Skip to content

factotum: add dp9ik / modern 9front auth support#770

Open
kiljoy001 wants to merge 2 commits into9fans:masterfrom
kiljoy001:dp9ik-factotum
Open

factotum: add dp9ik / modern 9front auth support#770
kiljoy001 wants to merge 2 commits into9fans:masterfrom
kiljoy001:dp9ik-factotum

Conversation

@kiljoy001
Copy link
Copy Markdown

@kiljoy001 kiljoy001 commented Apr 25, 2026

This ports modern 9front-style shared-key authentication into plan9port factotum.

What this changes

  • adds dp9ik support to factotum
  • ports the modern AuthPAK and form1 authsrv handling needed for dp9ik
  • updates p9any to advertise and prefer dp9ik when available while preserving p9sk1 fallback
  • updates the authsrv helper layer and message handling for larger modern ticket/authenticator formats
  • adds low-level regression coverage for the imported auth primitives and wire formats
  • adds a live factotum regression path for direct dp9ik, direct p9sk1, and p9any negotiation
  • updates factotum(4) to document dp9ik, p9any preference, and secret sizes

This is intended to restore interoperability between plan9port and modern 9front auth servers while keeping legacy p9sk1 behavior working.

Implementation notes

Parts of the protocol logic and supporting C code were adapted from the 9front and drawterm auth implementations.

Testing

  • PLAN9=/home/scott/Repo/plan9port mk dp9iktest && ./o.dp9iktest in src/libauthsrv
  • PLAN9=/home/scott/Repo/plan9port mk install in src/libauthsrv
  • PLAN9=/home/scott/Repo/plan9port mk install in src/cmd/auth/factotum
  • live regression against a real 9front auth server with src/cmd/auth/factotum/dp9iklive.sh
  • confirmed end-to-end by authenticating through the upgraded factotum and writing successfully through a mounted service

Live results:

  • direct dp9ik: ok secret=256
  • p9any with dp9ik: ok secret=256
  • direct p9sk1: ok secret=8
  • p9any with both keys present prefers dp9ik: ok secret=256
  • p9any with only p9sk1 falls back correctly: ok secret=8

@kiljoy001
factotum: add dp9ik / modern 9front auth support
7f03429 
Port modern 9front-style shared-key authentication into plan9port factotum.

This adds dp9ik support, modern AuthPAK and form1 authsrv handling,
updates p9any to negotiate dp9ik when available while preserving p9sk1
compatibility, and imports the supporting libauthsrv/libsec/libmp pieces
needed for the newer protocol.

The change also adds low-level auth regression coverage plus a live
factotum regression path that verifies direct dp9ik, direct p9sk1, and
p9any negotiation against a real 9front auth server.

Parts of the protocol logic and support code are adapted from 9front and
drawterm auth implementations.
@kiljoy001
Merge branch 'master' into dp9ik-factotum
57fe047
@kiljoy001 kiljoy001 marked this pull request as ready for review April 26, 2026 06:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kiljoy001