o5r/plan9port
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use gcc -ansi -pedantic in 9c. Fix many non-C89-isms.

Browse source
This commit is contained in:
rsc 2006-04-01 19:24:03 +00:00
parent 226d80b821
commit cbeb0b26e4
492 changed files with 3218 additions and 3167 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/cmd/auth/factotum/apop.c
View file

@ -148,7 +148,7 @@ struct ServerState
enum
{
APOPCHALLEN = 128,
APOPCHALLEN = 128
};
static int apopchal(ServerState*, int, char[APOPCHALLEN]);

2
src/cmd/auth/factotum/attr.c
View file

@ -143,7 +143,7 @@ hasqueries(Attr *a)
char *ignored[] = {
"role",
"disabled",
"disabled"
};
static int

21
src/cmd/auth/factotum/chap.c
View file

@ -33,7 +33,7 @@ enum {
MShashlen = 16,
MSchallen = 8,
MSresplen = 24,
MSresplen = 24
};
static int
@ -315,7 +315,7 @@ out:
keyclose(s.k);
free(user);
free(resp);
// xioclose(s.asfd);
/* xioclose(s.asfd); */
return ret;
}
@ -411,16 +411,17 @@ chaproles[] =
};
Proto chap = {
.name= "chap",
.roles= chaproles,
.checkkey= chapcheck,
.keyprompt= "user? !password?",
"chap",
chaproles,
"user? !password?",
chapcheck
};
Proto mschap = {
.name= "mschap",
.roles= chaproles,
.checkkey= chapcheck,
.keyprompt= "user? !password?",
"mschap",
chaproles,
"user? !password?",
chapcheck
};

6
src/cmd/auth/factotum/cpu.c
View file

@ -56,7 +56,7 @@ struct AuthMethod {
{
{ "p9", p9auth, srvp9auth,},
{ "netkey", netkeyauth, netkeysrvauth,},
// { "none", noauth, srvnoauth,},
/* { "none", noauth, srvnoauth,}, */
{ nil, nil}
};
AuthMethod *am = authmethod; /* default is p9 */
@ -687,7 +687,7 @@ enum
Qdir,
Qcpunote,
Nfid = 32,
Nfid = 32
};
struct {
@ -697,7 +697,7 @@ struct {
} fstab[] =
{
[Qdir] { ".", {Qdir, 0, QTDIR}, DMDIR|0555 },
[Qcpunote] { "cpunote", {Qcpunote, 0}, 0444 },
[Qcpunote] { "cpunote", {Qcpunote, 0}, 0444 }
};
typedef struct Note Note;

2
src/cmd/auth/factotum/ctl.c
View file

@ -17,7 +17,7 @@
static char *msg[] = {
"key",
"delkey",
"debug",
"debug"
};
static int

2
src/cmd/auth/factotum/dat.h
View file

@ -13,7 +13,7 @@ enum
RpcWriteHex,
/* thread stack size - big buffers for printing */
STACK = 65536,
STACK = 65536
};
typedef struct Conv Conv;

4
src/cmd/auth/factotum/fs.c
View file

@ -12,7 +12,7 @@ enum
Qlog,
Qctl,
Qneedkey,
Qconv,
Qconv
};
static int qtop;
@ -41,7 +41,7 @@ static struct
"rpc", Qrpc, 0666,
"proto", Qprotolist, 0444,
"log", Qlog, 0600|DMEXCL,
"conv", Qconv, 0400,
"conv", Qconv, 0400
};
static void

2
src/cmd/auth/factotum/main.c
View file

@ -26,7 +26,7 @@ threadmain(int argc, char *argv[])
char *mtpt;
char err[ERRMAX];
// mtpt = "/mnt";
/* mtpt = "/mnt"; */
mtpt = nil;
owner = getuser();
quotefmtinstall();

4
src/cmd/auth/factotum/p9any.c
View file

@ -15,7 +15,7 @@ extern Proto p9sk1, p9sk2, p9cr;
static Proto* okproto[] =
{
&p9sk1,
nil,
nil
};
static int
@ -267,6 +267,6 @@ p9anyroles[] =
Proto p9any = {
"p9any",
p9anyroles,
p9anyroles
};

10
src/cmd/auth/factotum/p9cr.c
View file

@ -197,7 +197,7 @@ out:
enum
{
MAXCHAL = 64,
MAXCHAL = 64
};
typedef struct State State;
@ -222,7 +222,7 @@ enum
SHaveChal,
SNeedResp,
Maxphase,
Maxphase
};
static char *phasenames[Maxphase] =
@ -231,7 +231,7 @@ static char *phasenames[Maxphase] =
[CHaveResp] "CHaveResp",
[SHaveChal] "SHaveChal",
[SNeedResp] "SNeedResp",
[SNeedResp] "SNeedResp"
};
static void
@ -525,7 +525,7 @@ Proto p9cr =
.write= p9crwrite,
.read= p9crread,
.close= p9crclose,
.keyprompt= "user? !password?",
.keyprompt= "user? !password?"
};
Proto vnc =
@ -536,5 +536,5 @@ Proto vnc =
.read= p9crread,
.close= p9crclose,
.keyprompt= "!password?",
.addkey= vncaddkey,
.addkey= vncaddkey
};

4
src/cmd/auth/factotum/p9sk1.c
View file

@ -343,11 +343,11 @@ Proto p9sk1 = {
p9sk1roles,
"user? dom? !password?",
p9sk1check,
p9sk1close,
p9sk1close
};
Proto p9sk2 = {
"p9sk2",
p9sk2roles,
p9sk2roles
};

2
src/cmd/auth/factotum/proto.c
View file

@ -23,7 +23,7 @@ Proto *prototab[] = {
&p9sk2,
&pass,
&rsa,
nil,
nil
};
Proto*

2
src/cmd/auth/factotum/rpc.c
View file

@ -41,7 +41,7 @@ char *rpcname[] =
"start",
"write",
"readhex",
"writehex",
"writehex"
};
static int

72
src/cmd/auth/factotum/secstore.c
View file

@ -10,9 +10,9 @@
enum{ CHK = 16};
enum{ MAXFILESIZE = 10*1024*1024 };
enum{// PW status bits
enum{/* PW status bits */
Enabled = (1<<0),
STA = (1<<1), // extra SecurID step
STA = (1<<1) /* extra SecurID step */
};
static char testmess[] = "__secstore\tPAK\nC=%s\nm=0\n";
@ -75,28 +75,28 @@ havesecstore(void)
return strcmp((char*)buf, "!account exists") == 0;
}
// delimited, authenticated, encrypted connection
enum{ Maxmsg=4096 }; // messages > Maxmsg bytes are truncated
/* delimited, authenticated, encrypted connection */
enum{ Maxmsg=4096 }; /* messages > Maxmsg bytes are truncated */
typedef struct SConn SConn;
extern SConn* newSConn(int); // arg is open file descriptor
extern SConn* newSConn(int); /* arg is open file descriptor */
struct SConn{
void *chan;
int secretlen;
int (*secret)(SConn*, uchar*, int);//
int (*read)(SConn*, uchar*, int); // <0 if error; errmess in buffer
int (*secret)(SConn*, uchar*, int);/* */
int (*read)(SConn*, uchar*, int); /* <0 if error; errmess in buffer */
int (*write)(SConn*, uchar*, int);
void (*free)(SConn*); // also closes file descriptor
void (*free)(SConn*); /* also closes file descriptor */
};
// secret(s,b,dir) sets secret for digest, encrypt, using the secretlen
// bytes in b to form keys for the two directions;
// set dir=0 in client, dir=1 in server
/* secret(s,b,dir) sets secret for digest, encrypt, using the secretlen */
/* bytes in b to form keys for the two directions; */
/* set dir=0 in client, dir=1 in server */
// error convention: write !message in-band
/* error convention: write !message in-band */
#define readstr secstore_readstr
static void writerr(SConn*, char*);
static int readstr(SConn*, char*); // call with buf of size Maxmsg+1
// returns -1 upon error, with error message in buf
static int readstr(SConn*, char*); /* call with buf of size Maxmsg+1 */
/* returns -1 upon error, with error message in buf */
typedef struct ConnState {
uchar secret[SHA1dlen];
@ -105,8 +105,8 @@ typedef struct ConnState {
} ConnState;
typedef struct SS{
int fd; // file descriptor for read/write of encrypted data
int alg; // if nonzero, "alg sha rc4_128"
int fd; /* file descriptor for read/write of encrypted data */
int alg; /* if nonzero, "alg sha rc4_128" */
ConnState in, out;
} SS;
@ -123,7 +123,7 @@ SC_secret(SConn *conn, uchar *sigma, int direction)
hmac_sha1(sigma, nsigma, (uchar*)"two", 3, ss->out.secret, nil);
hmac_sha1(sigma, nsigma, (uchar*)"one", 3, ss->in.secret, nil);
}
setupRC4state(&ss->in.rc4, ss->in.secret, 16); // restrict to 128 bits
setupRC4state(&ss->in.rc4, ss->in.secret, 16); /* restrict to 128 bits */
setupRC4state(&ss->out.rc4, ss->out.secret, 16);
ss->alg = 1;
return 0;
@ -174,7 +174,7 @@ SC_read(SConn *conn, uchar *buf, int n)
werrstr("!SC_read invalid count");
return -1;
}
len = (count[0]&0x7f)<<8 | count[1]; // SSL-style count; no pad
len = (count[0]&0x7f)<<8 | count[1]; /* SSL-style count; no pad */
if(ss->alg){
len -= SHA1dlen;
if(len <= 0 || readn(ss->fd, digest, SHA1dlen) != SHA1dlen){
@ -328,7 +328,7 @@ getfile(SConn *conn, uchar *key, int nkey)
if((len = atoi(s)) < 0){
werrstr("secstore: remote file %s does not exist", gf);
return -1;
}else if(len > MAXFILESIZE){//assert
}else if(len > MAXFILESIZE){/*assert */
werrstr("secstore: implausible file size %d for %s", len, gf);
return -1;
}
@ -400,7 +400,7 @@ typedef struct PAKparams{
static PAKparams *pak;
// This group was generated by the seed EB7B6E35F7CD37B511D96C67D6688CC4DD440E1E.
/* This group was generated by the seed EB7B6E35F7CD37B511D96C67D6688CC4DD440E1E. */
static void
initPAKparams(void)
{
@ -422,8 +422,8 @@ initPAKparams(void)
"2A6E0BAE08B14258F8C03CC1B30E0DDADFCF7CEDF0727684D3D255F1", nil, 16, nil);
}
// H = (sha(ver,C,sha(passphrase)))^r mod p,
// a hash function expensive to attack by brute force.
/* H = (sha(ver,C,sha(passphrase)))^r mod p, */
/* a hash function expensive to attack by brute force. */
static void
longhash(char *ver, char *C, uchar *passwd, mpint *H)
{
@ -449,7 +449,7 @@ longhash(char *ver, char *C, uchar *passwd, mpint *H)
mpexp(H, pak->r, pak->p, H);
}
// Hi = H^-1 mod p
/* Hi = H^-1 mod p */
static char *
PAK_Hi(char *C, char *passphrase, mpint *H, mpint *Hi)
{
@ -462,8 +462,8 @@ PAK_Hi(char *C, char *passphrase, mpint *H, mpint *Hi)
return mptoa(Hi, 64, nil, 0);
}
// another, faster, hash function for each party to
// confirm that the other has the right secrets.
/* another, faster, hash function for each party to */
/* confirm that the other has the right secrets. */
static void
shorthash(char *mess, char *C, char *S, char *m, char *mu, char *sigma, char *Hi, uchar *digest)
{
@ -485,12 +485,12 @@ shorthash(char *mess, char *C, char *S, char *m, char *mu, char *sigma, char *Hi
sha1((uchar*)Hi, strlen(Hi), digest, state);
}
// On input, conn provides an open channel to the server;
// C is the name this client calls itself;
// pass is the user's passphrase
// On output, session secret has been set in conn
// (unless return code is negative, which means failure).
// If pS is not nil, it is set to the (alloc'd) name the server calls itself.
/* On input, conn provides an open channel to the server; */
/* C is the name this client calls itself; */
/* pass is the user's passphrase */
/* On output, session secret has been set in conn */
/* (unless return code is negative, which means failure). */
/* If pS is not nil, it is set to the (alloc'd) name the server calls itself. */
static int
PAKclient(SConn *conn, char *C, char *pass, char **pS)
{
@ -503,7 +503,7 @@ PAKclient(SConn *conn, char *C, char *pass, char **pS)
hexHi = PAK_Hi(C, pass, H, Hi);
// random 1<=x<=q-1; send C, m=g**x H
/* random 1<=x<=q-1; send C, m=g**x H */
x = mprand(164, genrandom, nil);
mpmod(x, pak->q, x);
if(mpcmp(x, mpzero) == 0)
@ -517,7 +517,7 @@ PAKclient(SConn *conn, char *C, char *pass, char **pS)
snprint(mess, Maxmsg, "%s\tPAK\nC=%s\nm=%s\n", VERSION, C, hexm);
conn->write(conn, (uchar*)mess, strlen(mess));
// recv g**y, S, check hash1(g**xy)
/* recv g**y, S, check hash1(g**xy) */
if(readstr(conn, mess) < 0){
fprint(2, "error: %s\n", mess);
writerr(conn, "couldn't read g**y");
@ -556,18 +556,18 @@ PAKclient(SConn *conn, char *C, char *pass, char **pS)
goto done;
}
// send hash2(g**xy)
/* send hash2(g**xy) */
shorthash("client", C, S, hexm, hexmu, hexsigma, hexHi, digest);
enc64(kc, sizeof kc, digest, SHA1dlen);
snprint(mess2, Maxmsg, "k'=%s\n", kc);
conn->write(conn, (uchar*)mess2, strlen(mess2));
// set session key
/* set session key */
shorthash("session", C, S, hexm, hexmu, hexsigma, hexHi, digest);
memset(hexsigma, 0, strlen(hexsigma));
n = conn->secret(conn, digest, 0);
memset(digest, 0, SHA1dlen);
if(n < 0){//assert
if(n < 0){/*assert */
writerr(conn, "can't set secret");
goto done;
}

2
src/cmd/auth/factotum/test.c
View file

@ -41,7 +41,7 @@ Test test[] =
"cram", proxyserver, proxyclient,
"p9sk1", proxyserver, proxyclient,
"p9sk2", proxyserver, proxyclient,
"p9any", proxyserver, proxyclient,
"p9any", proxyserver, proxyclient
};
void

8
src/cmd/auth/secstore/SConn.c
View file

@ -13,8 +13,8 @@ typedef struct ConnState {
} ConnState;
typedef struct SS{
int fd; // file descriptor for read/write of encrypted data
int alg; // if nonzero, "alg sha rc4_128"
int fd; /* file descriptor for read/write of encrypted data */
int alg; /* if nonzero, "alg sha rc4_128" */
ConnState in, out;
} SS;
@ -31,7 +31,7 @@ SC_secret(SConn *conn, uchar *sigma, int direction)
hmac_sha1(sigma, nsigma, (uchar*)"two", 3, ss->out.secret, nil);
hmac_sha1(sigma, nsigma, (uchar*)"one", 3, ss->in.secret, nil);
}
setupRC4state(&ss->in.rc4, ss->in.secret, 16); // restrict to 128 bits
setupRC4state(&ss->in.rc4, ss->in.secret, 16); /* restrict to 128 bits */
setupRC4state(&ss->out.rc4, ss->out.secret, 16);
ss->alg = 1;
return 0;
@ -82,7 +82,7 @@ SC_read(SConn *conn, uchar *buf, int n)
snprint((char*)buf,n,"!SC_read invalid count");
return -1;
}
len = (count[0]&0x7f)<<8 | count[1]; // SSL-style count; no pad
len = (count[0]&0x7f)<<8 | count[1]; /* SSL-style count; no pad */
if(ss->alg){
len -= SHA1dlen;
if(len <= 0 || readn(ss->fd, digest, SHA1dlen) != SHA1dlen){

24
src/cmd/auth/secstore/SConn.h
View file

@ -1,24 +1,24 @@
// delimited, authenticated, encrypted connection
enum{ Maxmsg=4096 }; // messages > Maxmsg bytes are truncated
/* delimited, authenticated, encrypted connection */
enum{ Maxmsg=4096 }; /* messages > Maxmsg bytes are truncated */
typedef struct SConn SConn;
extern SConn* newSConn(int); // arg is open file descriptor
extern SConn* newSConn(int); /* arg is open file descriptor */
struct SConn{
void *chan;
int secretlen;
int (*secret)(SConn*, uchar*, int);//
int (*read)(SConn*, uchar*, int); // <0 if error; errmess in buffer
int (*secret)(SConn*, uchar*, int);/* */
int (*read)(SConn*, uchar*, int); /* <0 if error; errmess in buffer */
int (*write)(SConn*, uchar*, int);
void (*free)(SConn*); // also closes file descriptor
void (*free)(SConn*); /* also closes file descriptor */
};
// secret(s,b,dir) sets secret for digest, encrypt, using the secretlen
// bytes in b to form keys for the two directions;
// set dir=0 in client, dir=1 in server
/* secret(s,b,dir) sets secret for digest, encrypt, using the secretlen */
/* bytes in b to form keys for the two directions; */
/* set dir=0 in client, dir=1 in server */
// error convention: write !message in-band
/* error convention: write !message in-band */
extern void writerr(SConn*, char*);
extern int readstr(SConn*, char*); // call with buf of size Maxmsg+1
// returns -1 upon error, with error message in buf
extern int readstr(SConn*, char*); /* call with buf of size Maxmsg+1 */
/* returns -1 upon error, with error message in buf */
extern void *emalloc(ulong); /* dies on failure; clears memory */
extern void *erealloc(void *, ulong);

8
src/cmd/auth/secstore/aescbc.c
View file

@ -100,7 +100,7 @@ main(int argc, char **argv)
aesCBCencrypt(buf+AESbsize, AESbsize, &aes); /* use second AESbsize bytes as initial plaintext */
safewrite(buf, 2*AESbsize);
dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
while(1){
for(;;){
n = Bread(&bin, buf, BUF);
if(n < 0){
fprint(2,"read error\n");
@ -134,9 +134,9 @@ main(int argc, char **argv)
exits("decrypted file failed to authenticate");
}
}else{ /* compatibility with past mistake */
// if file was encrypted with bad aescbc use this:
// memset(key, 0, AESmaxkey);
// else assume we're decrypting secstore files
/* if file was encrypted with bad aescbc use this: */
/* memset(key, 0, AESmaxkey); */
/* else assume we're decrypting secstore files */
setupAESstate(&aes, key, AESbsize, buf);
saferead(buf, CHK);
aesCBCdecrypt(buf, CHK, &aes);

2
src/cmd/auth/secstore/dirls.c
View file

@ -74,7 +74,7 @@ dirls(char *path)
}
for(list=nil, len=0, i=0; i<ndir; i++){
date = ctime(dirbuf[i].mtime);
date[28] = 0; // trim newline
date[28] = 0; /* trim newline */
n = snprint(buf, sizeof buf, "%*ulld %s", lenwid, dirbuf[i].length, date+4);
n += enc64(dig, sizeof dig, sha1file(path, dirbuf[i].name), SHA1dlen);
n += nmwid+3+strlen(dirbuf[i].name);

66
src/cmd/auth/secstore/pak.c
View file

@ -1,6 +1,6 @@
// PAK is an encrypted key exchange protocol designed by Philip MacKenzie et al.
// It is patented and use outside Plan 9 requires you get a license.
// (All other EKE protocols are patented as well, by Lucent or others.)
/* PAK is an encrypted key exchange protocol designed by Philip MacKenzie et al. */
/* It is patented and use outside Plan 9 requires you get a license. */
/* (All other EKE protocols are patented as well, by Lucent or others.) */
#include <u.h>
#include <libc.h>
#include <mp.h>
@ -19,7 +19,7 @@ typedef struct PAKparams{
static PAKparams *pak;
// from seed EB7B6E35F7CD37B511D96C67D6688CC4DD440E1E
/* from seed EB7B6E35F7CD37B511D96C67D6688CC4DD440E1E */
static void
initPAKparams(void)
{
@ -43,8 +43,8 @@ initPAKparams(void)
nil, 16, nil);
}
// H = (sha(ver,C,sha(passphrase)))^r mod p,
// a hash function expensive to attack by brute force.
/* H = (sha(ver,C,sha(passphrase)))^r mod p, */
/* a hash function expensive to attack by brute force. */
static void
longhash(char *ver, char *C, uchar *passwd, mpint *H)
{
@ -70,7 +70,7 @@ longhash(char *ver, char *C, uchar *passwd, mpint *H)
mpexp(H, pak->r, pak->p, H);
}
// Hi = H^-1 mod p
/* Hi = H^-1 mod p */
char *
PAK_Hi(char *C, char *passphrase, mpint *H, mpint *Hi)
{
@ -83,8 +83,8 @@ PAK_Hi(char *C, char *passphrase, mpint *H, mpint *Hi)
return mptoa(Hi, 64, nil, 0);
}
// another, faster, hash function for each party to
// confirm that the other has the right secrets.
/* another, faster, hash function for each party to */
/* confirm that the other has the right secrets. */
static void
shorthash(char *mess, char *C, char *S, char *m, char *mu, char *sigma, char *Hi, uchar *digest)
{
@ -106,12 +106,12 @@ shorthash(char *mess, char *C, char *S, char *m, char *mu, char *sigma, char *Hi
sha1((uchar*)Hi, strlen(Hi), digest, state);
}
// On input, conn provides an open channel to the server;
// C is the name this client calls itself;
// pass is the user's passphrase
// On output, session secret has been set in conn
// (unless return code is negative, which means failure).
// If pS is not nil, it is set to the (alloc'd) name the server calls itself.
/* On input, conn provides an open channel to the server; */
/* C is the name this client calls itself; */
/* pass is the user's passphrase */
/* On output, session secret has been set in conn */
/* (unless return code is negative, which means failure). */
/* If pS is not nil, it is set to the (alloc'd) name the server calls itself. */
int
PAKclient(SConn *conn, char *C, char *pass, char **pS)
{
@ -124,9 +124,9 @@ PAKclient(SConn *conn, char *C, char *pass, char **pS)
hexHi = PAK_Hi(C, pass, H, Hi);
if(verbose)
fprint(2,"%s\n", feedback[H->p[0]&0x7]); // provide a clue to catch typos
fprint(2,"%s\n", feedback[H->p[0]&0x7]); /* provide a clue to catch typos */
// random 1<=x<=q-1; send C, m=g**x H
/* random 1<=x<=q-1; send C, m=g**x H */
x = mprand(240, genrandom, nil);
mpmod(x, pak->q, x);
if(mpcmp(x, mpzero) == 0)
@ -140,7 +140,7 @@ PAKclient(SConn *conn, char *C, char *pass, char **pS)
snprint(mess, Maxmsg, "%s\tPAK\nC=%s\nm=%s\n", VERSION, C, hexm);
conn->write(conn, (uchar*)mess, strlen(mess));
// recv g**y, S, check hash1(g**xy)
/* recv g**y, S, check hash1(g**xy) */
if(readstr(conn, mess) < 0){
fprint(2, "error: %s\n", mess);
writerr(conn, "couldn't read g**y");
@ -179,13 +179,13 @@ PAKclient(SConn *conn, char *C, char *pass, char **pS)
goto done;
}
// send hash2(g**xy)
/* send hash2(g**xy) */
shorthash("client", C, S, hexm, hexmu, hexsigma, hexHi, digest);
enc64(kc, sizeof kc, digest, SHA1dlen);
snprint(mess2, Maxmsg, "k'=%s\n", kc);
conn->write(conn, (uchar*)mess2, strlen(mess2));
// set session key
/* set session key */
shorthash("session", C, S, hexm, hexmu, hexsigma, hexHi, digest);
memset(hexsigma, 0, strlen(hexsigma));
n = conn->secret(conn, digest, 0);
@ -210,12 +210,12 @@ done:
return rc;
}
// On input,
// mess contains first message;
// name is name this server should call itself.
// On output, session secret has been set in conn;
// if pw!=nil, then *pw points to PW struct for authenticated user.
// returns -1 if error
/* On input, */
/* mess contains first message; */
/* name is name this server should call itself. */
/* On output, session secret has been set in conn; */
/* if pw!=nil, then *pw points to PW struct for authenticated user. */
/* returns -1 if error */
int
PAKserver(SConn *conn, char *S, char *mess, PW **pwp)
{
@ -227,7 +227,7 @@ PAKserver(SConn *conn, char *S, char *mess, PW **pwp)
mpint *y = nil, *m = mpnew(0), *mu = mpnew(0), *sigma = mpnew(0);
PW *pw = nil;
// secstore version and algorithm
/* secstore version and algorithm */
snprint(mess2,Maxmsg,"%s\tPAK\n", VERSION);
n = strlen(mess2);
if(strncmp(mess,mess2,n) != 0){
@ -237,7 +237,7 @@ PAKserver(SConn *conn, char *S, char *mess, PW **pwp)
mess += n;
initPAKparams();
// parse first message into C, m
/* parse first message into C, m */
eol = strchr(mess, '\n');
if(strncmp("C=", mess, 2) != 0 || !eol){
fprint(2,"mess[1]=%s\n", mess);
@ -256,7 +256,7 @@ PAKserver(SConn *conn, char *S, char *mess, PW **pwp)
strtomp(hexm, nil, 64, m);
mpmod(m, pak->p, m);
// lookup client
/* lookup client */
if((pw = getPW(C,0)) == nil) {
snprint(mess2, sizeof mess2, "%r");
writerr(conn, mess2);
@ -270,7 +270,7 @@ PAKserver(SConn *conn, char *S, char *mess, PW **pwp)
}
hexHi = mptoa(pw->Hi, 64, nil, 0);
// random y, mu=g**y, sigma=g**xy
/* random y, mu=g**y, sigma=g**xy */
y = mprand(240, genrandom, nil);
mpmod(y, pak->q, y);
if(mpcmp(y, mpzero) == 0){
@ -281,7 +281,7 @@ PAKserver(SConn *conn, char *S, char *mess, PW **pwp)
mpmod(m, pak->p, m);
mpexp(m, y, pak->p, sigma);
// send g**y, hash1(g**xy)
/* send g**y, hash1(g**xy) */
hexmu = mptoa(mu, 64, nil, 0);
hexsigma = mptoa(sigma, 64, nil, 0);
shorthash("server", C, S, hexm, hexmu, hexsigma, hexHi, digest);
@ -289,7 +289,7 @@ PAKserver(SConn *conn, char *S, char *mess, PW **pwp)
snprint(mess2, sizeof mess2, "mu=%s\nk=%s\nS=%s\n", hexmu, ks, S);
conn->write(conn, (uchar*)mess2, strlen(mess2));
// recv hash2(g**xy)
/* recv hash2(g**xy) */
if(readstr(conn, mess2) < 0){
writerr(conn, "couldn't read verifier");
goto done;
@ -308,7 +308,7 @@ PAKserver(SConn *conn, char *S, char *mess, PW **pwp)
goto done;
}
// set session key
/* set session key */
shorthash("session", C, S, hexm, hexmu, hexsigma, hexHi, digest);
n = conn->secret(conn, digest, 1);
if(n < 0){

8
src/cmd/auth/secstore/password.c
View file

@ -42,7 +42,7 @@ getPW(char *id, int dead_or_alive)
uint now = time(0);
Biobuf *bin;
PW *pw;
char *f1, *f2; // fields 1, 2 = attribute, value
char *f1, *f2; /* fields 1, 2 = attribute, value */
if((bin = openPW(id, OREAD)) == 0){
id = "FICTITIOUS";
@ -75,7 +75,7 @@ getPW(char *id, int dead_or_alive)
}
Bterm(bin);
if(dead_or_alive)
return pw; // return PW entry for editing, whether currently valid or not
return pw; /* return PW entry for editing, whether currently valid or not */
if(pw->expire <= now){
werrstr("account expired");
freePW(pw);
@ -87,14 +87,14 @@ getPW(char *id, int dead_or_alive)
return nil;
}
if(pw->failed < 10)
return pw; // success
return pw; /* success */
if(now < mtimePW(id)+300){
werrstr("too many failures; try again in five minutes");
freePW(pw);
return nil;
}
pw->failed = 0;
putPW(pw); // reset failed-login-counter after five minutes
putPW(pw); /* reset failed-login-counter after five minutes */
return pw;
}

14
src/cmd/auth/secstore/secstore.c
View file

@ -142,8 +142,8 @@ getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey)
return 0;
}
// This sends a file to the secstore disk that can, in an emergency, be
// decrypted by the program aescbc.c.
/* This sends a file to the secstore disk that can, in an emergency, be */
/* decrypted by the program aescbc.c. */
static int
putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey)
{
@ -206,7 +206,7 @@ putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey)
ivo = 0;
if(n < Maxmsg){ /* EOF on input; append XX... */
memset(b+n, 'X', CHK);
n += CHK; // might push n>Maxmsg
n += CHK; /* might push n>Maxmsg */
done = 1;
}
aesCBCencrypt(b, n, &aes);
@ -255,7 +255,7 @@ cmd(AuthConn *c, char **gf, int *Gflag, char **pf, char **rf)
if(getfile(c->conn, *gf, *Gflag ? &memfile : nil, &len, (uchar*)c->pass, c->passlen) < 0)
goto Out;
if(*Gflag){
// write one line at a time, as required by /mnt/factotum/ctl
/* write one line at a time, as required by /mnt/factotum/ctl */
memcur = memfile;
while(len>0){
memnext = (uchar*)strchr((char*)memcur, '\n');
@ -309,7 +309,7 @@ chpasswd(AuthConn *c, char *id)
H = mpnew(0);
Hi = mpnew(0);
// changing our password is vulnerable to connection failure
/* changing our password is vulnerable to connection failure */
for(;;){
snprint(prompt, sizeof(prompt), "new password for %s: ", id);
newpass = readcons(prompt, nil, 1);
@ -392,7 +392,7 @@ login(char *id, char *dest, int pass_stdin, int pass_nvram)
strecpy(c->pass, c->pass+sizeof c->pass, nvr.config);
}
if(pass_stdin){
n = readn(0, s, Maxmsg-2); // so len(PINSTA)<Maxmsg-3
n = readn(0, s, Maxmsg-2); /* so len(PINSTA)<Maxmsg-3 */
if(n < 1)
exits("no password on standard input");
s[n] = 0;
@ -442,7 +442,7 @@ login(char *id, char *dest, int pass_stdin, int pass_nvram)
exits("invalid password on standard input");
if(pass_nvram)
exits("invalid password in nvram");
// and let user try retyping the password
/* and let user try retyping the password */
if(ntry==3)
fprint(2, "Enter an empty password to quit.\n");
}

22
src/cmd/auth/secstore/secstore.h
View file

@ -1,26 +1,26 @@
enum{ MAXFILESIZE = 10*1024*1024 };
enum{// PW status bits
enum{/* PW status bits */
Enabled = (1<<0),
STA = (1<<1), // extra SecurID step
STA = (1<<1) /* extra SecurID step */
};
typedef struct PW {
char *id; // user id
ulong expire; // expiration time (epoch seconds)
ushort status; // Enabled, STA, ...
ushort failed; // number of failed login attempts
char *other; // other information, e.g. sponsor
mpint *Hi; // H(passphrase)^-1 mod p
char *id; /* user id */
ulong expire; /* expiration time (epoch seconds) */
ushort status; /* Enabled, STA, ... */
ushort failed; /* number of failed login attempts */
char *other; /* other information, e.g. sponsor */
mpint *Hi; /* H(passphrase)^-1 mod p */
} PW;
PW *getPW(char *, int);
int putPW(PW *);
void freePW(PW *);
// *client: SConn, client name, passphrase
// *server: SConn, (partial) 1st msg, PW entry
// *setpass: Username, hashed passphrase, PW entry
/* *client: SConn, client name, passphrase */
/* *server: SConn, (partial) 1st msg, PW entry */
/* *setpass: Username, hashed passphrase, PW entry */
int PAKclient(SConn *, char *, char *, char **);
int PAKserver(SConn *, char *, char *, PW **);
char *PAK_Hi(char *, char *, mpint *, mpint *);

16
src/cmd/auth/secstore/secstored.c
View file

@ -8,7 +8,7 @@
#include "secstore.h"
char *SECSTORE_DIR;
char* secureidcheck(char *, char *); // from /sys/src/cmd/auth/
char* secureidcheck(char *, char *); /* from /sys/src/cmd/auth/ */
extern char* dirls(char *path);
int verbose;
@ -247,7 +247,7 @@ dologin(int fd, char *S, int forceSTA)
pw = nil;
rv = -1;
// collect the first message
/* collect the first message */
if((conn = newSConn(fd)) == nil)
return -1;
if(readstr(conn, msg) < 0){
@ -256,7 +256,7 @@ dologin(int fd, char *S, int forceSTA)
goto Out;
}
// authenticate
/* authenticate */
if(PAKserver(conn, S, msg, &pw) < 0){
if(pw != nil)
syslog(0, LOG, "secstore denied for %s", pw->id);
@ -277,7 +277,7 @@ dologin(int fd, char *S, int forceSTA)
conn->write(conn, (uchar*)"OK", 2);
syslog(0, LOG, "AUTH %s", pw->id);
// perform operations as asked
/* perform operations as asked */
while((n = readstr(conn, msg)) > 0){
syslog(0, LOG, "[%s] %s", pw->id, msg);
@ -346,7 +346,7 @@ main(int argc, char **argv)
S = sysname();
SECSTORE_DIR = unsharp("#9/secstore");
// setnetmtpt(net, sizeof(net), nil);
/* setnetmtpt(net, sizeof(net), nil); */
ARGBEGIN{
case 'R':
forceSTA = 1;
@ -362,7 +362,7 @@ main(int argc, char **argv)
if(p == nil)
usage();
USED(p);
// setnetmtpt(net, sizeof(net), p);
/* setnetmtpt(net, sizeof(net), p); */
break;
case 'v':
verbose++;
@ -395,7 +395,7 @@ main(int argc, char **argv)
close(lcfd);
break;
case 0:
// "/lib/ndb/common.radius does not exist" if db set before fork
/* "/lib/ndb/common.radius does not exist" if db set before fork */
db = ndbopen(dbpath=unsharp("#9/ndb/auth"));
if(db == 0)
syslog(0, LOG, "no ndb/auth");
@ -405,7 +405,7 @@ main(int argc, char **argv)
db = ndbcat(db, db2);
if((dfd = accept(lcfd, ldir)) < 0)
exits("can't accept");
alarm(30*60*1000); // 30 min
alarm(30*60*1000); /* 30 min */
remote = remoteIP(ldir);
syslog(0, LOG, "secstore from %s", remote);
free(remote);

30
src/cmd/auth/secstore/secureidcheck.c
View file

@ -29,7 +29,7 @@ typedef struct Secret{
typedef struct Attribute{
struct Attribute *next;
uchar type;
uchar len; // number of bytes in value
uchar len; /* number of bytes in value */
uchar val[256];
} Attribute;
@ -39,7 +39,7 @@ typedef struct Packet{
Attribute first;
} Packet;
// assumes pass is at most 16 chars
/* assumes pass is at most 16 chars */
void
hide(Secret *shared, uchar *auth, Secret *pass, uchar *x)
{
@ -60,9 +60,9 @@ authcmp(Secret *shared, uchar *buf, int m, uchar *auth)
DigestState *M;
uchar x[16];
M = md5(buf, 4, nil, nil); // Code+ID+Length
M = md5(auth, 16, nil, M); // RequestAuth
M = md5(buf+20, m-20, nil, M); // Attributes
M = md5(buf, 4, nil, nil); /* Code+ID+Length */
M = md5(auth, 16, nil, M); /* RequestAuth */
M = md5(buf+20, m-20, nil, M); /* Attributes */
md5(shared->s, shared->len, x, M);
return memcmp(x, buf+4, 16);
}
@ -118,7 +118,7 @@ rpc(char *dest, Secret *shared, Packet *req)
Attribute *a;
int m, n, fd, try;
// marshal request
/* marshal request */
e = buf + sizeof buf;
buf[0] = req->code;
buf[1] = req->ID;
@ -136,7 +136,7 @@ rpc(char *dest, Secret *shared, Packet *req)
buf[2] = n>>8;
buf[3] = n;
// send request, wait for reply
/* send request, wait for reply */
fd = dial(dest, 0, 0, 0);
if(fd < 0){
syslog(0, AUTHLOG, "%s: rpc can't get udp channel", dest);
@ -156,9 +156,9 @@ rpc(char *dest, Secret *shared, Packet *req)
alarm(0);
if(m < 0){
syslog(0, AUTHLOG, "%s rpc read err %d: %r", dest, m);
break; // failure
break; /* failure */
}
if(m == 0 || buf2[1] != buf[1]){ // need matching ID
if(m == 0 || buf2[1] != buf[1]){ /* need matching ID */
syslog(0, AUTHLOG, "%s unmatched reply %d", dest, m);
continue;
}
@ -170,7 +170,7 @@ rpc(char *dest, Secret *shared, Packet *req)
if(m <= 0)
return nil;
// unmarshal reply
/* unmarshal reply */
b = buf2;
e = buf2+m;
resp = (Packet*)malloc(sizeof(*resp));
@ -192,18 +192,18 @@ rpc(char *dest, Secret *shared, Packet *req)
while(1){
if(b >= e){
a->next = nil;
break; // exit loop
break; /* exit loop */
}
a->type = *b++;
a->len = (*b++) - 2;
if(b + a->len > e){ // corrupt packet
if(b + a->len > e){ /* corrupt packet */
a->next = nil;
freePacket(resp);
return nil;
}
memmove(a->val, b, a->len);
b += a->len;
if(b < e){ // any more attributes?
if(b < e){ /* any more attributes? */
a->next = (Attribute*)malloc(sizeof(*a));
if(a->next == nil){
free(req);
@ -230,7 +230,7 @@ setAttribute(Packet *p, uchar type, uchar *s, int n)
}
a->type = type;
a->len = n;
if(a->len > 253 ) // RFC2138, section 5
if(a->len > 253 ) /* RFC2138, section 5 */
a->len = 253;
memmove(a->val, s, a->len);
return 0;
@ -435,7 +435,7 @@ secureidcheck(char *user, char *response)
syslog(0, AUTHLOG, "%s code=%d ruser=%s %s", dest, resp->code, ruser, replymsg(resp));
break;
}
break; // we have a proper reply, no need to ask again
break; /* we have a proper reply, no need to ask again */
}
ndbfree(t);
free(radiussecret);

2
src/cmd/auth/ssh-agent.c
View file

@ -49,7 +49,7 @@ enum /* agent protocol packet types */
SSH2_AGENT_FAILURE = 30,
SSH_COM_AGENT2_FAILURE = 102,
SSH_AGENT_OLD_SIGNATURE = 0x01,
SSH_AGENT_OLD_SIGNATURE = 0x01
};
typedef struct Aconn Aconn;