1 /*
2  * p9cr, vnc - one-sided challenge/response authentication
3  *
4  * Protocol:
5  *
6  *	C -> S: user
7  *	S -> C: challenge
8  *	C -> S: response
9  *	S -> C: ok or bad
10  *
11  * Note that this is the protocol between factotum and the local
12  * program, not between the two factotums.  The information 
13  * exchanged here is wrapped in other protocols by the local
14  * programs.
15  */
16 
17 #include "std.h"
18 #include "dat.h"
19 
20 static int
21 p9crclient(Conv *c)
22 {
23 	char *chal, *pw, *res, *user;
24 	int astype, nchal, npw, ntry, ret;
25 	uchar resp[MD5dlen];
26 	Attr *attr;
27 	DigestState *ds;
28 	Key *k;
29 	
30 	chal = nil;
31 	k = nil;
32 	res = nil;
33 	ret = -1;
34 	attr = c->attr;
35 
36 	if(c->proto == &p9cr){
37 		astype = AuthChal;
38 		challen = NETCHLEN;
39 	}else if(c->proto == &vnc){
40 		astype = AuthVnc;
41 		challen = MAXCHAL;
42 	}else{
43 		werrstr("bad proto");
44 		goto out;
45 	}
46 
47 	c->state = "find key";
48 	k = keyfetch(c, "%A %s", attr, c->proto->keyprompt);
49 	if(k == nil)
50 		goto out;
51 
52 	for(ntry=1;; ntry++){
53 		if(c->attr != attr)
54 			freeattr(c->attr);
55 		c->attr = addattrs(copyattr(attr), k->attr);
56 		if((pw = strfindattr(k->privattr, "!password")) == nil){
57 			werrstr("key has no !password (cannot happen)");
58 			goto out;
59 		}
60 		npw = strlen(pw);
61 
62 		if((user = strfindattr(k->attr, "user")) == nil){
63 			werrstr("key has no user (cannot happen)");
64 			goto out;
65 		}
66 
67 		if(convprint(c, "%s", user) < 0)
68 			goto out;
69 
70 		if(convreadm(c, &chal) < 0)
71 			goto out;
72 
73 		if((nresp = (*response)(chal, resp)) < 0)
74 			goto out;
75 
76 		if(convwrite(c, resp, nresp) < 0)
77 			goto out;
78 
79 		if(convreadm(c, &res) < 0)
80 			goto out;
81 
82 		if(strcmp(res, "ok") == 0)
83 			break;
84 
85 		if((k = keyreplace(c, k, "%s", res)) == nil){
86 			c->state = "auth failed";
87 			werrstr("%s", res);
88 			goto out;
89 		}
90 	}
91 
92 	werrstr("succeeded");
93 	ret = 0;
94 
95 out:
96 	keyclose(k);
97 	free(chal);
98 	if(c->attr != attr)
99 		freeattr(attr);
100 	return ret;
101 }
102 
103 static int
104 p9crserver(Conv *c)
105 {
106 	char chal[MAXCHAL], *user, *resp;
107 	int astype, challen, asfd, fd, ret;
108 	Attr *a;
109 	Key *k;
110 	char *hostid, *dom;
111 
112 	ret = -1;
113 	user = nil;
114 	resp = nil;
115 	memset(&s, 0, sizeof s);
116 	s.asfd = -1;
117 
118 	if(c->proto == &p9cr){
119 		astype = AuthChal;
120 		challen = NETCHLEN;
121 	}else if(c->proto == &vnc){
122 		astype = AuthVnc;
123 		challen = MAXCHAL;
124 	}else{
125 		werrstr("bad proto");
126 		goto out;
127 	}
128 
129 	c->state = "find key";
130 	if((k = plan9authkey(c->attr)) == nil)
131 		goto out;
132 
133 /*
134 	a = copyattr(k->attr);
135 	a = delattr(a, "proto");
136 	c->attr = addattrs(c->attr, a);
137 	freeattr(a);
138 */
139 
140 	c->state = "authdial";
141 	hostid = strfindattr(s.k->attr, "user");
142 	dom = strfindattr(s.k->attr, "dom");
143 	if((asfd = xioauthdial(nil, s.dom)) < 0){
144 		werrstr("authdial %s: %r", s.dom);
145 		goto out;
146 	}
147 
148 	c->state = "authchal";
149 	if(p9crchal(&s, astype, chal) < 0)
150 		goto out;
151 
152 	c->state = "write challenge";
153 	if(convprint(c, "%s", chal) < 0)
154 		goto out;
155 
156 	for(;;){
157 		c->state = "read user";
158 		if(convreadm(c, &user) < 0)
159 			goto out;
160 
161 		c->state = "read response";
162 		if(convreadm(c, &resp) < 0)
163 			goto out;
164 
165 		c->state = "authwrite";
166 		switch(apopresp(&s, user, resp)){
167 		case -1:
168 			goto out;
169 		case 0:
170 			c->state = "write status";
171 			if(convprint(c, "bad authentication failed") < 0)
172 				goto out;
173 			break;
174 		case 1:
175 			c->state = "write status";
176 			if(convprint(c, "ok") < 0)
177 				goto out;
178 			goto ok;
179 		}
180 		free(user);
181 		free(resp);
182 		user = nil;
183 		resp = nil;
184 	}
185 
186 ok:
187 	ret = 0;
188 	c->attr = addcap(c->attr, c->sysuser, &s.t);
189 
190 out:
191 	keyclose(s.k);
192 	free(user);
193 	free(resp);
194 	xioclose(s.asfd);
195 	return ret;
196 }
197 
198 enum
199 {
200 	MAXCHAL = 64,
201 };
202 
203 typedef struct State State;
204 struct State
205 {
206 	Key	*key;
207 	int	astype;
208 	int	asfd;
209 	Ticket	t;
210 	Ticketreq tr;
211 	char	chal[MAXCHAL];
212 	int	challen;
213 	char	resp[MAXCHAL];
214 	int	resplen;
215 };
216 
217 enum
218 {
219 	CNeedChal,
220 	CHaveResp,
221 
222 	SHaveChal,
223 	SNeedResp,
224 
225 	Maxphase,
226 };
227 
228 static char *phasenames[Maxphase] =
229 {
230 [CNeedChal]	"CNeedChal",
231 [CHaveResp]	"CHaveResp",
232 
233 [SHaveChal]	"SHaveChal",
234 [SNeedResp]	"SNeedResp",
235 };
236 
237 static void
238 p9crclose(Fsstate *fss)
239 {
240 	State *s;
241 
242 	s = fss->ps;
243 	if(s->asfd >= 0){
244 		close(s->asfd);
245 		s->asfd = -1;
246 	}
247 	free(s);
248 }
249 
250 static int getchal(State*, Fsstate*);
251 
252 static int
253 p9crinit(Proto *p, Fsstate *fss)
254 {
255 	int iscli, ret;
256 	char *user;
257 	State *s;
258 	Attr *attr;
259 
260 	if((iscli = isclient(_str_findattr(fss->attr, "role"))) < 0)
261 		return failure(fss, nil);
262 	
263 	s = emalloc(sizeof(*s));
264 	s->asfd = -1;
265 	if(p == &p9cr){
266 		s->astype = AuthChal;
267 		s->challen = NETCHLEN;
268 	}else if(p == &vnc){
269 		s->astype = AuthVNC;
270 		s->challen = Maxchal;
271 	}else
272 		abort();
273 
274 	if(iscli){
275 		fss->phase = CNeedChal;
276 		if(p == &p9cr)
277 			attr = setattr(_copyattr(fss->attr), "proto=p9sk1");
278 		else
279 			attr = nil;
280 		ret = findkey(&s->key, fss, Kuser, 0, attr ? attr : fss->attr,
281 			"role=client %s", p->keyprompt);
282 		_freeattr(attr);
283 		if(ret != RpcOk){
284 			free(s);
285 			return ret;
286 		}
287 		fss->ps = s;
288 	}else{
289 		if((ret = findp9authkey(&s->key, fss)) != RpcOk){
290 			free(s);
291 			return ret;
292 		}
293 		if((user = _str_findattr(fss->attr, "user")) == nil){
294 			free(s);
295 			return failure(fss, "no user name specified in start msg");
296 		}
297 		if(strlen(user) >= sizeof s->tr.uid){
298 			free(s);
299 			return failure(fss, "user name too long");
300 		}
301 		fss->ps = s;
302 		strcpy(s->tr.uid, user);
303 		ret = getchal(s, fss);
304 		if(ret != RpcOk){
305 			p9crclose(fss);	/* frees s */
306 			fss->ps = nil;
307 		}
308 	}
309 	fss->phasename = phasenames;
310 	fss->maxphase = Maxphase;
311 	return ret;
312 }
313 
314 static int
315 p9crread(Fsstate *fss, void *va, uint *n)
316 {
317 	int m;
318 	State *s;
319 
320 	s = fss->ps;
321 	switch(fss->phase){
322 	default:
323 		return phaseerror(fss, "read");
324 
325 	case CHaveResp:
326 		if(s->resplen < *n)
327 			*n = s->resplen;
328 		memmove(va, s->resp, *n);
329 		fss->phase = Established;
330 		return RpcOk;
331 
332 	case SHaveChal:
333 		if(s->astype == AuthChal)
334 			m = strlen(s->chal);	/* ascii string */
335 		else
336 			m = s->challen;		/* fixed length binary */
337 		if(m > *n)
338 			return toosmall(fss, m);
339 		*n = m;
340 		memmove(va, s->chal, m);
341 		fss->phase = SNeedResp;
342 		return RpcOk;
343 	}
344 }
345 
346 static int
347 p9response(Fsstate *fss, State *s)
348 {
349 	char key[DESKEYLEN];
350 	uchar buf[8];
351 	ulong chal;
352 	char *pw;
353 
354 	pw = _str_findattr(s->key->privattr, "!password");
355 	if(pw == nil)
356 		return failure(fss, "vncresponse cannot happen");
357 	passtokey(key, pw);
358 	memset(buf, 0, 8);
359 	sprint((char*)buf, "%d", atoi(s->chal));
360 	if(encrypt(key, buf, 8) < 0)
361 		return failure(fss, "can't encrypt response");
362 	chal = (buf[0]<<24)+(buf[1]<<16)+(buf[2]<<8)+buf[3];
363 	s->resplen = snprint(s->resp, sizeof s->resp, "%.8lux", chal);
364 	return RpcOk;
365 }
366 
367 static uchar tab[256];
368 
369 /* VNC reverses the bits of each byte before using as a des key */
370 static void
371 mktab(void)
372 {
373 	int i, j, k;
374 	static int once;
375 
376 	if(once)
377 		return;
378 	once = 1;
379 
380 	for(i=0; i<256; i++) {
381 		j=i;
382 		tab[i] = 0;
383 		for(k=0; k<8; k++) {
384 			tab[i] = (tab[i]<<1) | (j&1);
385 			j >>= 1;
386 		}
387 	}
388 }
389 
390 static int
391 vncaddkey(Key *k)
392 {
393 	uchar *p;
394 	char *s;
395 
396 	k->priv = emalloc(8+1);
397 	if(s = _str_findattr(k->privattr, "!password")){
398 		mktab();
399 		memset(k->priv, 0, 8+1);
400 		strncpy((char*)k->priv, s, 8);
401 		for(p=k->priv; *p; p++)
402 			*p = tab[*p];
403 	}else{
404 		werrstr("no key data");
405 		return -1;
406 	}
407 	return replacekey(k);
408 }
409 
410 static void
411 vncclosekey(Key *k)
412 {
413 	free(k->priv);
414 }
415 
416 static int
417 vncresponse(Fsstate*, State *s)
418 {
419 	DESstate des;
420 
421 	memmove(s->resp, s->chal, sizeof s->chal);
422 	setupDESstate(&des, s->key->priv, nil);
423 	desECBencrypt((uchar*)s->resp, s->challen, &des);
424 	s->resplen = s->challen;
425 	return RpcOk;
426 }
427 
428 static int
429 p9crwrite(Fsstate *fss, void *va, uint n)
430 {
431 	char tbuf[TICKETLEN+AUTHENTLEN];
432 	State *s;
433 	char *data = va;
434 	Authenticator a;
435 	char resp[Maxchal];
436 	int ret;
437 
438 	s = fss->ps;
439 	switch(fss->phase){
440 	default:
441 		return phaseerror(fss, "write");
442 
443 	case CNeedChal:
444 		if(n >= sizeof(s->chal))
445 			return failure(fss, Ebadarg);
446 		memset(s->chal, 0, sizeof s->chal);
447 		memmove(s->chal, data, n);
448 		s->challen = n;
449 
450 		if(s->astype == AuthChal)
451 			ret = p9response(fss, s);
452 		else
453 			ret = vncresponse(fss, s);
454 		if(ret != RpcOk)
455 			return ret;
456 		fss->phase = CHaveResp;
457 		return RpcOk;
458 
459 	case SNeedResp:
460 		/* send response to auth server and get ticket */
461 		if(n > sizeof(resp))
462 			return failure(fss, Ebadarg);
463 		memset(resp, 0, sizeof resp);
464 		memmove(resp, data, n);
465 		if(write(s->asfd, resp, s->challen) != s->challen)
466 			return failure(fss, Easproto);
467 
468 		/* get ticket plus authenticator from auth server */
469 		if(_asrdresp(s->asfd, tbuf, TICKETLEN+AUTHENTLEN) < 0)
470 			return failure(fss, nil);
471 
472 		/* check ticket */
473 		convM2T(tbuf, &s->t, s->key->priv);
474 		if(s->t.num != AuthTs
475 		|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0)
476 			return failure(fss, Easproto);
477 		convM2A(tbuf+TICKETLEN, &a, s->t.key);
478 		if(a.num != AuthAc
479 		|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
480 		|| a.id != 0)
481 			return failure(fss, Easproto);
482 
483 		fss->haveai = 1;
484 		fss->ai.cuid = s->t.cuid;
485 		fss->ai.suid = s->t.suid;
486 		fss->ai.nsecret = 0;
487 		fss->ai.secret = nil;
488 		fss->phase = Established;
489 		return RpcOk;
490 	}
491 }
492 
493 static int
494 getchal(State *s, Fsstate *fss)
495 {
496 	char trbuf[TICKREQLEN];
497 	int n;
498 
499 	safecpy(s->tr.hostid, _str_findattr(s->key->attr, "user"), sizeof(s->tr.hostid));
500 	safecpy(s->tr.authdom, _str_findattr(s->key->attr, "dom"), sizeof(s->tr.authdom));
501 	s->tr.type = s->astype;
502 	convTR2M(&s->tr, trbuf);
503 
504 	/* get challenge from auth server */
505 	s->asfd = _authdial(nil, _str_findattr(s->key->attr, "dom"));
506 	if(s->asfd < 0)
507 		return failure(fss, Easproto);
508 	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN)
509 		return failure(fss, Easproto);
510 	n = _asrdresp(s->asfd, s->chal, s->challen);
511 	if(n <= 0){
512 		if(n == 0)
513 			werrstr("_asrdresp short read");
514 		return failure(fss, nil);
515 	}
516 	s->challen = n;
517 	fss->phase = SHaveChal;
518 	return RpcOk;
519 }
520 
521 Proto p9cr =
522 {
523 .name=		"p9cr",
524 .init=		p9crinit,
525 .write=		p9crwrite,
526 .read=		p9crread,
527 .close=		p9crclose,
528 .keyprompt=	"user? !password?",
529 };
530 
531 Proto vnc =
532 {
533 .name=		"vnc",
534 .init=		p9crinit,
535 .write=		p9crwrite,
536 .read=		p9crread,
537 .close=		p9crclose,
538 .keyprompt=	"!password?",
539 .addkey=	vncaddkey,
540 };