1 | scripts.mit.edu openafs patch |
---|
2 | Copyright (C) 2006 Jeff Arnold |
---|
3 | Releasd under GNU GPL; see /COPYRIGHT in repository for more information. |
---|
4 | |
---|
5 | 0000 diff -U1000 -r orig-1.4.1/src/afs/afs.h scripts-1.4.1/src/afs/afs.h |
---|
6 | 0001 --- orig-1.4.1/src/afs/afs.h 2006-02-17 16:58:33.000000000 -0500 |
---|
7 | 0002 +++ scripts-1.4.1/src/afs/afs.h 2006-10-02 17:35:12.000000000 -0400 |
---|
8 | 0003 ... |
---|
9 | 0004 +#define AFSAGENT_UID (101) |
---|
10 | 0005 +#define HTTPD_UID (48) |
---|
11 | 0006 +#define DAEMON_SCRIPTS_PTSID (33554596) |
---|
12 | 0007 struct vrequest { |
---|
13 | 0008 afs_int32 uid; /* user id making the request */ |
---|
14 | 0009 + afs_int32 realuid; |
---|
15 | 0010 afs_int32 busyCount; /* how many busies we've seen so far */ |
---|
16 | 0011 afs_int32 flags; /* things like O_SYNC, O_NONBLOCK go here */ |
---|
17 | 0012 char initd; /* if non-zero, non-uid fields meaningful */ |
---|
18 | 0013 char accessError; /* flags for overriding error return code */ |
---|
19 | 0014 char volumeError; /* encountered a missing or busy volume */ |
---|
20 | 0015 char networkError; /* encountered network problems */ |
---|
21 | 0016 char permWriteError; /* fileserver returns permenent error. */ |
---|
22 | 0017 }; |
---|
23 | 0018 |
---|
24 | 0019 struct unixuser { |
---|
25 | 0020 struct unixuser *next; /* next hash pointer */ |
---|
26 | 0021 afs_int32 uid; /* search based on uid and cell */ |
---|
27 | 0022 afs_int32 cell; |
---|
28 | 0023 afs_int32 vid; /* corresponding vice id in specified cell */ |
---|
29 | 0024 short refCount; /* reference count for allocation */ |
---|
30 | 0025 char states; /* flag info */ |
---|
31 | 0026 afs_int32 tokenTime; /* last time tokens were set, used for timing out conn data */ |
---|
32 | 0027 afs_int32 stLen; /* ticket length (if kerberos, includes kvno at head) */ |
---|
33 | 0028 char *stp; /* pointer to ticket itself */ |
---|
34 | 0029 struct ClearToken ct; |
---|
35 | 0030 struct afs_exporter *exporter; /* more info about the exporter for the remote user */ |
---|
36 | 0031 }; |
---|
37 | 0032 |
---|
38 | 0033 struct volume { |
---|
39 | 0034 /* One structure per volume, describing where the volume is located |
---|
40 | 0035 * and where its mount points are. */ |
---|
41 | 0036 struct volume *next; /* Next volume in hash list. */ |
---|
42 | 0037 afs_int32 cell; /* the cell in which the volume resides */ |
---|
43 | 0038 afs_rwlock_t lock; /* the lock for this structure */ |
---|
44 | 0039 afs_int32 volume; /* This volume's ID number. */ |
---|
45 | 0040 char *name; /* This volume's name, or 0 if unknown */ |
---|
46 | 0041 struct server *serverHost[MAXHOSTS]; /* servers serving this volume */ |
---|
47 | 0042 enum repstate status[MAXHOSTS]; /* busy, offline, etc */ |
---|
48 | 0043 struct VenusFid dotdot; /* dir to access as .. */ |
---|
49 | 0044 struct VenusFid mtpoint; /* The mount point for this volume. */ |
---|
50 | 0045 afs_int32 rootVnode, rootUnique; /* Volume's root fid */ |
---|
51 | 0046 afs_int32 roVol; |
---|
52 | 0047 afs_int32 backVol; |
---|
53 | 0048 afs_int32 rwVol; /* For r/o vols, original read/write volume. */ |
---|
54 | 0049 afs_int32 accessTime; /* last time we used it */ |
---|
55 | 0050 afs_int32 vtix; /* volume table index */ |
---|
56 | 0051 afs_int32 copyDate; /* copyDate field, for tracking vol releases */ |
---|
57 | 0052 afs_int32 expireTime; /* for per-volume callbacks... */ |
---|
58 | 0053 short refCount; /* reference count for allocation */ |
---|
59 | 0054 char states; /* here for alignment reasons */ |
---|
60 | 0055 }; |
---|
61 | 0056 |
---|
62 | 0057 struct vcache { |
---|
63 | 0058 #if defined(AFS_XBSD_ENV) || defined(AFS_DARWIN_ENV) || (defined(AFS_LINUX22_ENV) && !defined(STRUCT_SUPER_HAS_ALLOC_INODE)) |
---|
64 | 0059 struct vnode *v; |
---|
65 | 0060 #else |
---|
66 | 0061 struct vnode v; /* Has reference count in v.v_count */ |
---|
67 | 0062 #endif |
---|
68 | 0063 struct afs_q vlruq; /* lru q next and prev */ |
---|
69 | 0064 #if !defined(AFS_LINUX22_ENV) |
---|
70 | 0065 struct vcache *nextfree; /* next on free list (if free) */ |
---|
71 | 0066 #endif |
---|
72 | 0067 struct vcache *hnext; /* Hash next */ |
---|
73 | 0068 struct afs_q vhashq; /* Hashed per-volume list */ |
---|
74 | 0069 struct VenusFid fid; |
---|
75 | 0070 struct mstat { |
---|
76 | 0071 afs_size_t Length; |
---|
77 | 0072 afs_hyper_t DataVersion; |
---|
78 | 0073 afs_uint32 Date; |
---|
79 | 0074 afs_uint32 Owner; |
---|
80 | 0075 afs_uint32 Group; |
---|
81 | 0076 afs_uint16 Mode; /* XXXX Should be afs_int32 XXXX */ |
---|
82 | 0077 afs_uint16 LinkCount; |
---|
83 | 0078 #ifdef AFS_DARWIN80_ENV |
---|
84 | 0079 afs_uint16 Type; |
---|
85 | 0080 #else |
---|
86 | 0081 /* vnode type is in v.v_type */ |
---|
87 | 0082 #endif |
---|
88 | 0083 } m; |
---|
89 | 0084 afs_rwlock_t lock; /* The lock on the vcache contents. */ |
---|
90 | 0085 #if defined(AFS_SUN5_ENV) |
---|
91 | 0086 /* Lock used to protect the activeV, multipage, and vstates fields. |
---|
92 | 0087 * Do not try to get the vcache lock when the vlock is held */ |
---|
93 | 0088 afs_rwlock_t vlock; |
---|
94 | 0089 #endif /* defined(AFS_SUN5_ENV) */ |
---|
95 | 0090 #if defined(AFS_SUN5_ENV) |
---|
96 | 0091 krwlock_t rwlock; |
---|
97 | 0092 struct cred *credp; |
---|
98 | 0093 #endif |
---|
99 | 0094 #ifdef AFS_BOZONLOCK_ENV |
---|
100 | 0095 afs_bozoLock_t pvnLock; /* see locks.x */ |
---|
101 | 0096 #endif |
---|
102 | 0097 #ifdef AFS_AIX32_ENV |
---|
103 | 0098 afs_lock_t pvmlock; |
---|
104 | 0099 vmhandle_t vmh; |
---|
105 | 0100 #if defined(AFS_AIX51_ENV) |
---|
106 | 0101 vmid_t segid; |
---|
107 | 0102 #else |
---|
108 | 0103 int segid; |
---|
109 | 0104 #endif |
---|
110 | 0105 struct ucred *credp; |
---|
111 | 0106 #endif |
---|
112 | 0107 #ifdef AFS_AIX_ENV |
---|
113 | 0108 int ownslock; /* pid of owner of excl lock, else 0 - defect 3083 */ |
---|
114 | 0109 #endif |
---|
115 | 0110 #ifdef AFS_DARWIN80_ENV |
---|
116 | 0111 lck_mtx_t *rwlock; |
---|
117 | 0112 #elif defined(AFS_DARWIN_ENV) |
---|
118 | 0113 struct lock__bsd__ rwlock; |
---|
119 | 0114 #endif |
---|
120 | 0115 #ifdef AFS_XBSD_ENV |
---|
121 | 0116 struct lock rwlock; |
---|
122 | 0117 #endif |
---|
123 | 0118 afs_int32 parentVnode; /* Parent dir, if a file. */ |
---|
124 | 0119 afs_int32 parentUnique; |
---|
125 | 0120 struct VenusFid *mvid; /* Either parent dir (if root) or root (if mt pt) */ |
---|
126 | 0121 char *linkData; /* Link data if a symlink. */ |
---|
127 | 0122 afs_hyper_t flushDV; /* data version last flushed from text */ |
---|
128 | 0123 afs_hyper_t mapDV; /* data version last flushed from map */ |
---|
129 | 0124 afs_size_t truncPos; /* truncate file to this position at next store */ |
---|
130 | 0125 struct server *callback; /* The callback host, if any */ |
---|
131 | 0126 afs_uint32 cbExpires; /* time the callback expires */ |
---|
132 | 0127 struct afs_q callsort; /* queue in expiry order, sort of */ |
---|
133 | 0128 struct axscache *Access; /* a list of cached access bits */ |
---|
134 | 0129 afs_int32 anyAccess; /* System:AnyUser's access to this. */ |
---|
135 | 0130 afs_int32 last_looker; /* pag/uid from last lookup here */ |
---|
136 | 0131 #if defined(AFS_SUN5_ENV) |
---|
137 | 0132 afs_int32 activeV; |
---|
138 | 0133 #endif /* defined(AFS_SUN5_ENV) */ |
---|
139 | 0134 struct SimpleLocks *slocks; |
---|
140 | 0135 short opens; /* The numbers of opens, read or write, on this file. */ |
---|
141 | 0136 short execsOrWriters; /* The number of execs (if < 0) or writers (if > 0) of |
---|
142 | 0137 * this file. */ |
---|
143 | 0138 short flockCount; /* count of flock readers, or -1 if writer */ |
---|
144 | 0139 char mvstat; /* 0->normal, 1->mt pt, 2->root. */ |
---|
145 | 0140 afs_uint32 states; /* state bits */ |
---|
146 | 0141 #if defined(AFS_SUN5_ENV) |
---|
147 | 0142 afs_uint32 vstates; /* vstate bits */ |
---|
148 | 0143 #endif /* defined(AFS_SUN5_ENV) */ |
---|
149 | 0144 struct dcache *dchint; |
---|
150 | 0145 #ifdef AFS_LINUX22_ENV |
---|
151 | 0146 u_short mapcnt; /* Number of mappings of this file. */ |
---|
152 | 0147 #endif |
---|
153 | 0148 #if defined(AFS_SGI_ENV) |
---|
154 | 0149 daddr_t lastr; /* for read-ahead */ |
---|
155 | 0150 #ifdef AFS_SGI64_ENV |
---|
156 | 0151 uint64_t vc_rwlockid; /* kthread owning rwlock */ |
---|
157 | 0152 #else |
---|
158 | 0153 short vc_rwlockid; /* pid of process owning rwlock */ |
---|
159 | 0154 #endif |
---|
160 | 0155 short vc_locktrips; /* # of rwlock reacquisitions */ |
---|
161 | 0156 sema_t vc_rwlock; /* vop_rwlock for afs */ |
---|
162 | 0157 pgno_t mapcnt; /* # of pages mapped */ |
---|
163 | 0158 struct cred *cred; /* last writer's cred */ |
---|
164 | 0159 #ifdef AFS_SGI64_ENV |
---|
165 | 0160 struct bhv_desc vc_bhv_desc; /* vnode's behavior data. */ |
---|
166 | 0161 #endif |
---|
167 | 0162 #endif /* AFS_SGI_ENV */ |
---|
168 | 0163 afs_int32 vc_error; /* stash write error for this vnode. */ |
---|
169 | 0164 int xlatordv; /* Used by nfs xlator */ |
---|
170 | 0165 struct AFS_UCRED *uncred; |
---|
171 | 0166 int asynchrony; /* num kbytes to store behind */ |
---|
172 | 0167 #ifdef AFS_SUN5_ENV |
---|
173 | 0168 short multiPage; /* count of multi-page getpages in progress */ |
---|
174 | 0169 #endif |
---|
175 | 0170 }; |
---|
176 | 0171 diff -U1000 -r orig-1.4.1/src/afs/afs_osi_pag.c scripts-1.4.1/src/afs/afs_osi_pag.c |
---|
177 | 0172 --- orig-1.4.1/src/afs/afs_osi_pag.c 2005-10-05 01:58:27.000000000 -0400 |
---|
178 | 0173 +++ scripts-1.4.1/src/afs/afs_osi_pag.c 2006-10-02 17:35:12.000000000 -0400 |
---|
179 | 0174 /* Local variables */ |
---|
180 | 0175 |
---|
181 | 0176 +afs_int32 globalpag; |
---|
182 | 0177 + |
---|
183 | 0178 /* |
---|
184 | 0179 * Pags are implemented as follows: the set of groups whose long |
---|
185 | 0180 * representation is '41XXXXXX' hex are used to represent the pags. |
---|
186 | 0181 * Being a member of such a group means you are authenticated as pag |
---|
187 | 0182 * XXXXXX (0x41 == 'A', for Andrew). You are never authenticated as |
---|
188 | 0183 * multiple pags at once. |
---|
189 | 0184 * |
---|
190 | 0185 * The function afs_InitReq takes a credential field and formats the |
---|
191 | 0186 * corresponding venus request structure. The uid field in the |
---|
192 | 0187 * vrequest structure is set to the *pag* you are authenticated as, or |
---|
193 | 0188 * the uid, if you aren't authenticated with a pag. |
---|
194 | 0189 * |
---|
195 | 0190 * The basic motivation behind pags is this: just because your unix |
---|
196 | 0191 * uid is N doesn't mean that you should have the same privileges as |
---|
197 | 0192 * anyone logged in on the machine as user N, since this would enable |
---|
198 | 0193 * the superuser on the machine to sneak in and make use of anyone's |
---|
199 | 0194 * authentication info, even that which is only accidentally left |
---|
200 | 0195 * behind when someone leaves a public workstation. |
---|
201 | 0196 * |
---|
202 | 0197 * AFS doesn't use the unix uid for anything except |
---|
203 | 0198 * a handle with which to find the actual authentication tokens |
---|
204 | 0199 * anyway, so the pag is an alternative handle which is somewhat more |
---|
205 | 0200 * secure (although of course not absolutely secure). |
---|
206 | 0201 */ |
---|
207 | 0202 ... |
---|
208 | 0203 int |
---|
209 | 0204 afs_InitReq(register struct vrequest *av, struct AFS_UCRED *acred) |
---|
210 | 0205 { |
---|
211 | 0206 AFS_STATCNT(afs_InitReq); |
---|
212 | 0207 if (afs_shuttingdown) |
---|
213 | 0208 return EIO; |
---|
214 | 0209 av->uid = PagInCred(acred); |
---|
215 | 0210 if (av->uid == NOPAG) { |
---|
216 | 0211 /* Afs doesn't use the unix uid for anuthing except a handle |
---|
217 | 0212 * with which to find the actual authentication tokens so I |
---|
218 | 0213 * think it's ok to use the real uid to make setuid |
---|
219 | 0214 * programs (without setpag) to work properly. |
---|
220 | 0215 */ |
---|
221 | 0216 #if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV) |
---|
222 | 0217 if (acred == NOCRED) |
---|
223 | 0218 av->uid = -2; /* XXX nobody... ? */ |
---|
224 | 0219 else |
---|
225 | 0220 av->uid = acred->cr_uid; /* bsd creds don't have ruid */ |
---|
226 | 0221 #else |
---|
227 | 0222 av->uid = acred->cr_ruid; /* default when no pag is set */ |
---|
228 | 0223 #endif |
---|
229 | 0224 } |
---|
230 | 0225 + |
---|
231 | 0226 + av->realuid = acred->cr_ruid; |
---|
232 | 0227 + if(acred->cr_ruid == AFSAGENT_UID) { |
---|
233 | 0228 + globalpag = av->uid; |
---|
234 | 0229 + } |
---|
235 | 0230 + else { |
---|
236 | 0231 + av->uid = globalpag; |
---|
237 | 0232 + } |
---|
238 | 0233 + |
---|
239 | 0234 av->initd = 0; |
---|
240 | 0235 return 0; |
---|
241 | 0236 } |
---|
242 | 0237 diff -U1000 -r orig-1.4.1/src/afs/afs_pioctl.c scripts-1.4.1/src/afs/afs_pioctl.c |
---|
243 | 0238 --- orig-1.4.1/src/afs/afs_pioctl.c 2006-03-02 01:44:05.000000000 -0500 |
---|
244 | 0239 +++ scripts-1.4.1/src/afs/afs_pioctl.c 2006-10-02 17:35:12.000000000 -0400 |
---|
245 | 0240 #define DECL_PIOCTL(x) static int x(struct vcache *avc, int afun, struct vrequest *areq, \ |
---|
246 | 0241 char *ain, char *aout, afs_int32 ainSize, afs_int32 *aoutSize, \ |
---|
247 | 0242 struct AFS_UCRED **acred) |
---|
248 | 0243 ... |
---|
249 | 0244 DECL_PIOCTL(PSetAcl) |
---|
250 | 0245 { |
---|
251 | 0246 register afs_int32 code; |
---|
252 | 0247 struct conn *tconn; |
---|
253 | 0248 struct AFSOpaque acl; |
---|
254 | 0249 struct AFSVolSync tsync; |
---|
255 | 0250 struct AFSFetchStatus OutStatus; |
---|
256 | 0251 XSTATS_DECLS; |
---|
257 | 0252 |
---|
258 | 0253 + if(areq->realuid != AFSAGENT_UID) { |
---|
259 | 0254 + return EACCES; |
---|
260 | 0255 + } |
---|
261 | 0256 + |
---|
262 | 0257 AFS_STATCNT(PSetAcl); |
---|
263 | 0258 if (!avc) |
---|
264 | 0259 return EINVAL; |
---|
265 | 0260 if ((acl.AFSOpaque_len = strlen(ain) + 1) > 1000) |
---|
266 | 0261 return EINVAL; |
---|
267 | 0262 |
---|
268 | 0263 acl.AFSOpaque_val = ain; |
---|
269 | 0264 do { |
---|
270 | 0265 tconn = afs_Conn(&avc->fid, areq, SHARED_LOCK); |
---|
271 | 0266 if (tconn) { |
---|
272 | 0267 XSTATS_START_TIME(AFS_STATS_FS_RPCIDX_STOREACL); |
---|
273 | 0268 RX_AFS_GUNLOCK(); |
---|
274 | 0269 code = |
---|
275 | 0270 RXAFS_StoreACL(tconn->id, (struct AFSFid *)&avc->fid.Fid, |
---|
276 | 0271 &acl, &OutStatus, &tsync); |
---|
277 | 0272 RX_AFS_GLOCK(); |
---|
278 | 0273 XSTATS_END_TIME; |
---|
279 | 0274 } else |
---|
280 | 0275 code = -1; |
---|
281 | 0276 } while (afs_Analyze |
---|
282 | 0277 (tconn, code, &avc->fid, areq, AFS_STATS_FS_RPCIDX_STOREACL, |
---|
283 | 0278 SHARED_LOCK, NULL)); |
---|
284 | 0279 |
---|
285 | 0280 /* now we've forgotten all of the access info */ |
---|
286 | 0281 ObtainWriteLock(&afs_xcbhash, 455); |
---|
287 | 0282 avc->callback = 0; |
---|
288 | 0283 afs_DequeueCallback(avc); |
---|
289 | 0284 avc->states &= ~(CStatd | CUnique); |
---|
290 | 0285 ReleaseWriteLock(&afs_xcbhash); |
---|
291 | 0286 if (avc->fid.Fid.Vnode & 1 || (vType(avc) == VDIR)) |
---|
292 | 0287 osi_dnlc_purgedp(avc); |
---|
293 | 0288 return code; |
---|
294 | 0289 } |
---|
295 | 0290 ... |
---|
296 | 0291 DECL_PIOCTL(PSetTokens) |
---|
297 | 0292 { |
---|
298 | 0293 afs_int32 i; |
---|
299 | 0294 register struct unixuser *tu; |
---|
300 | 0295 struct ClearToken clear; |
---|
301 | 0296 register struct cell *tcell; |
---|
302 | 0297 char *stp; |
---|
303 | 0298 int stLen; |
---|
304 | 0299 struct vrequest treq; |
---|
305 | 0300 afs_int32 flag, set_parent_pag = 0; |
---|
306 | 0301 |
---|
307 | 0302 + if(areq->realuid != AFSAGENT_UID) { |
---|
308 | 0303 + return 0; |
---|
309 | 0304 + } |
---|
310 | 0305 + |
---|
311 | 0306 AFS_STATCNT(PSetTokens); |
---|
312 | 0307 if (!afs_resourceinit_flag) { |
---|
313 | 0308 return EIO; |
---|
314 | 0309 } |
---|
315 | 0310 memcpy((char *)&i, ain, sizeof(afs_int32)); |
---|
316 | 0311 ain += sizeof(afs_int32); |
---|
317 | 0312 stp = ain; /* remember where the ticket is */ |
---|
318 | 0313 if (i < 0 || i > MAXKTCTICKETLEN) |
---|
319 | 0314 return EINVAL; /* malloc may fail */ |
---|
320 | 0315 stLen = i; |
---|
321 | 0316 ain += i; /* skip over ticket */ |
---|
322 | 0317 memcpy((char *)&i, ain, sizeof(afs_int32)); |
---|
323 | 0318 ain += sizeof(afs_int32); |
---|
324 | 0319 if (i != sizeof(struct ClearToken)) { |
---|
325 | 0320 return EINVAL; |
---|
326 | 0321 } |
---|
327 | 0322 memcpy((char *)&clear, ain, sizeof(struct ClearToken)); |
---|
328 | 0323 if (clear.AuthHandle == -1) |
---|
329 | 0324 clear.AuthHandle = 999; /* more rxvab compat stuff */ |
---|
330 | 0325 ain += sizeof(struct ClearToken); |
---|
331 | 0326 if (ainSize != 2 * sizeof(afs_int32) + stLen + sizeof(struct ClearToken)) { |
---|
332 | 0327 /* still stuff left? we've got primary flag and cell name. Set these */ |
---|
333 | 0328 memcpy((char *)&flag, ain, sizeof(afs_int32)); /* primary id flag */ |
---|
334 | 0329 ain += sizeof(afs_int32); /* skip id field */ |
---|
335 | 0330 /* rest is cell name, look it up */ |
---|
336 | 0331 /* some versions of gcc appear to need != 0 in order to get this right */ |
---|
337 | 0332 if ((flag & 0x8000) != 0) { /* XXX Use Constant XXX */ |
---|
338 | 0333 flag &= ~0x8000; |
---|
339 | 0334 set_parent_pag = 1; |
---|
340 | 0335 } |
---|
341 | 0336 tcell = afs_GetCellByName(ain, READ_LOCK); |
---|
342 | 0337 if (!tcell) |
---|
343 | 0338 goto nocell; |
---|
344 | 0339 } else { |
---|
345 | 0340 /* default to primary cell, primary id */ |
---|
346 | 0341 flag = 1; /* primary id */ |
---|
347 | 0342 tcell = afs_GetPrimaryCell(READ_LOCK); |
---|
348 | 0343 if (!tcell) |
---|
349 | 0344 goto nocell; |
---|
350 | 0345 } |
---|
351 | 0346 i = tcell->cellNum; |
---|
352 | 0347 afs_PutCell(tcell, READ_LOCK); |
---|
353 | 0348 if (set_parent_pag) { |
---|
354 | 0349 afs_int32 pag; |
---|
355 | 0350 #if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV) |
---|
356 | 0351 #if defined(AFS_DARWIN_ENV) |
---|
357 | 0352 struct proc *p = current_proc(); /* XXX */ |
---|
358 | 0353 #else |
---|
359 | 0354 struct proc *p = curproc; /* XXX */ |
---|
360 | 0355 #endif |
---|
361 | 0356 #ifndef AFS_DARWIN80_ENV |
---|
362 | 0357 uprintf("Process %d (%s) tried to change pags in PSetTokens\n", |
---|
363 | 0358 p->p_pid, p->p_comm); |
---|
364 | 0359 #endif |
---|
365 | 0360 if (!setpag(p, acred, -1, &pag, 1)) { |
---|
366 | 0361 #else |
---|
367 | 0362 #ifdef AFS_OSF_ENV |
---|
368 | 0363 if (!setpag(u.u_procp, acred, -1, &pag, 1)) { /* XXX u.u_procp is a no-op XXX */ |
---|
369 | 0364 #else |
---|
370 | 0365 if (!setpag(acred, -1, &pag, 1)) { |
---|
371 | 0366 #endif |
---|
372 | 0367 #endif |
---|
373 | 0368 afs_InitReq(&treq, *acred); |
---|
374 | 0369 areq = &treq; |
---|
375 | 0370 } |
---|
376 | 0371 } |
---|
377 | 0372 /* now we just set the tokens */ |
---|
378 | 0373 tu = afs_GetUser(areq->uid, i, WRITE_LOCK); /* i has the cell # */ |
---|
379 | 0374 tu->vid = clear.ViceId; |
---|
380 | 0375 if (tu->stp != NULL) { |
---|
381 | 0376 afs_osi_Free(tu->stp, tu->stLen); |
---|
382 | 0377 } |
---|
383 | 0378 tu->stp = (char *)afs_osi_Alloc(stLen); |
---|
384 | 0379 tu->stLen = stLen; |
---|
385 | 0380 memcpy(tu->stp, stp, stLen); |
---|
386 | 0381 tu->ct = clear; |
---|
387 | 0382 #ifndef AFS_NOSTATS |
---|
388 | 0383 afs_stats_cmfullperf.authent.TicketUpdates++; |
---|
389 | 0384 afs_ComputePAGStats(); |
---|
390 | 0385 #endif /* AFS_NOSTATS */ |
---|
391 | 0386 tu->states |= UHasTokens; |
---|
392 | 0387 tu->states &= ~UTokensBad; |
---|
393 | 0388 afs_SetPrimary(tu, flag); |
---|
394 | 0389 tu->tokenTime = osi_Time(); |
---|
395 | 0390 afs_ResetUserConns(tu); |
---|
396 | 0391 afs_PutUser(tu, WRITE_LOCK); |
---|
397 | 0392 |
---|
398 | 0393 return 0; |
---|
399 | 0394 |
---|
400 | 0395 nocell: |
---|
401 | 0396 { |
---|
402 | 0397 int t1; |
---|
403 | 0398 t1 = afs_initState; |
---|
404 | 0399 if (t1 < 101) |
---|
405 | 0400 return EIO; |
---|
406 | 0401 else |
---|
407 | 0402 return ESRCH; |
---|
408 | 0403 } |
---|
409 | 0404 } |
---|
410 | 0405 ... |
---|
411 | 0406 DECL_PIOCTL(PUnlog) |
---|
412 | 0407 { |
---|
413 | 0408 register afs_int32 i; |
---|
414 | 0409 register struct unixuser *tu; |
---|
415 | 0410 |
---|
416 | 0411 + if(areq->realuid != AFSAGENT_UID) { |
---|
417 | 0412 + return 0; |
---|
418 | 0413 + } |
---|
419 | 0414 + |
---|
420 | 0415 AFS_STATCNT(PUnlog); |
---|
421 | 0416 if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ |
---|
422 | 0417 return EIO; /* Inappropriate ioctl for device */ |
---|
423 | 0418 |
---|
424 | 0419 i = UHash(areq->uid); |
---|
425 | 0420 ObtainWriteLock(&afs_xuser, 227); |
---|
426 | 0421 for (tu = afs_users[i]; tu; tu = tu->next) { |
---|
427 | 0422 if (tu->uid == areq->uid) { |
---|
428 | 0423 tu->vid = UNDEFVID; |
---|
429 | 0424 tu->states &= ~UHasTokens; |
---|
430 | 0425 /* security is not having to say you're sorry */ |
---|
431 | 0426 memset((char *)&tu->ct, 0, sizeof(struct ClearToken)); |
---|
432 | 0427 tu->refCount++; |
---|
433 | 0428 ReleaseWriteLock(&afs_xuser); |
---|
434 | 0429 /* We have to drop the lock over the call to afs_ResetUserConns, since |
---|
435 | 0430 * it obtains the afs_xvcache lock. We could also keep the lock, and |
---|
436 | 0431 * modify ResetUserConns to take parm saying we obtained the lock |
---|
437 | 0432 * already, but that is overkill. By keeping the "tu" pointer |
---|
438 | 0433 * held over the released lock, we guarantee that we won't lose our |
---|
439 | 0434 * place, and that we'll pass over every user conn that existed when |
---|
440 | 0435 * we began this call. |
---|
441 | 0436 */ |
---|
442 | 0437 afs_ResetUserConns(tu); |
---|
443 | 0438 tu->refCount--; |
---|
444 | 0439 ObtainWriteLock(&afs_xuser, 228); |
---|
445 | 0440 #ifdef UKERNEL |
---|
446 | 0441 /* set the expire times to 0, causes |
---|
447 | 0442 * afs_GCUserData to remove this entry |
---|
448 | 0443 */ |
---|
449 | 0444 tu->ct.EndTimestamp = 0; |
---|
450 | 0445 tu->tokenTime = 0; |
---|
451 | 0446 #endif /* UKERNEL */ |
---|
452 | 0447 } |
---|
453 | 0448 } |
---|
454 | 0449 ReleaseWriteLock(&afs_xuser); |
---|
455 | 0450 return 0; |
---|
456 | 0451 } |
---|
457 | 0452 diff -U1000 -r orig-1.4.1/src/afs/VNOPS/afs_vnop_access.c scripts-1.4.1/src/afs/VNOPS/afs_vnop_access.c |
---|
458 | 0453 --- orig-1.4.1/src/afs/VNOPS/afs_vnop_access.c 2004-08-25 03:09:35.000000000 -0400 |
---|
459 | 0454 +++ scripts-1.4.1/src/afs/VNOPS/afs_vnop_access.c 2006-10-02 17:35:12.000000000 -0400 |
---|
460 | 0455 @@ -1,330 +1,348 @@ |
---|
461 | 0456 /* |
---|
462 | 0457 * Copyright 2000, International Business Machines Corporation and others. |
---|
463 | 0458 * All Rights Reserved. |
---|
464 | 0459 * |
---|
465 | 0460 * This software has been released under the terms of the IBM Public |
---|
466 | 0461 * License. For details, see the LICENSE file in the top-level source |
---|
467 | 0462 * directory or online at http://www.openafs.org/dl/license10.html |
---|
468 | 0463 */ |
---|
469 | 0464 |
---|
470 | 0465 /* |
---|
471 | 0466 * afs_vnop_access.c - access vop ccess mode bit support for vnode operations. |
---|
472 | 0467 * |
---|
473 | 0468 * Implements: |
---|
474 | 0469 * afs_GetAccessBits |
---|
475 | 0470 * afs_AccessOK |
---|
476 | 0471 * afs_access |
---|
477 | 0472 * |
---|
478 | 0473 * Local: |
---|
479 | 0474 * fileModeMap (table) |
---|
480 | 0475 */ |
---|
481 | 0476 |
---|
482 | 0477 #include <afsconfig.h> |
---|
483 | 0478 #include "afs/param.h" |
---|
484 | 0479 |
---|
485 | 0480 RCSID |
---|
486 | 0481 ("$Header: /cvs/openafs/src/afs/VNOPS/afs_vnop_access.c,v 1.10.2.1 2004/08/25 07:09:35 shadow Exp $"); |
---|
487 | 0482 |
---|
488 | 0483 #include "afs/sysincludes.h" /* Standard vendor system headers */ |
---|
489 | 0484 #include "afsincludes.h" /* Afs-based standard headers */ |
---|
490 | 0485 #include "afs/afs_stats.h" /* statistics */ |
---|
491 | 0486 #include "afs/afs_cbqueue.h" |
---|
492 | 0487 #include "afs/nfsclient.h" |
---|
493 | 0488 #include "afs/afs_osidnlc.h" |
---|
494 | 0489 |
---|
495 | 0490 #ifndef ANONYMOUSID |
---|
496 | 0491 #define ANONYMOUSID 32766 /* make sure this is same as in ptserver.h */ |
---|
497 | 0492 #endif |
---|
498 | 0493 |
---|
499 | 0494 |
---|
500 | 0495 |
---|
501 | 0496 |
---|
502 | 0497 |
---|
503 | 0498 |
---|
504 | 0499 |
---|
505 | 0500 /* access bits to turn off for various owner Unix mode values */ |
---|
506 | 0501 static char fileModeMap[8] = { |
---|
507 | 0502 PRSFS_READ | PRSFS_WRITE, |
---|
508 | 0503 PRSFS_READ | PRSFS_WRITE, |
---|
509 | 0504 PRSFS_READ, |
---|
510 | 0505 PRSFS_READ, |
---|
511 | 0506 PRSFS_WRITE, |
---|
512 | 0507 PRSFS_WRITE, |
---|
513 | 0508 0, |
---|
514 | 0509 0 |
---|
515 | 0510 }; |
---|
516 | 0511 |
---|
517 | 0512 /* avc must be held. Returns bit map of mode bits. Ignores file mode bits */ |
---|
518 | 0513 afs_int32 |
---|
519 | 0514 afs_GetAccessBits(register struct vcache *avc, register afs_int32 arights, |
---|
520 | 0515 register struct vrequest *areq) |
---|
521 | 0516 { |
---|
522 | 0517 AFS_STATCNT(afs_GetAccessBits); |
---|
523 | 0518 /* see if anyuser has the required access bits */ |
---|
524 | 0519 if ((arights & avc->anyAccess) == arights) { |
---|
525 | 0520 return arights; |
---|
526 | 0521 } |
---|
527 | 0522 |
---|
528 | 0523 /* look in per-pag cache */ |
---|
529 | 0524 if (avc->Access) { /* not beautiful, but Sun's cc will tolerate it */ |
---|
530 | 0525 struct axscache *ac; |
---|
531 | 0526 |
---|
532 | 0527 ac = afs_FindAxs(avc->Access, areq->uid); |
---|
533 | 0528 if (ac) { |
---|
534 | 0529 return (arights & ac->axess); |
---|
535 | 0530 } |
---|
536 | 0531 } |
---|
537 | 0532 |
---|
538 | 0533 if (!(avc->states & CForeign)) { |
---|
539 | 0534 /* If there aren't any bits cached for this user (but the vnode |
---|
540 | 0535 * _is_ cached, obviously), make sure this user has valid tokens |
---|
541 | 0536 * before bothering with the RPC. */ |
---|
542 | 0537 struct unixuser *tu; |
---|
543 | 0538 extern struct unixuser *afs_FindUser(); |
---|
544 | 0539 tu = afs_FindUser(areq->uid, avc->fid.Cell, READ_LOCK); |
---|
545 | 0540 if (!tu) { |
---|
546 | 0541 return (arights & avc->anyAccess); |
---|
547 | 0542 } |
---|
548 | 0543 if ((tu->vid == UNDEFVID) || !(tu->states & UHasTokens) |
---|
549 | 0544 || (tu->states & UTokensBad)) { |
---|
550 | 0545 afs_PutUser(tu, READ_LOCK); |
---|
551 | 0546 return (arights & avc->anyAccess); |
---|
552 | 0547 } else { |
---|
553 | 0548 afs_PutUser(tu, READ_LOCK); |
---|
554 | 0549 } |
---|
555 | 0550 } |
---|
556 | 0551 |
---|
557 | 0552 { /* Ok, user has valid tokens, go ask the server. */ |
---|
558 | 0553 struct AFSFetchStatus OutStatus; |
---|
559 | 0554 afs_int32 code; |
---|
560 | 0555 |
---|
561 | 0556 code = afs_FetchStatus(avc, &avc->fid, areq, &OutStatus); |
---|
562 | 0557 return (code ? 0 : OutStatus.CallerAccess & arights); |
---|
563 | 0558 } |
---|
564 | 0559 } |
---|
565 | 0560 |
---|
566 | 0561 |
---|
567 | 0562 /* the new access ok function. AVC must be held but not locked. if avc is a |
---|
568 | 0563 * file, its parent need not be held, and should not be locked. */ |
---|
569 | 0564 |
---|
570 | 0565 int |
---|
571 | 0566 afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq, |
---|
572 | 0567 afs_int32 check_mode_bits) |
---|
573 | 0568 { |
---|
574 | 0569 register struct vcache *tvc; |
---|
575 | 0570 struct VenusFid dirFid; |
---|
576 | 0571 register afs_int32 mask; |
---|
577 | 0572 afs_int32 dirBits; |
---|
578 | 0573 register afs_int32 fileBits; |
---|
579 | 0574 |
---|
580 | 0575 AFS_STATCNT(afs_AccessOK); |
---|
581 | 0576 |
---|
582 | 0577 if ((vType(avc) == VDIR) || (avc->states & CForeign)) { |
---|
583 | 0578 /* rights are just those from acl */ |
---|
584 | 0579 + |
---|
585 | 0580 + if ( !(areq->realuid == avc->fid.Fid.Volume) && |
---|
586 | 0581 + !((avc->anyAccess | arights) == avc->anyAccess) && |
---|
587 | 0582 + !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) && |
---|
588 | 0583 + !(areq->realuid == AFSAGENT_UID)) { |
---|
589 | 0584 + return 0; |
---|
590 | 0585 + } |
---|
591 | 0586 + |
---|
592 | 0587 return (arights == afs_GetAccessBits(avc, arights, areq)); |
---|
593 | 0588 } else { |
---|
594 | 0589 /* some rights come from dir and some from file. Specifically, you |
---|
595 | 0590 * have "a" rights to a file if you are its owner, which comes |
---|
596 | 0591 * back as "a" rights to the file. You have other rights just |
---|
597 | 0592 * from dir, but all are restricted by the file mode bit. Now, |
---|
598 | 0593 * if you have I and A rights to a file, we throw in R and W |
---|
599 | 0594 * rights for free. These rights will then be restricted by |
---|
600 | 0595 * the access mask. */ |
---|
601 | 0596 dirBits = 0; |
---|
602 | 0597 if (avc->parentVnode) { |
---|
603 | 0598 dirFid.Cell = avc->fid.Cell; |
---|
604 | 0599 dirFid.Fid.Volume = avc->fid.Fid.Volume; |
---|
605 | 0600 dirFid.Fid.Vnode = avc->parentVnode; |
---|
606 | 0601 dirFid.Fid.Unique = avc->parentUnique; |
---|
607 | 0602 /* Avoid this GetVCache call */ |
---|
608 | 0603 tvc = afs_GetVCache(&dirFid, areq, NULL, NULL); |
---|
609 | 0604 if (tvc) { |
---|
610 | 0605 dirBits = afs_GetAccessBits(tvc, arights, areq); |
---|
611 | 0606 afs_PutVCache(tvc); |
---|
612 | 0607 } |
---|
613 | 0608 } else |
---|
614 | 0609 dirBits = 0xffffffff; /* assume OK; this is a race condition */ |
---|
615 | 0610 if (arights & PRSFS_ADMINISTER) |
---|
616 | 0611 fileBits = afs_GetAccessBits(avc, arights, areq); |
---|
617 | 0612 else |
---|
618 | 0613 fileBits = 0; /* don't make call if results don't matter */ |
---|
619 | 0614 |
---|
620 | 0615 /* compute basic rights in fileBits, taking A from file bits */ |
---|
621 | 0616 fileBits = |
---|
622 | 0617 (fileBits & PRSFS_ADMINISTER) | (dirBits & ~PRSFS_ADMINISTER); |
---|
623 | 0618 |
---|
624 | 0619 /* for files, throw in R and W if have I and A (owner). This makes |
---|
625 | 0620 * insert-only dirs work properly */ |
---|
626 | 0621 if (vType(avc) != VDIR |
---|
627 | 0622 && (fileBits & (PRSFS_ADMINISTER | PRSFS_INSERT)) == |
---|
628 | 0623 (PRSFS_ADMINISTER | PRSFS_INSERT)) |
---|
629 | 0624 fileBits |= (PRSFS_READ | PRSFS_WRITE); |
---|
630 | 0625 |
---|
631 | 0626 if (check_mode_bits & CHECK_MODE_BITS) { |
---|
632 | 0627 /* owner mode bits are further restrictions on the access mode |
---|
633 | 0628 * The mode bits are mapped to protection bits through the |
---|
634 | 0629 * fileModeMap. If CMB_ALLOW_EXEC_AS_READ is set, it's from the |
---|
635 | 0630 * NFS translator and we don't know if it's a read or execute |
---|
636 | 0631 * on the NFS client, but both need to read the data. |
---|
637 | 0632 */ |
---|
638 | 0633 mask = (avc->m.Mode & 0700) >> 6; /* file restrictions to use */ |
---|
639 | 0634 fileBits &= ~fileModeMap[mask]; |
---|
640 | 0635 if (check_mode_bits & CMB_ALLOW_EXEC_AS_READ) { |
---|
641 | 0636 if (avc->m.Mode & 0100) |
---|
642 | 0637 fileBits |= PRSFS_READ; |
---|
643 | 0638 } |
---|
644 | 0639 } |
---|
645 | 0640 + |
---|
646 | 0641 + if ( !(areq->realuid == avc->fid.Fid.Volume) && |
---|
647 | 0642 + !((avc->anyAccess | arights) == avc->anyAccess) && |
---|
648 | 0643 + !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) && |
---|
649 | 0644 + !(areq->realuid == AFSAGENT_UID) && |
---|
650 | 0645 + !(arights == PRSFS_READ && avc->m.Mode == 33279)) { |
---|
651 | 0646 + return 0; |
---|
652 | 0647 + } |
---|
653 | 0648 + |
---|
654 | 0649 return ((fileBits & arights) == arights); /* true if all rights bits are on */ |
---|
655 | 0650 } |
---|
656 | 0651 } |
---|
657 | 0652 |
---|
658 | 0653 |
---|
659 | 0654 #if defined(AFS_SUN5_ENV) || (defined(AFS_SGI_ENV) && !defined(AFS_SGI65_ENV)) |
---|
660 | 0655 int |
---|
661 | 0656 afs_access(OSI_VC_DECL(avc), register afs_int32 amode, int flags, |
---|
662 | 0657 struct AFS_UCRED *acred) |
---|
663 | 0658 #else |
---|
664 | 0659 int |
---|
665 | 0660 afs_access(OSI_VC_DECL(avc), register afs_int32 amode, |
---|
666 | 0661 struct AFS_UCRED *acred) |
---|
667 | 0662 #endif |
---|
668 | 0663 { |
---|
669 | 0664 register afs_int32 code; |
---|
670 | 0665 struct vrequest treq; |
---|
671 | 0666 struct afs_fakestat_state fakestate; |
---|
672 | 0667 OSI_VC_CONVERT(avc); |
---|
673 | 0668 |
---|
674 | 0669 AFS_STATCNT(afs_access); |
---|
675 | 0670 + amode = amode & ~VEXEC; |
---|
676 | 0671 afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc, |
---|
677 | 0672 ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET, |
---|
678 | 0673 ICL_HANDLE_OFFSET(avc->m.Length)); |
---|
679 | 0674 afs_InitFakeStat(&fakestate); |
---|
680 | 0675 if ((code = afs_InitReq(&treq, acred))) |
---|
681 | 0676 return code; |
---|
682 | 0677 |
---|
683 | 0678 code = afs_EvalFakeStat(&avc, &fakestate, &treq); |
---|
684 | 0679 if (code) { |
---|
685 | 0680 afs_PutFakeStat(&fakestate); |
---|
686 | 0681 return code; |
---|
687 | 0682 } |
---|
688 | 0683 |
---|
689 | 0684 code = afs_VerifyVCache(avc, &treq); |
---|
690 | 0685 if (code) { |
---|
691 | 0686 afs_PutFakeStat(&fakestate); |
---|
692 | 0687 code = afs_CheckCode(code, &treq, 16); |
---|
693 | 0688 return code; |
---|
694 | 0689 } |
---|
695 | 0690 |
---|
696 | 0691 /* if we're looking for write access and we have a read-only file system, report it */ |
---|
697 | 0692 if ((amode & VWRITE) && (avc->states & CRO)) { |
---|
698 | 0693 afs_PutFakeStat(&fakestate); |
---|
699 | 0694 return EROFS; |
---|
700 | 0695 } |
---|
701 | 0696 code = 1; /* Default from here on in is access ok. */ |
---|
702 | 0697 if (avc->states & CForeign) { |
---|
703 | 0698 /* In the dfs xlator the EXEC bit is mapped to LOOKUP */ |
---|
704 | 0699 if (amode & VEXEC) |
---|
705 | 0700 code = afs_AccessOK(avc, PRSFS_LOOKUP, &treq, CHECK_MODE_BITS); |
---|
706 | 0701 if (code && (amode & VWRITE)) { |
---|
707 | 0702 code = afs_AccessOK(avc, PRSFS_WRITE, &treq, CHECK_MODE_BITS); |
---|
708 | 0703 if (code && (vType(avc) == VDIR)) { |
---|
709 | 0704 if (code) |
---|
710 | 0705 code = |
---|
711 | 0706 afs_AccessOK(avc, PRSFS_INSERT, &treq, |
---|
712 | 0707 CHECK_MODE_BITS); |
---|
713 | 0708 if (!code) |
---|
714 | 0709 code = |
---|
715 | 0710 afs_AccessOK(avc, PRSFS_DELETE, &treq, |
---|
716 | 0711 CHECK_MODE_BITS); |
---|
717 | 0712 } |
---|
718 | 0713 } |
---|
719 | 0714 if (code && (amode & VREAD)) |
---|
720 | 0715 code = afs_AccessOK(avc, PRSFS_READ, &treq, CHECK_MODE_BITS); |
---|
721 | 0716 } else { |
---|
722 | 0717 if (vType(avc) == VDIR) { |
---|
723 | 0718 if (amode & VEXEC) |
---|
724 | 0719 code = |
---|
725 | 0720 afs_AccessOK(avc, PRSFS_LOOKUP, &treq, CHECK_MODE_BITS); |
---|
726 | 0721 if (code && (amode & VWRITE)) { |
---|
727 | 0722 code = |
---|
728 | 0723 afs_AccessOK(avc, PRSFS_INSERT, &treq, CHECK_MODE_BITS); |
---|
729 | 0724 if (!code) |
---|
730 | 0725 code = |
---|
731 | 0726 afs_AccessOK(avc, PRSFS_DELETE, &treq, |
---|
732 | 0727 CHECK_MODE_BITS); |
---|
733 | 0728 } |
---|
734 | 0729 if (code && (amode & VREAD)) |
---|
735 | 0730 code = |
---|
736 | 0731 afs_AccessOK(avc, PRSFS_LOOKUP, &treq, CHECK_MODE_BITS); |
---|
737 | 0732 } else { |
---|
738 | 0733 if (amode & VEXEC) { |
---|
739 | 0734 code = afs_AccessOK(avc, PRSFS_READ, &treq, CHECK_MODE_BITS); |
---|
740 | 0735 if (code) { |
---|
741 | 0736 #ifdef AFS_OSF_ENV |
---|
742 | 0737 /* |
---|
743 | 0738 * The nfs server in read operations for non-owner of a file |
---|
744 | 0739 * will also check the access with the VEXEC (along with VREAD) |
---|
745 | 0740 * because for them exec is the same as read over the net because of |
---|
746 | 0741 * demand loading. But this means if the mode bit is '-rw' the call |
---|
747 | 0742 * will fail below; so for this particular case where both modes are |
---|
748 | 0743 * specified (only in rfs_read so far) and from the xlator requests |
---|
749 | 0744 * we return succes. |
---|
750 | 0745 */ |
---|
751 | 0746 if (!((amode & VREAD) && AFS_NFSXLATORREQ(acred))) |
---|
752 | 0747 #endif |
---|
753 | 0748 if ((avc->m.Mode & 0100) == 0) |
---|
754 | 0749 code = 0; |
---|
755 | 0750 } else if (avc->m.Mode & 0100) |
---|
756 | 0751 code = 1; |
---|
757 | 0752 } |
---|
758 | 0753 if (code && (amode & VWRITE)) { |
---|
759 | 0754 code = afs_AccessOK(avc, PRSFS_WRITE, &treq, CHECK_MODE_BITS); |
---|
760 | 0755 |
---|
761 | 0756 /* The above call fails when the NFS translator tries to copy |
---|
762 | 0757 ** a file with r--r--r-- permissions into a directory which |
---|
763 | 0758 ** has system:anyuser acl. This is because the destination file |
---|
764 | 0759 ** file is first created with r--r--r-- permissions through an |
---|
765 | 0760 ** unauthenticated connectin. hence, the above afs_AccessOK |
---|
766 | 0761 ** call returns failure. hence, we retry without any file |
---|
767 | 0762 ** mode bit checking */ |
---|
768 | 0763 if (!code && AFS_NFSXLATORREQ(acred) |
---|
769 | 0764 && avc->m.Owner == ANONYMOUSID) |
---|
770 | 0765 code = |
---|
771 | 0766 afs_AccessOK(avc, PRSFS_WRITE, &treq, |
---|
772 | 0767 DONT_CHECK_MODE_BITS); |
---|
773 | 0768 } |
---|
774 | 0769 if (code && (amode & VREAD)) |
---|
775 | 0770 code = afs_AccessOK(avc, PRSFS_READ, &treq, CHECK_MODE_BITS); |
---|
776 | 0771 } |
---|
777 | 0772 } |
---|
778 | 0773 afs_PutFakeStat(&fakestate); |
---|
779 | 0774 if (code) { |
---|
780 | 0775 return 0; /* if access is ok */ |
---|
781 | 0776 } else { |
---|
782 | 0777 code = afs_CheckCode(EACCES, &treq, 17); /* failure code */ |
---|
783 | 0778 return code; |
---|
784 | 0779 } |
---|
785 | 0780 } |
---|
786 | 0781 |
---|
787 | 0782 #if defined(UKERNEL) && defined(AFS_WEB_ENHANCEMENTS) |
---|
788 | 0783 /* |
---|
789 | 0784 * afs_getRights |
---|
790 | 0785 * This function is just an interface to afs_GetAccessBits |
---|
791 | 0786 */ |
---|
792 | 0787 int |
---|
793 | 0788 afs_getRights(OSI_VC_DECL(avc), register afs_int32 arights, |
---|
794 | 0789 struct AFS_UCRED *acred) |
---|
795 | 0790 { |
---|
796 | 0791 register afs_int32 code; |
---|
797 | 0792 struct vrequest treq; |
---|
798 | 0793 OSI_VC_CONVERT(avc); |
---|
799 | 0794 |
---|
800 | 0795 if (code = afs_InitReq(&treq, acred)) |
---|
801 | 0796 return code; |
---|
802 | 0797 |
---|
803 | 0798 |
---|
804 | 0799 |
---|
805 | 0800 code = afs_VerifyVCache(avc, &treq); |
---|
806 | 0801 if (code) { |
---|
807 | 0802 code = afs_CheckCode(code, &treq, 16); |
---|
808 | 0803 return code; |
---|
809 | 0804 } |
---|
810 | 0805 |
---|
811 | 0806 return afs_GetAccessBits(avc, arights, &treq); |
---|
812 | 0807 } |
---|
813 | 0808 #endif /* defined(UKERNEL) && defined(AFS_WEB_ENHANCEMENTS) */ |
---|
814 | 0809 diff -U1000 -r orig-1.4.1/src/afs/VNOPS/afs_vnop_attrs.c scripts-1.4.1/src/afs/VNOPS/afs_vnop_attrs.c |
---|
815 | 0810 --- orig-1.4.1/src/afs/VNOPS/afs_vnop_attrs.c 2005-10-23 02:31:23.000000000 -0400 |
---|
816 | 0811 +++ scripts-1.4.1/src/afs/VNOPS/afs_vnop_attrs.c 2006-10-02 17:35:12.000000000 -0400 |
---|
817 | 0812 @@ -1,580 +1,581 @@ |
---|
818 | 0813 /* |
---|
819 | 0814 * Copyright 2000, International Business Machines Corporation and others. |
---|
820 | 0815 * All Rights Reserved. |
---|
821 | 0816 * |
---|
822 | 0817 * This software has been released under the terms of the IBM Public |
---|
823 | 0818 * License. For details, see the LICENSE file in the top-level source |
---|
824 | 0819 * directory or online at http://www.openafs.org/dl/license10.html |
---|
825 | 0820 * |
---|
826 | 0821 * Portions Copyright (c) 2003 Apple Computer, Inc. |
---|
827 | 0822 */ |
---|
828 | 0823 |
---|
829 | 0824 /* |
---|
830 | 0825 * afs_vnop_attrs.c - setattr and getattr vnodeops |
---|
831 | 0826 * |
---|
832 | 0827 * Implements: |
---|
833 | 0828 * afs_CopyOutAttrs |
---|
834 | 0829 * afs_getattr |
---|
835 | 0830 * afs_VAttrToAS |
---|
836 | 0831 * afs_setattr |
---|
837 | 0832 * |
---|
838 | 0833 */ |
---|
839 | 0834 |
---|
840 | 0835 #include <afsconfig.h> |
---|
841 | 0836 #include "afs/param.h" |
---|
842 | 0837 |
---|
843 | 0838 RCSID |
---|
844 | 0839 ("$Header: /cvs/openafs/src/afs/VNOPS/afs_vnop_attrs.c,v 1.27.2.10 2005/10/23 06:31:23 shadow Exp $"); |
---|
845 | 0840 |
---|
846 | 0841 #include "afs/sysincludes.h" /* Standard vendor system headers */ |
---|
847 | 0842 #include "afsincludes.h" /* Afs-based standard headers */ |
---|
848 | 0843 #include "afs/afs_stats.h" /* statistics */ |
---|
849 | 0844 #include "afs/afs_cbqueue.h" |
---|
850 | 0845 #include "afs/nfsclient.h" |
---|
851 | 0846 #include "afs/afs_osidnlc.h" |
---|
852 | 0847 |
---|
853 | 0848 |
---|
854 | 0849 |
---|
855 | 0850 extern afs_rwlock_t afs_xcbhash; |
---|
856 | 0851 struct afs_exporter *afs_nfsexporter; |
---|
857 | 0852 extern struct vcache *afs_globalVp; |
---|
858 | 0853 #if defined(AFS_HPUX110_ENV) |
---|
859 | 0854 extern struct vfs *afs_globalVFS; |
---|
860 | 0855 #endif |
---|
861 | 0856 |
---|
862 | 0857 /* copy out attributes from cache entry */ |
---|
863 | 0858 int |
---|
864 | 0859 afs_CopyOutAttrs(register struct vcache *avc, register struct vattr *attrs) |
---|
865 | 0860 { |
---|
866 | 0861 register struct volume *tvp; |
---|
867 | 0862 register struct cell *tcell; |
---|
868 | 0863 int fakedir = 0; |
---|
869 | 0864 |
---|
870 | 0865 AFS_STATCNT(afs_CopyOutAttrs); |
---|
871 | 0866 if (afs_fakestat_enable && avc->mvstat == 1) |
---|
872 | 0867 fakedir = 1; |
---|
873 | 0868 attrs->va_type = fakedir ? VDIR : vType(avc); |
---|
874 | 0869 #if defined(AFS_SGI_ENV) || defined(AFS_AIX32_ENV) || defined(AFS_SUN5_ENV) |
---|
875 | 0870 attrs->va_mode = fakedir ? 0755 : (mode_t) (avc->m.Mode & 0xffff); |
---|
876 | 0871 #else |
---|
877 | 0872 attrs->va_mode = fakedir ? VDIR | 0755 : avc->m.Mode; |
---|
878 | 0873 #endif |
---|
879 | 0874 |
---|
880 | 0875 if (avc->m.Mode & (VSUID | VSGID)) { |
---|
881 | 0876 /* setuid or setgid, make sure we're allowed to run them from this cell */ |
---|
882 | 0877 tcell = afs_GetCell(avc->fid.Cell, 0); |
---|
883 | 0878 if (tcell && (tcell->states & CNoSUID)) |
---|
884 | 0879 attrs->va_mode &= ~(VSUID | VSGID); |
---|
885 | 0880 } |
---|
886 | 0881 #if defined(AFS_DARWIN_ENV) |
---|
887 | 0882 { |
---|
888 | 0883 extern u_int32_t afs_darwin_realmodes; |
---|
889 | 0884 if (!afs_darwin_realmodes) { |
---|
890 | 0885 /* Mac OS X uses the mode bits to determine whether a file or |
---|
891 | 0886 * directory is accessible, and believes them, even though under |
---|
892 | 0887 * AFS they're almost assuredly wrong, especially if the local uid |
---|
893 | 0888 * does not match the AFS ID. So we set the mode bits |
---|
894 | 0889 * conservatively. |
---|
895 | 0890 */ |
---|
896 | 0891 if (S_ISDIR(attrs->va_mode)) { |
---|
897 | 0892 /* all access bits need to be set for directories, since even |
---|
898 | 0893 * a mode 0 directory can still be used normally. |
---|
899 | 0894 */ |
---|
900 | 0895 attrs->va_mode |= ACCESSPERMS; |
---|
901 | 0896 } else { |
---|
902 | 0897 /* for other files, replicate the user bits to group and other */ |
---|
903 | 0898 mode_t ubits = (attrs->va_mode & S_IRWXU) >> 6; |
---|
904 | 0899 attrs->va_mode |= ubits | (ubits << 3); |
---|
905 | 0900 } |
---|
906 | 0901 } |
---|
907 | 0902 } |
---|
908 | 0903 #endif /* AFS_DARWIN_ENV */ |
---|
909 | 0904 - attrs->va_uid = fakedir ? 0 : avc->m.Owner; |
---|
910 | 0905 - attrs->va_gid = fakedir ? 0 : avc->m.Group; /* yeah! */ |
---|
911 | 0906 + attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume; |
---|
912 | 0907 + attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner); |
---|
913 | 0908 #if defined(AFS_SUN56_ENV) |
---|
914 | 0909 attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0]; |
---|
915 | 0910 #elif defined(AFS_OSF_ENV) |
---|
916 | 0911 attrs->va_fsid = avc->v.v_mount->m_stat.f_fsid.val[0]; |
---|
917 | 0912 #elif defined(AFS_DARWIN80_ENV) |
---|
918 | 0913 VATTR_RETURN(attrs, va_fsid, vfs_statfs(vnode_mount(AFSTOV(avc)))->f_fsid.val[0]); |
---|
919 | 0914 #elif defined(AFS_DARWIN70_ENV) |
---|
920 | 0915 attrs->va_fsid = avc->v->v_mount->mnt_stat.f_fsid.val[0]; |
---|
921 | 0916 #else /* ! AFS_DARWIN70_ENV */ |
---|
922 | 0917 attrs->va_fsid = 1; |
---|
923 | 0918 #endif |
---|
924 | 0919 if (avc->mvstat == 2) { |
---|
925 | 0920 tvp = afs_GetVolume(&avc->fid, 0, READ_LOCK); |
---|
926 | 0921 /* The mount point's vnode. */ |
---|
927 | 0922 if (tvp) { |
---|
928 | 0923 attrs->va_nodeid = |
---|
929 | 0924 tvp->mtpoint.Fid.Vnode + (tvp->mtpoint.Fid.Volume << 16); |
---|
930 | 0925 if (FidCmp(&afs_rootFid, &avc->fid) && !attrs->va_nodeid) |
---|
931 | 0926 attrs->va_nodeid = 2; |
---|
932 | 0927 afs_PutVolume(tvp, READ_LOCK); |
---|
933 | 0928 } else |
---|
934 | 0929 attrs->va_nodeid = 2; |
---|
935 | 0930 } else |
---|
936 | 0931 attrs->va_nodeid = avc->fid.Fid.Vnode + (avc->fid.Fid.Volume << 16); |
---|
937 | 0932 attrs->va_nodeid &= 0x7fffffff; /* Saber C hates negative inode #s! */ |
---|
938 | 0933 attrs->va_nlink = fakedir ? 100 : avc->m.LinkCount; |
---|
939 | 0934 attrs->va_size = fakedir ? 4096 : avc->m.Length; |
---|
940 | 0935 attrs->va_atime.tv_sec = attrs->va_mtime.tv_sec = attrs->va_ctime.tv_sec = |
---|
941 | 0936 fakedir ? 0 : (int)avc->m.Date; |
---|
942 | 0937 /* set microseconds to be dataversion # so that we approximate NFS-style |
---|
943 | 0938 * use of mtime as a dataversion #. We take it mod 512K because |
---|
944 | 0939 * microseconds *must* be less than a million, and 512K is the biggest |
---|
945 | 0940 * power of 2 less than such. DataVersions are typically pretty small |
---|
946 | 0941 * anyway, so the difference between 512K and 1000000 shouldn't matter |
---|
947 | 0942 * much, and "&" is a lot faster than "%". |
---|
948 | 0943 */ |
---|
949 | 0944 #if defined(AFS_DARWIN_ENV) || defined(AFS_FBSD_ENV) |
---|
950 | 0945 /* nfs on these systems puts an 0 in nsec and stores the nfs usec (aka |
---|
951 | 0946 * dataversion) in va_gen */ |
---|
952 | 0947 |
---|
953 | 0948 |
---|
954 | 0949 |
---|
955 | 0950 attrs->va_atime.tv_nsec = attrs->va_mtime.tv_nsec = |
---|
956 | 0951 attrs->va_ctime.tv_nsec = 0; |
---|
957 | 0952 attrs->va_gen = hgetlo(avc->m.DataVersion); |
---|
958 | 0953 #elif defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_AIX41_ENV) || defined(AFS_OBSD_ENV) |
---|
959 | 0954 attrs->va_atime.tv_nsec = attrs->va_mtime.tv_nsec = |
---|
960 | 0955 attrs->va_ctime.tv_nsec = |
---|
961 | 0956 (hgetlo(avc->m.DataVersion) & 0x7ffff) * 1000; |
---|
962 | 0957 #else |
---|
963 | 0958 attrs->va_atime.tv_usec = attrs->va_mtime.tv_usec = |
---|
964 | 0959 attrs->va_ctime.tv_usec = (hgetlo(avc->m.DataVersion) & 0x7ffff); |
---|
965 | 0960 #endif |
---|
966 | 0961 #if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV) || defined(AFS_OSF_ENV) |
---|
967 | 0962 attrs->va_flags = 0; |
---|
968 | 0963 #endif |
---|
969 | 0964 #if defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) |
---|
970 | 0965 attrs->va_blksize = PAGESIZE; /* XXX Was 8192 XXX */ |
---|
971 | 0966 #else |
---|
972 | 0967 attrs->va_blocksize = PAGESIZE; /* XXX Was 8192 XXX */ |
---|
973 | 0968 #endif |
---|
974 | 0969 attrs->va_rdev = 1; |
---|
975 | 0970 #if defined(AFS_HPUX110_ENV) |
---|
976 | 0971 if (afs_globalVFS) |
---|
977 | 0972 attrs->va_fstype = afs_globalVFS->vfs_mtype; |
---|
978 | 0973 #endif |
---|
979 | 0974 |
---|
980 | 0975 /* |
---|
981 | 0976 * Below return 0 (and not 1) blocks if the file is zero length. This conforms |
---|
982 | 0977 * better with the other filesystems that do return 0. |
---|
983 | 0978 */ |
---|
984 | 0979 #if defined(AFS_OSF_ENV) || defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV) |
---|
985 | 0980 attrs->va_bytes = (attrs->va_size ? (attrs->va_size + 1023) : 1024); |
---|
986 | 0981 #ifdef va_bytes_rsv |
---|
987 | 0982 attrs->va_bytes_rsv = -1; |
---|
988 | 0983 #endif |
---|
989 | 0984 #elif defined(AFS_HPUX_ENV) |
---|
990 | 0985 attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10) : 0); |
---|
991 | 0986 #elif defined(AFS_SGI_ENV) |
---|
992 | 0987 attrs->va_blocks = BTOBB(attrs->va_size); |
---|
993 | 0988 #elif defined(AFS_SUN5_ENV) |
---|
994 | 0989 attrs->va_nblocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0); |
---|
995 | 0990 #else /* everything else */ |
---|
996 | 0991 attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0); |
---|
997 | 0992 #endif |
---|
998 | 0993 + attrs->va_mode |= 0100; |
---|
999 | 0994 return 0; |
---|
1000 | 0995 } |
---|
1001 | 0996 diff -U1000 -r orig-1.4.1/src/afs/afs_analyze.c scripts-1.4.1/src/afs/afs_analyze.c |
---|
1002 | 0997 --- orig-1.4.1/src/afs/afs_analyze.c 2003-08-27 17:43:16.000000000 -0400 |
---|
1003 | 0998 +++ scripts-1.4.1/src/afs/afs_analyze.c 2006-10-02 17:35:12.000000000 -0400 |
---|
1004 | 0999 /*------------------------------------------------------------------------ |
---|
1005 | 1000 * EXPORTED afs_Analyze |
---|
1006 | 1001 * |
---|
1007 | 1002 * Description: |
---|
1008 | 1003 * Analyze the outcome of an RPC operation, taking whatever support |
---|
1009 | 1004 * actions are necessary. |
---|
1010 | 1005 * |
---|
1011 | 1006 * Arguments: |
---|
1012 | 1007 * aconn : Ptr to the relevant connection on which the call was made. |
---|
1013 | 1008 * acode : The return code experienced by the RPC. |
---|
1014 | 1009 * afid : The FID of the file involved in the action. This argument |
---|
1015 | 1010 * may be null if none was involved. |
---|
1016 | 1011 * areq : The request record associated with this operation. |
---|
1017 | 1012 * op : which RPC we are analyzing. |
---|
1018 | 1013 * cellp : pointer to a cell struct. Must provide either fid or cell. |
---|
1019 | 1014 * |
---|
1020 | 1015 * Returns: |
---|
1021 | 1016 * Non-zero value if the related RPC operation should be retried, |
---|
1022 | 1017 * zero otherwise. |
---|
1023 | 1018 * |
---|
1024 | 1019 * Environment: |
---|
1025 | 1020 * This routine is typically called in a do-while loop, causing the |
---|
1026 | 1021 * embedded RPC operation to be called repeatedly if appropriate |
---|
1027 | 1022 * until whatever error condition (if any) is intolerable. |
---|
1028 | 1023 * |
---|
1029 | 1024 * Side Effects: |
---|
1030 | 1025 * As advertised. |
---|
1031 | 1026 * |
---|
1032 | 1027 * NOTE: |
---|
1033 | 1028 * The retry return value is used by afs_StoreAllSegments to determine |
---|
1034 | 1029 * if this is a temporary or permanent error. |
---|
1035 | 1030 *------------------------------------------------------------------------*/ |
---|
1036 | 1031 int |
---|
1037 | 1032 afs_Analyze(register struct conn *aconn, afs_int32 acode, |
---|
1038 | 1033 struct VenusFid *afid, register struct vrequest *areq, int op, |
---|
1039 | 1034 afs_int32 locktype, struct cell *cellp) |
---|
1040 | 1035 { |
---|
1041 | 1036 afs_int32 i; |
---|
1042 | 1037 struct srvAddr *sa; |
---|
1043 | 1038 struct server *tsp; |
---|
1044 | 1039 struct volume *tvp; |
---|
1045 | 1040 afs_int32 shouldRetry = 0; |
---|
1046 | 1041 struct afs_stats_RPCErrors *aerrP; |
---|
1047 | 1042 |
---|
1048 | 1043 AFS_STATCNT(afs_Analyze); |
---|
1049 | 1044 afs_Trace4(afs_iclSetp, CM_TRACE_ANALYZE, ICL_TYPE_INT32, op, |
---|
1050 | 1045 ICL_TYPE_POINTER, aconn, ICL_TYPE_INT32, acode, ICL_TYPE_LONG, |
---|
1051 | 1046 areq->uid); |
---|
1052 | 1047 |
---|
1053 | 1048 aerrP = (struct afs_stats_RPCErrors *)0; |
---|
1054 | 1049 |
---|
1055 | 1050 if ((op >= 0) && (op < AFS_STATS_NUM_FS_RPC_OPS)) |
---|
1056 | 1051 aerrP = &(afs_stats_cmfullperf.rpc.fsRPCErrors[op]); |
---|
1057 | 1052 |
---|
1058 | 1053 afs_FinalizeReq(areq); |
---|
1059 | 1054 if (!aconn && areq->busyCount) { /* one RPC or more got VBUSY/VRESTARTING */ |
---|
1060 | 1055 |
---|
1061 | 1056 tvp = afs_FindVolume(afid, READ_LOCK); |
---|
1062 | 1057 if (tvp) { |
---|
1063 | 1058 afs_warnuser("afs: Waiting for busy volume %u (%s) in cell %s\n", |
---|
1064 | 1059 (afid ? afid->Fid.Volume : 0), |
---|
1065 | 1060 (tvp->name ? tvp->name : ""), |
---|
1066 | 1061 ((tvp->serverHost[0] |
---|
1067 | 1062 && tvp->serverHost[0]->cell) ? tvp->serverHost[0]-> |
---|
1068 | 1063 cell->cellName : "")); |
---|
1069 | 1064 |
---|
1070 | 1065 for (i = 0; i < MAXHOSTS; i++) { |
---|
1071 | 1066 if (tvp->status[i] != not_busy && tvp->status[i] != offline) { |
---|
1072 | 1067 tvp->status[i] = not_busy; |
---|
1073 | 1068 } |
---|
1074 | 1069 if (tvp->status[i] == not_busy) |
---|
1075 | 1070 shouldRetry = 1; |
---|
1076 | 1071 } |
---|
1077 | 1072 afs_PutVolume(tvp, READ_LOCK); |
---|
1078 | 1073 } else { |
---|
1079 | 1074 afs_warnuser("afs: Waiting for busy volume %u\n", |
---|
1080 | 1075 (afid ? afid->Fid.Volume : 0)); |
---|
1081 | 1076 } |
---|
1082 | 1077 |
---|
1083 | 1078 - if (areq->busyCount > 100) { |
---|
1084 | 1079 + if (1) { |
---|
1085 | 1080 if (aerrP) |
---|
1086 | 1081 (aerrP->err_Volume)++; |
---|
1087 | 1082 areq->volumeError = VOLBUSY; |
---|
1088 | 1083 shouldRetry = 0; |
---|
1089 | 1084 } else { |
---|
1090 | 1085 VSleep(afs_BusyWaitPeriod); /* poll periodically */ |
---|
1091 | 1086 } |
---|
1092 | 1087 if (shouldRetry != 0) |
---|
1093 | 1088 areq->busyCount++; |
---|
1094 | 1089 |
---|
1095 | 1090 return shouldRetry; /* should retry */ |
---|
1096 | 1091 } |
---|