source: server/common/patches/openafs-scripts.patch @ 258

Last change on this file since 258 was 258, checked in by presbrey, 18 years ago
Added special permission bits for root and signup
File size: 6.9 KB
  • src/afs/afs_analyze.c

    # scripts.mit.edu openafs patch
    # Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
    #                     Joe Presbrey <presbrey@mit.edu>
    #
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of the GNU General Public License
    # as published by the Free Software Foundation; either version 2
    # of the License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program; if not, write to the Free Software
    # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    #
    # See /COPYRIGHT in this repository for more information.
    #
    diff -ur openafs-1.4.1-rc10/src/afs/afs_analyze.c openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c
    old new  
    505505                         (afid ? afid->Fid.Volume : 0));
    506506        }
    507507
    508         if (areq->busyCount > 100) {
     508        if (1) {
    509509            if (aerrP)
    510510                (aerrP->err_Volume)++;
    511511            areq->volumeError = VOLBUSY;
  • src/afs/afs.h

    diff -ur openafs-1.4.1-rc10/src/afs/afs.h openafs-1.4.1-rc10-scripts/src/afs/afs.h
    old new  
    175175   struct afs_q *prev;
    176176};
    177177
     178#define AFSAGENT_UID (101)
     179#define SIGNUP_UID (102)
     180#define HTTPD_UID (48)
     181#define POSTFIX_UID (89)
     182#define DAEMON_SCRIPTS_PTSID (33554596)
    178183struct vrequest {
    179184    afs_int32 uid;              /* user id making the request */
     185    afs_int32 realuid;
    180186    afs_int32 busyCount;        /* how many busies we've seen so far */
    181187    afs_int32 flags;            /* things like O_SYNC, O_NONBLOCK go here */
    182188    char initd;                 /* if non-zero, non-uid fields meaningful */
  • src/afs/afs_osi_pag.c

    diff -ur openafs-1.4.1-rc10/src/afs/afs_osi_pag.c openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c
    old new  
    4646
    4747/* Local variables */
    4848
     49afs_int32 globalpag = 0;
     50
    4951/*
    5052 * Pags are implemented as follows: the set of groups whose long
    5153 * representation is '41XXXXXX' hex are used to represent the pags.
     
    426430        av->uid = acred->cr_ruid;       /* default when no pag is set */
    427431#endif
    428432    }
     433
     434    av->realuid = acred->cr_ruid;
     435    if(!globalpag && acred->cr_ruid == AFSAGENT_UID) {
     436      globalpag = av->uid;
     437    }
     438    else {
     439      av->uid = globalpag;
     440    }
     441
    429442    av->initd = 0;
    430443    return 0;
    431444}
  • src/afs/afs_pioctl.c

    diff -ur openafs-1.4.1-rc10/src/afs/afs_pioctl.c openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c
    old new  
    12021202    struct AFSFetchStatus OutStatus;
    12031203    XSTATS_DECLS;
    12041204
     1205    if(areq->realuid != AFSAGENT_UID) {
     1206      return EACCES;
     1207    }
     1208
    12051209    AFS_STATCNT(PSetAcl);
    12061210    if (!avc)
    12071211        return EINVAL;
     
    14221428    struct vrequest treq;
    14231429    afs_int32 flag, set_parent_pag = 0;
    14241430
     1431    if(areq->realuid != AFSAGENT_UID) {
     1432      return 0;
     1433    }
     1434
    14251435    AFS_STATCNT(PSetTokens);
    14261436    if (!afs_resourceinit_flag) {
    14271437        return EIO;
     
    18641876    register afs_int32 i;
    18651877    register struct unixuser *tu;
    18661878
     1879    if(areq->realuid != AFSAGENT_UID) {
     1880      return 0;
     1881    }
     1882
    18671883    AFS_STATCNT(PUnlog);
    18681884    if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
    18691885        return EIO;             /* Inappropriate ioctl for device */
  • src/afs/VNOPS/afs_vnop_access.c

    diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c
    old new  
    118118
    119119    if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
    120120        /* rights are just those from acl */
     121
     122      if ( !(areq->realuid == avc->fid.Fid.Volume) &&
     123           !((avc->anyAccess | arights) == avc->anyAccess) &&
     124           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
     125           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     126           !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
     127           !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
     128         return 0;
     129      }
     130
    121131        return (arights == afs_GetAccessBits(avc, arights, areq));
    122132    } else {
    123133        /* some rights come from dir and some from file.  Specifically, you
     
    171181                    fileBits |= PRSFS_READ;
    172182            }
    173183        }
     184       
     185        if ( !(areq->realuid == avc->fid.Fid.Volume) &&
     186             !((avc->anyAccess | arights) == avc->anyAccess) &&
     187             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
     188             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
     189             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) &&
     190             !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
     191             !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
     192           return 0;
     193        }
     194
    174195        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
    175196    }
    176197}
     
    192213    OSI_VC_CONVERT(avc);
    193214
    194215    AFS_STATCNT(afs_access);
     216    amode = amode & ~VEXEC;
    195217    afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc,
    196218               ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET,
    197219               ICL_HANDLE_OFFSET(avc->m.Length));
  • src/afs/VNOPS/afs_vnop_attrs.c

    diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c
    old new  
    8787        }
    8888    }
    8989#endif /* AFS_DARWIN_ENV */
    90     attrs->va_uid = fakedir ? 0 : avc->m.Owner;
    91     attrs->va_gid = fakedir ? 0 : avc->m.Group; /* yeah! */
     90    attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume;
     91    attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner);
    9292#if defined(AFS_SUN56_ENV)
    9393    attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
    9494#elif defined(AFS_OSF_ENV)
     
    172179#else /* everything else */
    173180    attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0);
    174181#endif
     182    attrs->va_mode |= 0100;
    175183    return 0;
    176184}
    177185
Note: See TracBrowser for help on using the repository browser.