Changeset 258 for server


Ignore:
Timestamp:
Apr 3, 2007, 9:44:25 PM (15 years ago)
Author:
presbrey
Message:
Added special permission bits for root and signup
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/common/patches/openafs-scripts.patch

    r191 r258  
    11# scripts.mit.edu openafs patch
    22# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
     3#                     Joe Presbrey <presbrey@mit.edu>
    34#
    45# This program is free software; you can redistribute it and/or
     
    3334--- openafs-1.4.1-rc10/src/afs/afs.h    2006-02-17 16:58:33.000000000 -0500
    3435+++ openafs-1.4.1-rc10-scripts/src/afs/afs.h    2006-04-18 16:38:55.000000000 -0400
    35 @@ -175,8 +175,13 @@
     36@@ -175,8 +175,14 @@
    3637    struct afs_q *prev;
    3738 };
    3839
    3940+#define AFSAGENT_UID (101)
     41+#define SIGNUP_UID (102)
    4042+#define HTTPD_UID (48)
    4143+#define POSTFIX_UID (89)
     
    114116--- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c  2004-08-25 03:09:35.000000000 -0400
    115117+++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c  2006-04-18 16:38:55.000000000 -0400
    116 @@ -118,6 +118,14 @@
     118@@ -118,6 +118,16 @@
    117119 
    118120     if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
     
    122124+           !((avc->anyAccess | arights) == avc->anyAccess) &&
    123125+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
    124 +           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) ) {
     126+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     127+           !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
     128+           !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
    125129+         return 0;
    126130+      }
     
    129133     } else {
    130134        /* some rights come from dir and some from file.  Specifically, you
    131 @@ -171,6 +182,15 @@
     135@@ -171,6 +181,17 @@
    132136                    fileBits |= PRSFS_READ;
    133137            }
     
    138142+             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
    139143+             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
    140 +             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279)) {
     144+             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) &&
     145+             !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
     146+             !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
    141147+           return 0;
    142148+        }
     
    145151     }
    146152 }
    147 @@ -192,6 +218,7 @@
     153@@ -192,6 +213,7 @@
    148154     OSI_VC_CONVERT(avc);
    149155 
Note: See TracChangeset for help on using the changeset viewer.