Plan 9 from Bell Labs’s /usr/web/sources/contrib/uriel/changes/2006/0128/19

Copyright © 2021 Plan 9 Foundation.
Distributed under the MIT License.
Download the Plan 9 distribution.


Add IP-based checking to fossil.
 [rsc] --rw-rw-r-- M 1428987 jmk sys 4438 Jan 28 11:32 sys/src/cmd/fossil/9.h
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9.h:44,57 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9.h:44,62
	  	MsgF		= 4,
	  };
	  
	+ enum {
	+ 	ConNoneAllow	= 1<<0,
	+ 	ConNoAuthCheck	= 1<<1,
	+ 	ConNoPermCheck	= 1<<2,
	+ 	ConWstatAllow	= 1<<3,
	+ 	ConIPCheck	= 1<<4,
	+ };
	  struct Con {
	  	char*	name;
	  	uchar*	data;			/* max, not negotiated */
	  	int	isconsole;		/* immutable */
	- 	int	noauth;			/* immutable */
	- 	int	noperm;			/* immutable */
	- 	int	wstatallow;		/* immutable */
	- 
	+ 	int	flags;		/* immutable */
	+ 	char		remote[128];	/* immutable */
	  	VtLock*	lock;
	  	int	state;
	  	int	fd;
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9.h:191,197 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9.h:196,202
	  /*
	   * 9proc.c
	   */
	- extern Con* conAlloc(int, char*);
	+ extern Con* conAlloc(int, char*, int);
	  extern void conInit(void);
	  extern void msgFlush(Msg*);
	  extern void msgInit(void);
 [rsc] --rw-rw-r-- M 1428987 rsc sys 3863 Jan 28 11:32 sys/src/cmd/fossil/9auth.c
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9auth.c:84,93 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9auth.c:84,99
	  		 * authentication.
	  		 */
	  		vtRLock(con->alock);
	- 		if(!con->isconsole &&
	- 		(strcmp(fid->uname, unamenone) != 0 || !con->aok)){
	+ 		if(con->isconsole){
	+ 			/* anything goes */
	+ 		}else if((con->flags&ConNoneAllow) || con->aok){
	+ 			consPrint("attach %s as %s: allowing as none\n", fsysGetName(fsys), fid->uname);
	+ 			vtMemFree(fid->uname);
	+ 			fid->uname = vtStrDup(unamenone);
	+ 		}else{
	  			vtRUnlock(con->alock);
	  			consPrint("attach %s as %s: connection not authenticated, not console\n", fsysGetName(fsys), fid->uname);
	+ 			vtSetError("cannot attach as none before authentication");
	  			return 0;
	  		}
	  		vtRUnlock(con->alock);
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9auth.c:94,99 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9auth.c:100,106
	  
	  		if((fid->uid = uidByUname(fid->uname)) == nil){
	  			consPrint("attach %s as %s: unknown uname\n", fsysGetName(fsys), fid->uname);
	+ 			vtSetError("unknown user");
	  			return 0;
	  		}
	  		return 1;
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9auth.c:101,106 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9auth.c:108,114
	  
	  	if((afid = fidGet(con, t->afid, 0)) == nil){
	  		consPrint("attach %s as %s: bad afid\n", fsysGetName(fsys), fid->uname);
	+ 		vtSetError("bad authentication fid");
	  		return 0;
	  	}
	  
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9auth.c:111,121 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9auth.c:119,131
	  	if(!(afid->qid.type & QTAUTH)){
	  		consPrint("attach %s as %s: afid not an auth file\n", fsysGetName(fsys), fid->uname);
	  		fidPut(afid);
	+ 		vtSetError("bad authentication fid");
	  		return 0;
	  	}
	  	if(strcmp(afid->uname, fid->uname) != 0 || afid->fsys != fsys){
	  		consPrint("attach %s as %s: afid is for %s as %s\n", fsysGetName(fsys), fid->uname, fsysGetName(afid->fsys), afid->uname);
	  		fidPut(afid);
	+ 		vtSetError("attach/auth mismatch");
	  		return 0;
	  	}
	  
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9auth.c:125,130 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9auth.c:135,141
	  			vtUnlock(afid->alock);
	  			consPrint("attach %s as %s: %R\n", fsysGetName(fsys), fid->uname);
	  			fidPut(afid);
	+ 			vtSetError("authentication protocol not finished");
	  			return 0;
	  		}
	  	}
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9auth.c:134,139 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9auth.c:145,151
	  	if((fid->uid = uidByUname(afid->cuname)) == nil){
	  		consPrint("attach %s as %s: unknown cuname %s\n", fsysGetName(fsys), fid->uname, afid->cuname);
	  		fidPut(afid);
	+ 		vtSetError("unknown user");
	  		return 0;
	  	}
	  
 [rsc] --rw-rw-r-- M 1428987 rsc sys 3024 Jan 28 12:31 sys/src/cmd/fossil/9lstn.c
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9lstn.c:5,10 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9lstn.c:5,11
	  typedef struct Lstn Lstn;
	  typedef struct Lstn {
	  	int	afd;
	+ 	int	flags;
	  	char*	address;
	  	char	dir[NETPATHLEN];
	  
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9lstn.c:45,51 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9lstn.c:46,52
	  	Lstn *lstn;
	  	int dfd, lfd;
	  	char newdir[NETPATHLEN];
	- 
	+ 	
	   	vtThreadSetName("listen");
	  
	  	lstn = a;
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9lstn.c:54,71 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9lstn.c:55,70
	  			fprint(2, "listen: listen '%s': %r", lstn->dir);
	  			break;
	  		}
	- 
	  		if((dfd = accept(lfd, newdir)) >= 0)
	- 			conAlloc(dfd, newdir);
	+ 			conAlloc(dfd, newdir, lstn->flags);
	  		else
	- 			fprint(2, "listen: accept '%s': %r", newdir);
	- 		close(lfd);
	+ 			fprint(2, "listen: accept %s: %r\n", newdir);
	  	}
	  	lstnFree(lstn);
	  }
	  
	  static Lstn*
	- lstnAlloc(char* address)
	+ lstnAlloc(char* address, int flags)
	  {
	  	int afd;
	  	Lstn *lstn;
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9lstn.c:89,94 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9lstn.c:88,94
	  	lstn = vtMemAllocZ(sizeof(Lstn));
	  	lstn->afd = afd;
	  	lstn->address = vtStrDup(address);
	+ 	lstn->flags = flags;
	  	memmove(lstn->dir, dir, NETPATHLEN);
	  
	  	if(lbox.tail != nil){
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9lstn.c:114,125 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9lstn.c:114,125
	  static int
	  cmdLstn(int argc, char* argv[])
	  {
	- 	int dflag;
	+ 	int dflag, flags;
	  	Lstn *lstn;
	- 	char *usage = "usage: listen [-d] [address]";
	+ 	char *usage = "usage: listen [-dIN] [address]";
	  
	  	dflag = 0;
	- 
	+ 	flags = 0;
	  	ARGBEGIN{
	  	default:
	  		return cliError(usage);
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9lstn.c:126,131 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9lstn.c:126,137
	  	case 'd':
	  		dflag = 1;
	  		break;
	+ 	case 'I':
	+ 		flags |= ConIPCheck;
	+ 		break;
	+ 	case 'N':
	+ 		flags |= ConNoneAllow;
	+ 		break;
	  	}ARGEND
	  
	  	switch(argc){
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9lstn.c:139,145 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9lstn.c:145,151
	  		break;
	  	case 1:
	  		if(!dflag){
	- 			if(lstnAlloc(argv[0]) == nil)
	+ 			if(lstnAlloc(argv[0], flags) == nil)
	  				return 0;
	  			break;
	  		}
 [rsc] --rw-rw-r-- M 1428987 rsc sys 22935 Jan 28 11:32 sys/src/cmd/fossil/9p.c
	[diffs elided - too long]
	[diff -c /n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9p.c /n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9p.c]
 [rsc] --rw-rw-r-- M 1428987 rsc sys 15148 Jan 28 12:31 sys/src/cmd/fossil/9proc.c
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9proc.c:63,69 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9proc.c:63,69
	  	}
	  	con->state = ConDead;
	  	con->aok = 0;
	- 	con->noauth = con->noperm = con->wstatallow = 0;
	+ 	con->flags = 0;
	  	con->isconsole = 0;
	  
	  	vtLock(cbox.alock);
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9proc.c:502,510 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9proc.c:502,512
	  }
	  
	  Con*
	- conAlloc(int fd, char* name)
	+ conAlloc(int fd, char* name, int flags)
	  {
	  	Con *con;
	+ 	char buf[128], *p;
	+ 	int rfd, n;
	  
	  	vtLock(cbox.alock);
	  	while(cbox.ahead == nil){
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9proc.c:558,565 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9proc.c:560,578
	  		con->name = vtStrDup(name);
	  	else
	  		con->name = vtStrDup("unknown");
	- 	con->aok = 0;
	- 	con->noauth = con->noperm = con->wstatallow = 0;
	+ 	con->remote[0] = 0;
	+ 	snprint(buf, sizeof buf, "%s/remote", con->name);
	+ 	if((rfd = open(buf, OREAD)) >= 0){
	+ 		n = read(rfd, buf, sizeof buf-1);
	+ 		close(rfd);
	+ 		if(n > 0){
	+ 			buf[n] = 0;
	+ 			if((p = strchr(buf, '\n')) != nil)
	+ 				*p = 0;
	+ 			strecpy(con->remote, con->remote+sizeof con->remote, buf);
	+ 		}
	+ 	}
	+ 	con->flags = flags;
	  	con->isconsole = 0;
	  	vtUnlock(cbox.alock);
	  
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9proc.c:692,698 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9proc.c:705,711
	  cmdWho(int argc, char* argv[])
	  {
	  	char *usage = "usage: who";
	- 	int i;
	+ 	int i, l1, l2, l;
	  	Con *con;
	  	Fid *fid, *last;
	  
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9proc.c:705,712 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9proc.c:718,733
	  		return cliError(usage);
	  
	  	vtRLock(cbox.clock);
	+ 	l1 = 0;
	+ 	l2 = 0;
	  	for(con=cbox.chead; con; con=con->cnext){
	- 		consPrint("\t%q:", con->name);
	+ 		if((l = strlen(con->name)) > l1)
	+ 			l1 = l;
	+ 		if((l = strlen(con->remote)) > l2)
	+ 			l2 = l;
	+ 	}
	+ 	for(con=cbox.chead; con; con=con->cnext){
	+ 		consPrint("\t%-*s %-*s", l1, con->name, l2, con->remote);
	  		vtLock(con->fidlock);
	  		last = nil;
	  		for(i=0; i<NFidHash; i++)
 [rsc] --rw-rw-r-- M 1428987 rsc sys 3956 Jan 28 11:32 sys/src/cmd/fossil/9srv.c
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9srv.c:131,139 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9srv.c:131,141
	  	Con *con;
	  	Srv *srv;
	  	char *usage = "usage: srv [-APWdp] [service]";
	- 	int Aflag, Pflag, Wflag, dflag, fd[2], mode, pflag, r;
	+ 	int conflags, dflag, fd[2], mode, pflag, r;
	  
	- 	Aflag = Pflag = Wflag = dflag = pflag = 0;
	+ 	dflag = 0;
	+ 	pflag = 0;
	+ 	conflags = 0;
	  	mode = 0666;
	  
	  	ARGBEGIN{
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9srv.c:140,153 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9srv.c:142,161
	  	default:
	  		return cliError(usage);
	  	case 'A':
	- 		Aflag = 1;
	+ 		conflags |= ConNoAuthCheck;
	  		break;
	+ 	case 'I':
	+ 		conflags |= ConIPCheck;
	+ 		break;
	+ 	case 'N':
	+ 		conflags |= ConNoneAllow;
	+ 		break;
	  	case 'P':
	- 		Pflag = 1;
	+ 		conflags |= ConNoPermCheck;
	  		mode = 0600;
	  		break;
	  	case 'W':
	- 		Wflag = 1;
	+ 		conflags |= ConWstatAllow;
	  		mode = 0600;
	  		break;
	  	case 'd':
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9srv.c:159,165 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9srv.c:167,173
	  		break;
	  	}ARGEND
	  
	- 	if(pflag && Pflag){
	+ 	if(pflag && (conflags&ConNoPermCheck)){
	  		vtSetError("srv: cannot use -P with -p");
	  		return 0;
	  	}
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/9srv.c:207,221 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/9srv.c:215,225
	  	if(pflag)
	  		r = consOpen(fd[1], srv->srvfd, -1);
	  	else{
	- 		con = conAlloc(fd[1], srv->mntpnt);
	+ 		con = conAlloc(fd[1], srv->mntpnt, conflags);
	  		if(con == nil)
	  			r = 0;
	- 		else{
	+ 		else
	  			r = 1;
	- 			con->noauth = Aflag;
	- 			con->noperm = Pflag;
	- 			con->wstatallow = Wflag;
	- 		}
	  	}
	  	if(r == 0){
	  		close(fd[1]);
 [rsc] --rw-rw-r-- M 1428987 rsc sys 7985 Jan 28 11:32 sys/src/cmd/fossil/Ccmd.c
	/n/sourcesdump/2006/0128/plan9/sys/src/cmd/fossil/Ccmd.c:446,452 - 
	/n/sourcesdump/2006/0129/plan9/sys/src/cmd/fossil/Ccmd.c:446,452
	  
	  	if(pipe(cbox.confd) < 0)
	  		return 0;
	- 	if((cbox.con = conAlloc(cbox.confd[1], "console")) == nil){
	+ 	if((cbox.con = conAlloc(cbox.confd[1], "console", 0)) == nil){
	  		close(cbox.confd[0]);
	  		close(cbox.confd[1]);
	  		cbox.confd[0] = cbox.confd[1] = -1;
 [rsc] --rw-rw-r-- M 1428987 rsc sys 18276 Jan 28 11:37 sys/man/8/fossilcons
	/n/sourcesdump/2006/0128/plan9/sys/man/8/fossilcons:33,39 - 
	/n/sourcesdump/2006/0129/plan9/sys/man/8/fossilcons:33,39
	  .PP
	  .B listen
	  [
	- .B -d
	+ .B -INd
	  ]
	  [
	  .I address
	/n/sourcesdump/2006/0128/plan9/sys/man/8/fossilcons:400,405 - 
	/n/sourcesdump/2006/0129/plan9/sys/man/8/fossilcons:400,427
	  .I listen
	  to remove the listener
	  at the given address.
	+ By default, the user
	+ .I none
	+ is only allowed to attach on a connection after
	+ at least one other user has successfully attached.
	+ The
	+ .B -N
	+ flag allows connections from
	+ .I none
	+ at any time.
	+ The
	+ .B -I
	+ flag causes
	+ .I fossil
	+ to check the IP address of incoming connections
	+ against
	+ .BR /mnt/ipok ,
	+ rejecting attaches from disallowed addresses.
	+ This mechanism is not intended for general use.
	+ The server
	+ .I sources.cs.bell-labs.com
	+ uses it to comply with U.S. crytography
	+ export regulations.
	  .PP
	  .I Msg
	  prints the maximum internal 9P message queue size
 [rsc] --rw-rw-r-- M 1428987 rsc sys 3024 Jan 28 12:31 sys/src/cmd/fossil/9lstn.c
 [rsc] --rw-rw-r-- M 1428987 rsc sys 15148 Jan 28 12:31 sys/src/cmd/fossil/9proc.c


Bell Labs OSI certified Powered by Plan 9

(Return to Plan 9 Home Page)

Copyright © 2021 Plan 9 Foundation. All Rights Reserved.
Comments to [email protected].