source: branches/fc15-dev/server/common/patches/openafs-scripts.patch @ 1913

Last change on this file since 1913 was 1913, checked in by achernya, 11 years ago
Update OpenAFS from 1.4.14 to 1.6.0pre6 kaduk finished porting the openafs-scripts patch to 1.6.0, which was then lightly modified be me to get it to compile -- mostly fixing typos. The openafs.spec.patch was also fixed, including another chmod +x hack on some libraries to get rpm to properly process them for Provides directives. Interestingly, these libraries had the correct mode in 1.4.14. The patches that were added to get 1.4.14 to compile have also been removed, as 1.6.0pre6 compiles on kernel 2.6.38 unmodified. openafs-numsysnames is getting removed because 32 is now the default. openafs-localcsdb is getting removed because the change was included in kaduk's patchset.
File size: 10.6 KB
  • src/afs/LINUX/osi_vnodeops.c

    # scripts.mit.edu openafs patch
    # Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
    # with modifications by Joe Presbrey <presbrey@mit.edu>
    # and Anders Kaseorg <andersk@mit.edu>
    # and Edward Z. Yang <ezyang@mit.edu>
    # and Benjamin Kaduk <kaduk@mit.edu>
    # and Alexander Chernyakhovsky <achernya@mit.edu>
    #
    # This file is available under both the MIT license and the GPL.
    #
    
    # Permission is hereby granted, free of charge, to any person obtaining a copy
    # of this software and associated documentation files (the "Software"), to deal
    # in the Software without restriction, including without limitation the rights
    # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    # copies of the Software, and to permit persons to whom the Software is
    # furnished to do so, subject to the following conditions:
    # 
    # The above copyright notice and this permission notice shall be included in
    # all copies or substantial portions of the Software.
    # 
    # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    # THE SOFTWARE.
    #
    
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of the GNU General Public License
    # as published by the Free Software Foundation; either version 2
    # of the License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program; if not, write to the Free Software
    # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    #
    # See /COPYRIGHT in this repository for more information.
    #
    diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c
    index 7c7705e..0d0e94f 100644
    a b afs_linux_dentry_revalidate(struct dentry *dp, int flags) 
    904904        /* should we always update the attributes at this point? */
    905905        /* unlikely--the vcache entry hasn't changed */
    906906
     907        /* [scripts] This code makes hardlinks work correctly.
     908        *
     909        * We want Apache to be able to read a file with hardlinks
     910        * named .htaccess and foo to be able to read it via .htaccess
     911        * and not via foo, regardless of which name was looked up
     912        * (remember, inodes do not have filenames associated with them.)
     913        *
     914        * It is important that we modify the existing cache entry even
     915        * if it is otherwise totally valid and would not be reloaded.
     916        * Otherwise, it won't recover from repeatedly reading the same
     917        * inode via multiple hardlinks or different names.  Specifically,
     918        * Apache will be able to read both names if it was first looked
     919        * up (by anyone!) via .htaccess, and neither if it was first
     920        * looked up via foo.
     921        *
     922        * With regards to performance, the strncmp() is bounded by
     923        * three characters, so it takes O(3) operations.  If this code
     924        * is extended to all static-cat extensions, we'll want to do
     925        * some clever hashing using gperf here.
     926        */
     927        vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0;
     928
    907929        dput(parent);
    908930    } else {
    909931#ifdef notyet
  • src/afs/VNOPS/afs_vnop_access.c

    diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c
    index eabcfeb..6390850 100644
    a b afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq, 
    130130            dirBits = PRSFS_LOOKUP | PRSFS_READ;
    131131            return (arights == (dirBits & arights));
    132132        }
     133        if ( areq->uid == globalpag &&
     134            !(areq->realuid == avc->f.fid.Fid.Volume) &&
     135            !((avc->f.anyAccess | arights) == avc->f.anyAccess) &&
     136            !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
     137            !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     138            !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     139            !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     140            return 0;
     141        }
    133142        return (arights == afs_GetAccessBits(avc, arights, areq));
    134143    } else {
    135144        /* some rights come from dir and some from file.  Specifically, you
    afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq, 
    183192                    fileBits |= PRSFS_READ;
    184193            }
    185194        }
     195
     196        if ( areq->uid == globalpag &&
     197            !(areq->realuid == avc->f.fid.Fid.Volume) &&
     198            !((avc->f.anyAccess | arights) == avc->f.anyAccess) &&
     199            !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
     200            !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
     201            !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
     202                (avc->f.m.Mode == 0100777 || avc->apache_access)) &&
     203            !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     204            !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     205            return 0;
     206        }
     207
    186208        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
    187209    }
    188210}
  • src/afs/VNOPS/afs_vnop_attrs.c

    diff --git a/src/afs/VNOPS/afs_vnop_attrs.c b/src/afs/VNOPS/afs_vnop_attrs.c
    index b3931e5..71ef05c 100644
    a b afs_CopyOutAttrs(struct vcache *avc, struct vattr *attrs) 
    8888        }
    8989    }
    9090#endif /* AFS_DARWIN_ENV */
    91     attrs->va_uid = fakedir ? 0 : avc->f.m.Owner;
    92     attrs->va_gid = fakedir ? 0 : avc->f.m.Group;       /* yeah! */
     91    attrs->va_uid = fakedir ? 0 : avc->f.fid.Fid.Volume;
     92    attrs->va_gid = (avc->f.m.Owner == DAEMON_SCRIPTS_PTSID ? avc->f.m.Group : avc->f.m.Owner);
    9393#if defined(AFS_SUN56_ENV)
    9494    attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
    9595#elif defined(AFS_DARWIN80_ENV)
  • src/afs/VNOPS/afs_vnop_lookup.c

    diff --git a/src/afs/VNOPS/afs_vnop_lookup.c b/src/afs/VNOPS/afs_vnop_lookup.c
    index 8e7af1c..7e984e9 100644
    a b afs_lookup(OSI_VC_DECL(adp), char *aname, struct vcache **avcp, afs_ucred_t *acr 
    18771877    }
    18781878
    18791879  done:
     1880    if (tvc) {
     1881    /* [scripts] check Apache's ability to read this file, so that
     1882    * we can figure this out on an access() call */
     1883    tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
     1884    }
     1885
    18801886    /* put the network buffer back, if need be */
    18811887    if (tname != aname && tname)
    18821888        osi_FreeLargeSpace(tname);
  • src/afs/afs.h

    diff --git a/src/afs/afs.h b/src/afs/afs.h
    index fcc4c70..0d53af6 100644
    a b struct afs_slotlist { 
    233233    struct afs_slotlist *next;
    234234};
    235235
     236#define AFSAGENT_UID (101)
     237#define SIGNUP_UID (102)
     238#define HTTPD_UID (48)
     239#define POSTFIX_UID (89)
     240#define DAEMON_SCRIPTS_PTSID (33554596)
     241extern afs_int32 globalpag;
     242
    236243struct vrequest {
    237244    afs_int32 uid;              /* user id making the request */
     245    afs_int32 realuid;
    238246    afs_int32 busyCount;        /* how many busies we've seen so far */
    239247    afs_int32 flags;            /* things like O_SYNC, O_NONBLOCK go here */
    240248    char initd;                 /* if non-zero, Error fields meaningful */
    struct vcache { 
    872880#ifdef AFS_SUN5_ENV
    873881    short multiPage;            /* count of multi-page getpages in progress */
    874882#endif
     883    int apache_access;          /* whether or not Apache has access to a file */
    875884};
    876885
    877886#define DONT_CHECK_MODE_BITS    0
  • src/afs/afs_analyze.c

    diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c
    index 1834e6d..673a8e6 100644
    a b afs_Analyze(struct afs_conn *aconn, afs_int32 acode, 
    368368                         (afid ? afid->Fid.Volume : 0));
    369369        }
    370370
    371         if (areq->busyCount > 100) {
     371        if (1) {
    372372            if (aerrP)
    373373                (aerrP->err_Volume)++;
    374374            areq->volumeError = VOLBUSY;
  • src/afs/afs_osi_pag.c

    diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c
    index c888605..ff5cf2d 100644
    a b afs_uint32 pagCounter = 0; 
    4949#endif
    5050/* Local variables */
    5151
     52afs_int32 globalpag = 0;
     53
    5254/*
    5355 * Pags are implemented as follows: the set of groups whose long
    5456 * representation is '41XXXXXX' hex are used to represent the pags.
    afs_InitReq(struct vrequest *av, afs_ucred_t *acred) 
    484486        av->uid = afs_cr_uid(acred);    /* default when no pag is set */
    485487#endif
    486488    }
     489
     490    av->realuid = afs_cr_uid(acred);
     491    if(!globalpag && av->realuid == AFSAGENT_UID) {
     492      globalpag = av->uid;
     493    }
     494    else if (globalpag && av->uid == av->realuid) {
     495      av->uid = globalpag;
     496    }
     497
    487498    return 0;
    488499}
    489500
  • src/afs/afs_pioctl.c

    diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
    index f282510..00f1360 100644
    a b DECL_PIOCTL(PSetAcl) 
    14051405    struct AFSFetchStatus OutStatus;
    14061406    XSTATS_DECLS;
    14071407
     1408    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1409        return EACCES;
     1410    }
     1411
    14081412    AFS_STATCNT(PSetAcl);
    14091413    if (!avc)
    14101414        return EINVAL;
    DECL_PIOCTL(PSetTokens) 
    17901794    struct vrequest treq;
    17911795    afs_int32 flag, set_parent_pag = 0;
    17921796
     1797    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1798        return EACCES;
     1799    }
     1800
    17931801    AFS_STATCNT(PSetTokens);
    17941802    if (!afs_resourceinit_flag) {
    17951803        return EIO;
    DECL_PIOCTL(PGetTokens) 
    22312239    int newStyle;
    22322240    int code = E2BIG;
    22332241
     2242    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID &&
     2243        areq->realuid != 0 && areq->realuid != SIGNUP_UID) {
     2244        return EDOM;
     2245    }
     2246
    22342247    AFS_STATCNT(PGetTokens);
    22352248    if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
    22362249        return EIO;             /* Inappropriate ioctl for device */
    DECL_PIOCTL(PUnlog) 
    23412354    afs_int32 i;
    23422355    struct unixuser *tu;
    23432356
     2357    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     2358        return EACCES;
     2359    }
     2360
    23442361    AFS_STATCNT(PUnlog);
    23452362    if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
    23462363        return EIO;             /* Inappropriate ioctl for device */
  • src/packaging/RedHat/openafs-client.init

    diff --git a/src/packaging/RedHat/openafs-client.init b/src/packaging/RedHat/openafs-client.init
    index 10ec647..a4ecbc8 100644
    a b  
    1414
    1515start() {
    1616        echo -n $"Updating CellServDB: "
    17         cat /usr/vice/etc/CellServDB.local /usr/vice/etc/CellServDB.dist > \
     17        cat /usr/vice/etc/CellServDB.local > \
    1818               /usr/vice/etc/CellServDB
    1919        chmod 644 /usr/vice/etc/CellServDB
    2020        echo
Note: See TracBrowser for help on using the repository browser.