source: server/common/patches/openafs-scripts.patch @ 403

Last change on this file since 403 was 259, checked in by jbarnold, 17 years ago
Some patch offsets changed that should not have changed. I'm not protective of much, but I am protective of this patch; copyright message clarified.
File size: 6.9 KB
RevLine 
[1]1# scripts.mit.edu openafs patch
2# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
[259]3# with modifications by Joe Presbrey <presbrey@mit.edu>
[1]4#
5# This program is free software; you can redistribute it and/or
6# modify it under the terms of the GNU General Public License
7# as published by the Free Software Foundation; either version 2
8# of the License, or (at your option) any later version.
9#
10# This program is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU General Public License for more details.
14#
15# You should have received a copy of the GNU General Public License
16# along with this program; if not, write to the Free Software
17# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
18#
19# See /COPYRIGHT in this repository for more information.
20#
21diff -ur openafs-1.4.1-rc10/src/afs/afs_analyze.c openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c
22--- openafs-1.4.1-rc10/src/afs/afs_analyze.c    2003-08-27 17:43:16.000000000 -0400
23+++ openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c    2006-04-18 16:38:55.000000000 -0400
24@@ -505,7 +505,7 @@
25                         (afid ? afid->Fid.Volume : 0));
26        }
27 
28-       if (areq->busyCount > 100) {
29+       if (1) {
30            if (aerrP)
31                (aerrP->err_Volume)++;
32            areq->volumeError = VOLBUSY;
33diff -ur openafs-1.4.1-rc10/src/afs/afs.h openafs-1.4.1-rc10-scripts/src/afs/afs.h
34--- openafs-1.4.1-rc10/src/afs/afs.h    2006-02-17 16:58:33.000000000 -0500
35+++ openafs-1.4.1-rc10-scripts/src/afs/afs.h    2006-04-18 16:38:55.000000000 -0400
[258]36@@ -175,8 +175,14 @@
[1]37    struct afs_q *prev;
38 };
39
40+#define AFSAGENT_UID (101)
[258]41+#define SIGNUP_UID (102)
[1]42+#define HTTPD_UID (48)
[83]43+#define POSTFIX_UID (89)
[1]44+#define DAEMON_SCRIPTS_PTSID (33554596)
45 struct vrequest {
46     afs_int32 uid;             /* user id making the request */
47+    afs_int32 realuid;
48     afs_int32 busyCount;       /* how many busies we've seen so far */
49     afs_int32 flags;           /* things like O_SYNC, O_NONBLOCK go here */
50     char initd;                        /* if non-zero, non-uid fields meaningful */
51diff -ur openafs-1.4.1-rc10/src/afs/afs_osi_pag.c openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c
52--- openafs-1.4.1-rc10/src/afs/afs_osi_pag.c    2005-10-05 01:58:27.000000000 -0400
53+++ openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c    2006-04-18 16:38:55.000000000 -0400
54@@ -46,6 +46,8 @@
55 
56 /* Local variables */
57 
[55]58+afs_int32 globalpag = 0;
[1]59+
60 /*
61  * Pags are implemented as follows: the set of groups whose long
62  * representation is '41XXXXXX' hex are used to represent the pags.
63@@ -426,6 +430,15 @@
64        av->uid = acred->cr_ruid;       /* default when no pag is set */
65 #endif
66     }
67+
68+    av->realuid = acred->cr_ruid;
[55]69+    if(!globalpag && acred->cr_ruid == AFSAGENT_UID) {
[1]70+      globalpag = av->uid;
71+    }
72+    else {
73+      av->uid = globalpag;
74+    }
75+
76     av->initd = 0;
77     return 0;
78 }
79diff -ur openafs-1.4.1-rc10/src/afs/afs_pioctl.c openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c
80--- openafs-1.4.1-rc10/src/afs/afs_pioctl.c     2006-03-02 01:44:05.000000000 -0500
81+++ openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c     2006-04-18 16:38:55.000000000 -0400
82@@ -1202,6 +1202,10 @@
83     struct AFSFetchStatus OutStatus;
84     XSTATS_DECLS;
85 
86+    if(areq->realuid != AFSAGENT_UID) {
87+      return EACCES;
88+    }
89+
90     AFS_STATCNT(PSetAcl);
91     if (!avc)
92        return EINVAL;
93@@ -1422,6 +1428,10 @@
94     struct vrequest treq;
95     afs_int32 flag, set_parent_pag = 0;
96 
97+    if(areq->realuid != AFSAGENT_UID) {
98+      return 0;
99+    }
100+
101     AFS_STATCNT(PSetTokens);
102     if (!afs_resourceinit_flag) {
103        return EIO;
104@@ -1864,6 +1876,10 @@
105     register afs_int32 i;
106     register struct unixuser *tu;
107 
108+    if(areq->realuid != AFSAGENT_UID) {
109+      return 0;
110+    }
111+
112     AFS_STATCNT(PUnlog);
113     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
114        return EIO;             /* Inappropriate ioctl for device */
115diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c
116--- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c  2004-08-25 03:09:35.000000000 -0400
117+++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c  2006-04-18 16:38:55.000000000 -0400
[258]118@@ -118,6 +118,16 @@
[1]119 
120     if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
121        /* rights are just those from acl */
122+
123+      if ( !(areq->realuid == avc->fid.Fid.Volume) &&
124+           !((avc->anyAccess | arights) == avc->anyAccess) &&
125+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
[258]126+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
127+           !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
128+           !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
[1]129+         return 0;
130+      }
131+
132        return (arights == afs_GetAccessBits(avc, arights, areq));
133     } else {
134        /* some rights come from dir and some from file.  Specifically, you
[259]135@@ -171,6 +182,17 @@
[1]136                    fileBits |= PRSFS_READ;
137            }
138        }
139+       
140+        if ( !(areq->realuid == avc->fid.Fid.Volume) &&
141+             !((avc->anyAccess | arights) == avc->anyAccess) &&
142+             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
[83]143+             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
[258]144+             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) &&
145+             !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
146+             !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
[1]147+           return 0;
148+        }
149+
150        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
151     }
152 }
[259]153@@ -192,6 +218,7 @@
[1]154     OSI_VC_CONVERT(avc);
155 
156     AFS_STATCNT(afs_access);
[11]157+    amode = amode & ~VEXEC;
[1]158     afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc,
159               ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET,
160               ICL_HANDLE_OFFSET(avc->m.Length));
161diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c
162--- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c   2005-10-23 02:31:23.000000000 -0400
163+++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c   2006-04-18 16:41:32.000000000 -0400
164@@ -87,8 +87,8 @@
165        }
166     }
167 #endif /* AFS_DARWIN_ENV */
168-    attrs->va_uid = fakedir ? 0 : avc->m.Owner;
169-    attrs->va_gid = fakedir ? 0 : avc->m.Group;        /* yeah! */
170+    attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume;
171+    attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner);
172 #if defined(AFS_SUN56_ENV)
173     attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
174 #elif defined(AFS_OSF_ENV)
175@@ -172,6 +179,7 @@
176 #else /* everything else */
177     attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0);
178 #endif
179+    attrs->va_mode |= 0100;
180     return 0;
181 }
182 
Note: See TracBrowser for help on using the repository browser.