source:
branches/fc11-dev/server/common/patches/openafs-scripts.patch
@
2505
Last change on this file since 2505 was 1179, checked in by mitchb, 15 years ago | |
---|---|
File size: 9.9 KB |
-
src/afs/afs_analyze.c
# scripts.mit.edu openafs patch # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> # with modifications by Joe Presbrey <presbrey@mit.edu> # and Anders Kaseorg <andersk@mit.edu> # and Edward Z. Yang <ezyang@mit.edu> # # This file is available under both the MIT license and the GPL. # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # # See /COPYRIGHT in this repository for more information. # diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c
old new 585 585 (afid ? afid->Fid.Volume : 0)); 586 586 } 587 587 588 if ( areq->busyCount > 100) {588 if (1) { 589 589 if (aerrP) 590 590 (aerrP->err_Volume)++; 591 591 areq->volumeError = VOLBUSY; -
src/afs/LINUX/osi_vnodeops.c
diff -ur openafs-1.4/src/afs/LINUX/osi_vnodeops.c openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
old new 875 875 /* should we always update the attributes at this point? */ 876 876 /* unlikely--the vcache entry hasn't changed */ 877 877 878 /* [scripts] This code makes hardlinks work correctly. 879 * 880 * We want Apache to be able to read a file with hardlinks 881 * named .htaccess and foo to be able to read it via .htaccess 882 * and not via foo, regardless of which name was looked up 883 * (remember, inodes do not have filenames associated with them.) 884 * 885 * It is important that we modify the existing cache entry even 886 * if it is otherwise totally valid and would not be reloaded. 887 * Otherwise, it won't recover from repeatedly reading the same 888 * inode via multiple hardlinks or different names. Specifically, 889 * Apache will be able to read both names if it was first looked 890 * up (by anyone!) via .htaccess, and neither if it was first 891 * looked up via foo. 892 * 893 * With regards to performance, the strncmp() is bounded by 894 * three characters, so it takes O(3) operations. If this code 895 * is extended to all static-cat extensions, we'll want to do 896 * some clever hashing using gperf here. 897 */ 898 vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0; 899 878 900 } else { 879 901 #ifdef notyet 880 902 pvcp = VTOAFS(dp->d_parent->d_inode); /* dget_parent()? */ -
src/afs/VNOPS/afs_vnop_lookup.c
diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
old new 1572 1572 } 1573 1573 1574 1574 done: 1575 if (tvc) { 1576 /* [scripts] check Apache's ability to read this file, so that 1577 * we can figure this out on an access() call */ 1578 tvc->apache_access = strncmp(aname, ".ht", 3) == 0; 1579 } 1580 1575 1581 /* put the network buffer back, if need be */ 1576 1582 if (tname != aname && tname) 1577 1583 osi_FreeLargeSpace(tname); -
src/afs/afs.h
diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h
old new 208 208 #define QTOC(e) QEntry(e, struct cell, lruq) 209 209 #define QTOVH(e) QEntry(e, struct vcache, vhashq) 210 210 211 #define AFSAGENT_UID (101) 212 #define SIGNUP_UID (102) 213 #define HTTPD_UID (48) 214 #define POSTFIX_UID (89) 215 #define DAEMON_SCRIPTS_PTSID (33554596) 216 extern afs_int32 globalpag; 217 211 218 struct vrequest { 212 219 afs_int32 uid; /* user id making the request */ 220 afs_int32 realuid; 213 221 afs_int32 busyCount; /* how many busies we've seen so far */ 214 222 afs_int32 flags; /* things like O_SYNC, O_NONBLOCK go here */ 215 223 char initd; /* if non-zero, Error fields meaningful */ … … 743 751 #ifdef AFS_SUN5_ENV 744 752 short multiPage; /* count of multi-page getpages in progress */ 745 753 #endif 754 int apache_access; /* whether or not Apache has access to a file */ 746 755 }; 747 756 748 757 #define DONT_CHECK_MODE_BITS 0 -
src/afs/afs_osi_pag.c
diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c
old new 51 51 #endif 52 52 /* Local variables */ 53 53 54 afs_int32 globalpag = 0; 55 54 56 /* 55 57 * Pags are implemented as follows: the set of groups whose long 56 58 * representation is '41XXXXXX' hex are used to represent the pags. … … 458 460 av->uid = acred->cr_ruid; /* default when no pag is set */ 459 461 #endif 460 462 } 463 464 av->realuid = acred->cr_ruid; 465 if(!globalpag && acred->cr_ruid == AFSAGENT_UID) { 466 globalpag = av->uid; 467 } 468 else if (globalpag && av->uid == acred->cr_ruid) { 469 av->uid = globalpag; 470 } 471 461 472 av->initd = 0; 462 473 return 0; 463 474 } -
src/afs/afs_pioctl.c
diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
old new 1217 1217 struct AFSFetchStatus OutStatus; 1218 1218 XSTATS_DECLS; 1219 1219 1220 if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) { 1221 return EACCES; 1222 } 1223 1220 1224 AFS_STATCNT(PSetAcl); 1221 1225 if (!avc) 1222 1226 return EINVAL; … … 1437 1441 struct vrequest treq; 1438 1442 afs_int32 flag, set_parent_pag = 0; 1439 1443 1444 if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) { 1445 return 0; 1446 } 1447 1440 1448 AFS_STATCNT(PSetTokens); 1441 1449 if (!afs_resourceinit_flag) { 1442 1450 return EIO; … … 1796 1804 afs_int32 iterator; 1797 1805 int newStyle; 1798 1806 1807 if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID && 1808 areq->realuid != 0 && areq->realuid != SIGNUP_UID) 1809 return 0; 1810 1799 1811 AFS_STATCNT(PGetTokens); 1800 1812 if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ 1801 1813 return EIO; /* Inappropriate ioctl for device */ … … 1879 1891 register afs_int32 i; 1880 1892 register struct unixuser *tu; 1881 1893 1894 if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) { 1895 return 0; 1896 } 1897 1882 1898 AFS_STATCNT(PUnlog); 1883 1899 if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ 1884 1900 return EIO; /* Inappropriate ioctl for device */ -
src/afs/VNOPS/afs_vnop_access.c
diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
old new 118 118 119 119 if ((vType(avc) == VDIR) || (avc->states & CForeign)) { 120 120 /* rights are just those from acl */ 121 122 if ( areq->uid == globalpag && 123 !(areq->realuid == avc->fid.Fid.Volume) && 124 !((avc->anyAccess | arights) == avc->anyAccess) && 125 !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) && 126 !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) && 127 !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) && 128 !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) { 129 return 0; 130 } 131 121 132 return (arights == afs_GetAccessBits(avc, arights, areq)); 122 133 } else { 123 134 /* some rights come from dir and some from file. Specifically, you … … 171 182 fileBits |= PRSFS_READ; 172 183 } 173 184 } 185 186 if ( areq->uid == globalpag && 187 !(areq->realuid == avc->fid.Fid.Volume) && 188 !((avc->anyAccess | arights) == avc->anyAccess) && 189 !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) && 190 !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) && 191 !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && 192 (avc->m.Mode == 0100777 || avc->apache_access)) && 193 !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) && 194 !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) { 195 return 0; 196 } 197 174 198 return ((fileBits & arights) == arights); /* true if all rights bits are on */ 175 199 } 176 200 } -
src/afs/VNOPS/afs_vnop_attrs.c
diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
old new 87 87 } 88 88 } 89 89 #endif /* AFS_DARWIN_ENV */ 90 attrs->va_uid = fakedir ? 0 : avc-> m.Owner;91 attrs->va_gid = fakedir ? 0 : avc->m.Group; /* yeah! */90 attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume; 91 attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner); 92 92 #if defined(AFS_SUN56_ENV) 93 93 attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0]; 94 94 #elif defined(AFS_OSF_ENV)
Note: See TracBrowser
for help on using the repository browser.