source: trunk/server/common/patches/openafs-scripts.patch @ 1274

Last change on this file since 1274 was 1274, checked in by mitchb, 15 years ago
Upgrade OpenAFS to 1.4.11 o Two of our patches (postinit and pts-encrypt) have been upstreamed o Two deltas we applied (dprintf-rename-20090427 and linux26-defer-cred-changing-20090511) are now included in this version o The scripts patch has some context adjustments o Our spec file patch corrects an upstream bug which tries to install a compile_et manpage, which conflicts with e2fsprogs-devel
File size: 9.9 KB
  • src/afs/afs_analyze.c

    # scripts.mit.edu openafs patch
    # Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
    # with modifications by Joe Presbrey <presbrey@mit.edu>
    # and Anders Kaseorg <andersk@mit.edu>
    # and Edward Z. Yang <ezyang@mit.edu>
    #
    # This file is available under both the MIT license and the GPL.
    #
    
    # Permission is hereby granted, free of charge, to any person obtaining a copy
    # of this software and associated documentation files (the "Software"), to deal
    # in the Software without restriction, including without limitation the rights
    # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    # copies of the Software, and to permit persons to whom the Software is
    # furnished to do so, subject to the following conditions:
    # 
    # The above copyright notice and this permission notice shall be included in
    # all copies or substantial portions of the Software.
    # 
    # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    # THE SOFTWARE.
    #
    
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of the GNU General Public License
    # as published by the Free Software Foundation; either version 2
    # of the License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program; if not, write to the Free Software
    # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    #
    # See /COPYRIGHT in this repository for more information.
    #
    diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c
    old new  
    585585                         (afid ? afid->Fid.Volume : 0));
    586586        }
    587587
    588         if (areq->busyCount > 100) {
     588        if (1) {
    589589            if (aerrP)
    590590                (aerrP->err_Volume)++;
    591591            areq->volumeError = VOLBUSY;
  • src/afs/LINUX/osi_vnodeops.c

    diff -ur openafs-1.4/src/afs/LINUX/osi_vnodeops.c openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
    old new  
    896896        /* should we always update the attributes at this point? */
    897897        /* unlikely--the vcache entry hasn't changed */
    898898
     899        /* [scripts] This code makes hardlinks work correctly.
     900         *
     901         * We want Apache to be able to read a file with hardlinks
     902         * named .htaccess and foo to be able to read it via .htaccess
     903         * and not via foo, regardless of which name was looked up
     904         * (remember, inodes do not have filenames associated with them.)
     905         *
     906         * It is important that we modify the existing cache entry even
     907         * if it is otherwise totally valid and would not be reloaded.
     908         * Otherwise, it won't recover from repeatedly reading the same
     909         * inode via multiple hardlinks or different names.  Specifically,
     910         * Apache will be able to read both names if it was first looked
     911         * up (by anyone!) via .htaccess, and neither if it was first
     912         * looked up via foo.
     913         *
     914         * With regards to performance, the strncmp() is bounded by
     915         * three characters, so it takes O(3) operations.  If this code
     916         * is extended to all static-cat extensions, we'll want to do
     917         * some clever hashing using gperf here.
     918         */
     919        vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0;
     920
    899921    } else {
    900922#ifdef notyet
    901923        pvcp = VTOAFS(dp->d_parent->d_inode);           /* dget_parent()? */
  • src/afs/VNOPS/afs_vnop_lookup.c

    diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
    old new  
    15721572    }
    15731573
    15741574  done:
     1575    if (tvc) {
     1576        /* [scripts] check Apache's ability to read this file, so that
     1577         * we can figure this out on an access() call */
     1578        tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
     1579    }
     1580
    15751581    /* put the network buffer back, if need be */
    15761582    if (tname != aname && tname)
    15771583        osi_FreeLargeSpace(tname);
  • src/afs/afs.h

    diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h
    old new  
    208208#define QTOC(e)     QEntry(e, struct cell, lruq)
    209209#define QTOVH(e)    QEntry(e, struct vcache, vhashq)
    210210
     211#define AFSAGENT_UID (101)
     212#define SIGNUP_UID (102)
     213#define HTTPD_UID (48)
     214#define POSTFIX_UID (89)
     215#define DAEMON_SCRIPTS_PTSID (33554596)
     216extern afs_int32 globalpag;
     217
    211218struct vrequest {
    212219    afs_int32 uid;              /* user id making the request */
     220    afs_int32 realuid;
    213221    afs_int32 busyCount;        /* how many busies we've seen so far */
    214222    afs_int32 flags;            /* things like O_SYNC, O_NONBLOCK go here */
    215223    char initd;                 /* if non-zero, Error fields meaningful */
     
    743751#ifdef AFS_SUN5_ENV
    744752    short multiPage;            /* count of multi-page getpages in progress */
    745753#endif
     754    int apache_access;          /* whether or not Apache has access to a file */
    746755};
    747756
    748757#define DONT_CHECK_MODE_BITS    0
  • src/afs/afs_osi_pag.c

    diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c
    old new  
    5151#endif
    5252/* Local variables */
    5353
     54afs_int32 globalpag = 0;
     55
    5456/*
    5557 * Pags are implemented as follows: the set of groups whose long
    5658 * representation is '41XXXXXX' hex are used to represent the pags.
     
    458460        av->uid = acred->cr_ruid;       /* default when no pag is set */
    459461#endif
    460462    }
     463
     464    av->realuid = acred->cr_ruid;
     465    if(!globalpag && acred->cr_ruid == AFSAGENT_UID) {
     466      globalpag = av->uid;
     467    }
     468    else if (globalpag && av->uid == acred->cr_ruid) {
     469      av->uid = globalpag;
     470    }
     471
    461472    av->initd = 0;
    462473    return 0;
    463474}
  • src/afs/afs_pioctl.c

    diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
    old new  
    12211221    struct AFSFetchStatus OutStatus;
    12221222    XSTATS_DECLS;
    12231223
     1224    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1225      return EACCES;
     1226    }
     1227
    12241228    AFS_STATCNT(PSetAcl);
    12251229    if (!avc)
    12261230        return EINVAL;
     
    14411445    struct vrequest treq;
    14421446    afs_int32 flag, set_parent_pag = 0;
    14431447
     1448    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1449        return 0;
     1450    }
     1451
    14441452    AFS_STATCNT(PSetTokens);
    14451453    if (!afs_resourceinit_flag) {
    14461454        return EIO;
     
    18001808    afs_int32 iterator;
    18011809    int newStyle;
    18021810
     1811    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID &&
     1812        areq->realuid != 0 && areq->realuid != SIGNUP_UID)
     1813        return 0;
     1814
    18031815    AFS_STATCNT(PGetTokens);
    18041816    if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
    18051817        return EIO;             /* Inappropriate ioctl for device */
     
    18831895    register afs_int32 i;
    18841896    register struct unixuser *tu;
    18851897
     1898    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1899        return 0;
     1900    }
     1901
    18861902    AFS_STATCNT(PUnlog);
    18871903    if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
    18881904        return EIO;             /* Inappropriate ioctl for device */
  • src/afs/VNOPS/afs_vnop_access.c

    diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
    old new  
    118118
    119119    if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
    120120        /* rights are just those from acl */
     121
     122      if ( areq->uid == globalpag &&
     123           !(areq->realuid == avc->fid.Fid.Volume) &&
     124           !((avc->anyAccess | arights) == avc->anyAccess) &&
     125           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
     126           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     127           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     128           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     129         return 0;
     130      }
     131
    121132        return (arights == afs_GetAccessBits(avc, arights, areq));
    122133    } else {
    123134        /* some rights come from dir and some from file.  Specifically, you
     
    171182                    fileBits |= PRSFS_READ;
    172183            }
    173184        }
     185       
     186        if ( areq->uid == globalpag &&
     187             !(areq->realuid == avc->fid.Fid.Volume) &&
     188             !((avc->anyAccess | arights) == avc->anyAccess) &&
     189             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
     190             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
     191             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
     192                 (avc->m.Mode == 0100777 || avc->apache_access)) &&
     193             !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     194             !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     195           return 0;
     196        }
     197
    174198        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
    175199    }
    176200}
  • src/afs/VNOPS/afs_vnop_attrs.c

    diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
    old new  
    8787        }
    8888    }
    8989#endif /* AFS_DARWIN_ENV */
    90     attrs->va_uid = fakedir ? 0 : avc->m.Owner;
    91     attrs->va_gid = fakedir ? 0 : avc->m.Group; /* yeah! */
     90    attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume;
     91    attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner);
    9292#if defined(AFS_SUN56_ENV)
    9393    attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
    9494#elif defined(AFS_OSF_ENV)
Note: See TracBrowser for help on using the repository browser.