Ignore:
Timestamp:
Jun 20, 2011, 7:07:43 PM (11 years ago)
Author:
achernya
Message:
Update OpenAFS from 1.4.14 to 1.6.0pre6

kaduk finished porting the openafs-scripts patch to 1.6.0, which was
then lightly modified be me to get it to compile -- mostly fixing
typos.

The openafs.spec.patch was also fixed, including another chmod +x hack
on some libraries to get rpm to properly process them for Provides
directives.  Interestingly, these libraries had the correct mode in
1.4.14.

The patches that were added to get 1.4.14 to compile have also been
removed, as 1.6.0pre6 compiles on kernel 2.6.38 unmodified.

openafs-numsysnames is getting removed because 32 is now the default.

openafs-localcsdb is getting removed because the change was included
in kaduk's patchset.

Location:
branches/fc15-dev/server/common/patches
Files:
11 deleted
1 edited

Legend:

Unmodified
Added
Removed
  • branches/fc15-dev/server/common/patches/openafs-scripts.patch

    r1693 r1913  
    44# and Anders Kaseorg <andersk@mit.edu>
    55# and Edward Z. Yang <ezyang@mit.edu>
     6# and Benjamin Kaduk <kaduk@mit.edu>
     7# and Alexander Chernyakhovsky <achernya@mit.edu>
    68#
    79# This file is available under both the MIT license and the GPL.
     
    4345# See /COPYRIGHT in this repository for more information.
    4446#
    45 diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c
    46 --- openafs-1.4/src/afs/afs_analyze.c
    47 +++ openafs-1.4+scripts/src/afs/afs_analyze.c
    48 @@ -585,7 +585,7 @@
    49                          (afid ? afid->Fid.Volume : 0));
    50         }
    51  
    52 -       if (areq->busyCount > 100) {
    53 +       if (1) {
    54             if (aerrP)
    55                 (aerrP->err_Volume)++;
    56             areq->volumeError = VOLBUSY;
    57 diff -ur openafs-1.4/src/afs/LINUX/osi_vnodeops.c openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
    58 --- openafs-1.4/src/afs/LINUX/osi_vnodeops.c
    59 +++ openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
    60 @@ -896,6 +896,28 @@
     47diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c
     48index 7c7705e..0d0e94f 100644
     49--- a/src/afs/LINUX/osi_vnodeops.c
     50+++ b/src/afs/LINUX/osi_vnodeops.c
     51@@ -904,6 +904,28 @@ afs_linux_dentry_revalidate(struct dentry *dp, int flags)
    6152        /* should we always update the attributes at this point? */
    6253        /* unlikely--the vcache entry hasn't changed */
    6354 
    6455+       /* [scripts] This code makes hardlinks work correctly.
    65 +        *
    66 +        * We want Apache to be able to read a file with hardlinks
    67 +        * named .htaccess and foo to be able to read it via .htaccess
    68 +        * and not via foo, regardless of which name was looked up
    69 +        * (remember, inodes do not have filenames associated with them.)
    70 +        *
    71 +        * It is important that we modify the existing cache entry even
    72 +        * if it is otherwise totally valid and would not be reloaded.
    73 +        * Otherwise, it won't recover from repeatedly reading the same
    74 +        * inode via multiple hardlinks or different names.  Specifically,
    75 +        * Apache will be able to read both names if it was first looked
    76 +        * up (by anyone!) via .htaccess, and neither if it was first
    77 +        * looked up via foo.
    78 +        *
    79 +        * With regards to performance, the strncmp() is bounded by
    80 +        * three characters, so it takes O(3) operations.  If this code
    81 +        * is extended to all static-cat extensions, we'll want to do
    82 +        * some clever hashing using gperf here.
    83 +        */
     56+       *
     57+       * We want Apache to be able to read a file with hardlinks
     58+       * named .htaccess and foo to be able to read it via .htaccess
     59+       * and not via foo, regardless of which name was looked up
     60+       * (remember, inodes do not have filenames associated with them.)
     61+       *
     62+       * It is important that we modify the existing cache entry even
     63+       * if it is otherwise totally valid and would not be reloaded.
     64+       * Otherwise, it won't recover from repeatedly reading the same
     65+       * inode via multiple hardlinks or different names.  Specifically,
     66+       * Apache will be able to read both names if it was first looked
     67+       * up (by anyone!) via .htaccess, and neither if it was first
     68+       * looked up via foo.
     69+       *
     70+       * With regards to performance, the strncmp() is bounded by
     71+       * three characters, so it takes O(3) operations.  If this code
     72+       * is extended to all static-cat extensions, we'll want to do
     73+       * some clever hashing using gperf here.
     74+       */
    8475+       vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0;
    8576+
     77        dput(parent);
    8678     } else {
    8779 #ifdef notyet
    88         pvcp = VTOAFS(dp->d_parent->d_inode);           /* dget_parent()? */
    89 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
    90 --- openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c
    91 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
    92 @@ -1572,6 +1572,12 @@
     80diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c
     81index eabcfeb..6390850 100644
     82--- a/src/afs/VNOPS/afs_vnop_access.c
     83+++ b/src/afs/VNOPS/afs_vnop_access.c
     84@@ -130,6 +130,15 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq,
     85            dirBits = PRSFS_LOOKUP | PRSFS_READ;
     86            return (arights == (dirBits & arights));
     87        }
     88+       if ( areq->uid == globalpag &&
     89+           !(areq->realuid == avc->f.fid.Fid.Volume) &&
     90+           !((avc->f.anyAccess | arights) == avc->f.anyAccess) &&
     91+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
     92+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     93+           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     94+           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     95+           return 0;
     96+       }
     97        return (arights == afs_GetAccessBits(avc, arights, areq));
     98     } else {
     99        /* some rights come from dir and some from file.  Specifically, you
     100@@ -183,6 +192,19 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq,
     101                    fileBits |= PRSFS_READ;
     102            }
     103        }
     104+
     105+       if ( areq->uid == globalpag &&
     106+           !(areq->realuid == avc->f.fid.Fid.Volume) &&
     107+           !((avc->f.anyAccess | arights) == avc->f.anyAccess) &&
     108+           !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
     109+           !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
     110+           !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
     111+               (avc->f.m.Mode == 0100777 || avc->apache_access)) &&
     112+           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     113+           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     114+           return 0;
     115+       }
     116+
     117        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
     118     }
     119 }
     120diff --git a/src/afs/VNOPS/afs_vnop_attrs.c b/src/afs/VNOPS/afs_vnop_attrs.c
     121index b3931e5..71ef05c 100644
     122--- a/src/afs/VNOPS/afs_vnop_attrs.c
     123+++ b/src/afs/VNOPS/afs_vnop_attrs.c
     124@@ -88,8 +88,8 @@ afs_CopyOutAttrs(struct vcache *avc, struct vattr *attrs)
     125        }
     126     }
     127 #endif /* AFS_DARWIN_ENV */
     128-    attrs->va_uid = fakedir ? 0 : avc->f.m.Owner;
     129-    attrs->va_gid = fakedir ? 0 : avc->f.m.Group;      /* yeah! */
     130+    attrs->va_uid = fakedir ? 0 : avc->f.fid.Fid.Volume;
     131+    attrs->va_gid = (avc->f.m.Owner == DAEMON_SCRIPTS_PTSID ? avc->f.m.Group : avc->f.m.Owner);
     132 #if defined(AFS_SUN56_ENV)
     133     attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
     134 #elif defined(AFS_DARWIN80_ENV)
     135diff --git a/src/afs/VNOPS/afs_vnop_lookup.c b/src/afs/VNOPS/afs_vnop_lookup.c
     136index 8e7af1c..7e984e9 100644
     137--- a/src/afs/VNOPS/afs_vnop_lookup.c
     138+++ b/src/afs/VNOPS/afs_vnop_lookup.c
     139@@ -1877,6 +1877,12 @@ afs_lookup(OSI_VC_DECL(adp), char *aname, struct vcache **avcp, afs_ucred_t *acr
    93140     }
    94141 
    95142   done:
    96143+    if (tvc) {
    97 +       /* [scripts] check Apache's ability to read this file, so that
    98 +        * we can figure this out on an access() call */
    99 +       tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
     144+    /* [scripts] check Apache's ability to read this file, so that
     145+    * we can figure this out on an access() call */
     146+    tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
    100147+    }
    101148+
     
    103150     if (tname != aname && tname)
    104151        osi_FreeLargeSpace(tname);
    105 diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h
    106 --- openafs-1.4/src/afs/afs.h
    107 +++ openafs-1.4+scripts/src/afs/afs.h
    108 @@ -208,8 +208,16 @@
    109  #define QTOC(e)            QEntry(e, struct cell, lruq)
    110  #define QTOVH(e)    QEntry(e, struct vcache, vhashq)
     152diff --git a/src/afs/afs.h b/src/afs/afs.h
     153index fcc4c70..0d53af6 100644
     154--- a/src/afs/afs.h
     155+++ b/src/afs/afs.h
     156@@ -233,8 +233,16 @@ struct afs_slotlist {
     157     struct afs_slotlist *next;
     158 };
    111159 
    112160+#define AFSAGENT_UID (101)
     
    123171     afs_int32 flags;           /* things like O_SYNC, O_NONBLOCK go here */
    124172     char initd;                        /* if non-zero, Error fields meaningful */
    125 @@ -743,6 +751,7 @@
     173@@ -872,6 +880,7 @@ struct vcache {
    126174 #ifdef AFS_SUN5_ENV
    127175     short multiPage;           /* count of multi-page getpages in progress */
     
    131179 
    132180 #define        DONT_CHECK_MODE_BITS    0
    133 diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c
    134 --- openafs-1.4/src/afs/afs_osi_pag.c
    135 +++ openafs-1.4+scripts/src/afs/afs_osi_pag.c
    136 @@ -49,6 +49,8 @@
     181diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c
     182index 1834e6d..673a8e6 100644
     183--- a/src/afs/afs_analyze.c
     184+++ b/src/afs/afs_analyze.c
     185@@ -368,7 +368,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
     186                         (afid ? afid->Fid.Volume : 0));
     187        }
     188 
     189-       if (areq->busyCount > 100) {
     190+       if (1) {
     191            if (aerrP)
     192                (aerrP->err_Volume)++;
     193            areq->volumeError = VOLBUSY;
     194diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c
     195index c888605..ff5cf2d 100644
     196--- a/src/afs/afs_osi_pag.c
     197+++ b/src/afs/afs_osi_pag.c
     198@@ -49,6 +49,8 @@ afs_uint32 pagCounter = 0;
    137199 #endif
    138200 /* Local variables */
     
    143205  * Pags are implemented as follows: the set of groups whose long
    144206  * representation is '41XXXXXX' hex are used to represent the pags.
    145 @@ -449,6 +451,15 @@
    146         av->uid = acred->cr_ruid;       /* default when no pag is set */
     207@@ -484,6 +486,15 @@ afs_InitReq(struct vrequest *av, afs_ucred_t *acred)
     208        av->uid = afs_cr_uid(acred);    /* default when no pag is set */
    147209 #endif
    148210     }
    149211+
    150 +    av->realuid = acred->cr_ruid;
    151 +    if(!globalpag && acred->cr_ruid == AFSAGENT_UID) {
     212+    av->realuid = afs_cr_uid(acred);
     213+    if(!globalpag && av->realuid == AFSAGENT_UID) {
    152214+      globalpag = av->uid;
    153215+    }
    154 +    else if (globalpag && av->uid == acred->cr_ruid) {
     216+    else if (globalpag && av->uid == av->realuid) {
    155217+      av->uid = globalpag;
    156218+    }
     
    159221 }
    160222 
    161 diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
    162 --- openafs-1.4/src/afs/afs_pioctl.c
    163 +++ openafs-1.4+scripts/src/afs/afs_pioctl.c
    164 @@ -1221,6 +1221,10 @@
     223diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
     224index f282510..00f1360 100644
     225--- a/src/afs/afs_pioctl.c
     226+++ b/src/afs/afs_pioctl.c
     227@@ -1405,6 +1405,10 @@ DECL_PIOCTL(PSetAcl)
    165228     struct AFSFetchStatus OutStatus;
    166229     XSTATS_DECLS;
    167230 
    168231+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
    169 +      return EACCES;
     232+       return EACCES;
    170233+    }
    171234+
     
    173236     if (!avc)
    174237        return EINVAL;
    175 @@ -1441,6 +1445,10 @@
     238@@ -1790,6 +1794,10 @@ DECL_PIOCTL(PSetTokens)
    176239     struct vrequest treq;
    177240     afs_int32 flag, set_parent_pag = 0;
     
    184247     if (!afs_resourceinit_flag) {
    185248        return EIO;
    186 @@ -1800,6 +1808,10 @@
    187      afs_int32 iterator;
     249@@ -2231,6 +2239,11 @@ DECL_PIOCTL(PGetTokens)
    188250     int newStyle;
     251     int code = E2BIG;
    189252 
    190253+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID &&
    191 +       areq->realuid != 0 && areq->realuid != SIGNUP_UID)
     254+       areq->realuid != 0 && areq->realuid != SIGNUP_UID) {
    192255+       return EDOM;
     256+    }
    193257+
    194258     AFS_STATCNT(PGetTokens);
    195259     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
    196260        return EIO;             /* Inappropriate ioctl for device */
    197 @@ -1883,6 +1895,10 @@
    198      register afs_int32 i;
    199      register struct unixuser *tu;
     261@@ -2341,6 +2354,10 @@ DECL_PIOCTL(PUnlog)
     262     afs_int32 i;
     263     struct unixuser *tu;
    200264 
    201265+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     
    206270     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
    207271        return EIO;             /* Inappropriate ioctl for device */
    208 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
    209 --- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c
    210 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
    211 @@ -118,6 +118,17 @@
    212  
    213      if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
    214         /* rights are just those from acl */
    215 +
    216 +      if ( areq->uid == globalpag &&
    217 +           !(areq->realuid == avc->fid.Fid.Volume) &&
    218 +           !((avc->anyAccess | arights) == avc->anyAccess) &&
    219 +           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
    220 +           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
    221 +           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
    222 +           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
    223 +         return 0;
    224 +      }
    225 +
    226         return (arights == afs_GetAccessBits(avc, arights, areq));
    227      } else {
    228         /* some rights come from dir and some from file.  Specifically, you
    229 @@ -171,6 +182,19 @@
    230                     fileBits |= PRSFS_READ;
    231             }
    232         }
    233 +       
    234 +        if ( areq->uid == globalpag &&
    235 +             !(areq->realuid == avc->fid.Fid.Volume) &&
    236 +             !((avc->anyAccess | arights) == avc->anyAccess) &&
    237 +             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
    238 +             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
    239 +             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
    240 +                 (avc->m.Mode == 0100777 || avc->apache_access)) &&
    241 +             !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
    242 +             !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
    243 +           return 0;
    244 +        }
    245 +
    246         return ((fileBits & arights) == arights);       /* true if all rights bits are on */
    247      }
    248  }
    249 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
    250 --- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c
    251 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
    252 @@ -87,8 +87,8 @@
    253         }
    254      }
    255  #endif /* AFS_DARWIN_ENV */
    256 -    attrs->va_uid = fakedir ? 0 : avc->m.Owner;
    257 -    attrs->va_gid = fakedir ? 0 : avc->m.Group;        /* yeah! */
    258 +    attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume;
    259 +    attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner);
    260  #if defined(AFS_SUN56_ENV)
    261      attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
    262  #elif defined(AFS_OSF_ENV)
     272diff --git a/src/packaging/RedHat/openafs-client.init b/src/packaging/RedHat/openafs-client.init
     273index 10ec647..a4ecbc8 100644
     274--- a/src/packaging/RedHat/openafs-client.init
     275+++ b/src/packaging/RedHat/openafs-client.init
     276@@ -14,7 +14,7 @@
     277 
     278 start() {
     279         echo -n $"Updating CellServDB: "
     280-        cat /usr/vice/etc/CellServDB.local /usr/vice/etc/CellServDB.dist > \
     281+        cat /usr/vice/etc/CellServDB.local > \
     282                /usr/vice/etc/CellServDB
     283         chmod 644 /usr/vice/etc/CellServDB
     284         echo
Note: See TracChangeset for help on using the changeset viewer.