client: flag in cachemanager if rmtsys is enabled

when processing "fs sysname" on a client, a rmtsys-related
checks are executed by default. These prevent a user with gid
2748 and 2750 (0xabc and 0xabe) from executing this command.
Add a new flag inside the cachemanager for the rmtsys-
functionality. This flag is set through a new ioctl by the afsd
on startup.

Reviewed-on: http://gerrit.openafs.org/10245
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit db1de98ecf6fd22b9c36b3ba284984f03cb0ae35)

Change-Id: Ia2a367e4675782a681b4f6efd6365da482adfab8
Reviewed-on: https://gerrit.openafs.org/12607
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/afs/afs.h b/src/afs/afs.h
index f03609c..5831047 100644 (file)
--- a/src/afs/afs.h
+++ b/src/afs/afs.h
@@ -1472,6 +1472,7 @@ struct afs_fakestat_state {
 };
 
 extern int afs_fakestat_enable;
+extern int afs_rmtsys_enable;
 extern int afsd_dynamic_vcaches;
 
 /*

diff --git a/src/afs/afs_call.c b/src/afs/afs_call.c
index 1c1f48d..7a12d8e 100644 (file)
--- a/src/afs/afs_call.c
+++ b/src/afs/afs_call.c
@@ -78,6 +78,7 @@ static int afs_InitSetup_done = 0;
 afs_int32 afs_numcachefiles = -1;
 afs_int32 afs_numfilesperdir = -1;
 char afs_cachebasedir[1024];
+afs_int32 afs_rmtsys_enable = 0;
 
 afs_int32 afs_rx_deadtime = AFS_RXDEADTIME;
 afs_int32 afs_rx_harddead = AFS_HARDDEADTIME;
@@ -1300,6 +1301,9 @@ afs_syscall_call(long parm, long parm2, long parm3,
        rx_MyMaxSendSize = rx_maxReceiveSizeUser = rx_maxReceiveSize = parm2;
     } else if (parm == AFSOP_SET_RXMAXFRAGS) {
        rxi_nSendFrags = rxi_nRecvFrags = parm2;
+    } else if (parm == AFSOP_SET_RMTSYS_FLAG) {
+       afs_rmtsys_enable = parm2;
+       code = 0;
     } else {
        code = EINVAL;
     }

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index 13dab69..d96d7b7 100644 (file)
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -28,6 +28,7 @@
 #include "afs/afs_bypasscache.h"
 #include "rx/rx_globals.h"
 
+extern int afs_rmtsys_enable;
 struct VenusFid afs_rootFid;
 afs_int32 afs_waitForever = 0;
 short afs_waitForeverCount = 0;
@@ -3777,8 +3778,8 @@ DECL_PIOCTL(PSetSysName)
            return EINVAL;
        num = count;
     }
-    if (afs_cr_gid(*acred) == RMTUSER_REQ ||
-       afs_cr_gid(*acred) == RMTUSER_REQ_PRIV) {   /* Handles all exporters */
+    if (afs_rmtsys_enable && (afs_cr_gid(*acred) == RMTUSER_REQ ||
+       afs_cr_gid(*acred) == RMTUSER_REQ_PRIV)) {   /* Handles all exporters */
        if (allpags && afs_cr_gid(*acred) != RMTUSER_REQ_PRIV) {
            return EPERM;
        }

diff --git a/src/afsd/afsd.c b/src/afsd/afsd.c
index 0d5f413..4adfc09 100644 (file)
--- a/src/afsd/afsd.c
+++ b/src/afsd/afsd.c
@@ -2496,6 +2496,9 @@ afsd_run(void)
        if (afsd_verbose)
            printf("%s: Forking 'rmtsys' daemon.\n", rn);
        afsd_fork(0, rmtsysd_thread, NULL);
+       code = afsd_call_syscall(AFSOP_SET_RMTSYS_FLAG, 1);
+       if (code)
+           printf("%s: Error enabling rmtsys support.\n", rn);
     }
 #endif /* !UKERNEL */
     /*

diff --git a/src/config/afs_args.h b/src/config/afs_args.h
index 09316d5..73d3ee6 100644 (file)
--- a/src/config/afs_args.h
+++ b/src/config/afs_args.h
@@ -51,6 +51,7 @@
 #define AFSOP_SET_RXMAXMTU       40     /* set rx_MyMaxSendSize,rx_maxReceiveSizeUser,rx_maxReceiveSize */
 #define AFSOP_BKG_HANDLER        41     /* userspace-capable Bkg daemon */
 #define AFSOP_SET_RXMAXFRAGS     43     /* set rxi_nSendFrags, rxi_nRecvFrags */
+#define AFSOP_SET_RMTSYS_FLAG    44     /* set flag if rmtsys is enabled */
 
 /* The range 20-30 is reserved for AFS system offsets in the afs_syscall */
 #define        AFSCALL_PIOCTL          20