source: trunk/server/common/patches/openafs-scripts.patch @ 2639

Last change on this file since 2639 was 2591, checked in by achernya, 8 years ago
Reintegrate fc20-dev into trunk
File size: 10.2 KB
  • src/afs/LINUX/osi_vnodeops.c

    # scripts.mit.edu openafs patch
    # Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
    # with modifications by Joe Presbrey <presbrey@mit.edu>
    # and Anders Kaseorg <andersk@mit.edu>
    # and Edward Z. Yang <ezyang@mit.edu>
    # and Benjamin Kaduk <kaduk@mit.edu>
    # and Alexander Chernyakhovsky <achernya@mit.edu>
    #
    # This file is available under both the MIT license and the GPL.
    #
    
    # Permission is hereby granted, free of charge, to any person obtaining a copy
    # of this software and associated documentation files (the "Software"), to deal
    # in the Software without restriction, including without limitation the rights
    # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    # copies of the Software, and to permit persons to whom the Software is
    # furnished to do so, subject to the following conditions:
    # 
    # The above copyright notice and this permission notice shall be included in
    # all copies or substantial portions of the Software.
    # 
    # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    # THE SOFTWARE.
    #
    
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of the GNU General Public License
    # as published by the Free Software Foundation; either version 2
    # of the License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program; if not, write to the Free Software
    # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    #
    # See /COPYRIGHT in this repository for more information.
    #
    diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c
    index 03caf1c..699b2ce 100644
    a b afs_linux_dentry_revalidate(struct dentry *dp, int flags) 
    12071207        /* should we always update the attributes at this point? */
    12081208        /* unlikely--the vcache entry hasn't changed */
    12091209
     1210        /* [scripts] This code makes hardlinks work correctly.
     1211        *
     1212        * We want Apache to be able to read a file with hardlinks
     1213        * named .htaccess and foo to be able to read it via .htaccess
     1214        * and not via foo, regardless of which name was looked up
     1215        * (remember, inodes do not have filenames associated with them.)
     1216        *
     1217        * It is important that we modify the existing cache entry even
     1218        * if it is otherwise totally valid and would not be reloaded.
     1219        * Otherwise, it won't recover from repeatedly reading the same
     1220        * inode via multiple hardlinks or different names.  Specifically,
     1221        * Apache will be able to read both names if it was first looked
     1222        * up (by anyone!) via .htaccess, and neither if it was first
     1223        * looked up via foo.
     1224        *
     1225        * With regards to performance, the strncmp() is bounded by
     1226        * three characters, so it takes O(3) operations.  If this code
     1227        * is extended to all static-cat extensions, we'll want to do
     1228        * some clever hashing using gperf here.
     1229        */
     1230        vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0;
     1231
    12101232        dput(parent);
    12111233    } else {
    12121234#ifdef notyet
  • src/afs/VNOPS/afs_vnop_access.c

    diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c
    index feb0ca7..ba818c7 100644
    a b afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq, 
    130130            dirBits = PRSFS_LOOKUP | PRSFS_READ;
    131131            return (arights == (dirBits & arights));
    132132        }
     133        if ( areq->uid == globalpag &&
     134            !(areq->realuid == avc->f.fid.Fid.Volume) &&
     135            !((avc->f.anyAccess | arights) == avc->f.anyAccess) &&
     136            !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
     137            !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     138            !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     139            !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     140            return 0;
     141        }
    133142        return (arights == afs_GetAccessBits(avc, arights, areq));
    134143    } else {
    135144        /* some rights come from dir and some from file.  Specifically, you
    afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq, 
    183192                    fileBits |= PRSFS_READ;
    184193            }
    185194        }
     195
     196        if ( areq->uid == globalpag &&
     197            !(areq->realuid == avc->f.fid.Fid.Volume) &&
     198            !((avc->f.anyAccess | arights) == avc->f.anyAccess) &&
     199            !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
     200            !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
     201            !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
     202                (avc->f.m.Mode == 0100777 || avc->apache_access)) &&
     203            !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     204            !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     205            return 0;
     206        }
     207
    186208        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
    187209    }
    188210}
  • src/afs/VNOPS/afs_vnop_attrs.c

    diff --git a/src/afs/VNOPS/afs_vnop_attrs.c b/src/afs/VNOPS/afs_vnop_attrs.c
    index d01aff2..0a38c1c 100644
    a b afs_CopyOutAttrs(struct vcache *avc, struct vattr *attrs) 
    8888        }
    8989    }
    9090#endif /* AFS_DARWIN_ENV */
    91     attrs->va_uid = fakedir ? 0 : avc->f.m.Owner;
    92     attrs->va_gid = fakedir ? 0 : avc->f.m.Group;       /* yeah! */
     91    attrs->va_uid = fakedir ? 0 : avc->f.fid.Fid.Volume;
     92    attrs->va_gid = (avc->f.m.Owner == DAEMON_SCRIPTS_PTSID ? avc->f.m.Group : avc->f.m.Owner);
    9393#if defined(AFS_SUN56_ENV)
    9494    attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
    9595#elif defined(AFS_DARWIN80_ENV)
  • src/afs/VNOPS/afs_vnop_lookup.c

    diff --git a/src/afs/VNOPS/afs_vnop_lookup.c b/src/afs/VNOPS/afs_vnop_lookup.c
    index 5d96f75..7957eee 100644
    a b afs_lookup(OSI_VC_DECL(adp), char *aname, struct vcache **avcp, afs_ucred_t *acr 
    19151915    }
    19161916
    19171917  done:
     1918    if (tvc) {
     1919    /* [scripts] check Apache's ability to read this file, so that
     1920    * we can figure this out on an access() call */
     1921    tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
     1922    }
     1923
    19181924    /* put the network buffer back, if need be */
    19191925    if (tname != aname && tname)
    19201926        osi_FreeLargeSpace(tname);
  • src/afs/afs.h

    diff --git a/src/afs/afs.h b/src/afs/afs.h
    index 88d5f77..61d3ee9 100644
    a b struct afs_slotlist { 
    233233    struct afs_slotlist *next;
    234234};
    235235
     236#define AFSAGENT_UID (101)
     237#define SIGNUP_UID (102)
     238#define HTTPD_UID (48)
     239#define POSTFIX_UID (89)
     240#define DAEMON_SCRIPTS_PTSID (33554596)
     241extern afs_int32 globalpag;
     242
    236243struct vrequest {
    237244    afs_int32 uid;              /* user id making the request */
     245    afs_int32 realuid;
    238246    afs_int32 busyCount;        /* how many busies we've seen so far */
    239247    afs_int32 flags;            /* things like O_SYNC, O_NONBLOCK go here */
    240248    char initd;                 /* if non-zero, Error fields meaningful */
    struct vcache { 
    896904    struct afs_q multiPage;     /* list of multiPage_range structs */
    897905#endif
    898906    afs_uint32 lastBRLWarnTime; /* last time we warned about byte-range locks */
     907    int apache_access;          /* whether or not Apache has access to a file */
    899908};
    900909
    901910#define DONT_CHECK_MODE_BITS    0
  • src/afs/afs_analyze.c

    diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c
    index 2ecd38e..95aafcd 100644
    a b afs_Analyze(struct afs_conn *aconn, struct rx_connection *rxconn, 
    478478                         (afid ? afid->Fid.Volume : 0));
    479479        }
    480480
    481         if (areq->busyCount > 100) {
     481        if (1) {
    482482            if (aerrP)
    483483                (aerrP->err_Volume)++;
    484484            areq->volumeError = VOLBUSY;
  • src/afs/afs_osi_pag.c

    diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c
    index efce229..c1c1871 100644
    a b afs_uint32 pagCounter = 0; 
    4949#endif
    5050/* Local variables */
    5151
     52afs_int32 globalpag = 0;
     53
    5254/*
    5355 * Pags are implemented as follows: the set of groups whose long
    5456 * representation is '41XXXXXX' hex are used to represent the pags.
    afs_InitReq(struct vrequest *av, afs_ucred_t *acred) 
    484486        av->uid = afs_cr_ruid(acred);   /* default when no pag is set */
    485487#endif
    486488    }
     489
     490    av->realuid = afs_cr_uid(acred);
     491    if(!globalpag && av->realuid == AFSAGENT_UID) {
     492      globalpag = av->uid;
     493    }
     494    else if (globalpag && av->uid == av->realuid) {
     495      av->uid = globalpag;
     496    }
     497
    487498    return 0;
    488499}
    489500
  • src/afs/afs_pioctl.c

    diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
    index e0a744d..c1c8c8c 100644
    a b DECL_PIOCTL(PSetAcl) 
    14201420    struct rx_connection *rxconn;
    14211421    XSTATS_DECLS;
    14221422
     1423    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1424       return EACCES;
     1425    }
     1426
    14231427    AFS_STATCNT(PSetAcl);
    14241428    if (!avc)
    14251429        return EINVAL;
    DECL_PIOCTL(PSetTokens) 
    18061810    struct vrequest treq;
    18071811    afs_int32 flag, set_parent_pag = 0;
    18081812
     1813    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     1814        return EACCES;
     1815    }
     1816
    18091817    AFS_STATCNT(PSetTokens);
    18101818    if (!afs_resourceinit_flag) {
    18111819        return EIO;
    DECL_PIOCTL(PGetTokens) 
    22662274    int newStyle;
    22672275    int code = E2BIG;
    22682276
     2277    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID &&
     2278        areq->realuid != 0 && areq->realuid != SIGNUP_UID) {
     2279        return EDOM;
     2280    }
     2281
    22692282    AFS_STATCNT(PGetTokens);
    22702283    if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
    22712284        return EIO;             /* Inappropriate ioctl for device */
    DECL_PIOCTL(PUnlog) 
    23762389    afs_int32 i;
    23772390    struct unixuser *tu;
    23782391
     2392    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     2393        return EACCES;
     2394    }
     2395
    23792396    AFS_STATCNT(PUnlog);
    23802397    if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
    23812398        return EIO;             /* Inappropriate ioctl for device */
Note: See TracBrowser for help on using the repository browser.