source: server/common/patches/openafs-scripts.patch @ 476

Last change on this file since 476 was 259, checked in by jbarnold, 19 years ago
Some patch offsets changed that should not have changed. I'm not protective of much, but I am protective of this patch; copyright message clarified.
File size: 6.9 KB
  • src/afs/afs_analyze.c

    # scripts.mit.edu openafs patch
    # Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
    # with modifications by Joe Presbrey <presbrey@mit.edu>
    #
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of the GNU General Public License
    # as published by the Free Software Foundation; either version 2
    # of the License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program; if not, write to the Free Software
    # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    #
    # See /COPYRIGHT in this repository for more information.
    #
    diff -ur openafs-1.4.1-rc10/src/afs/afs_analyze.c openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c
    old new  
    505505                         (afid ? afid->Fid.Volume : 0));
    506506        }
    507507
    508         if (areq->busyCount > 100) {
     508        if (1) {
    509509            if (aerrP)
    510510                (aerrP->err_Volume)++;
    511511            areq->volumeError = VOLBUSY;
  • src/afs/afs.h

    diff -ur openafs-1.4.1-rc10/src/afs/afs.h openafs-1.4.1-rc10-scripts/src/afs/afs.h
    old new  
    175175   struct afs_q *prev;
    176176};
    177177
     178#define AFSAGENT_UID (101)
     179#define SIGNUP_UID (102)
     180#define HTTPD_UID (48)
     181#define POSTFIX_UID (89)
     182#define DAEMON_SCRIPTS_PTSID (33554596)
    178183struct vrequest {
    179184    afs_int32 uid;              /* user id making the request */
     185    afs_int32 realuid;
    180186    afs_int32 busyCount;        /* how many busies we've seen so far */
    181187    afs_int32 flags;            /* things like O_SYNC, O_NONBLOCK go here */
    182188    char initd;                 /* if non-zero, non-uid fields meaningful */
  • src/afs/afs_osi_pag.c

    diff -ur openafs-1.4.1-rc10/src/afs/afs_osi_pag.c openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c
    old new  
    4646
    4747/* Local variables */
    4848
     49afs_int32 globalpag = 0;
     50
    4951/*
    5052 * Pags are implemented as follows: the set of groups whose long
    5153 * representation is '41XXXXXX' hex are used to represent the pags.
     
    426430        av->uid = acred->cr_ruid;       /* default when no pag is set */
    427431#endif
    428432    }
     433
     434    av->realuid = acred->cr_ruid;
     435    if(!globalpag && acred->cr_ruid == AFSAGENT_UID) {
     436      globalpag = av->uid;
     437    }
     438    else {
     439      av->uid = globalpag;
     440    }
     441
    429442    av->initd = 0;
    430443    return 0;
    431444}
  • src/afs/afs_pioctl.c

    diff -ur openafs-1.4.1-rc10/src/afs/afs_pioctl.c openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c
    old new  
    12021202    struct AFSFetchStatus OutStatus;
    12031203    XSTATS_DECLS;
    12041204
     1205    if(areq->realuid != AFSAGENT_UID) {
     1206      return EACCES;
     1207    }
     1208
    12051209    AFS_STATCNT(PSetAcl);
    12061210    if (!avc)
    12071211        return EINVAL;
     
    14221428    struct vrequest treq;
    14231429    afs_int32 flag, set_parent_pag = 0;
    14241430
     1431    if(areq->realuid != AFSAGENT_UID) {
     1432      return 0;
     1433    }
     1434
    14251435    AFS_STATCNT(PSetTokens);
    14261436    if (!afs_resourceinit_flag) {
    14271437        return EIO;
     
    18641876    register afs_int32 i;
    18651877    register struct unixuser *tu;
    18661878
     1879    if(areq->realuid != AFSAGENT_UID) {
     1880      return 0;
     1881    }
     1882
    18671883    AFS_STATCNT(PUnlog);
    18681884    if (!afs_resourceinit_flag) /* afs daemons haven't started yet */
    18691885        return EIO;             /* Inappropriate ioctl for device */
  • src/afs/VNOPS/afs_vnop_access.c

    diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c
    old new  
    118118
    119119    if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
    120120        /* rights are just those from acl */
     121
     122      if ( !(areq->realuid == avc->fid.Fid.Volume) &&
     123           !((avc->anyAccess | arights) == avc->anyAccess) &&
     124           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
     125           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     126           !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
     127           !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
     128         return 0;
     129      }
     130
    121131        return (arights == afs_GetAccessBits(avc, arights, areq));
    122132    } else {
    123133        /* some rights come from dir and some from file.  Specifically, you
     
    171182                    fileBits |= PRSFS_READ;
    172183            }
    173184        }
     185       
     186        if ( !(areq->realuid == avc->fid.Fid.Volume) &&
     187             !((avc->anyAccess | arights) == avc->anyAccess) &&
     188             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
     189             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
     190             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) &&
     191             !(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) && areq->realuid == 0) &&
     192             !(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) && (areq->realuid == 0 || areq->realuid == SIGNUP_UID)) ) {
     193           return 0;
     194        }
     195
    174196        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
    175197    }
    176198}
     
    192218    OSI_VC_CONVERT(avc);
    193219
    194220    AFS_STATCNT(afs_access);
     221    amode = amode & ~VEXEC;
    195222    afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc,
    196223               ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET,
    197224               ICL_HANDLE_OFFSET(avc->m.Length));
  • src/afs/VNOPS/afs_vnop_attrs.c

    diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c
    old new  
    8787        }
    8888    }
    8989#endif /* AFS_DARWIN_ENV */
    90     attrs->va_uid = fakedir ? 0 : avc->m.Owner;
    91     attrs->va_gid = fakedir ? 0 : avc->m.Group; /* yeah! */
     90    attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume;
     91    attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner);
    9292#if defined(AFS_SUN56_ENV)
    9393    attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
    9494#elif defined(AFS_OSF_ENV)
     
    172179#else /* everything else */
    173180    attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0);
    174181#endif
     182    attrs->va_mode |= 0100;
    175183    return 0;
    176184}
    177185
Note: See TracBrowser for help on using the repository browser.