ref: c3487a4b49b6988aad0e340ad9e986e4549b9317
parent: 63b18e79252845d09abbad44672eabd9233a911b
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Thu Aug 20 23:16:50 EDT 2015
authsrv: more aes key stuff
--- a/sys/src/cmd/auth/authcmdlib.h
+++ b/sys/src/cmd/auth/authcmdlib.h
@@ -41,6 +41,7 @@
void fail(char*);
int findkey(char*, char*, Authkey*);
char* finddeskey(char*, char*, char*);
+uchar* findaeskey(char*, char*, uchar*);
char* findsecret(char*, char*, char*);
int getauthkey(Authkey*);
long getexpiration(char *db, char *u);
@@ -61,6 +62,7 @@
char* secureidcheck(char*, char*);
int setkey(char*, char*, Authkey*);
char* setdeskey(char*, char*, char*);
+uchar* setaeskey(char*, char*, uchar*);
char* setsecret(char*, char*, char*);
int smartcheck(void*, long, char*);
void succeed(char*);
--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -11,6 +11,7 @@
int debug;
Ndb *db;
char raddr[128];
+uchar zeros[16];
/* Microsoft auth constants */
enum {@@ -31,7 +32,6 @@
void replyerror(char*, ...);
void getraddr(char*);
void mkkey(Authkey*);
-int samekey(Authkey*, Authkey*);
void mkticket(Ticketreq*, Ticket*);
void randombytes(uchar*, int);
void nthash(uchar hash[MShashlen], char *passwd);
@@ -254,10 +254,14 @@
exits(0);
}
passtokey(&nkey, pr.old);
- if(!samekey(&nkey, &okey)){+ if(memcmp(nkey.des, okey.des, DESKEYLEN) != 0){ replyerror("protocol botch2: %s", raddr);continue;
}
+ if(memcmp(okey.aes, zeros, AESKEYLEN) != 0 && memcmp(okey.aes, nkey.aes, AESKEYLEN) != 0){+ replyerror("protocol botch3: %s", raddr);+ continue;
+ }
if(*pr.new){err = okpasswd(pr.new);
if(err){@@ -998,12 +1002,6 @@
mkkey(Authkey *k)
{randombytes((uchar*)k->des, DESKEYLEN);
-}
-
-int
-samekey(Authkey *a, Authkey *b)
-{- return memcmp(a->des, b->des, DESKEYLEN) == 0;
}
void
--- a/sys/src/cmd/auth/lib/readwrite.c
+++ b/sys/src/cmd/auth/lib/readwrite.c
@@ -41,16 +41,34 @@
snprint(filename, sizeof filename, "%s/%s/key", db, user);
n = readfile(filename, key, DESKEYLEN);
if(n != DESKEYLEN)
- return 0;
+ return nil;
else
return key;
}
+uchar*
+findaeskey(char *db, char *user, uchar *key)
+{+ int n;
+ char filename[Maxpath];
+
+ snprint(filename, sizeof filename, "%s/%s/aeskey", db, user);
+ n = readfile(filename, (char*)key, AESKEYLEN);
+ if(n != AESKEYLEN)
+ return nil;
+ else
+ return key;
+}
+
int
findkey(char *db, char *user, Authkey *key)
{+ int ret;
+
memset(key, 0, sizeof(Authkey));
- return finddeskey(db, user, key->des) != nil;
+ ret = finddeskey(db, user, key->des) != nil;
+ ret |= findaeskey(db, user, key->aes) != nil;
+ return ret;
}
char*
@@ -63,7 +81,7 @@
n = readfile(filename, secret, SECRETLEN-1);
secret[n]=0;
if(n <= 0)
- return 0;
+ return nil;
else
return secret;
}
@@ -77,15 +95,33 @@
snprint(filename, sizeof filename, "%s/%s/key", db, user);
n = writefile(filename, key, DESKEYLEN);
if(n != DESKEYLEN)
- return 0;
+ return nil;
else
return key;
}
+uchar*
+setaeskey(char *db, char *user, uchar *key)
+{+ int n;
+ char filename[Maxpath];
+
+ snprint(filename, sizeof filename, "%s/%s/aeskey", db, user);
+ n = writefile(filename, (char*)key, AESKEYLEN);
+ if(n != AESKEYLEN)
+ return nil;
+ else
+ return key;
+}
+
int
setkey(char *db, char *user, Authkey *key)
{- return setdeskey(db, user, key->des) != nil;
+ int ret;
+
+ ret = setdeskey(db, user, key->des) != nil;
+ ret |= setaeskey(db, user, key->aes) != nil;
+ return ret;
}
char*
@@ -97,7 +133,7 @@
snprint(filename, sizeof filename, "%s/%s/secret", db, user);
n = writefile(filename, secret, strlen(secret));
if(n != strlen(secret))
- return 0;
+ return nil;
else
return secret;
}