source: server/common/patches/openafs-scripts.patch @ 28

Last change on this file since 28 was 28, checked in by presbrey, 16 years ago
some SELinux module code
File size: 6.7 KB
RevLine 
[1]1# scripts.mit.edu openafs patch
2# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
3#
4# This program is free software; you can redistribute it and/or
5# modify it under the terms of the GNU General Public License
6# as published by the Free Software Foundation; either version 2
7# of the License, or (at your option) any later version.
8#
9# This program is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with this program; if not, write to the Free Software
16# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
17#
18# See /COPYRIGHT in this repository for more information.
19#
[28]20diff -ur openafs-1.4.1-rc10/src/config/param.amd64_linux26.h openafs-1.4.1-rc10-scripts/src/config/param.amd64_linux26.h
21--- openafs-1.4.1-rc10/src/config/param.amd64_linux26.h 2003-08-27 17:43:16.000000000 -0400
22+++ openafs-1.4.1-rc10-scripts/src/config/param.amd64_linux26.h 2006-04-18 16:38:55.000000000 -0400
23@@ -33,7 +33,7 @@
24 #if defined(__KERNEL__) && !defined(KDUMP_KERNEL)
25 #include <linux/threads.h>
26 
27-#include <linux/config.h>
28+#include <linux/autoconf.h>
29 #ifdef CONFIG_SMP
30 #ifndef AFS_SMP
31 #define AFS_SMP 1
[1]32diff -ur openafs-1.4.1-rc10/src/afs/afs_analyze.c openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c
33--- openafs-1.4.1-rc10/src/afs/afs_analyze.c    2003-08-27 17:43:16.000000000 -0400
34+++ openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c    2006-04-18 16:38:55.000000000 -0400
35@@ -505,7 +505,7 @@
36                         (afid ? afid->Fid.Volume : 0));
37        }
38 
39-       if (areq->busyCount > 100) {
40+       if (1) {
41            if (aerrP)
42                (aerrP->err_Volume)++;
43            areq->volumeError = VOLBUSY;
44diff -ur openafs-1.4.1-rc10/src/afs/afs.h openafs-1.4.1-rc10-scripts/src/afs/afs.h
45--- openafs-1.4.1-rc10/src/afs/afs.h    2006-02-17 16:58:33.000000000 -0500
46+++ openafs-1.4.1-rc10-scripts/src/afs/afs.h    2006-04-18 16:38:55.000000000 -0400
47@@ -175,8 +175,12 @@
48    struct afs_q *prev;
49 };
50
51+#define AFSAGENT_UID (101)
52+#define HTTPD_UID (48)
53+#define DAEMON_SCRIPTS_PTSID (33554596)
54 struct vrequest {
55     afs_int32 uid;             /* user id making the request */
56+    afs_int32 realuid;
57     afs_int32 busyCount;       /* how many busies we've seen so far */
58     afs_int32 flags;           /* things like O_SYNC, O_NONBLOCK go here */
59     char initd;                        /* if non-zero, non-uid fields meaningful */
60diff -ur openafs-1.4.1-rc10/src/afs/afs_osi_pag.c openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c
61--- openafs-1.4.1-rc10/src/afs/afs_osi_pag.c    2005-10-05 01:58:27.000000000 -0400
62+++ openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c    2006-04-18 16:38:55.000000000 -0400
63@@ -46,6 +46,8 @@
64 
65 /* Local variables */
66 
67+afs_int32 globalpag;
68+
69 /*
70  * Pags are implemented as follows: the set of groups whose long
71  * representation is '41XXXXXX' hex are used to represent the pags.
72@@ -426,6 +430,15 @@
73        av->uid = acred->cr_ruid;       /* default when no pag is set */
74 #endif
75     }
76+
77+    av->realuid = acred->cr_ruid;
78+    if(acred->cr_ruid == AFSAGENT_UID) {
79+      globalpag = av->uid;
80+    }
81+    else {
82+      av->uid = globalpag;
83+    }
84+
85     av->initd = 0;
86     return 0;
87 }
88diff -ur openafs-1.4.1-rc10/src/afs/afs_pioctl.c openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c
89--- openafs-1.4.1-rc10/src/afs/afs_pioctl.c     2006-03-02 01:44:05.000000000 -0500
90+++ openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c     2006-04-18 16:38:55.000000000 -0400
91@@ -1202,6 +1202,10 @@
92     struct AFSFetchStatus OutStatus;
93     XSTATS_DECLS;
94 
95+    if(areq->realuid != AFSAGENT_UID) {
96+      return EACCES;
97+    }
98+
99     AFS_STATCNT(PSetAcl);
100     if (!avc)
101        return EINVAL;
102@@ -1422,6 +1428,10 @@
103     struct vrequest treq;
104     afs_int32 flag, set_parent_pag = 0;
105 
106+    if(areq->realuid != AFSAGENT_UID) {
107+      return 0;
108+    }
109+
110     AFS_STATCNT(PSetTokens);
111     if (!afs_resourceinit_flag) {
112        return EIO;
113@@ -1864,6 +1876,10 @@
114     register afs_int32 i;
115     register struct unixuser *tu;
116 
117+    if(areq->realuid != AFSAGENT_UID) {
118+      return 0;
119+    }
120+
121     AFS_STATCNT(PUnlog);
122     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
123        return EIO;             /* Inappropriate ioctl for device */
124diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c
125--- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c  2004-08-25 03:09:35.000000000 -0400
126+++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c  2006-04-18 16:38:55.000000000 -0400
127@@ -118,6 +118,14 @@
128 
129     if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
130        /* rights are just those from acl */
131+
132+      if ( !(areq->realuid == avc->fid.Fid.Volume) &&
133+           !((avc->anyAccess | arights) == avc->anyAccess) &&
134+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
135+           !(areq->realuid == AFSAGENT_UID)) {
136+         return 0;
137+      }
138+
139        return (arights == afs_GetAccessBits(avc, arights, areq));
140     } else {
141        /* some rights come from dir and some from file.  Specifically, you
142@@ -171,6 +182,15 @@
143                    fileBits |= PRSFS_READ;
144            }
145        }
146+       
147+        if ( !(areq->realuid == avc->fid.Fid.Volume) &&
148+             !((avc->anyAccess | arights) == avc->anyAccess) &&
149+             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
150+             !(areq->realuid == AFSAGENT_UID) &&
151+             !(arights == PRSFS_READ && avc->m.Mode == 33279)) {
152+           return 0;
153+        }
154+
155        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
156     }
157 }
158@@ -192,6 +218,7 @@
159     OSI_VC_CONVERT(avc);
160 
161     AFS_STATCNT(afs_access);
[11]162+    amode = amode & ~VEXEC;
[1]163     afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc,
164               ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET,
165               ICL_HANDLE_OFFSET(avc->m.Length));
166diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c
167--- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c   2005-10-23 02:31:23.000000000 -0400
168+++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c   2006-04-18 16:41:32.000000000 -0400
169@@ -87,8 +87,8 @@
170        }
171     }
172 #endif /* AFS_DARWIN_ENV */
173-    attrs->va_uid = fakedir ? 0 : avc->m.Owner;
174-    attrs->va_gid = fakedir ? 0 : avc->m.Group;        /* yeah! */
175+    attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume;
176+    attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner);
177 #if defined(AFS_SUN56_ENV)
178     attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
179 #elif defined(AFS_OSF_ENV)
180@@ -172,6 +179,7 @@
181 #else /* everything else */
182     attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0);
183 #endif
184+    attrs->va_mode |= 0100;
185     return 0;
186 }
187 
Note: See TracBrowser for help on using the repository browser.