From: Christof Hanke Date: Thu, 12 Sep 2013 11:34:04 +0000 (+0200) Subject: client: flag in cachemanager if rmtsys is enabled X-Git-Tag: openafs-stable-1_8_0pre1~1012 X-Git-Url: http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=db1de98ecf6fd22b9c36b3ba284984f03cb0ae35;hp=73ae85bd59cfe9fca2daeb7dc0aa0917368bb5bf client: flag in cachemanager if rmtsys is enabled when processing "fs sysname" on a client, a rmtsys-related checks are executed by default. These prevent a user with gid 2750 and 274i8 (0xabc and 0xabe) from executing this command. Add a new flag inside the cachemanager for the rmtsys- functionality. This flag is set through a new ioctl by the afsd on startup. Change-Id: Idf95aa81cc1dbb46c70a11b9ae2ccfa04bfb4c4f Reviewed-on: http://gerrit.openafs.org/10245 Tested-by: BuildBot Reviewed-by: Derrick Brashear --- diff --git a/src/afs/afs.h b/src/afs/afs.h index 31a9b2d..2667006 100644 --- a/src/afs/afs.h +++ b/src/afs/afs.h @@ -1503,6 +1503,7 @@ struct afs_fakestat_state { }; extern int afs_fakestat_enable; +extern int afs_rmtsys_enable; extern int afsd_dynamic_vcaches; /* diff --git a/src/afs/afs_call.c b/src/afs/afs_call.c index 31ea253..cdafe0f 100644 --- a/src/afs/afs_call.c +++ b/src/afs/afs_call.c @@ -77,6 +77,7 @@ static int afs_InitSetup_done = 0; afs_int32 afs_numcachefiles = -1; afs_int32 afs_numfilesperdir = -1; char afs_cachebasedir[1024]; +afs_int32 afs_rmtsys_enable = 0; afs_int32 afs_rx_deadtime = AFS_RXDEADTIME; afs_int32 afs_rx_harddead = AFS_HARDDEADTIME; @@ -1314,6 +1315,9 @@ afs_syscall_call(long parm, long parm2, long parm3, rx_MyMaxSendSize = rx_maxReceiveSizeUser = rx_maxReceiveSize = parm2; } else if (parm == AFSOP_SET_RXMAXFRAGS) { rxi_nSendFrags = rxi_nRecvFrags = parm2; + } else if (parm == AFSOP_SET_RMTSYS_FLAG) { + afs_rmtsys_enable = parm2; + code = 0; } else { code = EINVAL; } diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c index df194b5..52788d7 100644 --- a/src/afs/afs_pioctl.c +++ b/src/afs/afs_pioctl.c @@ -29,6 +29,7 @@ #include "rx/rx_globals.h" #include "token.h" +extern int afs_rmtsys_enable; struct VenusFid afs_rootFid; afs_int32 afs_waitForever = 0; short afs_waitForeverCount = 0; @@ -3809,8 +3810,8 @@ DECL_PIOCTL(PSetSysName) return EINVAL; num = count; } - if (afs_cr_gid(*acred) == RMTUSER_REQ || - afs_cr_gid(*acred) == RMTUSER_REQ_PRIV) { /* Handles all exporters */ + if (afs_rmtsys_enable && (afs_cr_gid(*acred) == RMTUSER_REQ || + afs_cr_gid(*acred) == RMTUSER_REQ_PRIV)) { /* Handles all exporters */ if (allpags && afs_cr_gid(*acred) != RMTUSER_REQ_PRIV) { return EPERM; } diff --git a/src/afsd/afsd.c b/src/afsd/afsd.c index 4c9ca72..adbed79 100644 --- a/src/afsd/afsd.c +++ b/src/afsd/afsd.c @@ -2443,6 +2443,9 @@ afsd_run(void) if (afsd_verbose) printf("%s: Forking 'rmtsys' daemon.\n", rn); afsd_fork(0, rmtsysd_thread, NULL); + code = afsd_syscall(AFSOP_SET_RMTSYS_FLAG, 1); + if (code) + printf("%s: Error enabling rmtsys support.\n", rn); } #endif /* !UKERNEL */ /* @@ -2618,6 +2621,7 @@ afsd_syscall_populate(struct afsd_syscall_args *args, int syscall, va_list ap) case AFSOP_SET_BACKUPTREE: case AFSOP_BUCKETPCT: case AFSOP_GO: + case AFSOP_SET_RMTSYS_FLAG: params[0] = CAST_SYSCALL_PARAM((va_arg(ap, int))); break; case AFSOP_SET_THISCELL: diff --git a/src/config/afs_args.h b/src/config/afs_args.h index 7e48d9c..b9b0295 100644 --- a/src/config/afs_args.h +++ b/src/config/afs_args.h @@ -51,6 +51,7 @@ #define AFSOP_SET_RXMAXMTU 40 /* set rx_MyMaxSendSize,rx_maxReceiveSizeUser,rx_maxReceiveSize */ #define AFSOP_BKG_HANDLER 41 /* userspace-capable Bkg daemon */ #define AFSOP_SET_RXMAXFRAGS 43 /* set rxi_nSendFrags, rxi_nRecvFrags */ +#define AFSOP_SET_RMTSYS_FLAG 44 /* set flag if rmtsys is enabled */ /* The range 20-30 is reserved for AFS system offsets in the afs_syscall */ #define AFSCALL_PIOCTL 20