Changeset 2820


Ignore:
Timestamp:
Feb 6, 2017, 10:22:52 PM (5 years ago)
Author:
andersk
Message:
OpenAFS: Interpret daemon.scripts C bit to allow cross-locker access
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/common/patches/openafs-scripts.patch

    r2712 r2820  
    8282--- a/src/afs/VNOPS/afs_vnop_access.c
    8383+++ b/src/afs/VNOPS/afs_vnop_access.c
    84 @@ -130,6 +130,15 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq,
     84@@ -130,6 +130,16 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq,
    8585            dirBits = PRSFS_LOOKUP | PRSFS_READ;
    8686            return (arights == (dirBits & arights));
     
    9191+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
    9292+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     93+           !(PRSFS_USR2 == afs_GetAccessBits(avc, PRSFS_USR2, areq)) &&
    9394+           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
    9495+           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     
    9899     } else {
    99100        /* some rights come from dir and some from file.  Specifically, you
    100 @@ -183,6 +192,19 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq,
     101@@ -183,6 +192,20 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq,
    101102                    fileBits |= PRSFS_READ;
    102103            }
     
    110111+           !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
    111112+               (avc->f.m.Mode == 0100777 || avc->apache_access)) &&
     113+           !(PRSFS_USR2 == afs_GetAccessBits(avc, PRSFS_USR2, areq)) &&
    112114+           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
    113115+           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
Note: See TracChangeset for help on using the changeset viewer.