cmd/ip/*: chown the network connection after authentication
for servers that handle incoming network connections and authentication, change the owner of the network connection file to the authenticated user after successfull authentication. note that we set the permissions as well to 0660 because old devip used to unconditionally set the bits.
This commit is contained in:
cinap_lenrek
parent
5993760e14
commit
71a1d11a81
9 changed files with 84 additions and 8 deletions
|
|
@ -457,6 +457,19 @@ readln(char *buf, int n)
|
|||
return p-buf;
|
||||
}
|
||||
|
||||
/*
|
||||
* chown network connection
|
||||
*/
|
||||
static void
|
||||
setnetuser(int fd, char *user)
|
||||
{
|
||||
Dir nd;
|
||||
nulldir(&nd);
|
||||
nd.mode = 0660;
|
||||
nd.uid = user;
|
||||
dirfwstat(fd, &nd);
|
||||
}
|
||||
|
||||
/*
|
||||
* user level challenge/response
|
||||
*/
|
||||
|
|
@ -517,6 +530,7 @@ netkeysrvauth(int fd, char *user)
|
|||
writestr(fd, "", "challenge", 1);
|
||||
if(auth_chuid(ai, 0) < 0)
|
||||
fatal("newns: %r");
|
||||
setnetuser(fd, ai->cuid);
|
||||
auth_freeAI(ai);
|
||||
return fd;
|
||||
}
|
||||
|
|
@ -628,6 +642,7 @@ srvp9auth(int fd, char *user)
|
|||
return -1;
|
||||
if(auth_chuid(ai, nil) < 0)
|
||||
fatal("newns: %r");
|
||||
setnetuser(fd, ai->cuid);
|
||||
snprint(user, MaxStr, "%s", ai->cuid);
|
||||
fd = sslsetup(fd, ai->secret, ai->nsecret, 0);
|
||||
auth_freeAI(ai);
|
||||
|
|
|
|||
|
|
@ -187,6 +187,13 @@ main(int argc, char **argv)
|
|||
fatal("exportfs by none disallowed");
|
||||
if(auth_chuid(ai, nsfile) < 0)
|
||||
fatal("auth_chuid: %r");
|
||||
else { /* chown network connection */
|
||||
Dir nd;
|
||||
nulldir(&nd);
|
||||
nd.mode = 0660;
|
||||
nd.uid = ai->cuid;
|
||||
dirfwstat(0, &nd);
|
||||
}
|
||||
putenv("service", "exportfs");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -122,6 +122,13 @@ smbsessionsetupandx(Req *r, uchar *h, uchar *p, uchar *e)
|
|||
}
|
||||
if(auth_chuid(ai, nil) < 0)
|
||||
logit("auth_chuid: %r");
|
||||
else { /* chown network connection */
|
||||
Dir nd;
|
||||
nulldir(&nd);
|
||||
nd.mode = 0660;
|
||||
nd.uid = ai->cuid;
|
||||
dirfwstat(0, &nd);
|
||||
}
|
||||
auth_freeAI(ai);
|
||||
auth_freechal(smbcs);
|
||||
smbcs = nil;
|
||||
|
|
|
|||
|
|
@ -606,6 +606,7 @@ passcmd(char *response)
|
|||
{
|
||||
char namefile[128];
|
||||
AuthInfo *ai;
|
||||
Dir nd;
|
||||
|
||||
if(response == nil)
|
||||
response = "";
|
||||
|
|
@ -632,9 +633,17 @@ passcmd(char *response)
|
|||
ch->nresp = strlen(response);
|
||||
ai = auth_response(ch);
|
||||
if(ai == nil || auth_chuid(ai, nil) < 0) {
|
||||
auth_freeAI(ai);
|
||||
slowdown();
|
||||
return reply("530 Not logged in: %r");
|
||||
}
|
||||
/* chown network connection */
|
||||
nulldir(&nd);
|
||||
nd.mode = 0660;
|
||||
nd.uid = ai->cuid;
|
||||
dirfwstat(0, &nd);
|
||||
|
||||
auth_freeAI(ai);
|
||||
auth_freechal(ch);
|
||||
ch = nil;
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ main(int argc, char **argv)
|
|||
char buf[8192];
|
||||
int n, nn;
|
||||
AuthInfo *ai;
|
||||
Dir nd;
|
||||
|
||||
ARGBEGIN{
|
||||
}ARGEND;
|
||||
|
|
@ -24,6 +25,14 @@ main(int argc, char **argv)
|
|||
if(auth_chuid(ai, nil) < 0)
|
||||
sysfatal("auth_chuid: %r");
|
||||
|
||||
/* chown network connection */
|
||||
nulldir(&nd);
|
||||
nd.mode = 0660;
|
||||
nd.uid = ai->cuid;
|
||||
dirfwstat(0, &nd);
|
||||
|
||||
auth_freeAI(ai);
|
||||
|
||||
n = 0;
|
||||
do {
|
||||
nn = read(0, buf+n, 1);
|
||||
|
|
|
|||
|
|
@ -245,6 +245,7 @@ challuser(char *user)
|
|||
char response[64];
|
||||
Chalstate *ch;
|
||||
AuthInfo *ai;
|
||||
Dir nd;
|
||||
|
||||
if(strcmp(user, "none") == 0){
|
||||
if(nonone)
|
||||
|
|
@ -260,13 +261,20 @@ challuser(char *user)
|
|||
ch->nresp = strlen(response);
|
||||
ai = auth_response(ch);
|
||||
auth_freechal(ch);
|
||||
if(ai == nil){
|
||||
if(ai == nil || auth_chuid(ai, nil) < 0){
|
||||
rerrstr(response, sizeof response);
|
||||
print("!%s\n", response);
|
||||
|
||||
auth_freeAI(ai);
|
||||
return -1;
|
||||
}
|
||||
if(auth_chuid(ai, nil) < 0)
|
||||
return -1;
|
||||
/* chown network connection */
|
||||
nulldir(&nd);
|
||||
nd.mode = 0660;
|
||||
nd.uid = ai->cuid;
|
||||
dirfwstat(0, &nd);
|
||||
|
||||
auth_freeAI(ai);
|
||||
return 0;
|
||||
}
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -84,9 +84,18 @@ main(int argc, char *argv[])
|
|||
if(ai == nil)
|
||||
sysfatal("auth_proxy: %r");
|
||||
|
||||
if(auth == 1)
|
||||
if(auth_chuid(ai, nil) < 0)
|
||||
sysfatal("auth_chuid: %r");
|
||||
if(auth == 1){
|
||||
Dir nd;
|
||||
|
||||
if(auth_chuid(ai, nil) < 0)
|
||||
sysfatal("auth_chuid: %r");
|
||||
|
||||
/* chown network connection */
|
||||
nulldir(&nd);
|
||||
nd.mode = 0660;
|
||||
nd.uid = ai->cuid;
|
||||
dirfwstat(0, &nd);
|
||||
}
|
||||
|
||||
conn->pskID = "p9secret";
|
||||
conn->psk = ai->secret;
|
||||
|
|
|
|||
|
|
@ -63,9 +63,15 @@ setupuser(AuthInfo *ai)
|
|||
|
||||
if(ai){
|
||||
strecpy(username, username + sizeof username, ai->cuid);
|
||||
|
||||
if(auth_chuid(ai, nil) == -1)
|
||||
if(auth_chuid(ai, nil) < 0)
|
||||
bye("user auth failed: %r");
|
||||
else { /* chown network connection */
|
||||
Dir nd;
|
||||
nulldir(&nd);
|
||||
nd.mode = 0660;
|
||||
nd.uid = ai->cuid;
|
||||
dirfwstat(Bfildes(&bin), &nd);
|
||||
}
|
||||
auth_freeAI(ai);
|
||||
}else
|
||||
strecpy(username, username + sizeof username, getuser());
|
||||
|
|
|
|||
|
|
@ -768,6 +768,12 @@ dologin(char *response)
|
|||
if(auth_chuid(ai, nil) < 0){
|
||||
senderr("chuid failed: %r; server exiting");
|
||||
exits(nil);
|
||||
} else { /* chown network connection */
|
||||
Dir nd;
|
||||
nulldir(&nd);
|
||||
nd.mode = 0660;
|
||||
nd.uid = ai->cuid;
|
||||
dirfwstat(Bfildes(&in), &nd);
|
||||
}
|
||||
auth_freeAI(ai);
|
||||
auth_freechal(chs);
|
||||
|
|
|
|||
Loading…
Reference in a new issue