp(up->user, "none") == 0 || s->authid[0] == 0) . 165a unlock(&s->send); . 164c s->valid = 1; . 160c unlock(&s->send); . 157c unlock(&s->send); . 147c unlock(&s->send); . 144c n = (*devtab[c->type].read)(c, buf, sizeof buf, 0); . 141d 125a /* back off if someone else is doing an fsession */ while(!canlock(&s->send)) sched(); if(s->valid == 0){ . 124c } c->session = s; } unlock(c); . 122c if(s == 0){ unlock(c); . 118,120d 111,115c /* add a session structure to the channel if it has none */ lock(c); . 26a int valid; . 20a Lock send; . 17a typedef struct Session Session; . ## diffname port/auth.c 1994/0624 ## diff -e /n/fornaxdump/1993/0731/sys/src/brazil/port/auth.c /n/fornaxdump/1994/0624/sys/src/brazil/port/auth.c 6d ## diffname port/auth.c 1994/0915 ## diff -e /n/fornaxdump/1994/0624/sys/src/brazil/port/auth.c /n/fornaxdump/1994/0915/sys/src/brazil/port/auth.c 598a up->basepri = PriNormal; . 575a up->basepri = PriNormal; . ## diffname port/auth.c 1994/1027 ## diff -e /n/fornaxdump/1994/0915/sys/src/brazil/port/auth.c /n/fornaxdump/1994/1027/sys/src/brazil/port/auth.c 597a renameuser(eve, buf); . 37c char eve[NAMELEN]; . ## diffname port/auth.c 1995/0102 ## diff -e /n/fornaxdump/1994/1027/sys/src/brazil/port/auth.c /n/fornaxdump/1995/0102/sys/src/brazil/port/auth.c 601c up->nice = NiceNormal; . 576c up->nice = NiceNormal; . ## diffname port/auth.c 1995/0106 ## diff -e /n/fornaxdump/1995/0102/sys/src/brazil/port/auth.c /n/fornaxdump/1995/0106/sys/src/brazil/port/auth.c 128a } . 127c while(!canlock(&s->send)) { up->yield = 1; . ## diffname port/auth.c 1995/0110 ## diff -e /n/fornaxdump/1995/0106/sys/src/brazil/port/auth.c /n/fornaxdump/1995/0110/sys/src/brazil/port/auth.c 603c up->basepri = PriNormal; . 578c up->basepri = PriNormal; . 130d 127,128c while(!canlock(&s->send)) . ## diffname port/auth.c 1995/0113 ## diff -e /n/fornaxdump/1995/0110/sys/src/brazil/port/auth.c /n/fornaxdump/1995/0113/sys/src/brazil/port/auth.c 545c if(!cpuserver || !iseve()) . ## diffname port/auth.c 1995/0414 ## diff -e /n/fornaxdump/1995/0113/sys/src/brazil/port/auth.c /n/fornaxdump/1995/0414/sys/src/brazil/port/auth.c 130c if(s->valid == 0 && (c->flag & CMSG) == 0){ . ## diffname port/auth.c 1997/0327 ## diff -e /n/fornaxdump/1995/0414/sys/src/brazil/port/auth.c /n/emeliedump/1997/0327/sys/src/brazil/port/auth.c 198c cclose(c); . 149c n = devtab[c->type]->read(c, buf, sizeof buf, 0); . 147c n = devtab[c->type]->read(c, buf, sizeof buf, 0); . 145c if(devtab[c->type]->write(c, buf, n, 0) != n) . 109c cclose(c); . ## diffname port/auth.c 1998/0404 ## diff -e /n/emeliedump/1997/0327/sys/src/brazil/port/auth.c /n/emeliedump/1998/0404/sys/src/brazil/port/auth.c 525c if(n >= AUTHENTLEN) memmove(a, cp->tbuf, AUTHENTLEN); if(n >= AUTHENTLEN + TICKETLEN) convT2M(&cp->t, a+AUTHENTLEN, nil); . 480a * reading authcheck after writing into it yields the * nonce key */ long authcheckread(Chan *c, char *a, int n) { Crypt *cp; cp = c->aux; if(cp == nil) error(Ebadarg); if(n < TICKETLEN)) error(Ebadarg); convT2M(&cp->t, a, nil); return sizeof(cp->t); } /* . ## diffname port/auth.c 1998/0406 ## diff -e /n/emeliedump/1998/0404/sys/src/brazil/port/auth.c /n/emeliedump/1998/0406/sys/src/brazil/port/auth.c 492c if(n < TICKETLEN) . ## diffname port/auth.c 1998/0407 ## diff -e /n/emeliedump/1998/0406/sys/src/brazil/port/auth.c /n/emeliedump/1998/0407/sys/src/brazil/port/auth.c 530a /* * create an authenticator and return it and optionally the * unencripted ticket */ . 482c * unencrypted ticket . ## diffname port/auth.c 1998/0422 ## diff -e /n/emeliedump/1998/0407/sys/src/brazil/port/auth.c /n/emeliedump/1998/0422/sys/src/brazil/port/auth.c 550,552d 407a if(n >= AUTHENTLEN + TICKETLEN) convT2M(&cp->t, a+AUTHENTLEN, nil); . 398c if(n < AUTHENTLEN) . ## diffname port/auth.c 1998/0512 ## diff -e /n/emeliedump/1998/0422/sys/src/brazil/port/auth.c /n/emeliedump/1998/0512/sys/src/brazil/port/auth.c 352c } . 173c /* . ## diffname port/auth.c 1999/0331 ## diff -e /n/emeliedump/1998/0512/sys/src/brazil/port/auth.c /n/emeliedump/1999/0331/sys/src/brazil/port/auth.c 251a cclose(c); . 221a cclose(c); . 219a } . 218c if(s == 0){ cclose(c); . ## diffname port/auth.c 1999/1224 ## diff -e /n/emeliedump/1999/0331/sys/src/brazil/port/auth.c /n/emeliedump/1999/1224/sys/src/9/port/auth.c 540c * unencrypted ticket . ## diffname port/auth.c 2000/0710 ## diff -e /n/emeliedump/1999/1224/sys/src/9/port/auth.c /n/emeliedump/2000/0710/sys/src/9/port/auth.c 603c if(!iseve() || strcmp(a, "none") != 0) . ## diffname port/auth.c 2001/0503 ## diff -e /n/emeliedump/2000/0710/sys/src/9/port/auth.c /n/emeliedump/2001/0503/sys/src/9/port/auth.c 357c if(a.id != id){ . 353c if(memcmp(a.chal, s->cchal, sizeof(a.chal))){ . 348,349c convM2A(f->rauth, &a, cp->t.key); if(a.num != AuthAs){ . 332a Authenticator a; . 318,321c memmove(a.chal, s->schal, CHALLEN); a.num = AuthAc; a.id = id; convA2M(&a, f->auth, cp->t.key); . 280a Authenticator a; . ## diffname port/auth.c 2001/0527 ## diff -e /n/emeliedump/2001/0503/sys/src/9/port/auth.c /n/emeliedump/2001/0527/sys/src/9/port/auth.c 632,633c kstrdup(&eve, buf); kstrdup(&up->user, buf); . 630a . 627,629c strncpy(buf, a, n+1); if(buf[0] == '\0') . 625c if(n >= sizeof buf) . 621c char buf[128]; . 607,608c kstrdup(&up->user, "none"); . 603,604d 490,570d 456,486c error("sysfauth unimplemented"); return -1; . 454c sysfauth(ulong *) . 448,452d 439,445c free(msg); poperror(); poperror(); cclose(c); return m; . 434,437c n = convM2S(msg, m, &f); if(n != m) error("bad fsession conversion on reply"); if(f.type != Rsession) error("unexpected reply type in fsession"); m = f.nchal; if(m > authlen) error(Eshort); //BUG print("auth stuff ignored; noauth by default\n"); ((uchar*)arg[1])[0] = 0; . 428,432c lock(c); c->offset += m; unlock(c); . 423,426c /* message sent; receive and decode reply */ m = devtab[c->type]->read(c, msg, MAXMSG, c->offset); if(m <= 0) error("EOF receiving fsession reply"); . 420,421d 390,418c if(m < n){ lock(c); c->offset -= n - m; unlock(c); error("short write in fsession"); . 381,388c m = devtab[c->type]->write(c, msg, n, oo); . 365,379c lock(c); oo = c->offset; c->offset += n; unlock(c); . 355,363c n = convS2M(&f, msg, MAXMSG); if(n == 0) error("bad fsession conversion on send"); . 292,353c f.type = Tsession; f.tag = NOTAG; f.nchal = 0; f.chal = (uchar*)""; msg = smalloc(MAXMSG); if(waserror()){ free(msg); nexterror(); . 229,288c if(c->flag & CMSG){ //BUG what to do? ((uchar*)arg[1])[0] = 0; poperror(); cclose(c); . 225d 215,222c //BUG print("warning: stub fsession being used\n"); authlen = arg[2]; validaddr(arg[1], authlen, 1); c = fdtochan(arg[0], ORDWR, 0, 1); . 210,213c uvlong oo; . 208a Fcall f; uchar *msg; uint authlen, n, m; . 207c sysfsession(ulong *arg) . 203,205d 200c return m; . 197a n = convM2S(msg, m, &f); if(n != m) error("bad fversion conversion on reply"); if(f.type != Rversion) error("unexpected reply type in fversion"); if(f.msize > msize) error("server tries to increase msize in fversion"); if(f.msize<256 || f.msize>1024*1024) error("nonsense value of msize in fversion"); kstrdup(&c->version, f.version); c->iounit = f.msize; free(msg); poperror(); Return: m = strlen(c->version); if(m > arglen) m = arglen; memmove((char*)arg[2], c->version, m); . 190,196c lock(c); c->offset += m; unlock(c); . 173,188c /* message sent; receive and decode reply */ m = devtab[c->type]->read(c, msg, MAXMSG, c->offset); if(m <= 0) error("EOF receiving fversion reply"); . 171d 130,169c if(m < n){ lock(c); c->offset -= n - m; unlock(c); error("short write in fversion"); . 126,128c m = devtab[c->type]->write(c, msg, n, oo); . 123a n = convS2M(&f, msg, MAXMSG); if(n == 0) error("bad fversion conversion on send"); lock(c); oo = c->offset; c->offset += n; . 113,122c if((c->flag&CMSG) && c->version!=nil) /* BUG: insufficient; should check compatibility */ goto Return; f.type = Tversion; f.tag = NOTAG; if(msize == 0) msize = IOHDRSZ+8192; /* reasonable default */ f.msize = msize; if(vers[0] == '\0') vers = VERSION9P; f.version = vers; msg = smalloc(MAXMSG); if(waserror()){ free(msg); nexterror(); . 106,107c msize = arg[1]; vers = (char*)arg[2]; arglen = arg[3]; validaddr(arg[2], arglen, 1); /* check there's a NUL in the version string */ if(memchr(vers, 0, arglen) == 0) error(Ebadarg); c = fdtochan(arg[0], ORDWR, 0, 1); . 100,104c uvlong oo; . 98c Fcall f; /* two Fcalls should be big enough for reply */ uchar *msg; char *vers; uint arglen, n, m, msize; . 96c sysfversion(ulong *arg) . 50,94d 17,37c char *eve; . 8,15c #include . ## diffname port/auth.c 2001/0529 ## diff -e /n/emeliedump/2001/0527/sys/src/9/port/auth.c /n/emeliedump/2001/0529/sys/src/9/port/auth.c 168c m = devtab[c->type]->read(c, msg, 8192+IOHDRSZ, c->offset); . 149c n = convS2M(&f, msg, 8192+IOHDRSZ); . 144c msg = smalloc(8192+IOHDRSZ); . 81c m = devtab[c->type]->read(c, msg, 8192+IOHDRSZ, c->offset); . 62c n = convS2M(&f, msg, 8192+IOHDRSZ); . 57c msg = smalloc(8192+IOHDRSZ); . ## diffname port/auth.c 2001/0807 ## diff -e /n/emeliedump/2001/0529/sys/src/9/port/auth.c /n/emeliedump/2001/0807/sys/src/9/port/auth.c 197,198c Chan *c; uint authlen, rauthlen; int n; authlen = arg[2]; validaddr(arg[1], authlen, 1); rauthlen = arg[4]; validaddr(arg[3], rauthlen, 1); c = fdtochan(arg[0], ORDWR, 0, 1); if(waserror()){ cclose(c); nexterror(); } n = mntauth(c, (uchar*)arg[1], authlen, (uchar*)arg[3], rauthlen); poperror(); cclose(c); return n; . 195c sysfauth(ulong *arg) . 191c return n; . 188a } long sysfsession(ulong *arg) { Chan *c; uint authlen, n; authlen = arg[2]; validaddr(arg[1], authlen, 1); c = fdtochan(arg[0], ORDWR, 0, 1); if(waserror()){ cclose(c); nexterror(); } if(c->session == nil){ if(c->flag&CMSG) error("session on mounted channel"); sendsession(c); } n = strlen(c->session->authlist)+1; if(n > authlen) error(Eshort); memmove((uchar*)arg[1], c->session->authlist, n); . 181,185c c->session = allocsession(f.authlist); . 176a print("rsession conv returns %d\n", n); . 170a print("rsession rcvd\n"); . 158a print("session sent\n"); . 142,143d 123,139d 119,120c uint n, m; . 114,115c void sendsession(Chan *c) . 13a struct Session { char *authlist; }; Session* allocsession(char *authlist) { Session *s; s = smalloc(sizeof(*s)); s->authlist = nil; kstrdup(&s->authlist, authlist); return s; } void freesession(Session *s) { if(s == nil) return; free(s->authlist); free(s); } . ## diffname port/auth.c 2001/0808 ## diff -e /n/emeliedump/2001/0807/sys/src/9/port/auth.c /n/emeliedump/2001/0808/sys/src/9/port/auth.c 229,248c error("sysfauth unimplemented"); return -1; . 227c sysfauth(ulong *) . 222,223c return m; . 193,219d 189c m = f.nchal; if(m > authlen) error(Eshort); //BUG print("auth stuff ignored; noauth by default\n"); ((uchar*)arg[1])[0] = 0; . 184d 177d 164d 148a f.nchal = 0; f.chal = (uchar*)""; . 146a //BUG print("warning: stub fsession being used\n"); authlen = arg[2]; validaddr(arg[1], authlen, 1); c = fdtochan(arg[0], ORDWR, 0, 1); if(waserror()){ cclose(c); nexterror(); } if(c->flag & CMSG){ //BUG what to do? ((uchar*)arg[1])[0] = 0; poperror(); cclose(c); return 0; } . 144c uint authlen, n, m; Chan *c; . 139,140c long sysfsession(ulong *arg) . 14,38d ## diffname port/auth.c 2001/0819 ## diff -e /n/emeliedump/2001/0808/sys/src/9/port/auth.c /n/emeliedump/2001/0819/sys/src/9/port/auth.c 160,198c return fd; . 158c /* always mark it close on exec */ ac->flag |= CCEXEC; . 153,156c fd = newfd(ac); if(fd < 0) error(Enofd); poperror(); /* ac */ poperror(); /* c */ . 149,151d 146c cclose(ac); . 132,144c ac = mntauth(c, aname); . 123,125c if(arg[2] == 0) error(Ebadarg); validaddr(arg[1], arg[2], 1); ((uchar*)arg[1])[0] = '\0'; return 0; } long sysfauth(ulong *arg) { Chan *c, *ac; char *aname; int fd; validaddr(arg[1], 1, 0); aname = (char*)arg[1]; validname(aname, 0); . 117,121c /* deprecated; backwards compatibility only */ . 115c sys_fsession(ulong *arg) . 49,108d 46,47c m = mntversion(c, vers, msize, arglen); . 38c if(arglen==0 || memchr(vers, 0, arglen)==0) . 31d 29c uint arglen, m, msize; . 26,27d ## diffname port/auth.c 2001/0925 ## diff -e /n/emeliedump/2001/0819/sys/src/9/port/auth.c /n/emeliedump/2001/0925/sys/src/9/port/auth.c 8c #include . ## diffname port/auth.c 2001/0929 ## diff -e /n/emeliedump/2001/0925/sys/src/9/port/auth.c /n/emeliedump/2001/0929/sys/src/9/port/auth.c 97,121d ## diffname port/auth.c 2001/0930 ## diff -e /n/emeliedump/2001/0929/sys/src/9/port/auth.c /n/emeliedump/2001/0930/sys/src/9/port/auth.c 104c if(strcmp(a, "none") != 0) . ## diffname port/auth.c 2002/0115 ## diff -e /n/emeliedump/2001/0930/sys/src/9/port/auth.c /n/emeliedump/2002/0115/sys/src/9/port/auth.c 11d ## diffname port/auth.c 2002/0221 ## diff -e /n/emeliedump/2002/0115/sys/src/9/port/auth.c /n/emeliedump/2002/0221/sys/src/9/port/auth.c 124,126c memmove(buf, a, n); buf[n] = 0; . 122c if(n <= 0 || n >= sizeof buf) . ## diffname port/auth.c 2002/0410 ## diff -e /n/emeliedump/2002/0221/sys/src/9/port/auth.c /n/emeliedump/2002/0410/sys/src/9/port/auth.c 103c if(n!=4 || strncmp(a, "none", 4)!=0) . ## diffname port/auth.c 2002/0517 ## diff -e /n/emeliedump/2002/0410/sys/src/9/port/auth.c /n/emeliedump/2002/0517/sys/src/9/port/auth.c 87d 77a /* at this point ac is responsible for keeping c alive */ cclose(c); poperror(); /* c */ . ## diffname port/auth.c 2002/0831 ## diff -e /n/emeliedump/2002/0517/sys/src/9/port/auth.c /n/emeliedump/2002/0831/sys/src/9/port/auth.c 70c validname(aname, 1); .