shithub: purgatorio

ref: 21947578303cdb0fcb4b0cdfe80aa9dab5f6b447
dir: /appl/cmd/auth/factotum/factotum.b/

View raw version
implement Factotum, Authio;

#
# Copyright © 2003-2004 Vita Nuova Holdings Limited
#

include "sys.m";
	sys: Sys;
	Rread, Rwrite: import Sys;

include "draw.m";

include "string.m";
	str: String;

include "keyring.m";

include "authio.m";

include "arg.m";

include "readdir.m";

Factotum: module
{
	init:	fn(nil: ref Draw->Context, nil: list of string);
};

#confirm, log

Files: adt {
	ctl:	ref Sys->FileIO;
	rpc:	ref Sys->FileIO;
	proto:	ref Sys->FileIO;
	needkey:	ref Sys->FileIO;
};

Debug: con 0;
debug := Debug;

files: Files;
authio: Authio;

keymanc: chan of (list of ref Attr, int, chan of (list of ref Key, string));

init(nil: ref Draw->Context, args: list of string)
{
	sys = load Sys Sys->PATH;
	str = load String String->PATH;
	authio = load Authio "$self";

	svcname := "#sfactotum";
	mntpt := "/mnt/factotum";
	arg := load Arg Arg->PATH;
	if(arg != nil){
		arg->init(args);
		arg->setusage("auth/factotum [-d] [-m /mnt/factotum] [-s factotum]");
		while((o := arg->opt()) != 0)
			case o {
			'd' =>	debug++;
			'm' =>	mntpt = arg->earg();
			's' =>		svcname = "#s"+arg->earg();
			* =>	arg->usage();
			}
		args = arg->argv();
		if(args != nil)
			arg->usage();
		arg = nil;
	}
	sys->unmount(nil, mntpt);
	if(sys->bind(svcname, mntpt, Sys->MREPL) < 0)
		err(sys->sprint("can't bind %s on %s: %r", svcname, mntpt));
	files.ctl = sys->file2chan(mntpt, "ctl");
	files.rpc = sys->file2chan(mntpt, "rpc");
	files.proto = sys->file2chan(mntpt, "proto");
	files.needkey = sys->file2chan(mntpt, "needkey");
	if(files.ctl == nil || files.rpc == nil || files.proto == nil || files.needkey == nil)
		err(sys->sprint("can't create %s/*: %r", mntpt));
	keymanc = chan of (list of ref Attr, int, chan of (list of ref Key, string));
	spawn factotumsrv();
}

user(): string
{
	fd := sys->open("/dev/user", Sys->OREAD);
	if(fd == nil)
		return nil;
	b := array[Sys->NAMEMAX] of byte;
	n := sys->read(fd, b, len b);
	if(n <= 0)
		return nil;
	return string b[0:n];
}

err(s: string)
{
	sys->fprint(sys->fildes(2), "factotum: %s\n", s);
	raise "fail:error";
}

rlist: list of ref Fid;

factotumsrv()
{
	sys->pctl(Sys->NEWPGRP|Sys->FORKFD|Sys->FORKENV, nil);
	if(debug == 0)
		privacy();
	allkeys := array[0] of ref Key;
	pidc := chan of int;
	donec := chan of ref Fid;
#	keyc := chan of (list of ref Attr, chan of (ref Key, string));
	needfid := -1;
	needed, needy: list of (int, list of ref Attr, chan of (list of ref Key, string));
	needread: Sys->Rread;
	needtag := 0;
	for(;;) X: alt{
	r := <-donec =>
		r.pid = 0;
		cleanfid(r.fid);

	(off, nbytes, nil, rc) := <-files.ctl.read =>
		if(rc == nil)
			break;
		s := "";
		for(i := 0; i < len allkeys; i++)
			if((k := allkeys[i]) != nil)
				s += k.safetext()+"\n";
		rc <-= reads(s, off, nbytes);
	(nil, data, nil, wc) := <-files.ctl.write =>
		if(wc == nil)
			break;
		(nf, flds) := sys->tokenize(string data, "\n\r");
		if(nf > 1){
			# compatibility with plan 9; has the advantage you can tell which key is wrong
			wc <-= (0, "multiline write not allowed");
			break;
		}
		if(flds == nil || (hd flds)[0] == '#'){
			wc <-= (len data, nil);
			break;
		}
		s := hd flds;
		for(i := 0; i < len s && s[i] != ' '; i++){
			# skip
		}
		verb := s[0:i];
		if(i < len s)
			i++;
		s = s[i:];
		case verb {
		"key" =>
			k := Key.mk(parseline(s));
			if(k == nil){
				wc <-= (len data, nil);	# ignore it
				break;
			}
			if(lookattrval(k.attrs, "proto") == nil){
				wc <-= (0, "key without proto");
				break;
			}
			allkeys = addkey(allkeys, k);
			wc <-= (len data, nil);
		"delkey" =>
			attrs := parseline(s);
			for(al := attrs; al != nil; al = tl al){
				a := hd al;
				if(a.name[0] == '!' && (a.val != nil || a.tag != Aquery)){
					wc <-= (0, "cannot specify values for private fields");
					break X;
				}
			}
			if(delkey(allkeys, attrs) == 0)
				wc <-= (0, "no matching keys");
			else
				wc <-= (len data, nil);
		"debug" =>
			wc <-= (len data, nil);
		* =>
			wc <-= (0, "unknown verb");
		}

	(nil, nbytes, fid, rc) := <-files.rpc.read =>
		if(rc == nil)
			break;
		r := findfid(fid);
		if(r == nil){
			rc <-= (nil, "no rpc pending");
			break;
		}
		alt{
		r.read <-= (nbytes, rc) =>
			;
		* =>
			rc <-= (nil, "concurrent rpc read not allowed");
		}
	(nil, data, fid, wc) := <-files.rpc.write =>
		if(wc == nil){
			cleanfid(fid);
			break;
		}
		r := findfid(fid);
		if(r == nil){
			r = ref Fid(fid, 0, nil, nil, chan[1] of (array of byte, Rwrite), chan[1] of (int, Rread), 0, nil);
			spawn request(r, pidc, donec);
			r.pid = <-pidc;
			rlist = r :: rlist;
		}
		# this non-blocking write avoids a potential deadlock situation that
		# can happen when a proto module calls findkey at the same time
		# a client tries to write to the rpc file. this might not be the correct fix!
		alt{
		r.write <-= (data, wc) =>
			;
		* =>
			wc <-= (-1, "concurrent rpc write not allowed");
		}

	(off, nbytes, nil, rc) := <-files.proto.read =>
		if(rc == nil)
			break;
		rc <-= reads(readprotos(), off, nbytes);
	(nil, nil, nil, wc) := <-files.proto.write =>
		if(wc != nil)
			wc <-= (0, "illegal operation");

	(nil, nil, fid, rc) := <-files.needkey.read =>
		if(rc == nil)
			break;
		if(needfid >= 0 && fid != needfid){
			rc <-= (nil, "file in use");
			break;
		}
		needfid = fid;
		if(needy != nil){
			(tag, attr, kc) := hd needy;
			needy = tl needy;
			needed = (tag, attr, kc) :: needed;
			rc <-= (sys->aprint("needkey tag=%ud %s", tag, attrtext(attr)), nil);
			break;
		}
		if(needread != nil){
			rc <-= (nil, "already reading");
			break;
		}
		needread = rc;
	(nil, data, fid, wc) := <-files.needkey.write =>
		if(wc == nil){
			if(needfid == fid){
				needfid = -1;	# TO DO? give needkey errors back to request
				needread = nil;
			}
			break;
		}
		if(needfid >= 0 && fid != needfid){
			wc <-= (0, "file in use");
			break;
		}
		needfid = fid;
		tagline := parseline(string data);
		if(len tagline != 1 || (t := lookattrval(tagline, "tag")) == nil){
			wc <-= (0, "no tag");
			break;
		}
		tag := int t;
		nl: list of (int, list of ref Attr, chan of (list of ref Key, string));
		found := 0;
		for(l := needed; l != nil; l = tl l){
			(ntag, attrs, kc) := hd l;
			if(tag == ntag){
				found = 1;
				k := findkey(allkeys, attrs);
				if(k != nil)
					kc <-= (k :: nil, nil);
				else
					kc <-= (nil, "needkey "+attrtext(attrs));
				while((l = tl l) != nil)
					nl = hd l :: nl;
				break;
			}
			nl = hd l :: nl;
		}
		if(found)
			wc <-= (len data, nil);
		else
			wc <-= (0, "tag not found");

	(attrs, required, kc) := <-keymanc =>
		# look for key and reply
		kl := findkeys(allkeys, attrs);
		if(kl != nil){
			kc <-= (kl, nil);
			break;
		}else if(!required || needfid == -1){
			kc <-= (nil, "needkey "+attrtext(attrs));
			break;
		}
		# query surrounding environment using needkey
		if(needread != nil){
			needed = (needtag, attrs, kc) :: needed;
			needread <-= (sys->aprint("needkey tag=%ud %s", needtag, attrtext(attrs)), nil);
			needread = nil;
			needtag++;
		}else
			needy = (needtag++, attrs, kc) :: needy;
	}
}

findfid(fid: int): ref Fid
{
	for(rl := rlist; rl != nil; rl = tl rl){
		r := hd rl;
		if(r.fid == fid)
			return r;
	}
	return nil;
}

cleanfid(fid: int)
{
	rl := rlist;
	rlist = nil;
	for(; rl != nil; rl = tl rl){
		r := hd rl;
		if(r.fid != fid)
			rlist = r :: rlist;
		else if(r.pid)
			kill(r.pid);
	}
}

kill(pid: int)
{
	fd := sys->open("/prog/"+string pid+"/ctl", Sys->OWRITE);
	if(fd != nil)
		sys->fprint(fd, "kill");
}

privacy()
{
	fd := sys->open("#p/"+string sys->pctl(0, nil)+"/ctl", Sys->OWRITE);
	if(fd == nil || sys->fprint(fd, "private") < 0)
		sys->fprint(sys->fildes(2), "factotum: warning: unable to make memory private: %r\n");
}

reads(str: string, off, nbytes: int): (array of byte, string)
{
	bstr := array of byte str;
	slen := len bstr;
	if(off < 0 || off >= slen)
		return (nil, nil);
	if(off + nbytes > slen)
		nbytes = slen - off;
	if(nbytes <= 0)
		return (nil, nil);
	return (bstr[off:off+nbytes], nil);
}

readprotos(): string
{
	readdir := load Readdir Readdir->PATH;
	if(readdir == nil)
		return "unknown\n";
	(dirs, nil) := readdir->init("/dis/auth/proto", Readdir->NAME|Readdir->COMPACT);
	s := "";
	for(i := 0; i < len dirs; i++){
		n := dirs[i].name;
		if(len n > 4 && n[len n-4:] == ".dis")
			s += n[0: len n-4]+"\n";
	}
	return s;
}

Ogok, Ostart, Oread, Owrite, Oauthinfo, Oattr: con iota;

ops := array[] of {
	(Ostart, "start"),
	(Oread, "read"),
	(Owrite, "write"),
	(Oauthinfo, "authinfo"),
	(Oattr, "attr"),
};

request(r: ref Fid, pidc: chan of int, donec: chan of ref Fid)
{
	pidc <-= sys->pctl(0, nil);
	rpc := rio(r);
	while(rpc != nil){
		if(rpc.cmd == Ostart){
			(proto, attrs, e) := startproto(string rpc.arg);
			if(e != nil){
				reply(rpc, "error "+e);
				rpc = rio(r);
				continue;
			}
			r.attrs = attrs;	# saved for attr request
			ok(rpc);
			io := ref IO(r, nil);
			{
				err := proto->interaction(attrs, io);
				if(debug && err != nil)
					sys->fprint(sys->fildes(2), "factotum: failure: %s\n", err);
				if(r.err == nil)
					r.err = err;
				r.done = 1;
			}exception ex{
			"*" =>
				r.done = 0;
				r.err = "exception "+ex;
			}
			if(r.err != nil)
				io.error(r.err);
			rpc = finish(r);
			r.attrs = nil;
			r.err = nil;
			r.done = 0;
			r.ai = nil;
		}else
			reply(rpc, "no current protocol");
	}
	flushreq(r, donec);
}

startproto(request: string): (Authproto, list of ref Attr, string)
{
	attrs := parseline(request);
	if(debug > 1)
		sys->print("-> %s <-\n", attrtext(attrs));
	p := lookattrval(attrs, "proto");
	if(p == nil)
		return (nil, nil, "did not specify protocol");
	if(debug > 1)
		sys->print("proto=%s\n", p);
	if(any(p, "./"))	# avoid unpleasantness
		return (nil, nil, "illegal protocol: "+p);
	proto := load Authproto "/dis/auth/proto/"+p+".dis";
	if(proto == nil)
		return (nil, nil, sys->sprint("protocol %s: %r", p));
	if(debug)
		sys->print("start %s\n", p);
	e: string;
	{
		e = proto->init(authio);
	}exception ex{
	"*" =>
		e = "exception "+ex;
	}
	if(e != nil)
		return (nil, nil, e);
	return (proto, attrs, nil);
}

finish(r: ref Fid): ref Rpc
{
	while((rpc := rio(r)) != nil)
		case rpc.cmd {
		Owrite =>
			phase(rpc, "protocol phase error");
		Oread =>
			if(r.err != nil)
				reply(rpc, "error "+r.err);
			else
				done(rpc, r.ai);
		Oauthinfo =>
			if(r.done){
				if(r.ai == nil)
					reply(rpc, "error no authinfo available");
				else{
					a := packai(r.ai);
					if(rpc.nbytes-3 < len a)
						reply(rpc, sys->sprint("toosmall %d", len a + 3));
					else
						okdata(rpc, a);
				}
			}else
				reply(rpc, "error authentication unfinished");
		Ostart =>
			return rpc;
		* =>
			reply(rpc, "error unexpected request");
		}
	return nil;
}

flushreq(r: ref Fid, donec: chan of ref Fid)
{
	for(;;) alt{
	donec <-= r =>
		exit;
	(nil, wc) := <-r.write =>
		wc <-= (0, "write rpc protocol error");
	(nil, rc) := <-r.read =>
		rc <-= (nil, "read rpc protocol error");
	}
}

rio(r: ref Fid): ref Rpc
{
	req: array of byte;
	for(;;) alt{
	(data, wc) := <-r.write =>
		if(req != nil){
			wc <-= (0, "rpc pending; read to clear");
			break;
		}
		req = data;
		wc <-= (len data, nil);

	(nbytes, rc) := <-r.read =>
		if(req == nil){
			rc <-= (nil, "no rpc pending");
			break;
		}
		(cmd, arg) := op(req, ops);
		req = nil;
		rpc := ref Rpc(r, cmd, arg, nbytes, rc);
		case cmd {
		Ogok =>
			reply(rpc, "error unknown rpc");
			break;
		Oattr =>
			if(r.attrs == nil)
				reply(rpc, "error no attributes");
			else
				reply(rpc, "ok "+attrtext(r.attrs));
			break;
		* =>
			return rpc;
		}
	}
}

ok(rpc: ref Rpc)
{
	reply(rpc, "ok");
}

okdata(rpc: ref Rpc, a: array of byte)
{
	b := array[len a + 3] of byte;
	b[0] = byte 'o';
	b[1] = byte 'k';
	b[2] = byte ' ';
	b[3:] = a;
	rpc.rc <-= (b, nil);
}

done(rpc: ref Rpc, ai: ref Authinfo)
{
	rpc.r.ai = ai;
	rpc.r.done = 1;
	if(ai != nil)
		reply(rpc, "done haveai");
	else
		reply(rpc, "done");
}

phase(rpc: ref Rpc, s: string)
{
	reply(rpc, "phase "+s);
}

needkey(rpc: ref Rpc, attrs: list of ref Attr)
{
	reply(rpc, "needkey "+attrtext(attrs));
}

reply(rpc: ref Rpc, s: string)
{
	rpc.rc <-= reads(s, 0, rpc.nbytes);
}

puta(a: array of byte, n: int, v: array of byte): int
{
	if(n < 0)
		return -1;
	c := len v;
	if(n+2+c > len a)
		return -1;
	a[n++] = byte c;
	a[n++] = byte (c>>8);
	a[n:] = v;
	return n + len v;
}

packai(ai: ref Authinfo): array of byte
{
	a := array[1024] of byte;
	i := puta(a, 0, array of byte ai.cuid);
	i = puta(a, i, array of byte ai.suid);
	i = puta(a, i, array of byte ai.cap);
	i = puta(a, i, ai.secret);
	if(i < 0)
		return nil;
	return a[0:i];
}

op(a: array of byte, ops: array of (int, string)): (int, array of byte)
{
	arg: array of byte;
	for(i := 0; i < len a; i++)
		if(a[i] == byte ' '){
			if(i+1 < len a)
				arg = a[i+1:];
			break;
		}
	s := string a[0:i];
	for(i = 0; i < len ops; i++){
		(cmd, name) := ops[i];
		if(s == name)
			return (cmd, arg);
	}
	return (Ogok, arg);
}

parseline(s: string): list of ref Attr
{
	fld := str->unquoted(s);
	rfld := fld;
	for(fld = nil; rfld != nil; rfld = tl rfld)
		fld = (hd rfld) :: fld;
	attrs: list of ref Attr;
	for(; fld != nil; fld = tl fld){
		n := hd fld;
		a := "";
		tag := Aattr;
		for(i:=0; i<len n; i++)
			if(n[i] == '='){
				a = n[i+1:];
				n = n[0:i];
				tag = Aval;
			}
		if(len n == 0)
			continue;
		if(tag == Aattr && len n > 1 && n[len n-1] == '?'){
			tag = Aquery;
			n = n[0:len n-1];
		}
		attrs = ref Attr(tag, n, a) :: attrs;
	}
	return attrs;
}

Attr.text(a: self ref Attr): string
{
	case a.tag {
	Aattr =>
		return a.name;
	Aval =>
		return a.name+"="+a.val;
	Aquery =>
		return a.name+"?";
	* =>
		return "??";
	}
}

attrtext(attrs: list of ref Attr): string
{
	s := "";
	sp := 0;
	for(; attrs != nil; attrs = tl attrs){
		if(sp)
			s[len s] = ' ';
		sp = 1;
		s += (hd attrs).text();
	}
	return s;
}

lookattr(attrs: list of ref Attr, n: string): ref Attr
{
	for(; attrs != nil; attrs = tl attrs)
		if((a := hd attrs).tag != Aquery && a.name == n)
			return a;
	return nil;
}

lookattrval(attrs: list of ref Attr, n: string): string
{
	if((a := lookattr(attrs, n)) != nil)
		return a.val;
	return nil;
}

anyattr(attrs: list of ref Attr, n: string): ref Attr
{
	for(; attrs != nil; attrs = tl attrs)
		if((a := hd attrs).name == n)
			return a;
	return nil;
}

reverse[T](l: list of T): list of T
{
	r: list of T;
	for(; l != nil; l = tl l)
		r = hd l :: r;
	return r;
}

setattrs(lv: list of ref Attr, rv: list of ref Attr): list of ref Attr
{
	# new attributes
	nl: list of ref Attr;
	for(rl := rv; rl != nil; rl = tl rl)
		if(anyattr(lv, (hd rl).name) == nil)
			nl = ref(*hd rl) :: nl;

	# new values
	for(; lv != nil; lv = tl lv){
		a := lookattr(rv, (hd lv).name);	# won't take queries
		if(a != nil)
			nl = ref *a :: nl;
	}

	return reverse(nl);
}

delattrs(lv: list of ref Attr, rv: list of ref Attr): list of ref Attr
{
	nl: list of ref Attr;
	for(; lv != nil; lv = tl lv)
		if(anyattr(rv, (hd lv).name) == nil)
			nl = hd lv :: nl;
	return reverse(nl);
}

ignored(s: string): int
{
	return s == "role" || s == "disabled";
}

matchattr(attrs: list of ref Attr, pat: ref Attr): int
{
	return (b := lookattr(attrs, pat.name)) != nil && (pat.tag == Aquery || b.val == pat.val) ||
			ignored(pat.name);
}

matchattrs(pub: list of ref Attr, secret: list of ref Attr, pats: list of ref Attr): int
{
	for(pl := pats; pl != nil; pl = tl pl)
		if(!matchattr(pub, hd pl) && !matchattr(secret, hd pl))
			return 0;
	return 1;
}

sortattrs(attrs: list of ref Attr): list of ref Attr
{
	a := array[len attrs] of ref Attr;
	i := 0;
	for(l := attrs; l != nil; l = tl l)
		a[i++] = hd l;
	shellsort(a);
	for(i = 0; i < len a; i++)
		l = a[i] :: l;
	return l;
}

# sort into decreasing order (we'll reverse the list)
shellsort(a: array of ref Attr)
{
	n := len a;
	for(gap := n; gap > 0; ) {
		gap /= 2;
		max := n-gap;
		ex: int;
		do{
			ex = 0;
			for(i := 0; i < max; i++) {
				j := i+gap;
				if(a[i].name > a[j].name || a[i].name == nil) {
					t := a[i]; a[i] = a[j]; a[j] = t;
					ex = 1;
				}
			}
		}while(ex);
	}
}

findkey(keys: array of ref Key, attrs: list of ref Attr): ref Key
{
	if(debug)
		sys->print("findkey %q\n", attrtext(attrs));
	for(i := 0; i < len keys; i++)
		if((k := keys[i]) != nil && matchattrs(k.attrs, k.secrets, attrs))
			return k;
	return nil;
}

findkeys(keys: array of ref Key, attrs: list of ref Attr): list of ref Key
{
	if(debug)
		sys->print("findkey %q\n", attrtext(attrs));
	kl: list of ref Key;
	for(i := 0; i < len keys; i++)
		if((k := keys[i]) != nil && matchattrs(k.attrs, k.secrets, attrs))
			kl = k :: kl;
	return reverse(kl);
}

delkey(keys: array of ref Key, attrs: list of ref Attr): int
{
	nk := 0;
	for(i := 0; i < len keys; i++)
		if((k := keys[i]) != nil)
			if(matchattrs(k.attrs, k.secrets, attrs)){
				nk++;
				keys[i] = nil;
			}
	return nk;
}

Key.mk(attrs: list of ref Attr): ref Key
{
	k := ref Key;
	for(; attrs != nil; attrs = tl attrs){
		a := hd attrs;
		if(a.name != nil){
			if(a.name[0] == '!')
				k.secrets = a :: k.secrets;
			else
				k.attrs = a :: k.attrs;
		}
	}
	if(k.attrs != nil || k.secrets != nil)
		return k;
	return nil;
}

addkey(keys: array of ref Key, k: ref Key): array of ref Key
{
	for(i := 0; i < len keys; i++)
		if(keys[i] == nil){
			keys[i] = k;
			return keys;
		}
	n := array[len keys+1] of ref Key;
	n[0:] = keys;
	n[len keys] = k;
	return n;
}

Key.text(k: self ref Key): string
{
	s := attrtext(k.attrs);
	if(s != nil && k.secrets != nil)
		s[len s] = ' ';
	return s + attrtext(k.secrets);
}

Key.safetext(k: self ref Key): string
{
	s := attrtext(sortattrs(k.attrs));
	sp := s != nil;
	for(sl := k.secrets; sl != nil; sl = tl sl){
		if(sp)
			s[len s] = ' ';
		s += sys->sprint("%s?", (hd sl).name);
	}
	return s;
}

any(s: string, t: string): int
{
	for(i := 0; i < len s; i++)
		for(j := 0; j < len t; j++)
			if(s[i] == t[j])
				return 1;
	return 0;
}

IO.findkey(io: self ref IO, attrs: list of ref Attr, extra: string): (ref Key, string)
{
	(kl, err) := io.findkeys(attrs, extra);
	if(kl != nil)
		return (hd kl, err);
	return (nil, err);
}

IO.findkeys(nil: self ref IO, attrs: list of ref Attr, extra: string): (list of ref Key, string)
{
	ea := parseline(extra);
	for(; ea != nil; ea = tl ea)
		attrs = hd ea :: attrs;
	kc := chan of (list of ref Key, string);
	keymanc <-= (attrs, 1, kc);	# TO DO: 1 => 0 for not needed
	return <-kc;
}

IO.needkey(nil: self ref IO, attrs: list of ref Attr, extra: string): (ref Key, string)
{
	ea := parseline(extra);
	for(; ea != nil; ea = tl ea)
		attrs = hd ea :: attrs;
	kc := chan of (list of ref Key, string);
	keymanc <-= (attrs, 1, kc);
	(kl, err) := <-kc;
	if(kl != nil)
		return (hd kl, err);
	return (nil, err);
}

IO.read(io: self ref IO): array of byte
{
	io.ok();
	while((rpc := rio(io.f)) != nil)
		case rpc.cmd {
		* =>
			phase(rpc, "protocol phase error");
		Oauthinfo =>
			reply(rpc, "error authentication unfinished");
		Owrite =>
			io.rpc = rpc;
			if(rpc.arg == nil)
				rpc.arg = array[0] of byte;
			return rpc.arg;
		}
	exit;
}

IO.readn(io: self ref IO, n: int): array of byte
{
	while((buf := io.read()) != nil && len buf < n)
		io.toosmall(n);
	return buf;
}

IO.write(io: self ref IO, buf: array of byte, n: int): int
{
	io.ok();
	while((rpc := rio(io.f)) != nil)
		case rpc.cmd {
		Oread =>
			if(rpc.nbytes-3 >= n){
				okdata(rpc, buf[0:n]);
				return n;
			}
			io.rpc = rpc;
			io.toosmall(n+3);
		Oauthinfo =>
			reply(rpc, "error authentication unfinished");
		* =>
			phase(rpc, "protocol phase error");
		}
	exit;
}

IO.rdwr(io: self ref IO): array of byte
{
	io.ok();
	while((rpc := rio(io.f)) != nil)
		case rpc.cmd {
		Oread =>
			io.rpc = rpc;
			if(rpc.nbytes >= 3)
				return nil;
			io.toosmall(128+3);		# make them read something
		Owrite =>
			io.rpc = rpc;
			if(rpc.arg == nil)
				rpc.arg = array[0] of byte;
			return rpc.arg;
		Oauthinfo =>
			reply(rpc, "error authentication unfinished");
		* =>
			phase(rpc, "protocol phase error");
		}
	exit;
}

IO.reply2read(io: self ref IO, buf: array of byte, n: int): int
{
	if(io.rpc == nil)
		return 0;
	rpc := io.rpc;
	if(rpc.cmd != Oread){
		io.rpc = nil;
		phase(rpc, "internal phase error");
		return 0;
	}
	if(rpc.nbytes-3 < n){
		io.toosmall(n+3);
		return 0;
	}
	io.rpc = nil;
	okdata(rpc, buf[0:n]);
	return 1;
}

IO.ok(io: self ref IO)
{
	if(io.rpc != nil){
		reply(io.rpc, "ok");
		io.rpc = nil;
	}
}

IO.toosmall(io: self ref IO, n: int)
{
	if(io.rpc != nil){
		reply(io.rpc, sys->sprint("toosmall %d", n));
		io.rpc = nil;
	}
}

IO.error(io: self ref IO, s: string)
{
	if(io.rpc != nil){
		io.rpc.rc <-= (nil, "error "+s);
		io.rpc = nil;
	}
}

IO.done(io: self ref IO, ai: ref Authinfo)
{
	io.f.ai = ai;
	io.ok();
	while((rpc := rio(io.f)) != nil)
		case rpc.cmd {
		Oread or Owrite =>
			done(rpc, ai);
			return;
		* =>
			phase(rpc, "protocol phase error");
		}
}

memrandom(a: array of byte, n: int)
{
	if(0){
		# speed up testing
		for(i := 0; i < len a; i++)
			a[i] = byte i;
		return;
	}
	fd := sys->open("/dev/notquiterandom", Sys->OREAD);
	if(fd == nil)
		err("can't open /dev/notquiterandom");
	if(sys->read(fd, a, n) != n)
		err("can't read /dev/notquiterandom");
}

eqbytes(a, b: array of byte): int
{
	if(len a != len b)
		return 0;
	for(i := 0; i < len a; i++)
		if(a[i] != b[i])
			return 0;
	return 1;
}

netmkaddr(addr, net, svc: string): string
{
	if(net == nil)
		net = "net";
	(n, nil) := sys->tokenize(addr, "!");
	if(n <= 1){
		if(svc== nil)
			return sys->sprint("%s!%s", net, addr);
		return sys->sprint("%s!%s!%s", net, addr, svc);
	}
	if(svc == nil || n > 2)
		return addr;
	return sys->sprint("%s!%s", addr, svc);
}