shithub: riscv

Download patch

ref: c7ad44a0489ab779e410b58c0c504b9d8a99aa9c
parent: acc239ef26417ca35badf37b58242eeb0e0663fa
author: cinap_lenrek <[email protected]>
date: Wed Aug 1 15:18:33 EDT 2012 

factotum: fix _adgetticket() filedescriptor race, add timeouts to all authserver transactions


--- a/sys/src/cmd/auth/factotum/apop.c
+++ b/sys/src/cmd/auth/factotum/apop.c
@@ -209,6 +209,7 @@
 dochal(State *s)
 {
 	char *dom, *user, trbuf[TICKREQLEN];
+	int n;
 
 	s->asfd = -1;
 
@@ -232,9 +233,14 @@
 	safecpy(s->tr.hostid, user, sizeof(s->tr.hostid));
 	convTR2M(&s->tr, trbuf);
 
-	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN)
+	alarm(30*1000);
+	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){
+		alarm(0);
 		goto err;
-	if(_asrdresp(s->asfd, s->chal, sizeof s->chal) <= 5)
+	}
+	n = _asrdresp(s->asfd, s->chal, sizeof s->chal);
+	alarm(0);
+	if(n <= 5)
 		goto err;
 	return 0;
 
@@ -253,25 +259,31 @@
 	int n;
 	Authenticator a;
 
+	/* send response to auth server */
+	if(strlen(response) != MD5dlen*2){
+		werrstr("response not MD5 digest");
+		goto err;
+	}
+
 	memrandom(s->tr.chal, CHALLEN);
 	safecpy(s->tr.uid, user, sizeof(s->tr.uid));
 	convTR2M(&s->tr, trbuf);
+	alarm(30*1000);
 	if((n=write(s->asfd, trbuf, TICKREQLEN)) != TICKREQLEN){
+		alarm(0);
 		if(n >= 0)
 			werrstr("short write to auth server");
 		goto err;
 	}
-	/* send response to auth server */
-	if(strlen(response) != MD5dlen*2){
-		werrstr("response not MD5 digest");
-		goto err;
-	}
 	if((n=write(s->asfd, response, MD5dlen*2)) != MD5dlen*2){
+		alarm(0);
 		if(n >= 0)
 			werrstr("short write to auth server");
 		goto err;
 	}
-	if(_asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN) < 0){
+	n = _asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN);
+	alarm(0);
+	if(n < 0){
 		/* leave connection open so we can try again */
 		return -1;
 	}
--- a/sys/src/cmd/auth/factotum/chap.c
+++ b/sys/src/cmd/auth/factotum/chap.c
@@ -259,6 +259,7 @@
 {
 	char *dom, *user;
 	char trbuf[TICKREQLEN];
+	int ret;
 
 	s->asfd = -1;
 
@@ -278,12 +279,17 @@
 	safecpy(s->tr.hostid, user, sizeof(s->tr.hostid));
 	convTR2M(&s->tr, trbuf);
 
-	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN)
+	alarm(30*1000);
+	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){
+		alarm(0);
 		goto err;
-
+	}
 	/* readn, not _asrdresp.  needs to match auth.srv.c. */
-	if(readn(s->asfd, s->chal, sizeof s->chal) != sizeof s->chal)
+	ret = readn(s->asfd, s->chal, sizeof s->chal);
+	alarm(0);
+	if(ret != sizeof s->chal)
 		goto err;
+
 	return 0;
 
 err:
@@ -300,17 +306,20 @@
 	int n;
 	Authenticator a;
 
+	alarm(30*1000);
 	if((n=write(s->asfd, reply, nreply)) != nreply){
+		alarm(0);
 		if(n >= 0)
 			werrstr("short write to auth server");
 		goto err;
 	}
-
 	if(_asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN) < 0){
+		alarm(0);
 		/* leave connection open so we can try again */
 		return -1;
 	}
 	s->nsecret = readn(s->asfd, s->secret, sizeof s->secret);
+	alarm(0);
 	if(s->nsecret < 0)
 		s->nsecret = 0;
 	close(s->asfd);
--- a/sys/src/cmd/auth/factotum/p9cr.c
+++ b/sys/src/cmd/auth/factotum/p9cr.c
@@ -281,11 +281,17 @@
 			return failure(fss, Ebadarg);
 		memset(resp, 0, sizeof resp);
 		memmove(resp, data, n);
-		if(write(s->asfd, resp, s->challen) != s->challen)
-			return failure(fss, Easproto);
 
+		alarm(30*1000);
+		if(write(s->asfd, resp, s->challen) != s->challen){
+			alarm(0);
+			return failure(fss, Easproto);
+		}
 		/* get ticket plus authenticator from auth server */
-		if(_asrdresp(s->asfd, tbuf, TICKETLEN+AUTHENTLEN) < 0)
+		ret = _asrdresp(s->asfd, tbuf, TICKETLEN+AUTHENTLEN);
+		alarm(0);
+
+		if(ret < 0)
 			return failure(fss, nil);
 
 		/* check ticket */
@@ -328,9 +334,13 @@
 	s->asfd = _authdial(nil, _strfindattr(s->key->attr, "dom"));
 	if(s->asfd < 0)
 		return failure(fss, Easproto);
-	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN)
+	alarm(30*1000);
+	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){
+		alarm(0);
 		return failure(fss, Easproto);
+	}
 	n = _asrdresp(s->asfd, s->chal, s->challen);
+	alarm(0);
 	if(n <= 0){
 		if(n == 0)
 			werrstr("_asrdresp short read");
--- a/sys/src/cmd/auth/factotum/p9sk1.c
+++ b/sys/src/cmd/auth/factotum/p9sk1.c
@@ -424,7 +424,9 @@
 	asfd = _authdial(nil, dom);
 	if(asfd < 0)
 		return -1;
+	alarm(30*1000);
 	rv = _asgetticket(asfd, trbuf, tbuf);
+	alarm(0);
 	close(asfd);
 	return rv;
 }
--- a/sys/src/libauthsrv/_asgetticket.c
+++ b/sys/src/libauthsrv/_asgetticket.c
@@ -8,7 +8,6 @@
 _asgetticket(int fd, char *trbuf, char *tbuf)
 {
 	if(write(fd, trbuf, TICKREQLEN) < 0){
-		close(fd);
 		werrstr(pbmsg);
 		return -1;
 	}