[1] | 1 | # scripts.mit.edu openafs patch |
---|
| 2 | # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> |
---|
| 3 | # |
---|
| 4 | # This program is free software; you can redistribute it and/or |
---|
| 5 | # modify it under the terms of the GNU General Public License |
---|
| 6 | # as published by the Free Software Foundation; either version 2 |
---|
| 7 | # of the License, or (at your option) any later version. |
---|
| 8 | # |
---|
| 9 | # This program is distributed in the hope that it will be useful, |
---|
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 12 | # GNU General Public License for more details. |
---|
| 13 | # |
---|
| 14 | # You should have received a copy of the GNU General Public License |
---|
| 15 | # along with this program; if not, write to the Free Software |
---|
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
---|
| 17 | # |
---|
| 18 | # See /COPYRIGHT in this repository for more information. |
---|
| 19 | # |
---|
| 20 | diff -ur openafs-1.4.1-rc10/src/afs/afs_analyze.c openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c |
---|
| 21 | --- openafs-1.4.1-rc10/src/afs/afs_analyze.c 2003-08-27 17:43:16.000000000 -0400 |
---|
| 22 | +++ openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c 2006-04-18 16:38:55.000000000 -0400 |
---|
| 23 | @@ -505,7 +505,7 @@ |
---|
| 24 | (afid ? afid->Fid.Volume : 0)); |
---|
| 25 | } |
---|
| 26 | |
---|
| 27 | - if (areq->busyCount > 100) { |
---|
| 28 | + if (1) { |
---|
| 29 | if (aerrP) |
---|
| 30 | (aerrP->err_Volume)++; |
---|
| 31 | areq->volumeError = VOLBUSY; |
---|
| 32 | diff -ur openafs-1.4.1-rc10/src/afs/afs.h openafs-1.4.1-rc10-scripts/src/afs/afs.h |
---|
| 33 | --- openafs-1.4.1-rc10/src/afs/afs.h 2006-02-17 16:58:33.000000000 -0500 |
---|
| 34 | +++ openafs-1.4.1-rc10-scripts/src/afs/afs.h 2006-04-18 16:38:55.000000000 -0400 |
---|
[83] | 35 | @@ -175,8 +175,13 @@ |
---|
[1] | 36 | struct afs_q *prev; |
---|
| 37 | }; |
---|
| 38 | |
---|
| 39 | +#define AFSAGENT_UID (101) |
---|
| 40 | +#define HTTPD_UID (48) |
---|
[83] | 41 | +#define POSTFIX_UID (89) |
---|
[1] | 42 | +#define DAEMON_SCRIPTS_PTSID (33554596) |
---|
| 43 | struct vrequest { |
---|
| 44 | afs_int32 uid; /* user id making the request */ |
---|
| 45 | + afs_int32 realuid; |
---|
| 46 | afs_int32 busyCount; /* how many busies we've seen so far */ |
---|
| 47 | afs_int32 flags; /* things like O_SYNC, O_NONBLOCK go here */ |
---|
| 48 | char initd; /* if non-zero, non-uid fields meaningful */ |
---|
| 49 | diff -ur openafs-1.4.1-rc10/src/afs/afs_osi_pag.c openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c |
---|
| 50 | --- openafs-1.4.1-rc10/src/afs/afs_osi_pag.c 2005-10-05 01:58:27.000000000 -0400 |
---|
| 51 | +++ openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c 2006-04-18 16:38:55.000000000 -0400 |
---|
| 52 | @@ -46,6 +46,8 @@ |
---|
| 53 | |
---|
| 54 | /* Local variables */ |
---|
| 55 | |
---|
[55] | 56 | +afs_int32 globalpag = 0; |
---|
[1] | 57 | + |
---|
| 58 | /* |
---|
| 59 | * Pags are implemented as follows: the set of groups whose long |
---|
| 60 | * representation is '41XXXXXX' hex are used to represent the pags. |
---|
| 61 | @@ -426,6 +430,15 @@ |
---|
| 62 | av->uid = acred->cr_ruid; /* default when no pag is set */ |
---|
| 63 | #endif |
---|
| 64 | } |
---|
| 65 | + |
---|
| 66 | + av->realuid = acred->cr_ruid; |
---|
[55] | 67 | + if(!globalpag && acred->cr_ruid == AFSAGENT_UID) { |
---|
[1] | 68 | + globalpag = av->uid; |
---|
| 69 | + } |
---|
| 70 | + else { |
---|
| 71 | + av->uid = globalpag; |
---|
| 72 | + } |
---|
| 73 | + |
---|
| 74 | av->initd = 0; |
---|
| 75 | return 0; |
---|
| 76 | } |
---|
| 77 | diff -ur openafs-1.4.1-rc10/src/afs/afs_pioctl.c openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c |
---|
| 78 | --- openafs-1.4.1-rc10/src/afs/afs_pioctl.c 2006-03-02 01:44:05.000000000 -0500 |
---|
| 79 | +++ openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c 2006-04-18 16:38:55.000000000 -0400 |
---|
| 80 | @@ -1202,6 +1202,10 @@ |
---|
| 81 | struct AFSFetchStatus OutStatus; |
---|
| 82 | XSTATS_DECLS; |
---|
| 83 | |
---|
| 84 | + if(areq->realuid != AFSAGENT_UID) { |
---|
| 85 | + return EACCES; |
---|
| 86 | + } |
---|
| 87 | + |
---|
| 88 | AFS_STATCNT(PSetAcl); |
---|
| 89 | if (!avc) |
---|
| 90 | return EINVAL; |
---|
| 91 | @@ -1422,6 +1428,10 @@ |
---|
| 92 | struct vrequest treq; |
---|
| 93 | afs_int32 flag, set_parent_pag = 0; |
---|
| 94 | |
---|
| 95 | + if(areq->realuid != AFSAGENT_UID) { |
---|
| 96 | + return 0; |
---|
| 97 | + } |
---|
| 98 | + |
---|
| 99 | AFS_STATCNT(PSetTokens); |
---|
| 100 | if (!afs_resourceinit_flag) { |
---|
| 101 | return EIO; |
---|
| 102 | @@ -1864,6 +1876,10 @@ |
---|
| 103 | register afs_int32 i; |
---|
| 104 | register struct unixuser *tu; |
---|
| 105 | |
---|
| 106 | + if(areq->realuid != AFSAGENT_UID) { |
---|
| 107 | + return 0; |
---|
| 108 | + } |
---|
| 109 | + |
---|
| 110 | AFS_STATCNT(PUnlog); |
---|
| 111 | if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ |
---|
| 112 | return EIO; /* Inappropriate ioctl for device */ |
---|
| 113 | diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c |
---|
| 114 | --- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c 2004-08-25 03:09:35.000000000 -0400 |
---|
| 115 | +++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c 2006-04-18 16:38:55.000000000 -0400 |
---|
| 116 | @@ -118,6 +118,14 @@ |
---|
| 117 | |
---|
| 118 | if ((vType(avc) == VDIR) || (avc->states & CForeign)) { |
---|
| 119 | /* rights are just those from acl */ |
---|
| 120 | + |
---|
| 121 | + if ( !(areq->realuid == avc->fid.Fid.Volume) && |
---|
| 122 | + !((avc->anyAccess | arights) == avc->anyAccess) && |
---|
| 123 | + !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) && |
---|
[83] | 124 | + !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) ) { |
---|
[1] | 125 | + return 0; |
---|
| 126 | + } |
---|
| 127 | + |
---|
| 128 | return (arights == afs_GetAccessBits(avc, arights, areq)); |
---|
| 129 | } else { |
---|
| 130 | /* some rights come from dir and some from file. Specifically, you |
---|
| 131 | @@ -171,6 +182,15 @@ |
---|
| 132 | fileBits |= PRSFS_READ; |
---|
| 133 | } |
---|
| 134 | } |
---|
| 135 | + |
---|
| 136 | + if ( !(areq->realuid == avc->fid.Fid.Volume) && |
---|
| 137 | + !((avc->anyAccess | arights) == avc->anyAccess) && |
---|
| 138 | + !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) && |
---|
[83] | 139 | + !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) && |
---|
[1] | 140 | + !(arights == PRSFS_READ && avc->m.Mode == 33279)) { |
---|
| 141 | + return 0; |
---|
| 142 | + } |
---|
| 143 | + |
---|
| 144 | return ((fileBits & arights) == arights); /* true if all rights bits are on */ |
---|
| 145 | } |
---|
| 146 | } |
---|
| 147 | @@ -192,6 +218,7 @@ |
---|
| 148 | OSI_VC_CONVERT(avc); |
---|
| 149 | |
---|
| 150 | AFS_STATCNT(afs_access); |
---|
[11] | 151 | + amode = amode & ~VEXEC; |
---|
[1] | 152 | afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc, |
---|
| 153 | ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET, |
---|
| 154 | ICL_HANDLE_OFFSET(avc->m.Length)); |
---|
| 155 | diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c |
---|
| 156 | --- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c 2005-10-23 02:31:23.000000000 -0400 |
---|
| 157 | +++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c 2006-04-18 16:41:32.000000000 -0400 |
---|
| 158 | @@ -87,8 +87,8 @@ |
---|
| 159 | } |
---|
| 160 | } |
---|
| 161 | #endif /* AFS_DARWIN_ENV */ |
---|
| 162 | - attrs->va_uid = fakedir ? 0 : avc->m.Owner; |
---|
| 163 | - attrs->va_gid = fakedir ? 0 : avc->m.Group; /* yeah! */ |
---|
| 164 | + attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume; |
---|
| 165 | + attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner); |
---|
| 166 | #if defined(AFS_SUN56_ENV) |
---|
| 167 | attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0]; |
---|
| 168 | #elif defined(AFS_OSF_ENV) |
---|
| 169 | @@ -172,6 +179,7 @@ |
---|
| 170 | #else /* everything else */ |
---|
| 171 | attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0); |
---|
| 172 | #endif |
---|
| 173 | + attrs->va_mode |= 0100; |
---|
| 174 | return 0; |
---|
| 175 | } |
---|
| 176 | |
---|