changelog shortlog tags branches files raw gz bz2 help

Mercurial > hg > plan9front / changeset: cmd/ip/*: chown the network connection after authentication

changeset 7396: 8eff72134197
parent 7395: 4b1fae89dd27
child 7397: b16cb389c7ce
child 7398: 25f13023dc27
author: cinap_lenrek@felloff.net
date: Sat, 21 Sep 2019 23:36:44 +0200
files: sys/src/cmd/cpu.c sys/src/cmd/exportfs/exportfs.c sys/src/cmd/ip/cifsd/smb.c sys/src/cmd/ip/ftpd.c sys/src/cmd/ip/rexexec.c sys/src/cmd/ip/telnetd.c sys/src/cmd/tlssrv.c sys/src/cmd/upas/imap4d/auth.c sys/src/cmd/upas/pop3/pop3.c
description: cmd/ip/*: chown the network connection after authentication

for servers that handle incoming network connections and authentication,
change the owner of the network connection file to the authenticated user
after successfull authentication.

note that we set the permissions as well to 0660 because old devip used
to unconditionally set the bits.
     1.1--- a/sys/src/cmd/cpu.c
     1.2+++ b/sys/src/cmd/cpu.c
     1.3@@ -458,6 +458,19 @@ readln(char *buf, int n)
     1.4 }
     1.5 
     1.6 /*
     1.7+ *  chown network connection
     1.8+ */
     1.9+static void
    1.10+setnetuser(int fd, char *user)
    1.11+{
    1.12+	Dir nd;
    1.13+	nulldir(&nd);
    1.14+	nd.mode = 0660;
    1.15+	nd.uid = user;
    1.16+	dirfwstat(fd, &nd);
    1.17+}
    1.18+
    1.19+/*
    1.20  *  user level challenge/response
    1.21  */
    1.22 static int
    1.23@@ -517,6 +530,7 @@ netkeysrvauth(int fd, char *user)
    1.24 	writestr(fd, "", "challenge", 1);
    1.25 	if(auth_chuid(ai, 0) < 0)
    1.26 		fatal("newns: %r");
    1.27+	setnetuser(fd, ai->cuid);
    1.28 	auth_freeAI(ai);
    1.29 	return fd;
    1.30 }
    1.31@@ -628,6 +642,7 @@ srvp9auth(int fd, char *user)
    1.32 		return -1;
    1.33 	if(auth_chuid(ai, nil) < 0)
    1.34 		fatal("newns: %r");
    1.35+	setnetuser(fd, ai->cuid);
    1.36 	snprint(user, MaxStr, "%s", ai->cuid);
    1.37 	fd = sslsetup(fd, ai->secret, ai->nsecret, 0);
    1.38 	auth_freeAI(ai);
     2.1--- a/sys/src/cmd/exportfs/exportfs.c
     2.2+++ b/sys/src/cmd/exportfs/exportfs.c
     2.3@@ -187,6 +187,13 @@ main(int argc, char **argv)
     2.4 			fatal("exportfs by none disallowed");
     2.5 		if(auth_chuid(ai, nsfile) < 0)
     2.6 			fatal("auth_chuid: %r");
     2.7+		else {	/* chown network connection */
     2.8+			Dir nd;
     2.9+			nulldir(&nd);
    2.10+			nd.mode = 0660;
    2.11+			nd.uid = ai->cuid;
    2.12+			dirfwstat(0, &nd);
    2.13+		}
    2.14 		putenv("service", "exportfs");
    2.15 	}
    2.16 
     3.1--- a/sys/src/cmd/ip/cifsd/smb.c
     3.2+++ b/sys/src/cmd/ip/cifsd/smb.c
     3.3@@ -122,6 +122,13 @@ smbsessionsetupandx(Req *r, uchar *h, uc
     3.4 			}
     3.5 			if(auth_chuid(ai, nil) < 0)
     3.6 				logit("auth_chuid: %r");
     3.7+			else {	/* chown network connection */
     3.8+				Dir nd;
     3.9+				nulldir(&nd);
    3.10+				nd.mode = 0660;
    3.11+				nd.uid = ai->cuid;
    3.12+				dirfwstat(0, &nd);
    3.13+			}
    3.14 			auth_freeAI(ai);
    3.15 			auth_freechal(smbcs);
    3.16 			smbcs = nil;
     4.1--- a/sys/src/cmd/ip/ftpd.c
     4.2+++ b/sys/src/cmd/ip/ftpd.c
     4.3@@ -606,6 +606,7 @@ passcmd(char *response)
     4.4 {
     4.5 	char namefile[128];
     4.6 	AuthInfo *ai;
     4.7+	Dir nd;
     4.8 
     4.9 	if(response == nil)
    4.10 		response = "";
    4.11@@ -632,9 +633,17 @@ passcmd(char *response)
    4.12 		ch->nresp = strlen(response);
    4.13 		ai = auth_response(ch);
    4.14 		if(ai == nil || auth_chuid(ai, nil) < 0) {
    4.15+			auth_freeAI(ai);
    4.16 			slowdown();
    4.17 			return reply("530 Not logged in: %r");
    4.18 		}
    4.19+		/* chown network connection */
    4.20+		nulldir(&nd);
    4.21+		nd.mode = 0660;
    4.22+		nd.uid = ai->cuid;
    4.23+		dirfwstat(0, &nd);
    4.24+
    4.25+		auth_freeAI(ai);
    4.26 		auth_freechal(ch);
    4.27 		ch = nil;
    4.28 
     5.1--- a/sys/src/cmd/ip/rexexec.c
     5.2+++ b/sys/src/cmd/ip/rexexec.c
     5.3@@ -12,6 +12,7 @@ main(int argc, char **argv)
     5.4 	char buf[8192];
     5.5 	int n, nn;
     5.6 	AuthInfo *ai;
     5.7+	Dir nd;
     5.8 
     5.9 	ARGBEGIN{
    5.10 	}ARGEND;
    5.11@@ -24,6 +25,14 @@ main(int argc, char **argv)
    5.12 	if(auth_chuid(ai, nil) < 0)
    5.13 		sysfatal("auth_chuid: %r");
    5.14 
    5.15+	/* chown network connection */
    5.16+	nulldir(&nd);
    5.17+	nd.mode = 0660;
    5.18+	nd.uid = ai->cuid;
    5.19+	dirfwstat(0, &nd);
    5.20+
    5.21+	auth_freeAI(ai);
    5.22+
    5.23 	n = 0;
    5.24 	do {
    5.25 		nn = read(0, buf+n, 1);
     6.1--- a/sys/src/cmd/ip/telnetd.c
     6.2+++ b/sys/src/cmd/ip/telnetd.c
     6.3@@ -245,6 +245,7 @@ challuser(char *user)
     6.4 	char response[64];
     6.5 	Chalstate *ch;
     6.6 	AuthInfo *ai;
     6.7+	Dir nd;
     6.8 
     6.9 	if(strcmp(user, "none") == 0){
    6.10 		if(nonone)
    6.11@@ -260,13 +261,20 @@ challuser(char *user)
    6.12 	ch->nresp = strlen(response);
    6.13 	ai = auth_response(ch);
    6.14 	auth_freechal(ch);
    6.15-	if(ai == nil){
    6.16+	if(ai == nil || auth_chuid(ai, nil) < 0){
    6.17 		rerrstr(response, sizeof response);
    6.18 		print("!%s\n", response);
    6.19+
    6.20+		auth_freeAI(ai);
    6.21 		return -1;
    6.22 	}
    6.23-	if(auth_chuid(ai, nil) < 0)
    6.24-		return -1;
    6.25+	/* chown network connection */
    6.26+	nulldir(&nd);
    6.27+	nd.mode = 0660;
    6.28+	nd.uid = ai->cuid;
    6.29+	dirfwstat(0, &nd);
    6.30+
    6.31+	auth_freeAI(ai);
    6.32 	return 0;
    6.33 }
    6.34 /*
     7.1--- a/sys/src/cmd/tlssrv.c
     7.2+++ b/sys/src/cmd/tlssrv.c
     7.3@@ -84,9 +84,18 @@ main(int argc, char *argv[])
     7.4 		if(ai == nil)
     7.5 			sysfatal("auth_proxy: %r");
     7.6 
     7.7-		if(auth == 1)
     7.8-		if(auth_chuid(ai, nil) < 0)
     7.9-			sysfatal("auth_chuid: %r");
    7.10+		if(auth == 1){
    7.11+			Dir nd;
    7.12+
    7.13+			if(auth_chuid(ai, nil) < 0)
    7.14+				sysfatal("auth_chuid: %r");
    7.15+
    7.16+			/* chown network connection */
    7.17+			nulldir(&nd);
    7.18+			nd.mode = 0660;
    7.19+			nd.uid = ai->cuid;
    7.20+			dirfwstat(0, &nd);
    7.21+		}
    7.22 
    7.23 		conn->pskID = "p9secret";
    7.24 		conn->psk = ai->secret;
     8.1--- a/sys/src/cmd/upas/imap4d/auth.c
     8.2+++ b/sys/src/cmd/upas/imap4d/auth.c
     8.3@@ -63,9 +63,15 @@ setupuser(AuthInfo *ai)
     8.4 
     8.5 	if(ai){
     8.6 		strecpy(username, username + sizeof username, ai->cuid);
     8.7-
     8.8-		if(auth_chuid(ai, nil) == -1)
     8.9+		if(auth_chuid(ai, nil) < 0)
    8.10 			bye("user auth failed: %r");
    8.11+		else {	/* chown network connection */
    8.12+			Dir nd;
    8.13+			nulldir(&nd);
    8.14+			nd.mode = 0660;
    8.15+			nd.uid = ai->cuid;
    8.16+			dirfwstat(Bfildes(&bin), &nd);
    8.17+		}
    8.18 		auth_freeAI(ai);
    8.19 	}else
    8.20 		strecpy(username, username + sizeof username, getuser());
     9.1--- a/sys/src/cmd/upas/pop3/pop3.c
     9.2+++ b/sys/src/cmd/upas/pop3/pop3.c
     9.3@@ -768,6 +768,12 @@ dologin(char *response)
     9.4 	if(auth_chuid(ai, nil) < 0){
     9.5 		senderr("chuid failed: %r; server exiting");
     9.6 		exits(nil);
     9.7+	} else {	/* chown network connection */
     9.8+		Dir nd;
     9.9+		nulldir(&nd);
    9.10+		nd.mode = 0660;
    9.11+		nd.uid = ai->cuid;
    9.12+		dirfwstat(Bfildes(&in), &nd);
    9.13 	}
    9.14 	auth_freeAI(ai);
    9.15 	auth_freechal(chs);