cmd/ip/*: chown the network connection after authentication

for servers that handle incoming network connections and authentication, change the owner of the network connection file to the authenticated user after successfull authentication. note that we set the permissions as well to 0660 because old devip used to unconditionally set the bits.
author: cinap_lenrek <cinap_lenrek@felloff.net> 2019-09-21 23:36:44 +0200
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2019-09-21 23:36:44 +0200
commit: 71a1d11a81faba020649408e8c9eaeb10095a341 (patch)
tree: a6bd0c245ad0beba3235ec268cf342da3182fb7e /sys/src/cmd/cpu.c
parent: 5993760e143bfab2a29fa3d5a4655ed5842fd21f (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/sys/src/cmd/cpu.c b/sys/src/cmd/cpu.c
index d38d71740..985325022 100644
--- a/sys/src/cmd/cpu.c
+++ b/sys/src/cmd/cpu.c
@@ -458,6 +458,19 @@ readln(char *buf, int n)
 }
 
 /*
+ *  chown network connection
+ */
+static void
+setnetuser(int fd, char *user)
+{
+	Dir nd;
+	nulldir(&nd);
+	nd.mode = 0660;
+	nd.uid = user;
+	dirfwstat(fd, &nd);
+}
+
+/*
  *  user level challenge/response
  */
 static int
@@ -517,6 +530,7 @@ netkeysrvauth(int fd, char *user)
 	writestr(fd, "", "challenge", 1);
 	if(auth_chuid(ai, 0) < 0)
 		fatal("newns: %r");
+	setnetuser(fd, ai->cuid);
 	auth_freeAI(ai);
 	return fd;
 }
@@ -628,6 +642,7 @@ srvp9auth(int fd, char *user)
 		return -1;
 	if(auth_chuid(ai, nil) < 0)
 		fatal("newns: %r");
+	setnetuser(fd, ai->cuid);
 	snprint(user, MaxStr, "%s", ai->cuid);
 	fd = sslsetup(fd, ai->secret, ai->nsecret, 0);
 	auth_freeAI(ai);
author	cinap_lenrek <cinap_lenrek@felloff.net>	2019-09-21 23:36:44 +0200
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2019-09-21 23:36:44 +0200
commit	71a1d11a81faba020649408e8c9eaeb10095a341 (patch)
tree	a6bd0c245ad0beba3235ec268cf342da3182fb7e /sys/src/cmd/cpu.c
parent	5993760e143bfab2a29fa3d5a4655ed5842fd21f (diff)