ref: 3f869a689403c385ca761be5535a5de2db054db4
dir: /sys/src/cmd/disk/kfs/auth.c/
/* * Network listening authentication. * This and all the other network-related * code is due to Richard Miller. */ #include "all.h" #include "9p1.h" int allownone; Nvrsafe nvr; int didread; /* * create a challenge for a fid space */ void mkchallenge(Chan *cp) { int i; if(!didread && readnvram(&nvr, 0) >= 0) didread = 1; srand(truerand()); for(i = 0; i < CHALLEN; i++) cp->chal[i] = nrand(256); cp->idoffset = 0; cp->idvec = 0; } /* * match a challenge from an attach */ Nvrsafe nvr; int authorize(Chan *cp, Oldfcall *in, Oldfcall *ou) { Ticket t; Authenticator a; int x; ulong bit; if (cp == cons.srvchan) /* local channel already safe */ return 1; if(wstatallow) /* set to allow entry during boot */ return 1; if(strcmp(in->uname, "none") == 0) return allownone || cp->authed; if(in->type == Toattach9p1) return 0; if(!didread) return 0; /* decrypt and unpack ticket */ convM2T(in->ticket, &t, nvr.machkey); if(t.num != AuthTs){ print("bad AuthTs num\n"); return 0; } /* decrypt and unpack authenticator */ convM2A(in->auth, &a, t.key); if(a.num != AuthAc){ print("bad AuthAc num\n"); return 0; } /* challenges must match */ if(memcmp(a.chal, cp->chal, sizeof(a.chal)) != 0){ print("bad challenge\n"); return 0; } /* * the id must be in a valid range. the range is specified by a * lower bount (idoffset) and a bit vector (idvec) where a * bit set to 1 means unusable */ lock(&cp->idlock); x = a.id - cp->idoffset; bit = 1<<x; if(x < 0 || x > 31 || (bit&cp->idvec)){ unlock(&cp->idlock); return 0; } cp->idvec |= bit; /* normalize the vector */ while(cp->idvec&0xffff0001){ cp->idvec >>= 1; cp->idoffset++; } unlock(&cp->idlock); /* ticket name and attach name must match */ if(memcmp(in->uname, t.cuid, sizeof(in->uname)) != 0){ print("names don't match\n"); return 0; } /* copy translated name into input record */ memmove(in->uname, t.suid, sizeof(in->uname)); /* craft a reply */ a.num = AuthAs; memmove(a.chal, cp->rchal, CHALLEN); convA2M(&a, ou->rauth, t.key); cp->authed = 1; return 1; }