fileserver: dropbox mode shouldn't allow readback from anonymous
authorDerrick Brashear <shadow@dementia.org>
Mon, 7 Feb 2011 15:54:51 +0000 (10:54 -0500)
committerDerrick Brashear <shadow@dementia.org>
Thu, 17 Feb 2011 22:06:41 +0000 (14:06 -0800)
if you're writing files as anonymous, don't let them be read back.
things which potentially need to page back in will just have to be
authenticated, or lose.

Change-Id: I71a6096239eb59b40a9df09460e8db160e9342da
Reviewed-on: http://gerrit.openafs.org/3901
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

src/viced/afsfileprocs.c

index ce9fd32..f634367 100644 (file)
@@ -926,7 +926,8 @@ Check_PermissionRights(Vnode * targetptr, struct client *client,
            } else {            /* file */
                /* must have read access, or be owner and have insert access */
                if (!(rights & PRSFS_READ)
-                   && !(OWNSp(client, targetptr) && (rights & PRSFS_INSERT)))
+                   && !((OWNSp(client, targetptr) && (rights & PRSFS_INSERT)
+                         && (client->ViceId != AnonymousID))))
                    return (EACCES);
            }
            if (CallingRoutine == CHK_FETCHDATA