include "sys.m" include "security.m" Auth: module { PATH: con "/dis/lib/auth.dis"; # level of security NOAUTH: con "noauth"; NOSSL: con "nossl"; CLEAR: con "clear"; SHA: con "sha"; MD5: con "md5"; RC4: con "rc4"; SHA_RC4: con "sha/rc4"; SHA_DESCBC: con "sha/descbc"; SHA_DESECB: con "sha/desecb"; MD5_RC4: con "md5/rc4"; MD5_DESCBC: con "md5/descbc"; MD5_DESECB: con "md5/desecb"; init: fn(): string; server: fn(algs: list of string,
ai: ref Keyring->Authinfo, fd: ref Sys->FD):
(ref Sys->FD, string); client: fn(alg: string, ai: ref Keyring->Authinfo,
fd: ref Sys->FD): (ref Sys->FD, string); };
init: fn(): string;
## returns nil on success; error message on failure.Before using the other functions of the Auth module, the init() function must be called. The init() function returns nil if successful; otherwise it returns an error message.
server: fn(algs: list of string,
ai: ref Keyring->Authinfo, fd: ref Sys->FD):
(ref Sys->FD, string);
## returns (nil, error message) if authentication fails.The server function authenticates a client connection using one of the algorithms in algs. If successful, server returns a tuple containing a connection file descriptor and a string with information about the connection. If an authenticated connection cannot be established, server returns a tuple that contains a nil file descriptor and an error message.
client: fn(alg: string, ai: ref Keyring->Authinfo,
fd: ref Sys->FD): (ref Sys->FD, string);
## returns (nil, error message) if authentication fails.The client function authenticates a connection to a server using the algorithm in alg. If successful, client returns a tuple containing a connection file descriptor and a string with information about the connection. If an authenticated connection cannot be established, client returns a tuple that contains a nil file descriptor and an error message.
alg := Auth->NOSSL; . . . au := load Auth Auth->PATH; if(au == nil){ sys->fprint(stderr, "Error: mount: can't load module Auth %r\n"); exit; } err := au->init(); if(err != nil){ sys->fprint(stderr, "Error: mount: %s\n", err); exit; } # do this before using module auth if(sys->bind("#D", "/n/ssl", Sys->MREPL) < 0){ sys->fprint(stderr, "can't bind #D: %r\n"); exit; } fd := ref Sys->FD; (fd, err) = au->client(alg, ai, c.dfd); if(fd == nil){ sys->fprint(stderr, "Error: mount: authentication failed: %s\n", err); exit; } dir := hd argv; ok = sys->mount(fd, dir, flags, ""); if(ok < 0) sys->fprint(stderr, "Error: mount: %r\n");
kr = load Keyring Keyring->PATH; ai := kr->readauthinfo("/usr/"+user+"/keyring/default"); #do this before using auth if(sys->bind("#D", "/n/ssl", Sys->MREPL) < 0){ sys->fprint(stderr, "Error: can't bind #D: %r\n"); exit; } if(argv == nil){ sys->fprint(stderr, "Error: styxd: no algorithm list\n"); exit; } (fd, info_or_err) := auth->server(argv, ai, stdin); if(fd == nil ){ sys->fprint(stderr, "Error: styxd: %s\n", info_or_err); exit; } sys->pctl(sys->FORKNS, nil); if(sys->export(fd, sys->EXPASYNC) < 0) sys->fprint(stderr, "Error: styxd: file export %r\n");