Changeset 628


Ignore:
Timestamp:
Feb 3, 2008, 7:06:15 AM (14 years ago)
Author:
andersk
Message:
Allow the use of non-scripts tokens when inside a PAG.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/common/patches/openafs-scripts.patch

    r622 r628  
    22# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
    33# with modifications by Joe Presbrey <presbrey@mit.edu>
     4# and Anders Kaseorg <andersk@mit.edu>
    45#
    56# This file is available under both the MIT license and the GPL.
     
    4142# See /COPYRIGHT in this repository for more information.
    4243#
    43 diff -ur openafs-1.4.1-rc10/src/afs/afs_analyze.c openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c
    44 --- openafs-1.4.1-rc10/src/afs/afs_analyze.c    2003-08-27 17:43:16.000000000 -0400
    45 +++ openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c    2006-04-18 16:38:55.000000000 -0400
     44diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c
     45--- openafs-1.4/src/afs/afs_analyze.c   2007-11-05 23:08:45.000000000 -0500
     46+++ openafs-1.4+scripts/src/afs/afs_analyze.c   2007-12-18 19:22:59.000000000 -0500
    4647@@ -505,7 +505,7 @@
    4748                         (afid ? afid->Fid.Volume : 0));
     
    5354                (aerrP->err_Volume)++;
    5455            areq->volumeError = VOLBUSY;
    55 diff -ur openafs-1.4.1-rc10/src/afs/afs.h openafs-1.4.1-rc10-scripts/src/afs/afs.h
    56 --- openafs-1.4.1-rc10/src/afs/afs.h    2006-02-17 16:58:33.000000000 -0500
    57 +++ openafs-1.4.1-rc10-scripts/src/afs/afs.h    2006-04-18 16:38:55.000000000 -0400
    58 @@ -175,8 +175,14 @@
    59     struct afs_q *prev;
     56diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h
     57--- openafs-1.4/src/afs/afs.h   2007-12-05 03:57:36.000000000 -0500
     58+++ openafs-1.4+scripts/src/afs/afs.h   2007-12-18 20:12:31.000000000 -0500
     59@@ -177,8 +177,16 @@
     60     struct afs_q *prev;
    6061 };
    61 
     62 
    6263+#define AFSAGENT_UID (101)
    6364+#define SIGNUP_UID (102)
     
    6566+#define POSTFIX_UID (89)
    6667+#define DAEMON_SCRIPTS_PTSID (33554596)
     68+extern afs_int32 globalpag;
     69+
    6770 struct vrequest {
    6871     afs_int32 uid;             /* user id making the request */
     
    7174     afs_int32 flags;           /* things like O_SYNC, O_NONBLOCK go here */
    7275     char initd;                        /* if non-zero, non-uid fields meaningful */
    73 diff -ur openafs-1.4.1-rc10/src/afs/afs_osi_pag.c openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c
    74 --- openafs-1.4.1-rc10/src/afs/afs_osi_pag.c    2005-10-05 01:58:27.000000000 -0400
    75 +++ openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c    2006-04-18 16:38:55.000000000 -0400
    76 @@ -46,6 +46,8 @@
    77  
     76diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c
     77--- openafs-1.4/src/afs/afs_osi_pag.c   2007-11-05 23:08:45.000000000 -0500
     78+++ openafs-1.4+scripts/src/afs/afs_osi_pag.c   2007-12-18 20:26:57.000000000 -0500
     79@@ -51,6 +51,8 @@
     80 #endif
    7881 /* Local variables */
    7982 
     
    8386  * Pags are implemented as follows: the set of groups whose long
    8487  * representation is '41XXXXXX' hex are used to represent the pags.
    85 @@ -426,6 +430,15 @@
     88@@ -442,6 +444,15 @@
    8689        av->uid = acred->cr_ruid;       /* default when no pag is set */
    8790 #endif
     
    9295+      globalpag = av->uid;
    9396+    }
    94 +    else {
     97+    else if (globalpag && av->uid == acred->cr_ruid) {
    9598+      av->uid = globalpag;
    9699+    }
     
    99102     return 0;
    100103 }
    101 diff -ur openafs-1.4.1-rc10/src/afs/afs_pioctl.c openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c
    102 --- openafs-1.4.1-rc10/src/afs/afs_pioctl.c     2006-03-02 01:44:05.000000000 -0500
    103 +++ openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c     2006-04-18 16:38:55.000000000 -0400
    104 @@ -1202,6 +1202,10 @@
     104diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
     105--- openafs-1.4/src/afs/afs_pioctl.c    2007-12-05 03:57:37.000000000 -0500
     106+++ openafs-1.4+scripts/src/afs/afs_pioctl.c    2007-12-18 21:05:10.000000000 -0500
     107@@ -1208,6 +1208,10 @@
    105108     struct AFSFetchStatus OutStatus;
    106109     XSTATS_DECLS;
    107110 
    108 +    if(areq->realuid != AFSAGENT_UID) {
     111+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
    109112+      return EACCES;
    110113+    }
     
    113116     if (!avc)
    114117        return EINVAL;
    115 @@ -1422,6 +1428,10 @@
     118@@ -1428,6 +1432,10 @@
    116119     struct vrequest treq;
    117120     afs_int32 flag, set_parent_pag = 0;
    118121 
    119 +    if(areq->realuid != AFSAGENT_UID) {
    120 +      return 0;
     122+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     123+       return 0;
    121124+    }
    122125+
     
    124127     if (!afs_resourceinit_flag) {
    125128        return EIO;
    126 @@ -1864,6 +1876,10 @@
     129@@ -1870,6 +1878,10 @@
    127130     register afs_int32 i;
    128131     register struct unixuser *tu;
    129132 
    130 +    if(areq->realuid != AFSAGENT_UID) {
    131 +      return 0;
     133+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     134+       return 0;
    132135+    }
    133136+
     
    135138     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
    136139        return EIO;             /* Inappropriate ioctl for device */
    137 diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c
    138 --- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c  2004-08-25 03:09:35.000000000 -0400
    139 +++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c  2006-04-18 16:38:55.000000000 -0400
    140 @@ -118,6 +118,16 @@
     140diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
     141--- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c 2007-11-05 23:08:46.000000000 -0500
     142+++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c 2007-12-18 21:06:20.000000000 -0500
     143@@ -118,6 +118,17 @@
    141144 
    142145     if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
    143146        /* rights are just those from acl */
    144147+
    145 +      if ( !(areq->realuid == avc->fid.Fid.Volume) &&
     148+      if ( areq->uid == globalpag &&
     149+           !(areq->realuid == avc->fid.Fid.Volume) &&
    146150+           !((avc->anyAccess | arights) == avc->anyAccess) &&
    147151+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
     
    155159     } else {
    156160        /* some rights come from dir and some from file.  Specifically, you
    157 @@ -171,6 +182,17 @@
     161@@ -171,6 +182,18 @@
    158162                    fileBits |= PRSFS_READ;
    159163            }
    160164        }
    161165+       
    162 +        if ( !(areq->realuid == avc->fid.Fid.Volume) &&
     166+        if ( areq->uid == globalpag &&
     167+             !(areq->realuid == avc->fid.Fid.Volume) &&
    163168+             !((avc->anyAccess | arights) == avc->anyAccess) &&
    164169+             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
     
    173178     }
    174179 }
    175 @@ -192,6 +218,7 @@
     180@@ -192,6 +215,7 @@
    176181     OSI_VC_CONVERT(avc);
    177182 
     
    181186               ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET,
    182187               ICL_HANDLE_OFFSET(avc->m.Length));
    183 diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c
    184 --- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c   2005-10-23 02:31:23.000000000 -0400
    185 +++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c   2006-04-18 16:41:32.000000000 -0400
     188diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
     189--- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c  2007-11-05 23:08:46.000000000 -0500
     190+++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c  2007-12-18 19:22:59.000000000 -0500
    186191@@ -87,8 +87,8 @@
    187192        }
     
    195200     attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
    196201 #elif defined(AFS_OSF_ENV)
    197 @@ -172,6 +179,7 @@
     202@@ -172,6 +172,7 @@
    198203 #else /* everything else */
    199204     attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0);
Note: See TracChangeset for help on using the changeset viewer.