Blob


1 #include <u.h>
2 #include <libc.h>
3 #include <authsrv.h>
5 static long finddosfile(int, char*);
7 static int
8 check(void *x, int len, uchar sum, char *msg)
9 {
10 if(nvcsum(x, len) == sum)
11 return 0;
12 memset(x, 0, len);
13 fprint(2, "%s\n", msg);
14 return 1;
15 }
17 /*
18 * get key info out of nvram. since there isn't room in the PC's nvram use
19 * a disk partition there.
20 */
21 static struct {
22 char *cputype;
23 char *file;
24 int off;
25 int len;
26 } nvtab[] = {
27 "sparc", "#r/nvram", 1024+850, sizeof(Nvrsafe),
28 "pc", "#S/sdC0/nvram", 0, sizeof(Nvrsafe),
29 "pc", "#S/sdC0/9fat", -1, sizeof(Nvrsafe),
30 "pc", "#S/sdC1/nvram", 0, sizeof(Nvrsafe),
31 "pc", "#S/sdC1/9fat", -1, sizeof(Nvrsafe),
32 "pc", "#S/sd00/nvram", 0, sizeof(Nvrsafe),
33 "pc", "#S/sd00/9fat", -1, sizeof(Nvrsafe),
34 "pc", "#S/sd01/nvram", 0, sizeof(Nvrsafe),
35 "pc", "#S/sd01/9fat", -1, sizeof(Nvrsafe),
36 "pc", "#f/fd0disk", -1, 512, /* 512: #f requires whole sector reads */
37 "pc", "#f/fd1disk", -1, 512,
38 "mips", "#r/nvram", 1024+900, sizeof(Nvrsafe),
39 "power", "#F/flash/flash0", 0x440000, sizeof(Nvrsafe),
40 "power", "#r/nvram", 4352, sizeof(Nvrsafe), /* OK for MTX-604e */
41 "debug", "/tmp/nvram", 0, sizeof(Nvrsafe),
42 };
44 static char*
45 xreadcons(char *prompt, char *def, int secret, char *buf, int nbuf)
46 {
47 char *p;
49 p = readcons(prompt, def, secret);
50 if(p == nil)
51 return nil;
52 strecpy(buf, buf+nbuf, p);
53 memset(p, 0, strlen(p));
54 free(p);
55 return buf;
56 }
58 /*
59 * get key info out of nvram. since there isn't room in the PC's nvram use
60 * a disk partition there.
61 */
62 int
63 readnvram(Nvrsafe *safep, int flag)
64 {
65 char buf[1024], in[128], *cputype, *nvrfile, *nvrlen, *nvroff, *v[2];
66 int fd, err, i, safeoff, safelen;
67 Nvrsafe *safe;
69 err = 0;
70 memset(safep, 0, sizeof(*safep));
72 nvrfile = getenv("nvram");
73 cputype = getenv("cputype");
74 if(cputype == nil)
75 cputype = "mips";
76 if(strcmp(cputype, "386")==0 || strcmp(cputype, "alpha")==0)
77 cputype = "pc";
79 safe = (Nvrsafe*)buf;
81 fd = -1;
82 safeoff = -1;
83 safelen = -1;
84 if(nvrfile != nil){
85 /* accept device and device!file */
86 i = gettokens(nvrfile, v, nelem(v), "!");
87 fd = open(v[0], ORDWR);
88 safelen = sizeof(Nvrsafe);
89 if(strstr(v[0], "/9fat") == nil)
90 safeoff = 0;
91 nvrlen = getenv("nvrlen");
92 if(nvrlen != nil)
93 safelen = atoi(nvrlen);
94 nvroff = getenv("nvroff");
95 if(nvroff != nil){
96 if(strcmp(nvroff, "dos") == 0)
97 safeoff = -1;
98 else
99 safeoff = atoi(nvroff);
101 if(safeoff < 0 && fd >= 0){
102 safelen = 512;
103 safeoff = finddosfile(fd, i == 2 ? v[1] : "plan9.nvr");
104 if(safeoff < 0){
105 close(fd);
106 fd = -1;
109 free(nvrfile);
110 if(nvrlen != nil)
111 free(nvrlen);
112 if(nvroff != nil)
113 free(nvroff);
114 }else{
115 for(i=0; i<nelem(nvtab); i++){
116 if(strcmp(cputype, nvtab[i].cputype) != 0)
117 continue;
118 if((fd = open(nvtab[i].file, ORDWR)) < 0)
119 continue;
120 safeoff = nvtab[i].off;
121 safelen = nvtab[i].len;
122 if(safeoff == -1){
123 safeoff = finddosfile(fd, "plan9.nvr");
124 if(safeoff < 0){
125 close(fd);
126 fd = -1;
127 continue;
130 break;
134 if(fd < 0
135 || seek(fd, safeoff, 0) < 0
136 || read(fd, buf, safelen) != safelen){
137 err = 1;
138 if(flag&(NVwrite|NVwriteonerr))
139 fprint(2, "can't read nvram: %r\n");
140 memset(safep, 0, sizeof(*safep));
141 safe = safep;
142 }else{
143 *safep = *safe;
144 safe = safep;
146 err |= check(safe->machkey, DESKEYLEN, safe->machsum, "bad nvram key");
147 // err |= check(safe->config, CONFIGLEN, safe->configsum, "bad secstore key");
148 err |= check(safe->authid, ANAMELEN, safe->authidsum, "bad authentication id");
149 err |= check(safe->authdom, DOMLEN, safe->authdomsum, "bad authentication domain");
152 if((flag&NVwrite) || (err && (flag&NVwriteonerr))){
153 xreadcons("authid", nil, 0, safe->authid, sizeof(safe->authid));
154 xreadcons("authdom", nil, 0, safe->authdom, sizeof(safe->authdom));
155 xreadcons("secstore key", nil, 1, safe->config, sizeof(safe->config));
156 for(;;){
157 if(xreadcons("password", nil, 1, in, sizeof in) == nil)
158 goto Out;
159 if(passtokey(safe->machkey, in))
160 break;
162 safe->machsum = nvcsum(safe->machkey, DESKEYLEN);
163 safe->configsum = nvcsum(safe->config, CONFIGLEN);
164 safe->authidsum = nvcsum(safe->authid, sizeof(safe->authid));
165 safe->authdomsum = nvcsum(safe->authdom, sizeof(safe->authdom));
166 *(Nvrsafe*)buf = *safe;
167 if(seek(fd, safeoff, 0) < 0
168 || write(fd, buf, safelen) != safelen){
169 fprint(2, "can't write key to nvram: %r\n");
170 err = 1;
171 }else
172 err = 0;
174 Out:
175 close(fd);
176 return err ? -1 : 0;
179 typedef struct Dosboot Dosboot;
180 struct Dosboot{
181 uchar magic[3]; /* really an xx86 JMP instruction */
182 uchar version[8];
183 uchar sectsize[2];
184 uchar clustsize;
185 uchar nresrv[2];
186 uchar nfats;
187 uchar rootsize[2];
188 uchar volsize[2];
189 uchar mediadesc;
190 uchar fatsize[2];
191 uchar trksize[2];
192 uchar nheads[2];
193 uchar nhidden[4];
194 uchar bigvolsize[4];
195 uchar driveno;
196 uchar reserved0;
197 uchar bootsig;
198 uchar volid[4];
199 uchar label[11];
200 uchar type[8];
201 };
202 #define GETSHORT(p) (((p)[1]<<8) | (p)[0])
203 #define GETLONG(p) ((GETSHORT((p)+2) << 16) | GETSHORT((p)))
205 typedef struct Dosdir Dosdir;
206 struct Dosdir
208 char name[8];
209 char ext[3];
210 uchar attr;
211 uchar reserved[10];
212 uchar time[2];
213 uchar date[2];
214 uchar start[2];
215 uchar length[4];
216 };
218 static char*
219 dosparse(char *from, char *to, int len)
221 char c;
223 memset(to, ' ', len);
224 if(from == 0)
225 return 0;
226 while(len-- > 0){
227 c = *from++;
228 if(c == '.')
229 return from;
230 if(c == 0)
231 break;
232 if(c >= 'a' && c <= 'z')
233 *to++ = c + 'A' - 'a';
234 else
235 *to++ = c;
237 return 0;
240 /*
241 * return offset of first file block
243 * This is a very simplistic dos file system. It only
244 * works on floppies, only looks in the root, and only
245 * returns a pointer to the first block of a file.
247 * This exists for cpu servers that have no hard disk
248 * or nvram to store the key on.
250 * Please don't make this any smarter: it stays resident
251 * and I'ld prefer not to waste the space on something that
252 * runs only at boottime -- presotto.
253 */
254 static long
255 finddosfile(int fd, char *file)
257 uchar secbuf[512];
258 char name[8];
259 char ext[3];
260 Dosboot *b;
261 Dosdir *root, *dp;
262 int nroot, sectsize, rootoff, rootsects, n;
264 /* dos'ize file name */
265 file = dosparse(file, name, 8);
266 dosparse(file, ext, 3);
268 /* read boot block, check for sanity */
269 b = (Dosboot*)secbuf;
270 if(read(fd, secbuf, sizeof(secbuf)) != sizeof(secbuf))
271 return -1;
272 if(b->magic[0] != 0xEB || b->magic[1] != 0x3C || b->magic[2] != 0x90)
273 return -1;
274 sectsize = GETSHORT(b->sectsize);
275 if(sectsize != 512)
276 return -1;
277 rootoff = (GETSHORT(b->nresrv) + b->nfats*GETSHORT(b->fatsize)) * sectsize;
278 if(seek(fd, rootoff, 0) < 0)
279 return -1;
280 nroot = GETSHORT(b->rootsize);
281 rootsects = (nroot*sizeof(Dosdir)+sectsize-1)/sectsize;
282 if(rootsects <= 0 || rootsects > 64)
283 return -1;
285 /*
286 * read root. it is contiguous to make stuff like
287 * this easier
288 */
289 root = malloc(rootsects*sectsize);
290 if(read(fd, root, rootsects*sectsize) != rootsects*sectsize)
291 return -1;
292 n = -1;
293 for(dp = root; dp < &root[nroot]; dp++)
294 if(memcmp(name, dp->name, 8) == 0 && memcmp(ext, dp->ext, 3) == 0){
295 n = GETSHORT(dp->start);
296 break;
298 free(root);
300 if(n < 0)
301 return -1;
303 /*
304 * dp->start is in cluster units, not sectors. The first
305 * cluster is cluster 2 which starts immediately after the
306 * root directory
307 */
308 return rootoff + rootsects*sectsize + (n-2)*sectsize*b->clustsize;