fix some minor bugs: bug0 (user entry encrypted with empty key and decrypted with different one - uninitialized authkey used) ---------------------------------------- % cd % rm -f keys % auth/keyfs -p keys % cd /mnt/keys % mkdir user Password: keyfs: warning: bad status in key file 1 keys read bug1 (user entries encrypted with different keys - no difference exists between empty and uninitialized authkey) ---------------------------------------- % cd % echo -n > keys % auth/keyfs -p keys % cd /mnt/keys % mkdir user Password: 1 keys read % mkdir user2 Password: keyfs: warning: bad status in key file keyfs: warning: bad status in key file 2 keys read bug2 (suicide on invalid status string) ---------------------------------------- % cd % echo -n > keys % auth/keyfs -p keys Password: 0 keys read % cd /mnt/keys % mkdir user 1 keys read % cd user % echo die, babe > status keyfs 2701: suicide: sys: trap: fault read addr=0x0 pc=0x00003986 bug3 (walk to ".." from user directory not implemented) ---------------------------------------- % cd % auth/keyfs -p keys Password: 1 keys read % cd /mnt/keys/user % cd .. Can't cd ..: '..' file not found bug4 (Remove does not clunk fids in some cases) ---------------------------------------- % pwd /mnt/keys/user % rm key key rm: key: permission denied rm: key: 'key' fid in use bug5 (memory leak) ---------------------------------------- allocated at installuser: 'u->name = strdup(name);', Wstat leaked at Clunk Notes: Mon Feb 7 23:08:48 EST 2005 rsc I applied this. I agree with all your changes, but I don't understand why they would fix the suicide on bogus status write bug. What am I missing? Thanks. Russ Mon Feb 7 23:18:04 EST 2005 rsc By the way, thanks for sending such excellent bug descriptions with the patches. Reference: /n/sources/patch/applied/keyfs Date: Tue Feb 8 05:09:25 CET 2005 Reviewed-by: rsc --- /sys/src/cmd/auth/keyfs.c Tue Feb 8 05:09:25 2005 +++ /sys/src/cmd/auth/keyfs.c Tue Feb 8 05:09:24 2005 @@ -31,7 +31,6 @@ enum{ Sok, Sdisabled, - Stempdisabled, Smax, }; @@ -149,6 +148,13 @@ if(pipe(p) < 0) error("can't make pipe: %r"); + if(usepass) { + getpass(authkey, nil, 0, 0); + } else { + if(!getauthkey(authkey)) + print("keyfs: warning: can't read /dev/key\n"); + } + switch(rfork(RFPROC|RFNAMEG|RFNOTEG|RFNOWAIT|RFENVG|RFFDG)){ case 0: close(p[0]); @@ -252,6 +258,11 @@ break; case Quser: + if(strcmp(name, "..") == 0) { + qtype = Qroot; + user = 0; + goto Accept; + } max = Qmax; for(j = Quser + 1; j < Qmax; j++) if(strcmp(name, qinfo[j]) == 0){ @@ -298,8 +309,10 @@ Clunk(Fid *f) { f->busy = 0; - if(f->user && --f->user->ref == 0 && f->user->removed) + if(f->user && --f->user->ref == 0 && f->user->removed) { + free(f->user->name); free(f->user); + } f->user = 0; return 0; } @@ -559,8 +572,10 @@ f->user->warnings = 0; else if(f->qtype == Quser) removeuser(f->user); - else + else { + Clunk(f); return "permission denied"; + } Clunk(f); writeusers(); return 0; @@ -765,15 +780,6 @@ uchar *p, *buf, *ep; User *u; Dir *d; - - if(usepass) { - if(*authkey == 0) - getpass(authkey, nil, 0, 0); - } else { - if(!getauthkey(authkey)) - print("keyfs: warning: can't read /dev/key\n"); - } - /* read file into an array */ fd = open(userkeys, OREAD);