We need to do something about the use of sha1. Change-Id: I80795609ccea1ac629cb7b9d4a95040cc040d76a Signed-off-by: Ronald G. Minnich <rminn...@gmail.com> --- kern/drivers/dev/Kbuild | 1 + kern/drivers/dev/capability.c | 155 ++++++++++++++++++++---------------------- kern/include/env.h | 2 +- kern/include/ns.h | 2 +- 4 files changed, 77 insertions(+), 83 deletions(-)
diff --git a/kern/drivers/dev/Kbuild b/kern/drivers/dev/Kbuild index 183bddd..9ea2b05 100644 --- a/kern/drivers/dev/Kbuild +++ b/kern/drivers/dev/Kbuild @@ -1,5 +1,6 @@ obj-y += acpi.o obj-y += alarm.o +obj-y += capability.o obj-y += coreboot.o obj-y += cons.o obj-y += ether.o diff --git a/kern/drivers/dev/capability.c b/kern/drivers/dev/capability.c index 9bd487c..bb4fcdf 100644 --- a/kern/drivers/dev/capability.c +++ b/kern/drivers/dev/capability.c @@ -21,22 +21,8 @@ #include <smp.h> #include <ip.h> -#include <vfs.h> -#include <kfs.h> -#include <slab.h> -#include <kmalloc.h> -#include <kref.h> -#include <string.h> -#include <stdio.h> -#include <assert.h> -#include <error.h> -#include <cpio.h> -#include <pmap.h> -#include <smp.h> -#include <ip.h> - enum { - Hashlen = SHA1dlen, + Hashlen = 20, // SHA1dlen, Maxhash = 256, }; @@ -44,15 +30,14 @@ enum { * if a process knows cap->cap, it can change user * to capabilty->user. */ -typedef struct Caphash Caphash; struct Caphash { - Caphash *next; + struct Caphash *next; char hash[Hashlen]; }; struct { - qlock_t qlock_t qlock; - Caphash *first; + qlock_t qlock; + struct Caphash *first; int nhash; } capalloc; @@ -64,18 +49,19 @@ enum { /* caphash must be last */ struct dirtab capdir[] = { - ".", {Qdir, 0, QTDIR}, 0, DMDIR | 0500, "capuse", {Quse}, 0, 0222, - "caphash", {Qhash}, 0, 0200, + {".", {Qdir, 0, QTDIR}, 0, DMDIR | 0500}, + {"capuse", {Quse}, 0, 0222,}, + {"caphash", {Qhash}, 0, 0200,}, }; int ncapdir = ARRAY_SIZE(capdir); static struct chan *capattach(char *spec) { - return devattach(L'¤', spec); + return devattach("capability", spec); } static struct walkqid *capwalk(struct chan *c, struct chan *nc, char **name, - int nname) + int nname) { return devwalk(c, nc, name, nname, capdir, ncapdir, devgen); } @@ -85,7 +71,7 @@ static void capremove(struct chan *c) if (iseve() && c->qid.path == Qhash) ncapdir = ARRAY_SIZE(capdir) - 1; else - error(Eperm); + error(EPERM, "Permission denied"); } static int32_t capstat(struct chan *c, uint8_t *db, int32_t n) @@ -99,8 +85,8 @@ static int32_t capstat(struct chan *c, uint8_t *db, int32_t n) static struct chan *capopen(struct chan *c, int omode) { if (c->qid.type & QTDIR) { - if (omode != OREAD) - error(Ebadarg); + if (omode != O_RDONLY) + error(EISDIR, "Is a directory"); c->mode = omode; c->flag |= COPEN; c->offset = 0; @@ -110,7 +96,7 @@ static struct chan *capopen(struct chan *c, int omode) switch ((uint32_t)c->qid.path) { case Qhash: if (!iseve()) - error(Eperm); + error(EPERM, "Permission denied: only eve() can open Qhash"); break; } @@ -121,24 +107,24 @@ static struct chan *capopen(struct chan *c, int omode) } /* -static char* -hashstr(uint8_t *hash) + static char* + hashstr(uint8_t *hash) + { + static char buf[2*Hashlen+1]; + int i; + + for(i = 0; i < Hashlen; i++) + sprint(buf+2*i, "%2.2x", hash[i]); + buf[2*Hashlen] = 0; + return buf; + } +*/ + +static struct Caphash *remcap(uint8_t *hash) { - static char buf[2*Hashlen+1]; - int i; + struct Caphash *t, **l; - for(i = 0; i < Hashlen; i++) - sprint(buf+2*i, "%2.2x", hash[i]); - buf[2*Hashlen] = 0; - return buf; -} - */ - -static Caphash *remcap(uint8_t *hash) -{ - Caphash *t, **l; - - qlock(&(&capalloc.QLock)->qlock); + qlock(&capalloc.qlock); /* find the matching capability */ for (l = &capalloc.first; *l != NULL;) { @@ -152,21 +138,21 @@ static Caphash *remcap(uint8_t *hash) capalloc.nhash--; *l = t->next; } - qunlock(&(&capalloc.QLock)->qlock); - + qunlock(&capalloc.qlock); + return t; } /* add a capability, throwing out any old ones */ static void addcap(uint8_t *hash) { - Caphash *p, *t, **l; + struct Caphash *p, *t, **l; p = kzmalloc(sizeof *p, 0); memmove(p->hash, hash, Hashlen); p->next = NULL; - qlock(&(&capalloc.QLock)->qlock); + qlock(&capalloc.qlock); /* trim extras */ while (capalloc.nhash >= Maxhash) { @@ -184,41 +170,41 @@ static void addcap(uint8_t *hash) *l = p; capalloc.nhash++; - qunlock(&(&capalloc.QLock)->qlock); + qunlock(&capalloc.qlock); } static void capclose(struct chan *c) { } -static int32_t capread(struct chan *c, void *va, int32_t n, int64_t m) +static long capread(struct chan *c, void *va, long n, int64_t m) { switch ((uint32_t)c->qid.path) { case Qdir: return devdirread(c, va, n, capdir, ncapdir, devgen); default: - error(Eperm); + error(EPERM, "Permission denied: can't read capability files"); break; } return n; } -static int32_t capwrite(struct chan *c, void *va, int32_t n, int64_t m) +static long capwrite(struct chan *c, void *va, long n, int64_t m) { - Caphash *p; + struct Caphash *p; char *cp; uint8_t hash[Hashlen]; char *key, *from, *to; char err[256]; - struct proc *up = externup(); + ERRSTACK(1); switch ((uint32_t)c->qid.path) { case Qhash: if (!iseve()) - error(Eperm); + error(EPERM, "permission denied: you must be eve"); if (n < Hashlen) - error(Eshort); + error(EIO, "Short read: on Qhash"); memmove(hash, va, Hashlen); addcap(hash); break; @@ -237,16 +223,17 @@ static int32_t capwrite(struct chan *c, void *va, int32_t n, int64_t m) from = cp; key = strrchr(cp, '@'); if (key == NULL) - error(Eshort); + error(EIO, "short read: Quse"); *key++ = 0; - hmac_sha1((uint8_t *)from, strlen(from), (uint8_t *)key, strlen(key), - hash, NULL); + panic("No way to hash"); + //hmac_sha1((uint8_t *)from, strlen(from), (uint8_t *)key, strlen(key), + //hash, NULL); p = remcap(hash); if (p == NULL) { snprintf(err, sizeof err, "invalid capability %s@%s", from, key); - error(err); + error(EINVAL, err); } /* if a from user is supplied, make sure it matches */ @@ -255,13 +242,18 @@ static int32_t capwrite(struct chan *c, void *va, int32_t n, int64_t m) to = from; } else { *to++ = 0; + panic("todo"); + /* if (strcmp(from, up->user) != 0) - error("capability must match user"); + error(EINVAL, "capability must match user"); + */ } /* set user id */ - kstrdup(&up->user, to); - up->basepri = PriNormal; + panic("TODO: set user id"); + kstrdup(¤t->user, to); + //up->basepri = PriNormal; + kfree(p); kfree(cp); @@ -269,28 +261,29 @@ static int32_t capwrite(struct chan *c, void *va, int32_t n, int64_t m) break; default: - error(Eperm); + error(EPERM, "permission denied: capwrite"); break; } return n; } -struct dev capdevtab = {.dc = L'¤', - .name = "cap", - - .reset = devreset, - .init = devinit, - .shutdown = devshutdown, - .attach = capattach, - .walk = capwalk, - .stat = capstat, - .open = capopen, - .create = devcreate, - .close = capclose, - .read = capread, - .bread = devbread, - .write = capwrite, - .bwrite = devbwrite, - .remove = capremove, - .wstat = devwstat}; +struct dev capdevtab = { + .name = "capability", + + .reset = devreset, + .init = devinit, + .shutdown = devshutdown, + .attach = capattach, + .walk = capwalk, + .stat = capstat, + .open = capopen, + .create = devcreate, + .close = capclose, + .read = capread, + .bread = devbread, + .write = capwrite, + .bwrite = devbwrite, + .remove = capremove, + .wstat = devwstat, +}; diff --git a/kern/include/env.h b/kern/include/env.h index 9dad848..dca5aee 100644 --- a/kern/include/env.h +++ b/kern/include/env.h @@ -33,7 +33,7 @@ struct proc { TAILQ_ENTRY(proc) sibling_link; spinlock_t proc_lock; struct user_context scp_ctx; /* context for an SCP. TODO: move to vc0 */ - char user[64]; /* user name */ + char *user; /* This is effectively a (potentially short) version of argv[0]. */ diff --git a/kern/include/ns.h b/kern/include/ns.h index 9566d1d..d3fa5e5 100644 --- a/kern/include/ns.h +++ b/kern/include/ns.h @@ -765,7 +765,7 @@ void kproc(char *unused_char_p_t, void (*)(void *), void *, int); void kprocchild(struct proc *, void (*)(void *), void *); void (*kproftick) (uint32_t); void ksetenv(char *unused_char_p_t, char *, int); -void kstrdup(char **unused_char_pp_t, char *unused_char_p_t); +void kstrdup(char **cp, char *name); struct block *mem2bl(uint8_t * unused_uint8_p_t, int); int memusehigh(void); -- 2.8.0.rc3.226.g39d4020 -- You received this message because you are subscribed to the Google Groups "Akaros" group. To unsubscribe from this group and stop receiving emails from it, send an email to akaros+unsubscr...@googlegroups.com. To post to this group, send email to akaros@googlegroups.com. For more options, visit https://groups.google.com/d/optout.