1 /*
2  * p9cr, vnc - one-sided challenge/response authentication
3  *
4  * Protocol:
5  *
6  *	C -> S: user
7  *	S -> C: challenge
8  *	C -> S: response
9  *	S -> C: ok or bad
10  *
11  * Note that this is the protocol between factotum and the local
12  * program, not between the two factotums.  The information 
13  * exchanged here is wrapped in other protocols by the local
14  * programs.
15  */
16 
17 #include "std.h"
18 #include "dat.h"
19 
20 static int
21 p9crcheck(Key *k)
22 {
23 	if(!strfindattr(k->attr, "user") || !strfindattr(k->privattr, "!password")){
24 		werrstr("need user and !password attributes");
25 		return -1;
26 	}
27 	return 0;
28 }
29 
30 static int
31 p9crclient(Conv *c)
32 {
33 	char *chal, *pw, *res, *user;
34 	int astype, nchal, npw, ntry, ret;
35 	uchar resp[MD5dlen];
36 	Attr *attr;
37 	DigestState *ds;
38 	Key *k;
39 	
40 	chal = nil;
41 	k = nil;
42 	res = nil;
43 	ret = -1;
44 	attr = c->attr;
45 
46 	if(c->proto == &p9cr){
47 		astype = AuthChal;
48 		challen = NETCHLEN;
49 	}else if(c->proto == &vnc){
50 		astype = AuthVnc;
51 		challen = MAXCHAL;
52 	}else{
53 		werrstr("bad proto");
54 		goto out;
55 	}
56 
57 	c->state = "find key";
58 	k = keyfetch(c, "%A %s", attr, c->proto->keyprompt);
59 	if(k == nil)
60 		goto out;
61 
62 	for(ntry=1;; ntry++){
63 		if(c->attr != attr)
64 			freeattr(c->attr);
65 		c->attr = addattrs(copyattr(attr), k->attr);
66 		if((pw = strfindattr(k->privattr, "!password")) == nil){
67 			werrstr("key has no !password (cannot happen)");
68 			goto out;
69 		}
70 		npw = strlen(pw);
71 
72 		if((user = strfindattr(k->attr, "user")) == nil){
73 			werrstr("key has no user (cannot happen)");
74 			goto out;
75 		}
76 
77 		if(convprint(c, "%s", user) < 0)
78 			goto out;
79 
80 		if(convreadm(c, &chal) < 0)
81 			goto out;
82 
83 		if((nresp = (*response)(chal, resp)) < 0)
84 			goto out;
85 
86 		if(convwrite(c, resp, nresp) < 0)
87 			goto out;
88 
89 		if(convreadm(c, &res) < 0)
90 			goto out;
91 
92 		if(strcmp(res, "ok") == 0)
93 			break;
94 
95 		if((k = keyreplace(c, k, "%s", res)) == nil){
96 			c->state = "auth failed";
97 			werrstr("%s", res);
98 			goto out;
99 		}
100 	}
101 
102 	werrstr("succeeded");
103 	ret = 0;
104 
105 out:
106 	keyclose(k);
107 	free(chal);
108 	if(c->attr != attr)
109 		freeattr(attr);
110 	return ret;
111 }
112 
113 static int
114 p9crserver(Conv *c)
115 {
116 	char chal[APOPCHALLEN], *user, *resp;
117 	ServerState s;
118 	int astype, ret;
119 	Attr *a;
120 
121 	ret = -1;
122 	user = nil;
123 	resp = nil;
124 	memset(&s, 0, sizeof s);
125 	s.asfd = -1;
126 
127 	if(c->proto == &apop)
128 		astype = AuthApop;
129 	else if(c->proto == &cram)
130 		astype = AuthCram;
131 	else{
132 		werrstr("bad proto");
133 		goto out;
134 	}
135 
136 	c->state = "find key";
137 	if((s.k = plan9authkey(c->attr)) == nil)
138 		goto out;
139 
140 	a = copyattr(s.k->attr);
141 	a = delattr(a, "proto");
142 	c->attr = addattrs(c->attr, a);
143 	freeattr(a);
144 
145 	c->state = "authdial";
146 	s.hostid = strfindattr(s.k->attr, "user");
147 	s.dom = strfindattr(s.k->attr, "dom");
148 	if((s.asfd = xioauthdial(nil, s.dom)) < 0){
149 		werrstr("authdial %s: %r", s.dom);
150 		goto out;
151 	}
152 
153 	c->state = "authchal";
154 	if(p9crchal(&s, astype, chal) < 0)
155 		goto out;
156 
157 	c->state = "write challenge";
158 	if(convprint(c, "%s", chal) < 0)
159 		goto out;
160 
161 	for(;;){
162 		c->state = "read user";
163 		if(convreadm(c, &user) < 0)
164 			goto out;
165 
166 		c->state = "read response";
167 		if(convreadm(c, &resp) < 0)
168 			goto out;
169 
170 		c->state = "authwrite";
171 		switch(apopresp(&s, user, resp)){
172 		case -1:
173 			goto out;
174 		case 0:
175 			c->state = "write status";
176 			if(convprint(c, "bad authentication failed") < 0)
177 				goto out;
178 			break;
179 		case 1:
180 			c->state = "write status";
181 			if(convprint(c, "ok") < 0)
182 				goto out;
183 			goto ok;
184 		}
185 		free(user);
186 		free(resp);
187 		user = nil;
188 		resp = nil;
189 	}
190 
191 ok:
192 	ret = 0;
193 	c->attr = addcap(c->attr, c->sysuser, &s.t);
194 
195 out:
196 	keyclose(s.k);
197 	free(user);
198 	free(resp);
199 //	xioclose(s.asfd);
200 	return ret;
201 }
202 
203 enum
204 {
205 	MAXCHAL = 64,
206 };
207 
208 typedef struct State State;
209 struct State
210 {
211 	Key	*key;
212 	int	astype;
213 	int	asfd;
214 	Ticket	t;
215 	Ticketreq tr;
216 	char	chal[MAXCHAL];
217 	int	challen;
218 	char	resp[MAXCHAL];
219 	int	resplen;
220 };
221 
222 enum
223 {
224 	CNeedChal,
225 	CHaveResp,
226 
227 	SHaveChal,
228 	SNeedResp,
229 
230 	Maxphase,
231 };
232 
233 static char *phasenames[Maxphase] =
234 {
235 [CNeedChal]	"CNeedChal",
236 [CHaveResp]	"CHaveResp",
237 
238 [SHaveChal]	"SHaveChal",
239 [SNeedResp]	"SNeedResp",
240 };
241 
242 static void
243 p9crclose(Fsstate *fss)
244 {
245 	State *s;
246 
247 	s = fss->ps;
248 	if(s->asfd >= 0){
249 		close(s->asfd);
250 		s->asfd = -1;
251 	}
252 	free(s);
253 }
254 
255 static int getchal(State*, Fsstate*);
256 
257 static int
258 p9crinit(Proto *p, Fsstate *fss)
259 {
260 	int iscli, ret;
261 	char *user;
262 	State *s;
263 	Attr *attr;
264 
265 	if((iscli = isclient(_str_findattr(fss->attr, "role"))) < 0)
266 		return failure(fss, nil);
267 	
268 	s = emalloc(sizeof(*s));
269 	s->asfd = -1;
270 	if(p == &p9cr){
271 		s->astype = AuthChal;
272 		s->challen = NETCHLEN;
273 	}else if(p == &vnc){
274 		s->astype = AuthVNC;
275 		s->challen = Maxchal;
276 	}else
277 		abort();
278 
279 	if(iscli){
280 		fss->phase = CNeedChal;
281 		if(p == &p9cr)
282 			attr = setattr(_copyattr(fss->attr), "proto=p9sk1");
283 		else
284 			attr = nil;
285 		ret = findkey(&s->key, fss, Kuser, 0, attr ? attr : fss->attr,
286 			"role=client %s", p->keyprompt);
287 		_freeattr(attr);
288 		if(ret != RpcOk){
289 			free(s);
290 			return ret;
291 		}
292 		fss->ps = s;
293 	}else{
294 		if((ret = findp9authkey(&s->key, fss)) != RpcOk){
295 			free(s);
296 			return ret;
297 		}
298 		if((user = _str_findattr(fss->attr, "user")) == nil){
299 			free(s);
300 			return failure(fss, "no user name specified in start msg");
301 		}
302 		if(strlen(user) >= sizeof s->tr.uid){
303 			free(s);
304 			return failure(fss, "user name too long");
305 		}
306 		fss->ps = s;
307 		strcpy(s->tr.uid, user);
308 		ret = getchal(s, fss);
309 		if(ret != RpcOk){
310 			p9crclose(fss);	/* frees s */
311 			fss->ps = nil;
312 		}
313 	}
314 	fss->phasename = phasenames;
315 	fss->maxphase = Maxphase;
316 	return ret;
317 }
318 
319 static int
320 p9crread(Fsstate *fss, void *va, uint *n)
321 {
322 	int m;
323 	State *s;
324 
325 	s = fss->ps;
326 	switch(fss->phase){
327 	default:
328 		return phaseerror(fss, "read");
329 
330 	case CHaveResp:
331 		if(s->resplen < *n)
332 			*n = s->resplen;
333 		memmove(va, s->resp, *n);
334 		fss->phase = Established;
335 		return RpcOk;
336 
337 	case SHaveChal:
338 		if(s->astype == AuthChal)
339 			m = strlen(s->chal);	/* ascii string */
340 		else
341 			m = s->challen;		/* fixed length binary */
342 		if(m > *n)
343 			return toosmall(fss, m);
344 		*n = m;
345 		memmove(va, s->chal, m);
346 		fss->phase = SNeedResp;
347 		return RpcOk;
348 	}
349 }
350 
351 static int
352 p9response(Fsstate *fss, State *s)
353 {
354 	char key[DESKEYLEN];
355 	uchar buf[8];
356 	ulong chal;
357 	char *pw;
358 
359 	pw = _str_findattr(s->key->privattr, "!password");
360 	if(pw == nil)
361 		return failure(fss, "vncresponse cannot happen");
362 	passtokey(key, pw);
363 	memset(buf, 0, 8);
364 	sprint((char*)buf, "%d", atoi(s->chal));
365 	if(encrypt(key, buf, 8) < 0)
366 		return failure(fss, "can't encrypt response");
367 	chal = (buf[0]<<24)+(buf[1]<<16)+(buf[2]<<8)+buf[3];
368 	s->resplen = snprint(s->resp, sizeof s->resp, "%.8lux", chal);
369 	return RpcOk;
370 }
371 
372 static uchar tab[256];
373 
374 /* VNC reverses the bits of each byte before using as a des key */
375 static void
376 mktab(void)
377 {
378 	int i, j, k;
379 	static int once;
380 
381 	if(once)
382 		return;
383 	once = 1;
384 
385 	for(i=0; i<256; i++) {
386 		j=i;
387 		tab[i] = 0;
388 		for(k=0; k<8; k++) {
389 			tab[i] = (tab[i]<<1) | (j&1);
390 			j >>= 1;
391 		}
392 	}
393 }
394 
395 static int
396 vncaddkey(Key *k)
397 {
398 	uchar *p;
399 	char *s;
400 
401 	k->priv = emalloc(8+1);
402 	if(s = _str_findattr(k->privattr, "!password")){
403 		mktab();
404 		memset(k->priv, 0, 8+1);
405 		strncpy((char*)k->priv, s, 8);
406 		for(p=k->priv; *p; p++)
407 			*p = tab[*p];
408 	}else{
409 		werrstr("no key data");
410 		return -1;
411 	}
412 	return replacekey(k);
413 }
414 
415 static void
416 vncclosekey(Key *k)
417 {
418 	free(k->priv);
419 }
420 
421 static int
422 vncresponse(Fsstate*, State *s)
423 {
424 	DESstate des;
425 
426 	memmove(s->resp, s->chal, sizeof s->chal);
427 	setupDESstate(&des, s->key->priv, nil);
428 	desECBencrypt((uchar*)s->resp, s->challen, &des);
429 	s->resplen = s->challen;
430 	return RpcOk;
431 }
432 
433 static int
434 p9crwrite(Fsstate *fss, void *va, uint n)
435 {
436 	char tbuf[TICKETLEN+AUTHENTLEN];
437 	State *s;
438 	char *data = va;
439 	Authenticator a;
440 	char resp[Maxchal];
441 	int ret;
442 
443 	s = fss->ps;
444 	switch(fss->phase){
445 	default:
446 		return phaseerror(fss, "write");
447 
448 	case CNeedChal:
449 		if(n >= sizeof(s->chal))
450 			return failure(fss, Ebadarg);
451 		memset(s->chal, 0, sizeof s->chal);
452 		memmove(s->chal, data, n);
453 		s->challen = n;
454 
455 		if(s->astype == AuthChal)
456 			ret = p9response(fss, s);
457 		else
458 			ret = vncresponse(fss, s);
459 		if(ret != RpcOk)
460 			return ret;
461 		fss->phase = CHaveResp;
462 		return RpcOk;
463 
464 	case SNeedResp:
465 		/* send response to auth server and get ticket */
466 		if(n > sizeof(resp))
467 			return failure(fss, Ebadarg);
468 		memset(resp, 0, sizeof resp);
469 		memmove(resp, data, n);
470 		if(write(s->asfd, resp, s->challen) != s->challen)
471 			return failure(fss, Easproto);
472 
473 		/* get ticket plus authenticator from auth server */
474 		if(_asrdresp(s->asfd, tbuf, TICKETLEN+AUTHENTLEN) < 0)
475 			return failure(fss, nil);
476 
477 		/* check ticket */
478 		convM2T(tbuf, &s->t, s->key->priv);
479 		if(s->t.num != AuthTs
480 		|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0)
481 			return failure(fss, Easproto);
482 		convM2A(tbuf+TICKETLEN, &a, s->t.key);
483 		if(a.num != AuthAc
484 		|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
485 		|| a.id != 0)
486 			return failure(fss, Easproto);
487 
488 		fss->haveai = 1;
489 		fss->ai.cuid = s->t.cuid;
490 		fss->ai.suid = s->t.suid;
491 		fss->ai.nsecret = 0;
492 		fss->ai.secret = nil;
493 		fss->phase = Established;
494 		return RpcOk;
495 	}
496 }
497 
498 static int
499 getchal(State *s, Fsstate *fss)
500 {
501 	char trbuf[TICKREQLEN];
502 	int n;
503 
504 	safecpy(s->tr.hostid, _str_findattr(s->key->attr, "user"), sizeof(s->tr.hostid));
505 	safecpy(s->tr.authdom, _str_findattr(s->key->attr, "dom"), sizeof(s->tr.authdom));
506 	s->tr.type = s->astype;
507 	convTR2M(&s->tr, trbuf);
508 
509 	/* get challenge from auth server */
510 	s->asfd = _authdial(nil, _str_findattr(s->key->attr, "dom"));
511 	if(s->asfd < 0)
512 		return failure(fss, Easproto);
513 	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN)
514 		return failure(fss, Easproto);
515 	n = _asrdresp(s->asfd, s->chal, s->challen);
516 	if(n <= 0){
517 		if(n == 0)
518 			werrstr("_asrdresp short read");
519 		return failure(fss, nil);
520 	}
521 	s->challen = n;
522 	fss->phase = SHaveChal;
523 	return RpcOk;
524 }
525 
526 Proto p9cr =
527 {
528 .name=		"p9cr",
529 .init=		p9crinit,
530 .write=		p9crwrite,
531 .read=		p9crread,
532 .close=		p9crclose,
533 .keyprompt=	"user? !password?",
534 };
535 
536 Proto vnc =
537 {
538 .name=		"vnc",
539 .init=		p9crinit,
540 .write=		p9crwrite,
541 .read=		p9crread,
542 .close=		p9crclose,
543 .keyprompt=	"!password?",
544 .addkey=	vncaddkey,
545 };