We need to do something about the use of sha1.
Change-Id: I80795609ccea1ac629cb7b9d4a95040cc040d76a
Signed-off-by: Ronald G. Minnich <rminn...@gmail.com>
---
kern/drivers/dev/Kbuild | 1 +
kern/drivers/dev/capability.c | 155 ++++++++++++++++++++----------------------
kern/include/env.h | 2 +-
kern/include/ns.h | 2 +-
4 files changed, 77 insertions(+), 83 deletions(-)
diff --git a/kern/drivers/dev/Kbuild b/kern/drivers/dev/Kbuild
index 183bddd..9ea2b05 100644
--- a/kern/drivers/dev/Kbuild
+++ b/kern/drivers/dev/Kbuild
@@ -1,5 +1,6 @@
obj-y += acpi.o
obj-y += alarm.o
+obj-y += capability.o
obj-y += coreboot.o
obj-y += cons.o
obj-y += ether.o
diff --git a/kern/drivers/dev/capability.c b/kern/drivers/dev/capability.c
index 9bd487c..bb4fcdf 100644
--- a/kern/drivers/dev/capability.c
+++ b/kern/drivers/dev/capability.c
@@ -21,22 +21,8 @@
#include <smp.h>
#include <ip.h>
-#include <vfs.h>
-#include <kfs.h>
-#include <slab.h>
-#include <kmalloc.h>
-#include <kref.h>
-#include <string.h>
-#include <stdio.h>
-#include <assert.h>
-#include <error.h>
-#include <cpio.h>
-#include <pmap.h>
-#include <smp.h>
-#include <ip.h>
-
enum {
- Hashlen = SHA1dlen,
+ Hashlen = 20, // SHA1dlen,
Maxhash = 256,
};
@@ -44,15 +30,14 @@ enum {
* if a process knows cap->cap, it can change user
* to capabilty->user.
*/
-typedef struct Caphash Caphash;
struct Caphash {
- Caphash *next;
+ struct Caphash *next;
char hash[Hashlen];
};
struct {
- qlock_t qlock_t qlock;
- Caphash *first;
+ qlock_t qlock;
+ struct Caphash *first;
int nhash;
} capalloc;
@@ -64,18 +49,19 @@ enum {
/* caphash must be last */
struct dirtab capdir[] = {
- ".", {Qdir, 0, QTDIR}, 0, DMDIR | 0500, "capuse", {Quse}, 0, 0222,
- "caphash", {Qhash}, 0, 0200,
+ {".", {Qdir, 0, QTDIR}, 0, DMDIR | 0500},
+ {"capuse", {Quse}, 0, 0222,},
+ {"caphash", {Qhash}, 0, 0200,},
};
int ncapdir = ARRAY_SIZE(capdir);
static struct chan *capattach(char *spec)
{
- return devattach(L'¤', spec);
+ return devattach("capability", spec);
}
static struct walkqid *capwalk(struct chan *c, struct chan *nc, char **name,
- int nname)
+ int nname)
{
return devwalk(c, nc, name, nname, capdir, ncapdir, devgen);
}
@@ -85,7 +71,7 @@ static void capremove(struct chan *c)
if (iseve() && c->qid.path == Qhash)
ncapdir = ARRAY_SIZE(capdir) - 1;
else
- error(Eperm);
+ error(EPERM, "Permission denied");
}
static int32_t capstat(struct chan *c, uint8_t *db, int32_t n)
@@ -99,8 +85,8 @@ static int32_t capstat(struct chan *c, uint8_t *db, int32_t n)
static struct chan *capopen(struct chan *c, int omode)
{
if (c->qid.type & QTDIR) {
- if (omode != OREAD)
- error(Ebadarg);
+ if (omode != O_RDONLY)
+ error(EISDIR, "Is a directory");
c->mode = omode;
c->flag |= COPEN;
c->offset = 0;
@@ -110,7 +96,7 @@ static struct chan *capopen(struct chan *c, int omode)
switch ((uint32_t)c->qid.path) {
case Qhash:
if (!iseve())
- error(Eperm);
+ error(EPERM, "Permission denied: only eve() can open
Qhash");
break;
}
@@ -121,24 +107,24 @@ static struct chan *capopen(struct chan *c, int omode)
}
/*
-static char*
-hashstr(uint8_t *hash)
+ static char*
+ hashstr(uint8_t *hash)
+ {
+ static char buf[2*Hashlen+1];
+ int i;
+
+ for(i = 0; i < Hashlen; i++)
+ sprint(buf+2*i, "%2.2x", hash[i]);
+ buf[2*Hashlen] = 0;
+ return buf;
+ }
+*/
+
+static struct Caphash *remcap(uint8_t *hash)
{
- static char buf[2*Hashlen+1];
- int i;
+ struct Caphash *t, **l;
- for(i = 0; i < Hashlen; i++)
- sprint(buf+2*i, "%2.2x", hash[i]);
- buf[2*Hashlen] = 0;
- return buf;
-}
- */
-
-static Caphash *remcap(uint8_t *hash)
-{
- Caphash *t, **l;
-
- qlock(&(&capalloc.QLock)->qlock);
+ qlock(&capalloc.qlock);
/* find the matching capability */
for (l = &capalloc.first; *l != NULL;) {
@@ -152,21 +138,21 @@ static Caphash *remcap(uint8_t *hash)
capalloc.nhash--;
*l = t->next;
}
- qunlock(&(&capalloc.QLock)->qlock);
-
+ qunlock(&capalloc.qlock);
+
return t;
}
/* add a capability, throwing out any old ones */
static void addcap(uint8_t *hash)
{
- Caphash *p, *t, **l;
+ struct Caphash *p, *t, **l;
p = kzmalloc(sizeof *p, 0);
memmove(p->hash, hash, Hashlen);
p->next = NULL;
- qlock(&(&capalloc.QLock)->qlock);
+ qlock(&capalloc.qlock);
/* trim extras */
while (capalloc.nhash >= Maxhash) {
@@ -184,41 +170,41 @@ static void addcap(uint8_t *hash)
*l = p;
capalloc.nhash++;
- qunlock(&(&capalloc.QLock)->qlock);
+ qunlock(&capalloc.qlock);
}
static void capclose(struct chan *c)
{
}
-static int32_t capread(struct chan *c, void *va, int32_t n, int64_t m)
+static long capread(struct chan *c, void *va, long n, int64_t m)
{
switch ((uint32_t)c->qid.path) {
case Qdir:
return devdirread(c, va, n, capdir, ncapdir, devgen);
default:
- error(Eperm);
+ error(EPERM, "Permission denied: can't read capability files");
break;
}
return n;
}
-static int32_t capwrite(struct chan *c, void *va, int32_t n, int64_t m)
+static long capwrite(struct chan *c, void *va, long n, int64_t m)
{
- Caphash *p;
+ struct Caphash *p;
char *cp;
uint8_t hash[Hashlen];
char *key, *from, *to;
char err[256];
- struct proc *up = externup();
+ ERRSTACK(1);
switch ((uint32_t)c->qid.path) {
case Qhash:
if (!iseve())
- error(Eperm);
+ error(EPERM, "permission denied: you must be eve");
if (n < Hashlen)
- error(Eshort);
+ error(EIO, "Short read: on Qhash");
memmove(hash, va, Hashlen);
addcap(hash);
break;
@@ -237,16 +223,17 @@ static int32_t capwrite(struct chan *c, void *va, int32_t
n, int64_t m)
from = cp;
key = strrchr(cp, '@');
if (key == NULL)
- error(Eshort);
+ error(EIO, "short read: Quse");
*key++ = 0;
- hmac_sha1((uint8_t *)from, strlen(from), (uint8_t *)key,
strlen(key),
- hash, NULL);
+ panic("No way to hash");
+ //hmac_sha1((uint8_t *)from, strlen(from), (uint8_t *)key,
strlen(key),
+ //hash, NULL);
p = remcap(hash);
if (p == NULL) {
snprintf(err, sizeof err, "invalid capability %s@%s",
from, key);
- error(err);
+ error(EINVAL, err);
}
/* if a from user is supplied, make sure it matches */
@@ -255,13 +242,18 @@ static int32_t capwrite(struct chan *c, void *va, int32_t
n, int64_t m)
to = from;
} else {
*to++ = 0;
+ panic("todo");
+ /*
if (strcmp(from, up->user) != 0)
- error("capability must match user");
+ error(EINVAL, "capability must match user");
+ */
}
/* set user id */
- kstrdup(&up->user, to);
- up->basepri = PriNormal;
+ panic("TODO: set user id");
+ kstrdup(¤t->user, to);
+ //up->basepri = PriNormal;
+
kfree(p);
kfree(cp);
@@ -269,28 +261,29 @@ static int32_t capwrite(struct chan *c, void *va, int32_t
n, int64_t m)
break;
default:
- error(Eperm);
+ error(EPERM, "permission denied: capwrite");
break;
}
return n;
}
-struct dev capdevtab = {.dc = L'¤',
- .name = "cap",
-
- .reset = devreset,
- .init = devinit,
- .shutdown = devshutdown,
- .attach = capattach,
- .walk = capwalk,
- .stat = capstat,
- .open = capopen,
- .create = devcreate,
- .close = capclose,
- .read = capread,
- .bread = devbread,
- .write = capwrite,
- .bwrite = devbwrite,
- .remove = capremove,
- .wstat = devwstat};
+struct dev capdevtab = {
+ .name = "capability",
+
+ .reset = devreset,
+ .init = devinit,
+ .shutdown = devshutdown,
+ .attach = capattach,
+ .walk = capwalk,
+ .stat = capstat,
+ .open = capopen,
+ .create = devcreate,
+ .close = capclose,
+ .read = capread,
+ .bread = devbread,
+ .write = capwrite,
+ .bwrite = devbwrite,
+ .remove = capremove,
+ .wstat = devwstat,
+};
diff --git a/kern/include/env.h b/kern/include/env.h
index 9dad848..dca5aee 100644
--- a/kern/include/env.h
+++ b/kern/include/env.h
@@ -33,7 +33,7 @@ struct proc {
TAILQ_ENTRY(proc) sibling_link;
spinlock_t proc_lock;
struct user_context scp_ctx; /* context for an SCP. TODO: move to
vc0 */
- char user[64]; /* user name */
+ char *user;
/* This is effectively a (potentially short) version of argv[0].
*/
diff --git a/kern/include/ns.h b/kern/include/ns.h
index 9566d1d..d3fa5e5 100644
--- a/kern/include/ns.h
+++ b/kern/include/ns.h
@@ -765,7 +765,7 @@ void kproc(char *unused_char_p_t, void (*)(void *), void *,
int);
void kprocchild(struct proc *, void (*)(void *), void *);
void (*kproftick) (uint32_t);
void ksetenv(char *unused_char_p_t, char *, int);
-void kstrdup(char **unused_char_pp_t, char *unused_char_p_t);
+void kstrdup(char **cp, char *name);
struct block *mem2bl(uint8_t * unused_uint8_p_t, int);
int memusehigh(void);
--
2.8.0.rc3.226.g39d4020
--
You received this message because you are subscribed to the Google Groups
"Akaros" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to akaros+unsubscr...@googlegroups.com.
To post to this group, send email to akaros@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
