1 #include "std.h"
2 #include "dat.h"
3 #include <bio.h>
4 
5 int
6 memrandom(void *p, int n)
7 {
8 	uchar *cp;
9 
10 	for(cp = (uchar*)p; n > 0; n--)
11 		*cp++ = fastrand();
12 	return 0;
13 }
14 
15 /*
16  *  create a change uid capability 
17  */
18 static int caphashfd;
19 
20 static char*
21 mkcap(char *from, char *to)
22 {
23 	uchar rand[20];
24 	char *cap;
25 	char *key;
26 	int nfrom, nto;
27 	uchar hash[SHA1dlen];
28 
29 	if(caphashfd < 0)
30 		return nil;
31 
32 	/* create the capability */
33 	nto = strlen(to);
34 	nfrom = strlen(from);
35 	cap = emalloc(nfrom+1+nto+1+sizeof(rand)*3+1);
36 	sprint(cap, "%s@%s", from, to);
37 	memrandom(rand, sizeof(rand));
38 	key = cap+nfrom+1+nto+1;
39 	enc64(key, sizeof(rand)*3, rand, sizeof(rand));
40 
41 	/* hash the capability */
42 	hmac_sha1((uchar*)cap, strlen(cap), (uchar*)key, strlen(key), hash, nil);
43 
44 	/* give the kernel the hash */
45 	key[-1] = '@';
46 	if(write(caphashfd, hash, SHA1dlen) < 0){
47 		free(cap);
48 		return nil;
49 	}
50 
51 	return cap;
52 }
53 
54 Attr*
55 addcap(Attr *a, char *from, Ticket *t)
56 {
57 	char *cap;
58 
59 	cap = mkcap(from, t->suid);
60 	return addattr(a, "cuid=%q suid=%q cap=%q", t->cuid, t->suid, cap);
61 }
62 
63 /* bind in the default network and cs */
64 static int
65 bindnetcs(void)
66 {
67 	int srvfd;
68 
69 	if(access("/net/tcp", AEXIST) < 0)
70 		bind("#I", "/net", MBEFORE);
71 
72 	if(access("/net/cs", AEXIST) < 0){
73 		if((srvfd = open("#s/cs", ORDWR)) >= 0){
74 			/* mount closes srvfd on success */
75 			if(mount(srvfd, -1, "/net", MBEFORE, "") >= 0)
76 				return 0;
77 			close(srvfd);
78 		}
79 		return -1;
80 	}
81 	return 0;
82 }
83 
84 int
85 _authdial(char *net, char *authdom)
86 {
87 	int vanilla;
88 
89 	vanilla = net==nil || strcmp(net, "/net")==0;
90 
91 	if(!vanilla || bindnetcs()>=0)
92 		return authdial(net, authdom);
93 
94 	/* use the auth sever passed to us as an arg */
95 	if(authaddr == nil)
96 		return -1;
97 	return dial(netmkaddr(authaddr, "tcp", "567"), 0, 0, 0);
98 }
99 
100 Key*
101 plan9authkey(Attr *a)
102 {
103 	char *dom;
104 	Key *k;
105 
106 	/*
107 	 * The only important part of a is dom.
108 	 * We don't care, for example, about user name.
109 	 */
110 	dom = strfindattr(a, "dom");
111 	if(dom)
112 		k = keylookup("proto=p9sk1 role=server user? dom=%q", dom);
113 	else
114 		k = keylookup("proto=p9sk1 role=server user? dom?");
115 	if(k == nil)
116 		werrstr("could not find plan 9 auth key dom %q", dom);
117 	return k;
118 }
119 
120 /*
121  *  prompt for a string with a possible default response
122  */
123 char*
124 readcons(char *prompt, char *def, int raw)
125 {
126 	int fdin, fdout, ctl, n;
127 	char line[10];
128 	char *s;
129 
130 	fdin = open("/dev/cons", OREAD);
131 	if(fdin < 0)
132 		fdin = 0;
133 	fdout = open("/dev/cons", OWRITE);
134 	if(fdout < 0)
135 		fdout = 1;
136 	if(def != nil)
137 		fprint(fdout, "%s[%s]: ", prompt, def);
138 	else
139 		fprint(fdout, "%s: ", prompt);
140 	if(raw){
141 		ctl = open("/dev/consctl", OWRITE);
142 		if(ctl >= 0)
143 			write(ctl, "rawon", 5);
144 	} else
145 		ctl = -1;
146 	s = estrdup("");
147 	for(;;){
148 		n = read(fdin, line, 1);
149 		if(n == 0){
150 		Error:
151 			close(fdin);
152 			close(fdout);
153 			if(ctl >= 0)
154 				close(ctl);
155 			free(s);
156 			return nil;
157 		}
158 		if(n < 0)
159 			goto Error;
160 		if(line[0] == 0x7f)
161 			goto Error;
162 		if(n == 0 || line[0] == '\n' || line[0] == '\r'){
163 			if(raw){
164 				write(ctl, "rawoff", 6);
165 				write(fdout, "\n", 1);
166 			}
167 			close(ctl);
168 			close(fdin);
169 			close(fdout);
170 			if(*s == 0 && def != nil)
171 				s = estrappend(s, "%s", def);
172 			return s;
173 		}
174 		if(line[0] == '\b'){
175 			if(strlen(s) > 0)
176 				s[strlen(s)-1] = 0;
177 		} else if(line[0] == 0x15) {	/* ^U: line kill */
178 			if(def != nil)
179 				fprint(fdout, "\n%s[%s]: ", prompt, def);
180 			else
181 				fprint(fdout, "\n%s: ", prompt);
182 			
183 			s[0] = 0;
184 		} else {
185 			s = estrappend(s, "%c", line[0]);
186 		}
187 	}
188 	return nil; /* not reached */
189 }