shithub: front

Info  •  Files  •  Log  •  Branches

lib9p: verify uname against returned AuthInfo from factotum (thanks humm)

Before this it was possible to Tauth and Tattach with one
user name and then authenticate with factotum using a different
user name. To fix this we now ensure that the uname matches the returned
cuid from AuthInfo.

This security bug is still pending a cute mascot and theme song.

--- a/sys/src/lib9p/auth.c

+++ b/sys/src/lib9p/auth.c

@@ -76,6 +76,11 @@

 		ai = auth_getinfo(afid->rpc);

 		if(ai == nil)

 			return -1;

+		if(strcmp(afid->uname, ai->cuid) != 0){

+			auth_freeAI(ai);

+			werrstr("auth uname mismatch");

+			return -1;

+		}

 		auth_freeAI(ai);

 		if(chatty9p)

 			fprint(2, "authenticate %s/%s: ok\n", afid->uname, afid->aname);

@@ -173,13 +178,6 @@

 		return -1;

 	}

-	if(!afid->authok){

-		if(_authread(afid, buf, 0) < 0){

-			responderror(r);

-			return -1;

-		}

-	}

-	

 	if(strcmp(afid->uname, r->ifcall.uname) != 0){

 		snprint(buf, sizeof buf, "auth uname mismatch: %s vs %s", 

 			afid->uname, r->ifcall.uname);

@@ -192,6 +190,13 @@

 			afid->aname, r->ifcall.aname);

 		respond(r, buf);

 		return -1;

+	}

+

+	if(!afid->authok){

+		if(_authread(afid, buf, 0) < 0){

+			responderror(r);

+			return -1;

+		}

 	}

 	return 0;

 }

-- 

⑨