From: Derrick Brashear <shadow@dementia.org>
Date: Mon, 7 Feb 2011 15:54:51 +0000 (-0500)
Subject: fileserver: dropbox mode shouldn't allow readback from anonymous
X-Git-Tag: openafs-devel-1_7_1~919
X-Git-Url: http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=470a6d46175125bfe15bb267ee8f77d60132592a

fileserver: dropbox mode shouldn't allow readback from anonymous

if you're writing files as anonymous, don't let them be read back.
things which potentially need to page back in will just have to be
authenticated, or lose.

Change-Id: I71a6096239eb59b40a9df09460e8db160e9342da
Reviewed-on: http://gerrit.openafs.org/3901
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
---

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index ce9fd32..f634367 100644
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -926,7 +926,8 @@ Check_PermissionRights(Vnode * targetptr, struct client *client,
 	    } else {		/* file */
 		/* must have read access, or be owner and have insert access */
 		if (!(rights & PRSFS_READ)
-		    && !(OWNSp(client, targetptr) && (rights & PRSFS_INSERT)))
+		    && !((OWNSp(client, targetptr) && (rights & PRSFS_INSERT)
+			  && (client->ViceId != AnonymousID))))
 		    return (EACCES);
 	    }
 	    if (CallingRoutine == CHK_FETCHDATA