client: flag in cachemanager if rmtsys is enabled

when processing "fs sysname" on a client, a rmtsys-related
checks are executed by default. These prevent a user with gid
2750 and 274i8 (0xabc and 0xabe) from executing this command.
Add a new flag inside the cachemanager for the rmtsys-
functionality. This flag is set through a new ioctl by the afsd
on startup.

Change-Id: Idf95aa81cc1dbb46c70a11b9ae2ccfa04bfb4c4f
Reviewed-on: http://gerrit.openafs.org/10245
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

diff --git a/src/afs/afs.h b/src/afs/afs.h
index 31a9b2d..2667006 100644 (file)
--- a/src/afs/afs.h
+++ b/src/afs/afs.h
@@ -1503,6 +1503,7 @@ struct afs_fakestat_state {
 };
 
 extern int afs_fakestat_enable;
+extern int afs_rmtsys_enable;
 extern int afsd_dynamic_vcaches;
 
 /*

diff --git a/src/afs/afs_call.c b/src/afs/afs_call.c
index 31ea253..cdafe0f 100644 (file)
--- a/src/afs/afs_call.c
+++ b/src/afs/afs_call.c
@@ -77,6 +77,7 @@ static int afs_InitSetup_done = 0;
 afs_int32 afs_numcachefiles = -1;
 afs_int32 afs_numfilesperdir = -1;
 char afs_cachebasedir[1024];
+afs_int32 afs_rmtsys_enable = 0;
 
 afs_int32 afs_rx_deadtime = AFS_RXDEADTIME;
 afs_int32 afs_rx_harddead = AFS_HARDDEADTIME;
@@ -1314,6 +1315,9 @@ afs_syscall_call(long parm, long parm2, long parm3,
        rx_MyMaxSendSize = rx_maxReceiveSizeUser = rx_maxReceiveSize = parm2;
     } else if (parm == AFSOP_SET_RXMAXFRAGS) {
        rxi_nSendFrags = rxi_nRecvFrags = parm2;
+    } else if (parm == AFSOP_SET_RMTSYS_FLAG) {
+       afs_rmtsys_enable = parm2;
+       code = 0;
     } else {
        code = EINVAL;
     }

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index df194b5..52788d7 100644 (file)
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -29,6 +29,7 @@
 #include "rx/rx_globals.h"
 #include "token.h"
 
+extern int afs_rmtsys_enable;
 struct VenusFid afs_rootFid;
 afs_int32 afs_waitForever = 0;
 short afs_waitForeverCount = 0;
@@ -3809,8 +3810,8 @@ DECL_PIOCTL(PSetSysName)
            return EINVAL;
        num = count;
     }
-    if (afs_cr_gid(*acred) == RMTUSER_REQ ||
-       afs_cr_gid(*acred) == RMTUSER_REQ_PRIV) {   /* Handles all exporters */
+    if (afs_rmtsys_enable && (afs_cr_gid(*acred) == RMTUSER_REQ ||
+       afs_cr_gid(*acred) == RMTUSER_REQ_PRIV)) {   /* Handles all exporters */
        if (allpags && afs_cr_gid(*acred) != RMTUSER_REQ_PRIV) {
            return EPERM;
        }

diff --git a/src/afsd/afsd.c b/src/afsd/afsd.c
index 4c9ca72..adbed79 100644 (file)
--- a/src/afsd/afsd.c
+++ b/src/afsd/afsd.c
@@ -2443,6 +2443,9 @@ afsd_run(void)
        if (afsd_verbose)
            printf("%s: Forking 'rmtsys' daemon.\n", rn);
        afsd_fork(0, rmtsysd_thread, NULL);
+       code = afsd_syscall(AFSOP_SET_RMTSYS_FLAG, 1);
+       if (code)
+           printf("%s: Error enabling rmtsys support.\n", rn);
     }
 #endif /* !UKERNEL */
     /*
@@ -2618,6 +2621,7 @@ afsd_syscall_populate(struct afsd_syscall_args *args, int syscall, va_list ap)
     case AFSOP_SET_BACKUPTREE:
     case AFSOP_BUCKETPCT:
     case AFSOP_GO:
+    case AFSOP_SET_RMTSYS_FLAG:
        params[0] = CAST_SYSCALL_PARAM((va_arg(ap, int)));
        break;
     case AFSOP_SET_THISCELL:

diff --git a/src/config/afs_args.h b/src/config/afs_args.h
index 7e48d9c..b9b0295 100644 (file)
--- a/src/config/afs_args.h
+++ b/src/config/afs_args.h
@@ -51,6 +51,7 @@
 #define AFSOP_SET_RXMAXMTU       40     /* set rx_MyMaxSendSize,rx_maxReceiveSizeUser,rx_maxReceiveSize */
 #define AFSOP_BKG_HANDLER        41     /* userspace-capable Bkg daemon */
 #define AFSOP_SET_RXMAXFRAGS     43     /* set rxi_nSendFrags, rxi_nRecvFrags */
+#define AFSOP_SET_RMTSYS_FLAG    44     /* set flag if rmtsys is enabled */
 
 /* The range 20-30 is reserved for AFS system offsets in the afs_syscall */
 #define        AFSCALL_PIOCTL          20