[1] | 1 | # scripts.mit.edu openafs patch |
---|
| 2 | # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> |
---|
| 3 | # |
---|
| 4 | # This program is free software; you can redistribute it and/or |
---|
| 5 | # modify it under the terms of the GNU General Public License |
---|
| 6 | # as published by the Free Software Foundation; either version 2 |
---|
| 7 | # of the License, or (at your option) any later version. |
---|
| 8 | # |
---|
| 9 | # This program is distributed in the hope that it will be useful, |
---|
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 12 | # GNU General Public License for more details. |
---|
| 13 | # |
---|
| 14 | # You should have received a copy of the GNU General Public License |
---|
| 15 | # along with this program; if not, write to the Free Software |
---|
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
---|
| 17 | # |
---|
| 18 | # See /COPYRIGHT in this repository for more information. |
---|
| 19 | # |
---|
| 20 | diff -ur openafs-1.4.1-rc10/src/afs/afs_analyze.c openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c |
---|
| 21 | --- openafs-1.4.1-rc10/src/afs/afs_analyze.c 2003-08-27 17:43:16.000000000 -0400 |
---|
| 22 | +++ openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c 2006-04-18 16:38:55.000000000 -0400 |
---|
| 23 | @@ -505,7 +505,7 @@ |
---|
| 24 | (afid ? afid->Fid.Volume : 0)); |
---|
| 25 | } |
---|
| 26 | |
---|
| 27 | - if (areq->busyCount > 100) { |
---|
| 28 | + if (1) { |
---|
| 29 | if (aerrP) |
---|
| 30 | (aerrP->err_Volume)++; |
---|
| 31 | areq->volumeError = VOLBUSY; |
---|
| 32 | diff -ur openafs-1.4.1-rc10/src/afs/afs.h openafs-1.4.1-rc10-scripts/src/afs/afs.h |
---|
| 33 | --- openafs-1.4.1-rc10/src/afs/afs.h 2006-02-17 16:58:33.000000000 -0500 |
---|
| 34 | +++ openafs-1.4.1-rc10-scripts/src/afs/afs.h 2006-04-18 16:38:55.000000000 -0400 |
---|
[83] | 35 | @@ -175,8 +175,13 @@ |
---|
[1] | 36 | struct afs_q *prev; |
---|
| 37 | }; |
---|
| 38 | |
---|
| 39 | +#define AFSAGENT_UID (101) |
---|
| 40 | +#define HTTPD_UID (48) |
---|
[83] | 41 | +#define POSTFIX_UID (89) |
---|
[1] | 42 | +#define DAEMON_SCRIPTS_PTSID (33554596) |
---|
| 43 | struct vrequest { |
---|
| 44 | afs_int32 uid; /* user id making the request */ |
---|
| 45 | + afs_int32 realuid; |
---|
| 46 | afs_int32 busyCount; /* how many busies we've seen so far */ |
---|
| 47 | afs_int32 flags; /* things like O_SYNC, O_NONBLOCK go here */ |
---|
| 48 | char initd; /* if non-zero, non-uid fields meaningful */ |
---|
| 49 | diff -ur openafs-1.4.1-rc10/src/afs/afs_osi_pag.c openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c |
---|
| 50 | --- openafs-1.4.1-rc10/src/afs/afs_osi_pag.c 2005-10-05 01:58:27.000000000 -0400 |
---|
| 51 | +++ openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c 2006-04-18 16:38:55.000000000 -0400 |
---|
| 52 | @@ -46,6 +46,8 @@ |
---|
| 53 | |
---|
| 54 | /* Local variables */ |
---|
| 55 | |
---|
[55] | 56 | +afs_int32 globalpag = 0; |
---|
[1] | 57 | + |
---|
| 58 | /* |
---|
| 59 | * Pags are implemented as follows: the set of groups whose long |
---|
| 60 | * representation is '41XXXXXX' hex are used to represent the pags. |
---|
[83] | 61 | @@ -77,9 +77,9 @@ |
---|
| 62 | AFS_STATCNT(genpag); |
---|
| 63 | #ifdef AFS_LINUX20_ENV |
---|
| 64 | /* Ensure unique PAG's (mod 200 days) when reloading the client. */ |
---|
| 65 | - return (('A' << 24) + ((pag_epoch + pagCounter++) & 0xffffff)); |
---|
| 66 | + return (('A' << 24) + ((pag_epoch + pagCounter) & 0xffffff)); |
---|
| 67 | #else /* AFS_LINUX20_ENV */ |
---|
| 68 | - return (('A' << 24) + (pagCounter++ & 0xffffff)); |
---|
| 69 | + return (('A' << 24) + (pagCounter & 0xffffff)); |
---|
| 70 | #endif /* AFS_LINUX20_ENV */ |
---|
| 71 | } |
---|
| 72 | |
---|
| 73 | @@ -105,9 +105,9 @@ |
---|
| 74 | { |
---|
| 75 | AFS_STATCNT(genpag); |
---|
| 76 | #ifdef AFS_LINUX20_ENV |
---|
| 77 | - return (pag_epoch + pagCounter++); |
---|
| 78 | + return (pag_epoch + pagCounter); |
---|
| 79 | #else |
---|
| 80 | - return (pagCounter++); |
---|
| 81 | + return (pagCounter); |
---|
| 82 | #endif /* AFS_LINUX20_ENV */ |
---|
| 83 | } |
---|
| 84 | |
---|
[1] | 85 | @@ -426,6 +430,15 @@ |
---|
| 86 | av->uid = acred->cr_ruid; /* default when no pag is set */ |
---|
| 87 | #endif |
---|
| 88 | } |
---|
| 89 | + |
---|
| 90 | + av->realuid = acred->cr_ruid; |
---|
[55] | 91 | + if(!globalpag && acred->cr_ruid == AFSAGENT_UID) { |
---|
[1] | 92 | + globalpag = av->uid; |
---|
| 93 | + } |
---|
| 94 | + else { |
---|
| 95 | + av->uid = globalpag; |
---|
| 96 | + } |
---|
| 97 | + |
---|
| 98 | av->initd = 0; |
---|
| 99 | return 0; |
---|
| 100 | } |
---|
| 101 | diff -ur openafs-1.4.1-rc10/src/afs/afs_pioctl.c openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c |
---|
| 102 | --- openafs-1.4.1-rc10/src/afs/afs_pioctl.c 2006-03-02 01:44:05.000000000 -0500 |
---|
| 103 | +++ openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c 2006-04-18 16:38:55.000000000 -0400 |
---|
| 104 | @@ -1202,6 +1202,10 @@ |
---|
| 105 | struct AFSFetchStatus OutStatus; |
---|
| 106 | XSTATS_DECLS; |
---|
| 107 | |
---|
| 108 | + if(areq->realuid != AFSAGENT_UID) { |
---|
| 109 | + return EACCES; |
---|
| 110 | + } |
---|
| 111 | + |
---|
| 112 | AFS_STATCNT(PSetAcl); |
---|
| 113 | if (!avc) |
---|
| 114 | return EINVAL; |
---|
| 115 | @@ -1422,6 +1428,10 @@ |
---|
| 116 | struct vrequest treq; |
---|
| 117 | afs_int32 flag, set_parent_pag = 0; |
---|
| 118 | |
---|
| 119 | + if(areq->realuid != AFSAGENT_UID) { |
---|
| 120 | + return 0; |
---|
| 121 | + } |
---|
| 122 | + |
---|
| 123 | AFS_STATCNT(PSetTokens); |
---|
| 124 | if (!afs_resourceinit_flag) { |
---|
| 125 | return EIO; |
---|
| 126 | @@ -1864,6 +1876,10 @@ |
---|
| 127 | register afs_int32 i; |
---|
| 128 | register struct unixuser *tu; |
---|
| 129 | |
---|
| 130 | + if(areq->realuid != AFSAGENT_UID) { |
---|
| 131 | + return 0; |
---|
| 132 | + } |
---|
| 133 | + |
---|
| 134 | AFS_STATCNT(PUnlog); |
---|
| 135 | if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ |
---|
| 136 | return EIO; /* Inappropriate ioctl for device */ |
---|
| 137 | diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c |
---|
| 138 | --- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c 2004-08-25 03:09:35.000000000 -0400 |
---|
| 139 | +++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c 2006-04-18 16:38:55.000000000 -0400 |
---|
| 140 | @@ -118,6 +118,14 @@ |
---|
| 141 | |
---|
| 142 | if ((vType(avc) == VDIR) || (avc->states & CForeign)) { |
---|
| 143 | /* rights are just those from acl */ |
---|
| 144 | + |
---|
| 145 | + if ( !(areq->realuid == avc->fid.Fid.Volume) && |
---|
| 146 | + !((avc->anyAccess | arights) == avc->anyAccess) && |
---|
| 147 | + !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) && |
---|
[83] | 148 | + !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) ) { |
---|
[1] | 149 | + return 0; |
---|
| 150 | + } |
---|
| 151 | + |
---|
| 152 | return (arights == afs_GetAccessBits(avc, arights, areq)); |
---|
| 153 | } else { |
---|
| 154 | /* some rights come from dir and some from file. Specifically, you |
---|
| 155 | @@ -171,6 +182,15 @@ |
---|
| 156 | fileBits |= PRSFS_READ; |
---|
| 157 | } |
---|
| 158 | } |
---|
| 159 | + |
---|
| 160 | + if ( !(areq->realuid == avc->fid.Fid.Volume) && |
---|
| 161 | + !((avc->anyAccess | arights) == avc->anyAccess) && |
---|
| 162 | + !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) && |
---|
[83] | 163 | + !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) && |
---|
[1] | 164 | + !(arights == PRSFS_READ && avc->m.Mode == 33279)) { |
---|
| 165 | + return 0; |
---|
| 166 | + } |
---|
| 167 | + |
---|
| 168 | return ((fileBits & arights) == arights); /* true if all rights bits are on */ |
---|
| 169 | } |
---|
| 170 | } |
---|
| 171 | @@ -192,6 +218,7 @@ |
---|
| 172 | OSI_VC_CONVERT(avc); |
---|
| 173 | |
---|
| 174 | AFS_STATCNT(afs_access); |
---|
[11] | 175 | + amode = amode & ~VEXEC; |
---|
[1] | 176 | afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc, |
---|
| 177 | ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET, |
---|
| 178 | ICL_HANDLE_OFFSET(avc->m.Length)); |
---|
| 179 | diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c |
---|
| 180 | --- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c 2005-10-23 02:31:23.000000000 -0400 |
---|
| 181 | +++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c 2006-04-18 16:41:32.000000000 -0400 |
---|
| 182 | @@ -87,8 +87,8 @@ |
---|
| 183 | } |
---|
| 184 | } |
---|
| 185 | #endif /* AFS_DARWIN_ENV */ |
---|
| 186 | - attrs->va_uid = fakedir ? 0 : avc->m.Owner; |
---|
| 187 | - attrs->va_gid = fakedir ? 0 : avc->m.Group; /* yeah! */ |
---|
| 188 | + attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume; |
---|
| 189 | + attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner); |
---|
| 190 | #if defined(AFS_SUN56_ENV) |
---|
| 191 | attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0]; |
---|
| 192 | #elif defined(AFS_OSF_ENV) |
---|
| 193 | @@ -172,6 +179,7 @@ |
---|
| 194 | #else /* everything else */ |
---|
| 195 | attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0); |
---|
| 196 | #endif |
---|
| 197 | + attrs->va_mode |= 0100; |
---|
| 198 | return 0; |
---|
| 199 | } |
---|
| 200 | |
---|