ref: 9645ae07eb66a59015e3e118d0024790c37400da
parent: a97ee572b943965f35d0e95ab90949f32843bbc6
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat Aug 24 19:47:19 EDT 2024
hjfs: implement "none" attaches properly The Tauth for "none" should always fail, but Tattach should only succeed when the channel ran a successfull authentication before. Also, prevent "none" from attaching "dump".
--- a/sys/src/cmd/hjfs/9p.c
+++ b/sys/src/cmd/hjfs/9p.c
@@ -11,7 +11,8 @@
static void
tauth(Req *req)
{- if((fsmain->flags & FSNOAUTH) != 0)
+ if((fsmain->flags & FSNOAUTH) != 0
+ || strcmp(req->ifcall.uname, "none") == 0)
respond(req, "no authentication required");
else if(*req->ifcall.aname == 0 || strcmp(req->ifcall.aname, "dump") == 0)
auth9p(req);
@@ -26,8 +27,18 @@
int flags;
short uid;
- if((fsmain->flags & FSNOAUTH) == 0 && authattach(req) < 0)
- return;
+ if((fsmain->flags & FSNOAUTH) == 0){+ if(strcmp(req->ifcall.uname, "none") == 0){+ if(!req->srv->authok){+ respond(req, "require prior authentication for 'none'");
+ return;
+ }
+ } else {+ if(authattach(req) < 0)
+ return;
+ req->srv->authok = 1; /* none attaches allowed now */
+ }
+ }
if(name2uid(fsmain, req->ifcall.uname, &uid) <= 0){respond(req, "no such user");
return;
@@ -34,9 +45,14 @@
}
if(*req->ifcall.aname == 0)
flags = 0;
- else if(strcmp(req->ifcall.aname, "dump") == 0)
+ else if(strcmp(req->ifcall.aname, "dump") == 0){+ if(uid == 0){+ /* dont give "none" access to dump */
+ respond(req, Eperm);
+ return;
+ }
flags = CHFDUMP|CHFRO;
- else{+ } else {respond(req, Ebadspec);
return;
}
--
⑨