Re: [9fans] factotum problem fix

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: presotto@plan9.bell-labs.com
To: 9fans@cse.psu.edu
Subject: Re: [9fans] factotum problem fix
Date: Tue, 19 Nov 2002 11:27:41 -0500	[thread overview]
Message-ID: <c2cba15ab0bd36bd1fe1c809a1f15d44@plan9.bell-labs.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1692 bytes --]

Easy part first:

	By the way, fd in _asgetticket() could be closed twice.
	When an error occurs, _asgetticket() close(fd),
	and a caller (auth/debug, factotum/p9sk1.c, ...) closes it again.

As far as I can tell, everywhere that _asgetticket is called,
both in the libraries and /sys/src/cmd/auth/*, a close happens
after it in the error case or regardless.  I'll take the close
out of _asgetticket.

Now the messy part:

	Hello,
	I couldn't access to an auth server from /net.alt,
	because factotum used only /net.

	Here's my fix.
	Replace bindnetcs(void) in factotum/util.c by the following:

	-- from here --
	/* bind in a specified network and cs */
	static int
	bindnetcseach(char *net, char *ipdev, char *cssrv)
	{
		int srvfd;
		char buf[40];

		snprint(buf, sizeof buf, "%s/cs", net);
		if(access(buf, AEXIST) >= 0)
			return 0;

		if((srvfd = open(cssrv, ORDWR)) < 0)
			return -1;
		if(mount(srvfd, -1, net, MAFTER, "") < 0)
			return -1;
		close(srvfd);

		snprint(buf, sizeof buf, "%s/tcp", net);
		if(access(buf, AEXIST) < 0)
			bind(ipdev, net, MAFTER);
		return 0;
	}

	/* bind in the default network and cs */
	static int
	bindnetcs(void)
	{
		if(bindnetcseach("/net", "#I", "#s/cs") < 0)
			return -1;
		bindnetcseach("/net.alt", "#I1", "#s/cs_net.alt");
		return 0;
	}

I'ld rather you just restart factotum doing the bind outside
of it.  The security implications of people having this done
behind their back is too large.  The only reason it works is
because of an equally egregious hack I made a long time ago
in dial that I would like to undo, i.e., that dial try /net.alt
if it can't find something via /net.

[-- Attachment #2: Type: message/rfc822, Size: 2900 bytes --]

[-- Attachment #2.1: Type: message/rfc822, Size: 2839 bytes --]


From: pwfmfx@cna.ne.jp
To: 9fans@cse.psu.edu
Subject: [9fans] factotum problem fix
Date: Tue, 19 Nov 2002 14:10:54 +0900
Message-ID: <d8a8608f096fd8e975b6e8e6ce899018@cna.ne.jp>

Hello,
I couldn't access to an auth server from /net.alt,
because factotum used only /net.

Here's my fix.
Replace bindnetcs(void) in factotum/util.c by the following:

-- from here --
/* bind in a specified network and cs */
static int
bindnetcseach(char *net, char *ipdev, char *cssrv)
{
	int srvfd;
	char buf[40];

	snprint(buf, sizeof buf, "%s/cs", net);
	if(access(buf, AEXIST) >= 0)
		return 0;

	if((srvfd = open(cssrv, ORDWR)) < 0)
		return -1;
	if(mount(srvfd, -1, net, MAFTER, "") < 0)
		return -1;
	close(srvfd);

	snprint(buf, sizeof buf, "%s/tcp", net);
	if(access(buf, AEXIST) < 0)
		bind(ipdev, net, MAFTER);
	return 0;
}

/* bind in the default network and cs */
static int
bindnetcs(void)
{
	if(bindnetcseach("/net", "#I", "#s/cs") < 0)
		return -1;
	bindnetcseach("/net.alt", "#I1", "#s/cs_net.alt");
	return 0;
}
-- end --

By the way, fd in _asgetticket() could be closed twice.
When an error occurs, _asgetticket() close(fd),
and a caller (auth/debug, factotum/p9sk1.c, ...) closes it again.

Thanks.
---
Mamoru Sato
pwfmfx@cna.ne.jp
pwfmfx@nurs.or.jp

next             reply	other threads:[~2002-11-19 16:27 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-19 16:27 presotto [this message]
  -- strict thread matches above, loose matches on Subject: below --
2002-12-07  8:53 pwfmfx
2002-12-06 16:07 Russ Cox
2002-12-06 13:12 pwfmfx
2002-12-05  3:42 Russ Cox
2002-12-05  3:29 pwfmfx
2002-11-20  4:24 pwfmfx
2002-11-19  5:10 pwfmfx

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c2cba15ab0bd36bd1fe1c809a1f15d44@plan9.bell-labs.com \
    --to=presotto@plan9.bell-labs.com \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).