source: server/common/patches/openafs-scripts.patch @ 622

Last change on this file since 622 was 622, checked in by jbarnold, 16 years ago
release openafs patch under MIT license
File size: 8.0 KB
RevLine 
[1]1# scripts.mit.edu openafs patch
2# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
[259]3# with modifications by Joe Presbrey <presbrey@mit.edu>
[1]4#
[622]5# This file is available under both the MIT license and the GPL.
6#
7
8# Permission is hereby granted, free of charge, to any person obtaining a copy
9# of this software and associated documentation files (the "Software"), to deal
10# in the Software without restriction, including without limitation the rights
11# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12# copies of the Software, and to permit persons to whom the Software is
13# furnished to do so, subject to the following conditions:
14#
15# The above copyright notice and this permission notice shall be included in
16# all copies or substantial portions of the Software.
17#
18# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24# THE SOFTWARE.
25#
26
[1]27# This program is free software; you can redistribute it and/or
28# modify it under the terms of the GNU General Public License
29# as published by the Free Software Foundation; either version 2
30# of the License, or (at your option) any later version.
31#
32# This program is distributed in the hope that it will be useful,
33# but WITHOUT ANY WARRANTY; without even the implied warranty of
34# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
35# GNU General Public License for more details.
36#
37# You should have received a copy of the GNU General Public License
38# along with this program; if not, write to the Free Software
39# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
40#
41# See /COPYRIGHT in this repository for more information.
42#
43diff -ur openafs-1.4.1-rc10/src/afs/afs_analyze.c openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c
44--- openafs-1.4.1-rc10/src/afs/afs_analyze.c    2003-08-27 17:43:16.000000000 -0400
45+++ openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c    2006-04-18 16:38:55.000000000 -0400
46@@ -505,7 +505,7 @@
47                         (afid ? afid->Fid.Volume : 0));
48        }
49 
50-       if (areq->busyCount > 100) {
51+       if (1) {
52            if (aerrP)
53                (aerrP->err_Volume)++;
54            areq->volumeError = VOLBUSY;
55diff -ur openafs-1.4.1-rc10/src/afs/afs.h openafs-1.4.1-rc10-scripts/src/afs/afs.h
56--- openafs-1.4.1-rc10/src/afs/afs.h    2006-02-17 16:58:33.000000000 -0500
57+++ openafs-1.4.1-rc10-scripts/src/afs/afs.h    2006-04-18 16:38:55.000000000 -0400
[258]58@@ -175,8 +175,14 @@
[1]59    struct afs_q *prev;
60 };
61
62+#define AFSAGENT_UID (101)
[258]63+#define SIGNUP_UID (102)
[1]64+#define HTTPD_UID (48)
[83]65+#define POSTFIX_UID (89)
[1]66+#define DAEMON_SCRIPTS_PTSID (33554596)
67 struct vrequest {
68     afs_int32 uid;             /* user id making the request */
69+    afs_int32 realuid;
70     afs_int32 busyCount;       /* how many busies we've seen so far */
71     afs_int32 flags;           /* things like O_SYNC, O_NONBLOCK go here */
72     char initd;                        /* if non-zero, non-uid fields meaningful */
73diff -ur openafs-1.4.1-rc10/src/afs/afs_osi_pag.c openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c
74--- openafs-1.4.1-rc10/src/afs/afs_osi_pag.c    2005-10-05 01:58:27.000000000 -0400
75+++ openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c    2006-04-18 16:38:55.000000000 -0400
76@@ -46,6 +46,8 @@
77 
78 /* Local variables */
79 
[55]80+afs_int32 globalpag = 0;
[1]81+
82 /*
83  * Pags are implemented as follows: the set of groups whose long
84  * representation is '41XXXXXX' hex are used to represent the pags.
85@@ -426,6 +430,15 @@
86        av->uid = acred->cr_ruid;       /* default when no pag is set */
87 #endif
88     }
89+
90+    av->realuid = acred->cr_ruid;
[55]91+    if(!globalpag && acred->cr_ruid == AFSAGENT_UID) {
[1]92+      globalpag = av->uid;
93+    }
94+    else {
95+      av->uid = globalpag;
96+    }
97+
98     av->initd = 0;
99     return 0;
100 }
101diff -ur openafs-1.4.1-rc10/src/afs/afs_pioctl.c openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c
102--- openafs-1.4.1-rc10/src/afs/afs_pioctl.c     2006-03-02 01:44:05.000000000 -0500
103+++ openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c     2006-04-18 16:38:55.000000000 -0400
104@@ -1202,6 +1202,10 @@
105     struct AFSFetchStatus OutStatus;
106     XSTATS_DECLS;
107 
108+    if(areq->realuid != AFSAGENT_UID) {
109+      return EACCES;
110+    }
111+
112     AFS_STATCNT(PSetAcl);
113     if (!avc)
114        return EINVAL;
115@@ -1422,6 +1428,10 @@
116     struct vrequest treq;
117     afs_int32 flag, set_parent_pag = 0;
118 
119+    if(areq->realuid != AFSAGENT_UID) {
120+      return 0;
121+    }
122+
123     AFS_STATCNT(PSetTokens);
124     if (!afs_resourceinit_flag) {
125        return EIO;
126@@ -1864,6 +1876,10 @@
127     register afs_int32 i;
128     register struct unixuser *tu;
129 
130+    if(areq->realuid != AFSAGENT_UID) {
131+      return 0;
132+    }
133+
134     AFS_STATCNT(PUnlog);
135     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
136        return EIO;             /* Inappropriate ioctl for device */
137diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c
138--- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c  2004-08-25 03:09:35.000000000 -0400
139+++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c  2006-04-18 16:38:55.000000000 -0400
[258]140@@ -118,6 +118,16 @@
[1]141 
142     if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
143        /* rights are just those from acl */
144+
145+      if ( !(areq->realuid == avc->fid.Fid.Volume) &&
146+           !((avc->anyAccess | arights) == avc->anyAccess) &&
147+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
[258]148+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
149+           !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
150+           !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
[1]151+         return 0;
152+      }
153+
154        return (arights == afs_GetAccessBits(avc, arights, areq));
155     } else {
156        /* some rights come from dir and some from file.  Specifically, you
[259]157@@ -171,6 +182,17 @@
[1]158                    fileBits |= PRSFS_READ;
159            }
160        }
161+       
162+        if ( !(areq->realuid == avc->fid.Fid.Volume) &&
163+             !((avc->anyAccess | arights) == avc->anyAccess) &&
164+             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
[83]165+             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
[258]166+             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) &&
167+             !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
168+             !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
[1]169+           return 0;
170+        }
171+
172        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
173     }
174 }
[259]175@@ -192,6 +218,7 @@
[1]176     OSI_VC_CONVERT(avc);
177 
178     AFS_STATCNT(afs_access);
[11]179+    amode = amode & ~VEXEC;
[1]180     afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc,
181               ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET,
182               ICL_HANDLE_OFFSET(avc->m.Length));
183diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c
184--- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c   2005-10-23 02:31:23.000000000 -0400
185+++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c   2006-04-18 16:41:32.000000000 -0400
186@@ -87,8 +87,8 @@
187        }
188     }
189 #endif /* AFS_DARWIN_ENV */
190-    attrs->va_uid = fakedir ? 0 : avc->m.Owner;
191-    attrs->va_gid = fakedir ? 0 : avc->m.Group;        /* yeah! */
192+    attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume;
193+    attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner);
194 #if defined(AFS_SUN56_ENV)
195     attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
196 #elif defined(AFS_OSF_ENV)
197@@ -172,6 +179,7 @@
198 #else /* everything else */
199     attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0);
200 #endif
201+    attrs->va_mode |= 0100;
202     return 0;
203 }
204 
Note: See TracBrowser for help on using the repository browser.