cirno/plan9front
1
0
Fork 0
mirror of git://git.9front.org/plan9front/plan9front synced 2025-01-12 11:10:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gefs: only allow 'none' attach when previously authenticated

Browse source 
For each connection, remember if authentication
protocol ran successfully and only then, allow
attach as 'none' user.

This prevents anonymous remote mounts of none.

The 'none' user also shouldnt attach to the dump
file system.
This commit is contained in:
cinap_lenrek 2024-08-25 14:47:17 +00:00
parent 9645ae07eb
commit f384231c60
2 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sys/src/cmd/gefs/dat.h
View file

@ -659,6 +659,7 @@ struct Conn {
int wfd;
int iounit;
int versioned;
int authok;
/* fid hash table */
Lock fidtablk[Nfidtab];

9
sys/src/cmd/gefs/fs.c
View file

@ -1158,10 +1158,15 @@ fsattach(Fmsg *m)
putfid(af);
if(af->uid != uid)
error(Ebadu);
}else if(!fs->noauth && strcmp(m->uname, "none") != 0)
error(Ebadu);
m->conn->authok = 1; /* none attach allowed now */
}else if(!fs->noauth){
if(uid != noneid || !m->conn->authok)
error(Ebadu);
}
if(strcmp(m->aname, "dump") == 0){
if(uid == noneid)
error(Eperm);
memset(&d, 0, sizeof(d));
filldumpdir(&d);
}else{