commit 5e82f3bd04eff22ccf2fc9974e9a8c2734d765dd
parent 4a336cff0cad66447d1a88b499fd9d112b7f4eed
Author: Matsuda Kenji <info@mtkn.jp>
Date: Tue, 26 Dec 2023 08:04:06 +0900
add uname and aname checks to sAttach
Diffstat:
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/auth_test.go b/auth_test.go
@@ -23,6 +23,7 @@ func TestAuth(t *testing.T) {
asr.Close()
asw.Close()
}()
+ authDone := make(chan struct{})
conn.S.Auth = func(ctx context.Context, respc chan<- *lib9p.Req) chan<- *lib9p.Req {
authc := make(chan *lib9p.Req)
go func() {
@@ -43,7 +44,7 @@ func TestAuth(t *testing.T) {
W: acw,
R: acr,
}
- runAuth(ctx, t, r.Afid.File.(*lib9p.AuthFile), asr, asw)
+ runAuth(ctx, t, r.Afid.File.(*lib9p.AuthFile), asr, asw, authDone)
r.Ofcall = &lib9p.RAuth{Tag: ifcall.Tag, Aqid: aqid}
respc <- r
}
@@ -76,14 +77,19 @@ func TestAuth(t *testing.T) {
if err != nil {
t.Fatal(err)
}
+ <-authDone
_, err = conn.C.Attach(ctx, 0, 1, 0, "kenji", "")
if err != nil {
t.Fatal(err)
}
+ _, err = conn.C.Attach(ctx, 0, 2, 0, "unko", "")
+ if err == nil {
+ t.Fatal("authentication skipped")
+ }
}
// Dumb state machine...
-func runAuth(ctx context.Context, t *testing.T, afile *lib9p.AuthFile, r io.Reader, w io.Writer) {
+func runAuth(ctx context.Context, t *testing.T, afile *lib9p.AuthFile, r io.Reader, w io.Writer, authDone chan<- struct{}) {
go func() {
buf := make([]byte, 10)
r.Read(buf)
@@ -91,6 +97,7 @@ func runAuth(ctx context.Context, t *testing.T, afile *lib9p.AuthFile, r io.Read
r.Read(buf)
t.Logf("read password: %s", string(buf))
afile.AuthOK = true
+ close(authDone)
t.Log("authenticated")
for {
_, err := r.Read(buf)
diff --git a/server.go b/server.go
@@ -301,7 +301,7 @@ func sAttach(ctx context.Context, s *Server, c <-chan *Req) {
r.err = fmt.Errorf("not auth file")
goto resp
}
- if !af.AuthOK { // TODO: need to check Uname?
+ if af.Uname != ifcall.Uname || af.Aname != ifcall.Aname || !af.AuthOK {
r.err = fmt.Errorf("not authenticated")
goto resp
}
