code: 9ferno

Info  •  Files  •  Log

debugging authentication

--- a/appl/cmd/auth/changelogin.b

+++ b/appl/cmd/auth/changelogin.b

@@ -161,7 +161,7 @@

 		dbdir = keydb+"/"+id;

 		fd := sys->create(dbdir, Sys->OREAD, Sys->DMDIR|8r700);

 		if(fd == nil){

-			sys->fprint(stderr, "%s: can't create account %s: %r\n", argv0, id);

+			sys->fprint(stderr, "%s: can't create account %s: %r creating %s\n", argv0, id, dbdir);

 			raise "fail:create user";

 		}

 	}

--- a/appl/lib/auth.b

+++ b/appl/lib/auth.b

@@ -85,7 +85,8 @@

 	# mutual authentication

 	(id_or_err, secret) := kr->auth(fd, ai, 0);

-	if(secret == nil)

+	if(secret == nil){

+sys->print("client secret == nil\n");

 		return (nil, id_or_err);

 	# send algorithm

--- a/dis/svc/net

+++ b/dis/svc/net

@@ -3,4 +3,4 @@

 or {ftest -e /net/dns} {ftest -e /env/emuhost} {ndb/dns}

 or {ftest -e /net/cs} {ndb/cs}

 svc/registry

-svc/styx

+/dis/svc/styx

--- a/lib/sh/daemon

+++ b/lib/sh/daemon

@@ -10,8 +10,8 @@

 # the following scripts seem more robust than this

 # run /lib/sh/srv

-svc/net

-svc/auth

+/dis/svc/net

+/dis/svc/auth

 # until I sort out the authentication

 #	but this is killing /mnt/keys, so do not start it here

@@ -18,4 +18,5 @@

 # styxlisten -A 'tcp!*!17001' export /

 ls -l /mnt/keys

+netstat

 sh -l # for a shell prompt

--- a/lib/sh/profile

+++ b/lib/sh/profile

@@ -9,11 +9,6 @@

 # build the user's namespace in $home/

 and {ftest -e namespace}	{nsbuild}

-# Networking

-ndb/dns -r

-ndb/cs

-# bind -a '#scs' /net

-

 if{~ $#emuhost 0 && ~ $#emuwdir 0}{

 	# running native

@@ -24,7 +19,6 @@

 	# dis/init has set this up already for native booting

 	mount {mntgen} /n

-	mount {mntgen} /mnt

 }

 # Run the user's profile

--- a/libinterp/ipint.c

+++ b/libinterp/ipint.c

@@ -178,6 +178,12 @@

 	retstr(buf, f->ret);

 }

+void

+ipinttostr(void *ip, int base, char *buf, int buflen)

+{

+	mptoa(MP(ip), base, buf, buflen);

+}

+

 static IPints_IPint*

 strtoipint(String *s, int base)

 {

--- a/libinterp/ipint.h

+++ b/libinterp/ipint.h

@@ -8,5 +8,6 @@

 mpint*	checkIPint(void*);

 void	freeIPint(Heap*, int);

 void	ipintsmodinit(void);

+void	ipinttostr(void *ip, int base, char *buf, int buflen);

 extern	Type*	TIPint;

--- a/libinterp/keyring.c

+++ b/libinterp/keyring.c

@@ -90,6 +90,9 @@

 	BFstate	state;

 };

+/* for debugging */

+void printauthinfo(char *msg, Keyring_Authinfo *ai);

+

 /* convert a Big to base64 ascii */

 int

 bigtobase64(mpint* b, char *buf, int len)

@@ -1000,6 +1003,15 @@

 	release();

 	c->signa = (*sa->vec->sign)(b, sk->key);

 	acquire();

+

+	/* verification is failing on the client, hence check before sending */

+	/* verify */

+	release();

+	n = (*sa->vec->verify)(b, c->signa, (*sa->vec->sk2pk)(sk->key));

+	/* print("(*sa->vec->verify)(b, c->signa, pk->key) n %d sa->vec->name %s\n", n,sa->vec->name); */

+	acquire();

+	/* verification is failing on the client, hence check before sending */

+

 	mpfree(b);

 }

@@ -1045,8 +1057,10 @@

 	sa = checkSigAlg(c->x.sa);

 	pksa = checkSigAlg(pk->x.sa);

-	if(sa->vec != pksa->vec)

+	if(sa->vec != pksa->vec){

+		print("sa->vec != pksa->vec return 0\n");

 		return 0;

+	}

 	/* add signer name and expiration time to hash */

 	buf = malloc(Maxbuf);

@@ -1073,8 +1087,10 @@

 	/* turn message into a big integer */

 	b = betomp(digest, n, nil);

-	if(b == nil)

+	if(b == nil){

+		print("b == nil return 0\n");

 		return 0;

+	}

 	/* verify */

 	release();

 	n = (*sa->vec->verify)(b, c->signa, pk->key);

@@ -1942,6 +1958,7 @@

 	 *  file2chan.

 	 */

 	release();

+	/* printauthinfo("Keyring_writeauthinfo", f->info); */

 	fd = kopen(string2c(f->filename), OTRUNC|OWRITE);

 	if(fd < 0)

 		fd = kcreate(string2c(f->filename), OWRITE, 0600);

@@ -1987,6 +2004,72 @@

 }

 void

+printauthinfo(char *msg, Keyring_Authinfo *ai)

+{

+	SigAlg *sa;

+	char alphabuf[MaxBigBytes] = "\0", pbuf[MaxBigBytes] = "\0",

+		signabuf[Maxbuf] = "\0", pkbuf[Maxbuf] = "\0",

+		spkbuf[Maxbuf] = "\0", skbuf[Maxbuf] = "\0",

+		balphabuf[MaxBigBytes] = "\0", bpbuf[MaxBigBytes] = "\0";

+	mpint *p, *alpha;

+

+

+	alpha = checkIPint(ai->alpha);

+	p = checkIPint(ai->p);

+	ipinttostr(ai->alpha, 64, alphabuf, MaxBigBytes);

+	bigtobase64(alpha, balphabuf, Maxbuf);

+	ipinttostr(ai->p, 64, pbuf, MaxBigBytes);

+	bigtobase64(p, bpbuf, Maxbuf);

+	sa = checkSigAlg(ai->cert->sa);

+	(*sa->vec->sig2str)(((Certificate*)ai->cert)->signa, signabuf, Maxbuf);

+	sa = checkSigAlg(ai->mypk->sa);

+	(*sa->vec->pk2str)(((PK*)ai->mypk)->key, pkbuf, Maxbuf);

+	sa = checkSigAlg(ai->spk->sa);

+	(*sa->vec->pk2str)(((PK*)ai->spk)->key, spkbuf, Maxbuf);

+	sa = checkSigAlg(ai->mysk->sa);

+	(*sa->vec->pk2str)(((PK*)ai->mysk)->key, skbuf, Maxbuf);

+	print("%s Authinfo\n"

+		"	spk signers public key\n"

+		"		owner %s Signature Algorithm %s\n"

+		"		key %s\n",

+		msg,

+		string2c(ai->spk->owner),

+		string2c(ai->spk->sa->name),

+		spkbuf);

+	print("	cert certificate\n"

+		"		Signature Algorithm %s\n"

+		"		hash ha %s\n"

+		"		signer %s\n"

+		"		expiry date exp 0x%zx\n"

+		"		signature signa %s\n",

+		string2c(ai->cert->sa->name),

+		string2c(ai->cert->ha),

+		string2c(ai->cert->signer),

+		ai->cert->exp,

+		signabuf);

+	print("	sk my secret key\n"

+		"		owner %s Signature Algorithm %s\n"

+		"		key %s\n",

+		string2c(ai->mysk->owner),

+		string2c(ai->mysk->sa->name),

+		skbuf);

+	print("	pk my public key\n"

+		"		owner %s Signature Algorithm %s\n"

+		"		key %s\n",

+		string2c(ai->mypk->owner),

+		string2c(ai->mypk->sa->name),

+		pkbuf);

+	print("	alpha %s\n"

+		"		big %s\n",

+		alphabuf,

+		balphabuf);

+	print("	p %s\n"

+		"		big %s\n",

+		pbuf,

+		bpbuf);

+}

+

+void

 Keyring_readauthinfo(void *fp)

 {

 	F_Keyring_readauthinfo *f;

@@ -2076,6 +2159,7 @@

 	free(buf);

 	if(fd >= 0){

 		release();

+		/* printauthinfo("Keyring_readauthinfo", ai); */

 		kclose(fd);

 		acquire();

 		kwerrstr("%q: %s", string2c(f->filename), MSG);

--- a/usr/inferno/lib/profile

+++ b/usr/inferno/lib/profile

@@ -3,24 +3,3 @@

 echo starting /usr/inferno/lib/profile

 cp /locale/US_Arizona /locale/timezone

-

-if{~ $"sysname vmx9ferno}{

-	# serve the cd

-	styxlisten -A -v tcp!192.168.88.118!17001 export /n/cd/

-	# serve the root - TODO use svc/styx(8) instead of this

-	styxlisten -A -v tcp!192.168.88.118!17002 export /

-}

-

-if{~ $"sysname 9ferno}{

-

-	# serve the root - TODO use svc/styx(8) instead of this

-	styxlisten -A -v tcp!192.168.88.113!17001 export /

-

-	bind -a '#I1' /net.alt

-	bind -a '#l1' /net.alt

-	<>/net.alt/ipifc/clone {

-		x=`{read}

-		and {echo bind ether /net.alt/ether1 > /net.alt/ipifc/^$x^/ctl} {

-			ip/dhcp -h $"sysname^'.1' -p /net.alt/ipifc/$x}

-	}

-}