shithub: riscv

Download patch

ref: 27498dd63a199bb634bbf23e62edb345814626c9
parent: 27485e62d195b688cfefbebaac82533f3510b570
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat Feb 25 21:21:49 EST 2017 

authsrv: fix mkkey() dummy key generation (thanks aiju)


--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -41,7 +41,7 @@
 void	replyerror(char*, ...);
 void	getraddr(char*);
 void	initkeyseed(void);
-void	mkkey(Keyslot*);
+void	mkkey(char*, Authkey*);
 void	mkticket(Ticketreq*, Ticket*);
 void	nthash(uchar hash[MShashlen], char *passwd);
 void	lmhash(uchar hash[MShashlen], char *passwd);
@@ -130,7 +130,7 @@
 	safecpy(k->id, u, sizeof(k->id));
 	if(!findkey(KEYDB, k->id, k) || tsmemcmp(k->aes, zeros, AESKEYLEN) == 0) {
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(k);
+		mkkey(k->id, k);
 		authpak_hash(k, k->id);
 	}
 	authpak_new(&p, k, y, 0);
@@ -200,18 +200,18 @@
 		exits(0);
 	if(!getkey(tr->authid, &akey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(&akey);
+		mkkey(tr->authid, &akey);
 		syslog(0, AUTHLOG, "tr-fail authid %s", tr->authid);
 	}
 	if(!getkey(tr->hostid, &hkey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(&hkey);
+		mkkey(tr->hostid, &hkey);
 		syslog(0, AUTHLOG, "tr-fail hostid %s(%s)", tr->hostid, raddr);
 	}
 	mkticket(tr, &t);
 	if(!speaksfor(tr->hostid, tr->uid)){
-		mkkey(&akey);
-		mkkey(&hkey);
+		mkkey(tr->authid, &akey);
+		mkkey(tr->hostid, &hkey);
 		syslog(0, AUTHLOG, "tr-fail %s@%s(%s) -> %s@%s no speaks for",
 			tr->uid, tr->hostid, raddr, tr->uid, tr->authid);
 	}
@@ -247,7 +247,7 @@
 
 	if(!getkey(tr->hostid, &hkey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(&hkey);
+		mkkey(tr->hostid, &hkey);
 		syslog(0, AUTHLOG, "cr-fail hostid %s %s@%s", tr->hostid, tr->uid, raddr);
 	}
 
@@ -290,7 +290,7 @@
 
 	if(!getkey(tr->uid, &ukey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(&ukey);
+		mkkey(tr->uid, &ukey);
 		syslog(0, AUTHLOG, "cp-fail uid %s@%s", tr->uid, raddr);
 	}
 
@@ -541,7 +541,7 @@
 	memset(sbuf, 0, sizeof(sbuf));
 	secret = findsecret(KEYDB, tr->uid, sbuf);
 	if(!getkey(tr->hostid, &hkey) || secret == nil){
-		mkkey(&hkey);
+		mkkey(tr->hostid, &hkey);
 		genrandom((uchar*)sbuf, sizeof(sbuf));
 		secret = sbuf;
 	}
@@ -1018,10 +1018,9 @@
 }
 
 void
-mkkey(Keyslot *k)
+mkkey(char *id, Authkey *a)
 {
 	uchar h[SHA2_256dlen];
-	Authkey *a = k;
 
 	genrandom((uchar*)a, sizeof(Authkey));
 
@@ -1029,7 +1028,7 @@
 	 * the DES key has to be constant for a user in each response,
 	 * so we make one up pseudo randomly from a keyseed and user name.
 	 */
-	hmac_sha2_256((uchar*)k->id, strlen(k->id), keyseed, sizeof(keyseed), h, nil);
+	hmac_sha2_256((uchar*)id, strlen(id), keyseed, sizeof(keyseed), h, nil);
 	memmove(a->des, h, DESKEYLEN);
 	memset(h, 0, sizeof(h));
 }