git.michaelhowe.org Git - packages/o/openafs.git/commit

author	Rod Widdowson <rdw@steadingsoftware.com>
	Fri, 28 Dec 2012 15:00:15 +0000 (15:00 +0000)
committer	Jeffrey Altman <jaltman@your-file-system.com>
	Tue, 22 Jan 2013 02:21:15 +0000 (18:21 -0800)
commit	dd672fffe9bfef6bd872b008e7f3e3dd5f904a80
tree	a9e80c14620f0d6a6b0c365fb0ffa55abb13ec07	tree \| snapshot
parent	cda1c006a7907f374fbaac9f298722f491fad296	commit \| diff

Windows: Police the DEBUG TRACE ioctls

When we get a IOCTL_AFS_GET_TRACE_BUFFER, a IOCTL_AFS_CONFIGURE_DEBUG_TRACE
or a IOCTL_AFS_FORCE_CRASH, we check to see whether the caller is in the
Administrators group and if it isn't we fail the request with ACCESS_DENIED.

NOTE that this does not check whether the user has done the "run as admin"
thing. We actually need to determine which priviledges are appropriate to
this action and use that rather than group membership to police these actions
and this will be added in a later patch. Meanwhile this represents a
significant increment in security from previously.

Change-Id: I0997e59a82735735674d8edee7a7a68d241e6ef8
Reviewed-on: http://gerrit.openafs.org/8843
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp		diff \| blob \| history
src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp		diff \| blob \| history
src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h		diff \| blob \| history