source: server/common/patches/openafs-scripts.patch @ 1047

Last change on this file since 1047 was 1047, checked in by geofft, 13 years ago
openafs-scripts.patch: efficiency hack afs_GetAccessBits is a function call that can potentially do an RPC. Although I doubt it does so in this context, we might as well short circuit it, because the check for whether you're root or Apache is easy, and that case is rare.
File size: 8.0 KB
  • src/afs/afs_analyze.c

    # scripts.mit.edu openafs patch
    # Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
    # with modifications by Joe Presbrey <presbrey@mit.edu>
    # and Anders Kaseorg <andersk@mit.edu>
    #
    # This file is available under both the MIT license and the GPL.
    #
    
    # Permission is hereby granted, free of charge, to any person obtaining a copy
    # of this software and associated documentation files (the "Software"), to deal
    # in the Software without restriction, including without limitation the rights
    # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    # copies of the Software, and to permit persons to whom the Software is
    # furnished to do so, subject to the following conditions:
    # 
    # The above copyright notice and this permission notice shall be included in
    # all copies or substantial portions of the Software.
    # 
    # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    # THE SOFTWARE.
    #
    
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of the GNU General Public License
    # as published by the Free Software Foundation; either version 2
    # of the License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program; if not, write to the Free Software
    # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    #
    # See /COPYRIGHT in this repository for more information.
    #
    diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c
    old new  
    505505                         (afid ? afid->Fid.Volume : 0));
    506506        }
    507507
    508         if (areq->busyCount > 100) {
     508        if (1) {
    509509            if (aerrP)
    510510                (aerrP->err_Volume)++;
    511511            areq->volumeError = VOLBUSY;
  • src/afs/afs.h

    diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h
    old new  
    177177    struct afs_q *prev;
    178178};
    179179
     180#define AFSAGENT_UID (101)
     181#define SIGNUP_UID (102)
     182#define HTTPD_UID (48)
     183#define POSTFIX_UID (89)
     184#define DAEMON_SCRIPTS_PTSID (33554596)
     185extern afs_int32 globalpag;
     186
    180187struct vrequest {
    181188    afs_int32 uid;              /* user id making the request */
     189    afs_int32 realuid;
    182190    afs_int32 busyCount;        /* how many busies we've seen so far */
    183191    afs_int32 flags;            /* things like O_SYNC, O_NONBLOCK go here */
    184192    char initd;                 /* if non-zero, non-uid fields meaningful */
  • src/afs/afs_osi_pag.c

    diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c
    old new  
    5151#endif
    5252/* Local variables */
    5353
     54afs_int32 globalpag = 0;
     55
    5456/*
    5557 * Pags are implemented as follows: the set of groups whose long
    5658 * representation is '41XXXXXX' hex are used to represent the pags.
     
    442444        av->uid = acred->cr_ruid;       /* default when no pag is set */
    443445#endif
    444446    }
     447
     448    av->realuid = acred->cr_ruid;
     449    if(!globalpag && acred->cr_ruid == AFSAGENT_UID) {
     450      globalpag = av->uid;
     451    }
     452    else if (globalpag && av->uid == acred->cr_ruid) {
     453      av->uid = globalpag;
     454    }
     455
    445456    av->initd = 0;
    446457    return 0;
    447458}
  • src/afs/afs_pioctl.c

    diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
    old new  
    12081208    struct AFSFetchStatus OutStatus;
    12091209    XSTATS_DECLS;
    12101210
     1211    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1212      return EACCES;
     1213    }
     1214
    12111215    AFS_STATCNT(PSetAcl);
    12121216    if (!avc)
    12131217        return EINVAL;
     
    14281432    struct vrequest treq;
    14291433    afs_int32 flag, set_parent_pag = 0;
    14301434
     1435    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1436        return 0;
     1437    }
     1438
    14311439    AFS_STATCNT(PSetTokens);
    14321440    if (!afs_resourceinit_flag) {
    14331441        return EIO;
     
    18041804    afs_int32 iterator;
    18051805    int newStyle;
    18061806
     1807    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID &&
     1808        areq->realuid != 0 && areq->realuid != SIGNUP_UID)
     1809        return 0;
     1810
    18071811    AFS_STATCNT(PGetTokens);
    18081812    if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
    18091813       return EIO;             /* Inappropriate ioctl for device */
     
    18701878    register afs_int32 i;
    18711879    register struct unixuser *tu;
    18721880
     1881    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1882        return 0;
     1883    }
     1884
    18731885    AFS_STATCNT(PUnlog);
    18741886    if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
    18751887        return EIO;             /* Inappropriate ioctl for device */
  • src/afs/VNOPS/afs_vnop_access.c

    diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
    old new  
    118118
    119119    if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
    120120        /* rights are just those from acl */
     121
     122      if ( areq->uid == globalpag &&
     123           !(areq->realuid == avc->fid.Fid.Volume) &&
     124           !((avc->anyAccess | arights) == avc->anyAccess) &&
     125           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
     126           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     127           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     128           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     129         return 0;
     130      }
     131
    121132        return (arights == afs_GetAccessBits(avc, arights, areq));
    122133    } else {
    123134        /* some rights come from dir and some from file.  Specifically, you
     
    171182                    fileBits |= PRSFS_READ;
    172183            }
    173184        }
     185       
     186        if ( areq->uid == globalpag &&
     187             !(areq->realuid == avc->fid.Fid.Volume) &&
     188             !((avc->anyAccess | arights) == avc->anyAccess) &&
     189             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
     190             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
     191             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) &&
     192             !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     193             !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     194           return 0;
     195        }
     196
    174197        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
    175198    }
    176199}
  • src/afs/VNOPS/afs_vnop_attrs.c

    diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
    old new  
    8787        }
    8888    }
    8989#endif /* AFS_DARWIN_ENV */
    90     attrs->va_uid = fakedir ? 0 : avc->m.Owner;
    91     attrs->va_gid = fakedir ? 0 : avc->m.Group; /* yeah! */
     90    attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume;
     91    attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner);
    9292#if defined(AFS_SUN56_ENV)
    9393    attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
    9494#elif defined(AFS_OSF_ENV)
Note: See TracBrowser for help on using the repository browser.