From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: Date: Mon, 10 Oct 2011 17:01:31 +0300 Message-ID: From: Yaroslav To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [9fans] p9any auth in u9fs: uid value in ticked is ignored Topicbox-Message-UUID: 35b8d386-ead7-11e9-9d60-3106f5b1d025 devmnt always uses up->user for Tauth/Tattach no matter what an auth protocol would yield (/sys/src/9/port/devmnt.c:281). Stock 9P servers tolerate this and check Tattach.uname to match Tauth.uname but use t.cuid or t.suid as the true user identity (unless no auth required). Anyway, simply trusting Tattach.uname is too na=C3=AFve - at least for p9an= y. > It's true that the server must take account of the result of > authentication, but although that might not > mean identity, the results of authentication should be consistent with > the name presented as uname > in Tauth/Tattach. In the context of p9auth I think that means that the > cuid of AuthInfo should match.