From: cinap_lenrek Date: Wed, 1 Aug 2012 17:18:33 +0000 (+0200) Subject: factotum: fix _adgetticket() filedescriptor race, add timeouts to all authserver... X-Git-Url: https://git.lizzy.rs/?a=commitdiff_plain;h=c7ad44a0489ab779e410b58c0c504b9d8a99aa9c;p=plan9front.git factotum: fix _adgetticket() filedescriptor race, add timeouts to all authserver transactions --- diff --git a/sys/src/cmd/auth/factotum/apop.c b/sys/src/cmd/auth/factotum/apop.c index 7709678c6..004c8c9b2 100644 --- a/sys/src/cmd/auth/factotum/apop.c +++ b/sys/src/cmd/auth/factotum/apop.c @@ -209,6 +209,7 @@ static int dochal(State *s) { char *dom, *user, trbuf[TICKREQLEN]; + int n; s->asfd = -1; @@ -232,9 +233,14 @@ dochal(State *s) safecpy(s->tr.hostid, user, sizeof(s->tr.hostid)); convTR2M(&s->tr, trbuf); - if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN) + alarm(30*1000); + if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){ + alarm(0); goto err; - if(_asrdresp(s->asfd, s->chal, sizeof s->chal) <= 5) + } + n = _asrdresp(s->asfd, s->chal, sizeof s->chal); + alarm(0); + if(n <= 5) goto err; return 0; @@ -253,25 +259,31 @@ doreply(State *s, char *user, char *response) int n; Authenticator a; + /* send response to auth server */ + if(strlen(response) != MD5dlen*2){ + werrstr("response not MD5 digest"); + goto err; + } + memrandom(s->tr.chal, CHALLEN); safecpy(s->tr.uid, user, sizeof(s->tr.uid)); convTR2M(&s->tr, trbuf); + alarm(30*1000); if((n=write(s->asfd, trbuf, TICKREQLEN)) != TICKREQLEN){ + alarm(0); if(n >= 0) werrstr("short write to auth server"); goto err; } - /* send response to auth server */ - if(strlen(response) != MD5dlen*2){ - werrstr("response not MD5 digest"); - goto err; - } if((n=write(s->asfd, response, MD5dlen*2)) != MD5dlen*2){ + alarm(0); if(n >= 0) werrstr("short write to auth server"); goto err; } - if(_asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN) < 0){ + n = _asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN); + alarm(0); + if(n < 0){ /* leave connection open so we can try again */ return -1; } diff --git a/sys/src/cmd/auth/factotum/chap.c b/sys/src/cmd/auth/factotum/chap.c index b941e0cf3..ea851d5ce 100644 --- a/sys/src/cmd/auth/factotum/chap.c +++ b/sys/src/cmd/auth/factotum/chap.c @@ -259,6 +259,7 @@ dochal(State *s) { char *dom, *user; char trbuf[TICKREQLEN]; + int ret; s->asfd = -1; @@ -278,12 +279,17 @@ dochal(State *s) safecpy(s->tr.hostid, user, sizeof(s->tr.hostid)); convTR2M(&s->tr, trbuf); - if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN) + alarm(30*1000); + if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){ + alarm(0); goto err; - + } /* readn, not _asrdresp. needs to match auth.srv.c. */ - if(readn(s->asfd, s->chal, sizeof s->chal) != sizeof s->chal) + ret = readn(s->asfd, s->chal, sizeof s->chal); + alarm(0); + if(ret != sizeof s->chal) goto err; + return 0; err: @@ -300,17 +306,20 @@ doreply(State *s, void *reply, int nreply) int n; Authenticator a; + alarm(30*1000); if((n=write(s->asfd, reply, nreply)) != nreply){ + alarm(0); if(n >= 0) werrstr("short write to auth server"); goto err; } - if(_asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN) < 0){ + alarm(0); /* leave connection open so we can try again */ return -1; } s->nsecret = readn(s->asfd, s->secret, sizeof s->secret); + alarm(0); if(s->nsecret < 0) s->nsecret = 0; close(s->asfd); diff --git a/sys/src/cmd/auth/factotum/p9cr.c b/sys/src/cmd/auth/factotum/p9cr.c index ef37fcdaa..e3ed2fbfa 100644 --- a/sys/src/cmd/auth/factotum/p9cr.c +++ b/sys/src/cmd/auth/factotum/p9cr.c @@ -281,11 +281,17 @@ p9crwrite(Fsstate *fss, void *va, uint n) return failure(fss, Ebadarg); memset(resp, 0, sizeof resp); memmove(resp, data, n); - if(write(s->asfd, resp, s->challen) != s->challen) - return failure(fss, Easproto); + alarm(30*1000); + if(write(s->asfd, resp, s->challen) != s->challen){ + alarm(0); + return failure(fss, Easproto); + } /* get ticket plus authenticator from auth server */ - if(_asrdresp(s->asfd, tbuf, TICKETLEN+AUTHENTLEN) < 0) + ret = _asrdresp(s->asfd, tbuf, TICKETLEN+AUTHENTLEN); + alarm(0); + + if(ret < 0) return failure(fss, nil); /* check ticket */ @@ -328,9 +334,13 @@ getchal(State *s, Fsstate *fss) s->asfd = _authdial(nil, _strfindattr(s->key->attr, "dom")); if(s->asfd < 0) return failure(fss, Easproto); - if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN) + alarm(30*1000); + if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){ + alarm(0); return failure(fss, Easproto); + } n = _asrdresp(s->asfd, s->chal, s->challen); + alarm(0); if(n <= 0){ if(n == 0) werrstr("_asrdresp short read"); diff --git a/sys/src/cmd/auth/factotum/p9sk1.c b/sys/src/cmd/auth/factotum/p9sk1.c index f2df98866..a61381b76 100644 --- a/sys/src/cmd/auth/factotum/p9sk1.c +++ b/sys/src/cmd/auth/factotum/p9sk1.c @@ -424,7 +424,9 @@ getastickets(State *s, char *trbuf, char *tbuf) asfd = _authdial(nil, dom); if(asfd < 0) return -1; + alarm(30*1000); rv = _asgetticket(asfd, trbuf, tbuf); + alarm(0); close(asfd); return rv; } diff --git a/sys/src/libauthsrv/_asgetticket.c b/sys/src/libauthsrv/_asgetticket.c index ea9e0c9ef..46283bd5a 100644 --- a/sys/src/libauthsrv/_asgetticket.c +++ b/sys/src/libauthsrv/_asgetticket.c @@ -8,7 +8,6 @@ int _asgetticket(int fd, char *trbuf, char *tbuf) { if(write(fd, trbuf, TICKREQLEN) < 0){ - close(fd); werrstr(pbmsg); return -1; }