ref: af2971215e13a03253283408038931f5924abf07
parent: 160c570e6cdcb244cfcd5b2a45387e31fdc21bc4
author: Michael Forney <mforney@mforney.org>
date: Thu Sep 8 19:38:40 EDT 2022
fs: enforce authentication when not using -A
--- a/fs.c
+++ b/fs.c
@@ -805,7 +805,7 @@
Xdir d;
Kvp kv;
Key dk;
- Fid f;
+ Fid f, *af;
int uid;
de = nil;
@@ -825,6 +825,22 @@
}
uid = u->id;
runlock(&fs->userlk);
+
+ if(m->afid != NOFID){+ if((af = getfid(m->conn, m->afid)) == nil){+ rerror(m, Efid);
+ goto Out;
+ }
+ if(af->uid != uid){+ rerror(m, Ebadu);
+ putfid(af);
+ goto Out;
+ }
+ putfid(af);
+ }else if(!fs->noauth){+ rerror(m, Ebadu);
+ goto Out;
+ }
if((p = packdkey(dbuf, sizeof(dbuf), -1ULL, "")) == nil){rerror(m, Elength);