from yarikos@gmail.com via sources patch:

1. close transient fd
2. use authenticated user name from ticket to avoid forgery
3. use fid not afid in read/write/clunk

authp9any.c

@@ -306,6 +306,7 @@ p9anyinit(void)
 
 	if((n = readn(fd, abuf, sizeof(abuf)-1)) < 0)
 		sysfatal("can't read key file '%s'", af);
+	close(fd);
 	if (n > 0 && abuf[n - 1] == '\n')
 		n--;
 	abuf[n] = '\0';
@@ -368,8 +369,10 @@ p9anyattach(Fcall *rx, Fcall *tx)
 	if (chatty9p)
 		fprint(2, "p9anyattach: afid %d state %d\n", rx->afid, sp->state);
 	if (sp->state == Established && strcmp(rx->uname, sp->uname) == 0
-		&& strcmp(rx->aname, sp->aname) == 0)
+		&& strcmp(rx->aname, sp->aname) == 0){
+		rx->uname = sp->t.suid;
 		return nil;
+	}
 	return "authentication failed";
 }
 
@@ -392,7 +395,7 @@ p9anyread(Fcall *rx, Fcall *tx)
 	char *ep;
 
 	Fid *f;
-	f = oldauthfid(rx->afid, (void **)&sp, &ep);
+	f = oldauthfid(rx->fid, (void **)&sp, &ep);
 	if (f == nil)
 		return ep;
 	if (chatty9p)
@@ -437,7 +440,7 @@ p9anywrite(Fcall *rx, Fcall *tx)
 
 	Fid *f;
 
-	f = oldauthfid(rx->afid, (void **)&sp, &ep);
+	f = oldauthfid(rx->fid, (void **)&sp, &ep);
 	if (f == nil)
 		return ep;
 	if (chatty9p)
@@ -515,7 +518,7 @@ p9anyclunk(Fcall *rx, Fcall *tx)
 	AuthSession *sp;
 	char *ep;
 
-	f = oldauthfid(rx->afid, (void **)&sp, &ep);
+	f = oldauthfid(rx->fid, (void **)&sp, &ep);
 	if (f == nil)
 		return ep;
 	if (chatty9p)