source:
trunk/server/common/patches/openafs-scripts.patch
@
2625
Last change on this file since 2625 was 2591, checked in by achernya, 10 years ago | |
---|---|
File size: 10.2 KB |
-
src/afs/LINUX/osi_vnodeops.c
# scripts.mit.edu openafs patch # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> # with modifications by Joe Presbrey <presbrey@mit.edu> # and Anders Kaseorg <andersk@mit.edu> # and Edward Z. Yang <ezyang@mit.edu> # and Benjamin Kaduk <kaduk@mit.edu> # and Alexander Chernyakhovsky <achernya@mit.edu> # # This file is available under both the MIT license and the GPL. # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # # See /COPYRIGHT in this repository for more information. # diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c index 03caf1c..699b2ce 100644
a b afs_linux_dentry_revalidate(struct dentry *dp, int flags) 1207 1207 /* should we always update the attributes at this point? */ 1208 1208 /* unlikely--the vcache entry hasn't changed */ 1209 1209 1210 /* [scripts] This code makes hardlinks work correctly. 1211 * 1212 * We want Apache to be able to read a file with hardlinks 1213 * named .htaccess and foo to be able to read it via .htaccess 1214 * and not via foo, regardless of which name was looked up 1215 * (remember, inodes do not have filenames associated with them.) 1216 * 1217 * It is important that we modify the existing cache entry even 1218 * if it is otherwise totally valid and would not be reloaded. 1219 * Otherwise, it won't recover from repeatedly reading the same 1220 * inode via multiple hardlinks or different names. Specifically, 1221 * Apache will be able to read both names if it was first looked 1222 * up (by anyone!) via .htaccess, and neither if it was first 1223 * looked up via foo. 1224 * 1225 * With regards to performance, the strncmp() is bounded by 1226 * three characters, so it takes O(3) operations. If this code 1227 * is extended to all static-cat extensions, we'll want to do 1228 * some clever hashing using gperf here. 1229 */ 1230 vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0; 1231 1210 1232 dput(parent); 1211 1233 } else { 1212 1234 #ifdef notyet -
src/afs/VNOPS/afs_vnop_access.c
diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c index feb0ca7..ba818c7 100644
a b afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq, 130 130 dirBits = PRSFS_LOOKUP | PRSFS_READ; 131 131 return (arights == (dirBits & arights)); 132 132 } 133 if ( areq->uid == globalpag && 134 !(areq->realuid == avc->f.fid.Fid.Volume) && 135 !((avc->f.anyAccess | arights) == avc->f.anyAccess) && 136 !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) && 137 !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) && 138 !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) && 139 !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) { 140 return 0; 141 } 133 142 return (arights == afs_GetAccessBits(avc, arights, areq)); 134 143 } else { 135 144 /* some rights come from dir and some from file. Specifically, you … … afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq, 183 192 fileBits |= PRSFS_READ; 184 193 } 185 194 } 195 196 if ( areq->uid == globalpag && 197 !(areq->realuid == avc->f.fid.Fid.Volume) && 198 !((avc->f.anyAccess | arights) == avc->f.anyAccess) && 199 !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) && 200 !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) && 201 !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && 202 (avc->f.m.Mode == 0100777 || avc->apache_access)) && 203 !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) && 204 !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) { 205 return 0; 206 } 207 186 208 return ((fileBits & arights) == arights); /* true if all rights bits are on */ 187 209 } 188 210 } -
src/afs/VNOPS/afs_vnop_attrs.c
diff --git a/src/afs/VNOPS/afs_vnop_attrs.c b/src/afs/VNOPS/afs_vnop_attrs.c index d01aff2..0a38c1c 100644
a b afs_CopyOutAttrs(struct vcache *avc, struct vattr *attrs) 88 88 } 89 89 } 90 90 #endif /* AFS_DARWIN_ENV */ 91 attrs->va_uid = fakedir ? 0 : avc->f. m.Owner;92 attrs->va_gid = fakedir ? 0 : avc->f.m.Group; /* yeah! */91 attrs->va_uid = fakedir ? 0 : avc->f.fid.Fid.Volume; 92 attrs->va_gid = (avc->f.m.Owner == DAEMON_SCRIPTS_PTSID ? avc->f.m.Group : avc->f.m.Owner); 93 93 #if defined(AFS_SUN56_ENV) 94 94 attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0]; 95 95 #elif defined(AFS_DARWIN80_ENV) -
src/afs/VNOPS/afs_vnop_lookup.c
diff --git a/src/afs/VNOPS/afs_vnop_lookup.c b/src/afs/VNOPS/afs_vnop_lookup.c index 5d96f75..7957eee 100644
a b afs_lookup(OSI_VC_DECL(adp), char *aname, struct vcache **avcp, afs_ucred_t *acr 1915 1915 } 1916 1916 1917 1917 done: 1918 if (tvc) { 1919 /* [scripts] check Apache's ability to read this file, so that 1920 * we can figure this out on an access() call */ 1921 tvc->apache_access = strncmp(aname, ".ht", 3) == 0; 1922 } 1923 1918 1924 /* put the network buffer back, if need be */ 1919 1925 if (tname != aname && tname) 1920 1926 osi_FreeLargeSpace(tname); -
src/afs/afs.h
diff --git a/src/afs/afs.h b/src/afs/afs.h index 88d5f77..61d3ee9 100644
a b struct afs_slotlist { 233 233 struct afs_slotlist *next; 234 234 }; 235 235 236 #define AFSAGENT_UID (101) 237 #define SIGNUP_UID (102) 238 #define HTTPD_UID (48) 239 #define POSTFIX_UID (89) 240 #define DAEMON_SCRIPTS_PTSID (33554596) 241 extern afs_int32 globalpag; 242 236 243 struct vrequest { 237 244 afs_int32 uid; /* user id making the request */ 245 afs_int32 realuid; 238 246 afs_int32 busyCount; /* how many busies we've seen so far */ 239 247 afs_int32 flags; /* things like O_SYNC, O_NONBLOCK go here */ 240 248 char initd; /* if non-zero, Error fields meaningful */ … … struct vcache { 896 904 struct afs_q multiPage; /* list of multiPage_range structs */ 897 905 #endif 898 906 afs_uint32 lastBRLWarnTime; /* last time we warned about byte-range locks */ 907 int apache_access; /* whether or not Apache has access to a file */ 899 908 }; 900 909 901 910 #define DONT_CHECK_MODE_BITS 0 -
src/afs/afs_analyze.c
diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c index 2ecd38e..95aafcd 100644
a b afs_Analyze(struct afs_conn *aconn, struct rx_connection *rxconn, 478 478 (afid ? afid->Fid.Volume : 0)); 479 479 } 480 480 481 if ( areq->busyCount > 100) {481 if (1) { 482 482 if (aerrP) 483 483 (aerrP->err_Volume)++; 484 484 areq->volumeError = VOLBUSY; -
src/afs/afs_osi_pag.c
diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c index efce229..c1c1871 100644
a b afs_uint32 pagCounter = 0; 49 49 #endif 50 50 /* Local variables */ 51 51 52 afs_int32 globalpag = 0; 53 52 54 /* 53 55 * Pags are implemented as follows: the set of groups whose long 54 56 * representation is '41XXXXXX' hex are used to represent the pags. … … afs_InitReq(struct vrequest *av, afs_ucred_t *acred) 484 486 av->uid = afs_cr_ruid(acred); /* default when no pag is set */ 485 487 #endif 486 488 } 489 490 av->realuid = afs_cr_uid(acred); 491 if(!globalpag && av->realuid == AFSAGENT_UID) { 492 globalpag = av->uid; 493 } 494 else if (globalpag && av->uid == av->realuid) { 495 av->uid = globalpag; 496 } 497 487 498 return 0; 488 499 } 489 500 -
src/afs/afs_pioctl.c
diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c index e0a744d..c1c8c8c 100644
a b DECL_PIOCTL(PSetAcl) 1420 1420 struct rx_connection *rxconn; 1421 1421 XSTATS_DECLS; 1422 1422 1423 if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) { 1424 return EACCES; 1425 } 1426 1423 1427 AFS_STATCNT(PSetAcl); 1424 1428 if (!avc) 1425 1429 return EINVAL; … … DECL_PIOCTL(PSetTokens) 1806 1810 struct vrequest treq; 1807 1811 afs_int32 flag, set_parent_pag = 0; 1808 1812 1813 if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) { 1814 return EACCES; 1815 } 1816 1809 1817 AFS_STATCNT(PSetTokens); 1810 1818 if (!afs_resourceinit_flag) { 1811 1819 return EIO; … … DECL_PIOCTL(PGetTokens) 2266 2274 int newStyle; 2267 2275 int code = E2BIG; 2268 2276 2277 if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID && 2278 areq->realuid != 0 && areq->realuid != SIGNUP_UID) { 2279 return EDOM; 2280 } 2281 2269 2282 AFS_STATCNT(PGetTokens); 2270 2283 if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ 2271 2284 return EIO; /* Inappropriate ioctl for device */ … … DECL_PIOCTL(PUnlog) 2376 2389 afs_int32 i; 2377 2390 struct unixuser *tu; 2378 2391 2392 if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) { 2393 return EACCES; 2394 } 2395 2379 2396 AFS_STATCNT(PUnlog); 2380 2397 if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ 2381 2398 return EIO; /* Inappropriate ioctl for device */
Note: See TracBrowser
for help on using the repository browser.