From: Jacob Moody <moody@mail.posixcafe.org>
To: 9front@9front.org
Subject: [9front] [PATCH] libauthsrv, auth/wrkey: Disable p9sk1 login by default for hostowner
Date: Thu, 11 May 2023 17:50:26 -0600 [thread overview]
Message-ID: <59063513-556a-ed78-8382-4b858d03a076@posixcafe.org> (raw)
By default, auth/wrkey will put a p9sk1 key in to nvram. This will cause
the hostowner factotum (/srv/factotum) to load a p9sk1 key on startup.
For some context, factotum will only defer to authsrv if it doesn't
already have the information itself. This means that despite us
shipping with authsrv having p9sk1 disabled, cpu servers will still
allow logins via p9sk1 regardless for specifically hostowner.
; auth/factotum -n
; echo 'key proto=p9sk1 dom=9front user=glenda !password=...' >/mnt/factotum/ctl
; rcpu -h $myhost
Will login glenda using p9sk1 regardless of the authsrv -N invocation on the
auth server. This patch modifies auth/wrkey to zero the des key, with a flag
to preserve the old behavior. A zerod key will cause factotum to not insert
a p9sk1 key on startup, removing the ability to log in using it.
diff 91ae69be3306c807ae5bfa7d1b7ced8c239f9214 uncommitted
--- a//sys/include/authsrv.h
+++ b//sys/include/authsrv.h
@@ -175,6 +175,7 @@
NVwrite = 1<<0, /* always prompt and rewrite nvram */
NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */
NVwritemem = 1<<2, /* don't prompt, write nvram from argument */
+ NVwritedes = 1<<3, /* write des key for p9sk1 */
};
/* storage layout */
--- a//sys/man/8/auth
+++ b//sys/man/8/auth
@@ -30,6 +30,7 @@
.B auth/debug
.PP
.B auth/wrkey
+.RB [ -e ]
.PP
.B auth/login
[
@@ -228,7 +229,9 @@
.PP
.I Wrkey
prompts for a machine key, host owner, and host domain and stores them in
-local non-volatile RAM.
+local non-volatile RAM. By default only a dp9ik key is written, if
+.BR -e
+is provided a legacy p9sk1 key is also written.
.PP
.I Login
allows a user to change his authenticated id to
--- a//sys/src/cmd/auth/wrkey.c
+++ b//sys/src/cmd/auth/wrkey.c
@@ -3,11 +3,21 @@
#include <authsrv.h>
void
-main(void)
+main(int argc, char **argv)
{
Nvrsafe safe;
+ int flag;
- if(readnvram(&safe, NVwrite) < 0)
+ flag = NVwrite;
+ ARGBEGIN{
+ case 'e':
+ flag |= NVwritedes;
+ break;
+ default:
+ fprint(2, "usage: %s [-e]\n", argv0);
+ exits("usage");
+ }ARGEND;
+ if(readnvram(&safe, flag) < 0)
sysfatal("error writing nvram: %r");
exits(0);
}
--- a//sys/src/libauthsrv/readnvram.c
+++ b//sys/src/libauthsrv/readnvram.c
@@ -258,7 +258,10 @@
goto Out;
passtokey(&k, pass);
memset(pass, 0, sizeof pass);
- memmove(safe->machkey, k.des, DESKEYLEN);
+ if(flag&NVwritedes)
+ memmove(safe->machkey, k.des, DESKEYLEN);
+ else
+ memset(safe->machkey, 0, DESKEYLEN);
memmove(safe->aesmachkey, k.aes, AESKEYLEN);
memset(&k, 0, sizeof k);
}
reply other threads:[~2023-05-11 23:51 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=59063513-556a-ed78-8382-4b858d03a076@posixcafe.org \
--to=moody@mail.posixcafe.org \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).