shithub: riscv

Info  •  Files  •  Log  •  Branches

cmd/ip/*: chown the network connection after authentication

for servers that handle incoming network connections and authentication,
change the owner of the network connection file to the authenticated user
after successfull authentication.

note that we set the permissions as well to 0660 because old devip used
to unconditionally set the bits.

--- a/sys/src/cmd/cpu.c

+++ b/sys/src/cmd/cpu.c

@@ -458,6 +458,19 @@

 }

 /*

+ *  chown network connection

+ */

+static void

+setnetuser(int fd, char *user)

+{

+	Dir nd;

+	nulldir(&nd);

+	nd.mode = 0660;

+	nd.uid = user;

+	dirfwstat(fd, &nd);

+}

+

+/*

  *  user level challenge/response

  */

 static int

@@ -517,6 +530,7 @@

 	writestr(fd, "", "challenge", 1);

 	if(auth_chuid(ai, 0) < 0)

 		fatal("newns: %r");

+	setnetuser(fd, ai->cuid);

 	auth_freeAI(ai);

 	return fd;

 }

@@ -628,6 +642,7 @@

 		return -1;

 	if(auth_chuid(ai, nil) < 0)

 		fatal("newns: %r");

+	setnetuser(fd, ai->cuid);

 	snprint(user, MaxStr, "%s", ai->cuid);

 	fd = sslsetup(fd, ai->secret, ai->nsecret, 0);

 	auth_freeAI(ai);

--- a/sys/src/cmd/exportfs/exportfs.c

+++ b/sys/src/cmd/exportfs/exportfs.c

@@ -187,6 +187,13 @@

 			fatal("exportfs by none disallowed");

 		if(auth_chuid(ai, nsfile) < 0)

 			fatal("auth_chuid: %r");

+		else {	/* chown network connection */

+			Dir nd;

+			nulldir(&nd);

+			nd.mode = 0660;

+			nd.uid = ai->cuid;

+			dirfwstat(0, &nd);

+		}

 		putenv("service", "exportfs");

 	}

--- a/sys/src/cmd/ip/cifsd/smb.c

+++ b/sys/src/cmd/ip/cifsd/smb.c

@@ -122,6 +122,13 @@

 			}

 			if(auth_chuid(ai, nil) < 0)

 				logit("auth_chuid: %r");

+			else {	/* chown network connection */

+				Dir nd;

+				nulldir(&nd);

+				nd.mode = 0660;

+				nd.uid = ai->cuid;

+				dirfwstat(0, &nd);

+			}

 			auth_freeAI(ai);

 			auth_freechal(smbcs);

 			smbcs = nil;

--- a/sys/src/cmd/ip/ftpd.c

+++ b/sys/src/cmd/ip/ftpd.c

@@ -606,6 +606,7 @@

 {

 	char namefile[128];

 	AuthInfo *ai;

+	Dir nd;

 	if(response == nil)

 		response = "";

@@ -632,9 +633,17 @@

 		ch->nresp = strlen(response);

 		ai = auth_response(ch);

 		if(ai == nil || auth_chuid(ai, nil) < 0) {

+			auth_freeAI(ai);

 			slowdown();

 			return reply("530 Not logged in: %r");

 		}

+		/* chown network connection */

+		nulldir(&nd);

+		nd.mode = 0660;

+		nd.uid = ai->cuid;

+		dirfwstat(0, &nd);

+

+		auth_freeAI(ai);

 		auth_freechal(ch);

 		ch = nil;

--- a/sys/src/cmd/ip/rexexec.c

+++ b/sys/src/cmd/ip/rexexec.c

@@ -12,6 +12,7 @@

 	char buf[8192];

 	int n, nn;

 	AuthInfo *ai;

+	Dir nd;

 	ARGBEGIN{

 	}ARGEND;

@@ -23,6 +24,14 @@

 		sysfatal("rexexec by none disallowed");

 	if(auth_chuid(ai, nil) < 0)

 		sysfatal("auth_chuid: %r");

+

+	/* chown network connection */

+	nulldir(&nd);

+	nd.mode = 0660;

+	nd.uid = ai->cuid;

+	dirfwstat(0, &nd);

+

+	auth_freeAI(ai);

 	n = 0;

 	do {

--- a/sys/src/cmd/ip/telnetd.c

+++ b/sys/src/cmd/ip/telnetd.c

@@ -245,6 +245,7 @@

 	char response[64];

 	Chalstate *ch;

 	AuthInfo *ai;

+	Dir nd;

 	if(strcmp(user, "none") == 0){

 		if(nonone)

@@ -260,13 +261,20 @@

 	ch->nresp = strlen(response);

 	ai = auth_response(ch);

 	auth_freechal(ch);

-	if(ai == nil){

+	if(ai == nil || auth_chuid(ai, nil) < 0){

 		rerrstr(response, sizeof response);

 		print("!%s\n", response);

+

+		auth_freeAI(ai);

 		return -1;

 	}

-	if(auth_chuid(ai, nil) < 0)

-		return -1;

+	/* chown network connection */

+	nulldir(&nd);

+	nd.mode = 0660;

+	nd.uid = ai->cuid;

+	dirfwstat(0, &nd);

+

+	auth_freeAI(ai);

 	return 0;

 }

 /*

--- a/sys/src/cmd/tlssrv.c

+++ b/sys/src/cmd/tlssrv.c

@@ -84,9 +84,18 @@

 		if(ai == nil)

 			sysfatal("auth_proxy: %r");

-		if(auth == 1)

-		if(auth_chuid(ai, nil) < 0)

-			sysfatal("auth_chuid: %r");

+		if(auth == 1){

+			Dir nd;

+

+			if(auth_chuid(ai, nil) < 0)

+				sysfatal("auth_chuid: %r");

+

+			/* chown network connection */

+			nulldir(&nd);

+			nd.mode = 0660;

+			nd.uid = ai->cuid;

+			dirfwstat(0, &nd);

+		}

 		conn->pskID = "p9secret";

 		conn->psk = ai->secret;

--- a/sys/src/cmd/upas/imap4d/auth.c

+++ b/sys/src/cmd/upas/imap4d/auth.c

@@ -63,9 +63,15 @@

 	if(ai){

 		strecpy(username, username + sizeof username, ai->cuid);

-

-		if(auth_chuid(ai, nil) == -1)

+		if(auth_chuid(ai, nil) < 0)

 			bye("user auth failed: %r");

+		else {	/* chown network connection */

+			Dir nd;

+			nulldir(&nd);

+			nd.mode = 0660;

+			nd.uid = ai->cuid;

+			dirfwstat(Bfildes(&bin), &nd);

+		}

 		auth_freeAI(ai);

 	}else

 		strecpy(username, username + sizeof username, getuser());

--- a/sys/src/cmd/upas/pop3/pop3.c

+++ b/sys/src/cmd/upas/pop3/pop3.c

@@ -768,6 +768,12 @@

 	if(auth_chuid(ai, nil) < 0){

 		senderr("chuid failed: %r; server exiting");

 		exits(nil);

+	} else {	/* chown network connection */

+		Dir nd;

+		nulldir(&nd);

+		nd.mode = 0660;

+		nd.uid = ai->cuid;

+		dirfwstat(Bfildes(&in), &nd);

 	}

 	auth_freeAI(ai);

 	auth_freechal(chs);