# scripts.mit.edu openafs patch # Copyright (C) 2006 Jeff Arnold # with modifications by Joe Presbrey # and Anders Kaseorg # and Edward Z. Yang # and Benjamin Kaduk # and Alexander Chernyakhovsky # # This file is available under both the MIT license and the GPL. # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # # See /COPYRIGHT in this repository for more information. # diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c index 7c7705e..0d0e94f 100644 --- a/src/afs/LINUX/osi_vnodeops.c +++ b/src/afs/LINUX/osi_vnodeops.c @@ -904,6 +904,28 @@ afs_linux_dentry_revalidate(struct dentry *dp, int flags) /* should we always update the attributes at this point? */ /* unlikely--the vcache entry hasn't changed */ + /* [scripts] This code makes hardlinks work correctly. + * + * We want Apache to be able to read a file with hardlinks + * named .htaccess and foo to be able to read it via .htaccess + * and not via foo, regardless of which name was looked up + * (remember, inodes do not have filenames associated with them.) + * + * It is important that we modify the existing cache entry even + * if it is otherwise totally valid and would not be reloaded. + * Otherwise, it won't recover from repeatedly reading the same + * inode via multiple hardlinks or different names. Specifically, + * Apache will be able to read both names if it was first looked + * up (by anyone!) via .htaccess, and neither if it was first + * looked up via foo. + * + * With regards to performance, the strncmp() is bounded by + * three characters, so it takes O(3) operations. If this code + * is extended to all static-cat extensions, we'll want to do + * some clever hashing using gperf here. + */ + vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0; + dput(parent); } else { #ifdef notyet diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c index eabcfeb..6390850 100644 --- a/src/afs/VNOPS/afs_vnop_access.c +++ b/src/afs/VNOPS/afs_vnop_access.c @@ -130,6 +130,15 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq, dirBits = PRSFS_LOOKUP | PRSFS_READ; return (arights == (dirBits & arights)); } + if ( areq->uid == globalpag && + !(areq->realuid == avc->f.fid.Fid.Volume) && + !((avc->f.anyAccess | arights) == avc->f.anyAccess) && + !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) && + !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) && + !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) && + !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) { + return 0; + } return (arights == afs_GetAccessBits(avc, arights, areq)); } else { /* some rights come from dir and some from file. Specifically, you @@ -183,6 +192,19 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq, fileBits |= PRSFS_READ; } } + + if ( areq->uid == globalpag && + !(areq->realuid == avc->f.fid.Fid.Volume) && + !((avc->f.anyAccess | arights) == avc->f.anyAccess) && + !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) && + !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) && + !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && + (avc->f.m.Mode == 0100777 || avc->apache_access)) && + !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) && + !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) { + return 0; + } + return ((fileBits & arights) == arights); /* true if all rights bits are on */ } } diff --git a/src/afs/VNOPS/afs_vnop_attrs.c b/src/afs/VNOPS/afs_vnop_attrs.c index b3931e5..71ef05c 100644 --- a/src/afs/VNOPS/afs_vnop_attrs.c +++ b/src/afs/VNOPS/afs_vnop_attrs.c @@ -88,8 +88,8 @@ afs_CopyOutAttrs(struct vcache *avc, struct vattr *attrs) } } #endif /* AFS_DARWIN_ENV */ - attrs->va_uid = fakedir ? 0 : avc->f.m.Owner; - attrs->va_gid = fakedir ? 0 : avc->f.m.Group; /* yeah! */ + attrs->va_uid = fakedir ? 0 : avc->f.fid.Fid.Volume; + attrs->va_gid = (avc->f.m.Owner == DAEMON_SCRIPTS_PTSID ? avc->f.m.Group : avc->f.m.Owner); #if defined(AFS_SUN56_ENV) attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0]; #elif defined(AFS_DARWIN80_ENV) diff --git a/src/afs/VNOPS/afs_vnop_lookup.c b/src/afs/VNOPS/afs_vnop_lookup.c index 8e7af1c..7e984e9 100644 --- a/src/afs/VNOPS/afs_vnop_lookup.c +++ b/src/afs/VNOPS/afs_vnop_lookup.c @@ -1877,6 +1877,12 @@ afs_lookup(OSI_VC_DECL(adp), char *aname, struct vcache **avcp, afs_ucred_t *acr } done: + if (tvc) { + /* [scripts] check Apache's ability to read this file, so that + * we can figure this out on an access() call */ + tvc->apache_access = strncmp(aname, ".ht", 3) == 0; + } + /* put the network buffer back, if need be */ if (tname != aname && tname) osi_FreeLargeSpace(tname); diff --git a/src/afs/afs.h b/src/afs/afs.h index fcc4c70..0d53af6 100644 --- a/src/afs/afs.h +++ b/src/afs/afs.h @@ -233,8 +233,16 @@ struct afs_slotlist { struct afs_slotlist *next; }; +#define AFSAGENT_UID (101) +#define SIGNUP_UID (102) +#define HTTPD_UID (48) +#define POSTFIX_UID (89) +#define DAEMON_SCRIPTS_PTSID (33554596) +extern afs_int32 globalpag; + struct vrequest { afs_int32 uid; /* user id making the request */ + afs_int32 realuid; afs_int32 busyCount; /* how many busies we've seen so far */ afs_int32 flags; /* things like O_SYNC, O_NONBLOCK go here */ char initd; /* if non-zero, Error fields meaningful */ @@ -887,6 +895,7 @@ struct vcache { #ifdef AFS_SUN5_ENV struct afs_q multiPage; /* list of multiPage_range structs */ #endif + int apache_access; /* whether or not Apache has access to a file */ }; #define DONT_CHECK_MODE_BITS 0 diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c index 1834e6d..673a8e6 100644 --- a/src/afs/afs_analyze.c +++ b/src/afs/afs_analyze.c @@ -368,7 +368,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode, (afid ? afid->Fid.Volume : 0)); } - if (areq->busyCount > 100) { + if (1) { if (aerrP) (aerrP->err_Volume)++; areq->volumeError = VOLBUSY; diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c index c888605..ff5cf2d 100644 --- a/src/afs/afs_osi_pag.c +++ b/src/afs/afs_osi_pag.c @@ -49,6 +49,8 @@ afs_uint32 pagCounter = 0; #endif /* Local variables */ +afs_int32 globalpag = 0; + /* * Pags are implemented as follows: the set of groups whose long * representation is '41XXXXXX' hex are used to represent the pags. @@ -484,6 +486,15 @@ afs_InitReq(struct vrequest *av, afs_ucred_t *acred) av->uid = afs_cr_uid(acred); /* default when no pag is set */ #endif } + + av->realuid = afs_cr_uid(acred); + if(!globalpag && av->realuid == AFSAGENT_UID) { + globalpag = av->uid; + } + else if (globalpag && av->uid == av->realuid) { + av->uid = globalpag; + } + return 0; } diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c index f282510..00f1360 100644 --- a/src/afs/afs_pioctl.c +++ b/src/afs/afs_pioctl.c @@ -1406,6 +1406,10 @@ DECL_PIOCTL(PSetAcl) struct rx_connection *rxconn; XSTATS_DECLS; + if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) { + return EACCES; + } + AFS_STATCNT(PSetAcl); if (!avc) return EINVAL; @@ -1790,6 +1794,10 @@ DECL_PIOCTL(PSetTokens) struct vrequest treq; afs_int32 flag, set_parent_pag = 0; + if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) { + return EACCES; + } + AFS_STATCNT(PSetTokens); if (!afs_resourceinit_flag) { return EIO; @@ -2231,6 +2239,11 @@ DECL_PIOCTL(PGetTokens) int newStyle; int code = E2BIG; + if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID && + areq->realuid != 0 && areq->realuid != SIGNUP_UID) { + return EDOM; + } + AFS_STATCNT(PGetTokens); if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ return EIO; /* Inappropriate ioctl for device */ @@ -2341,6 +2354,10 @@ DECL_PIOCTL(PUnlog) afs_int32 i; struct unixuser *tu; + if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) { + return EACCES; + } + AFS_STATCNT(PUnlog); if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ return EIO; /* Inappropriate ioctl for device */