cirno/plan9front
1
0
Fork 0
mirror of git://git.9front.org/plan9front/plan9front synced 2025-01-12 11:10:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

lib9p: verify uname against returned AuthInfo from factotum (thanks humm)

Browse source 
Before this it was possible to Tauth and Tattach with one
user name and then authenticate with factotum using a different
user name. To fix this we now ensure that the uname matches the returned
cuid from AuthInfo.

This security bug is still pending a cute mascot and theme song.
This commit is contained in:
Jacob Moody 2024-08-24 16:58:31 +00:00
parent b05c74e7cb
commit 07aa9bfeef
1 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
sys/src/lib9p/auth.c
View file

@ -76,6 +76,11 @@ _authread(Afid *afid, void *data, int count)
ai = auth_getinfo(afid->rpc);
if(ai == nil)
return -1;
if(strcmp(afid->uname, ai->cuid) != 0){
auth_freeAI(ai);
werrstr("auth uname mismatch");
return -1;
}
auth_freeAI(ai);
if(chatty9p)
fprint(2, "authenticate %s/%s: ok\n", afid->uname, afid->aname);
@ -173,13 +178,6 @@ authattach(Req *r)
return -1;
}
if(!afid->authok){
if(_authread(afid, buf, 0) < 0){
responderror(r);
return -1;
}
}
if(strcmp(afid->uname, r->ifcall.uname) != 0){
snprint(buf, sizeof buf, "auth uname mismatch: %s vs %s",
afid->uname, r->ifcall.uname);
@ -193,6 +191,13 @@ authattach(Req *r)
respond(r, buf);
return -1;
}
if(!afid->authok){
if(_authread(afid, buf, 0) < 0){
responderror(r);
return -1;
}
}
return 0;
}