DEVEL15-windows-unix-mode-bit-enforcement-20070105

modify the write-lock permission test so that the UnixMode bits do not
subtract PRSFS_WRITE from the rights when testing PRSFS_WRITE | PRSFS_LOCK.

PRSFS_WRITE implies PRSFS_LOCK so add it

Add new registry value "DeleteReadOnly" to permit deletion of read-only
files.  The default is 0.  Set to non-zero value to activate.

(cherry picked from commit 290b05b6b6e13fd93d40a8c021f0d8fdf697f7af)

diff --git a/src/WINNT/afsd/afsd_init.c b/src/WINNT/afsd/afsd_init.c
index 862fd352c73207e53163de1280b2bc5b2f9cb50f..f490af4a2ef36b29f55d611ed85bb516b78c4e50 100644 (file)
--- a/src/WINNT/afsd/afsd_init.c
+++ b/src/WINNT/afsd/afsd_init.c
@@ -39,6 +39,7 @@ extern int RXSTATS_ExecuteRequest(struct rx_call *z_call);
 
 extern afs_int32 cryptall;
 extern int cm_enableServerLocks;
+extern int cm_deleteReadOnly;
 
 osi_log_t *afsd_logp;
 
@@ -1069,6 +1070,15 @@ int afsd_InitCM(char **reasonP)
        afsi_log("EnableServerLocks: server requested");
        break;
     }
+
+    dummyLen = sizeof(DWORD);
+    code = RegQueryValueEx(parmKey, "DeleteReadOnly", NULL, NULL,
+                           (BYTE *) &dwValue, &dummyLen);
+    if (code == ERROR_SUCCESS) {
+        cm_deleteReadOnly = (unsigned short) dwValue;
+    } 
+    afsi_log("CM DeleteReadOnly is %u", cm_deleteReadOnly);
+    
     RegCloseKey (parmKey);
 
     /* Call lanahelper to get Netbios name, lan adapter number and gateway flag */

diff --git a/src/WINNT/afsd/cm_access.c b/src/WINNT/afsd/cm_access.c
index 536c7799990d741d337fb52073728de01144c387..e62add104d9681624c11a555e05a1be2bdd27b62 100644 (file)
--- a/src/WINNT/afsd/cm_access.c
+++ b/src/WINNT/afsd/cm_access.c
@@ -24,6 +24,8 @@
 
 #include "afsd.h"
 
+int cm_deleteReadOnly = 0;
+
 /* called with scp write-locked, check to see if we have the ACL info we need
  * and can get it w/o blocking for any locks.
  *
@@ -93,8 +95,14 @@ int cm_HaveAccessRights(struct cm_scache *scp, struct cm_user *userp, afs_uint32
     /* check mode bits */
     if (!(scp->unixModeBits & 0400))
         *outRightsp &= ~PRSFS_READ;
-    if (!(scp->unixModeBits & 0200))
-        *outRightsp &= ~(PRSFS_WRITE|PRSFS_DELETE);
+    if (!(scp->unixModeBits & 0200) && !(rights == (PRSFS_WRITE | PRSFS_LOCK)))
+        *outRightsp &= ~PRSFS_WRITE;
+    if (!(scp->unixModeBits & 0200) && !cm_deleteReadOnly)
+        *outRightsp &= ~PRSFS_DELETE;
+
+    /* if the user can obtain a write-lock, read-locks are implied */
+    if (*outRightsp & PRSFS_WRITE)
+       *outRightsp |= PRSFS_LOCK;
 
     code = 1;
     /* fall through */

diff --git a/src/WINNT/afsd/cm_vnodeops.c b/src/WINNT/afsd/cm_vnodeops.c
index fd7fb8e66f709aed24c630a8dad13eae758f9733..987954ffc542b4276279ecdc184cc62975062b11 100644 (file)
--- a/src/WINNT/afsd/cm_vnodeops.c
+++ b/src/WINNT/afsd/cm_vnodeops.c
@@ -187,7 +187,8 @@ void cm_Gen8Dot3NameInt(const char * longname, cm_dirFid_t * pfid,
     int vnode = ntohl(pfid->vnode);
     char *lastDot;
     int validExtension = 0;
-    char tc, *temp, *name;
+    char tc, *temp;
+    const char *name;
 
     /* Unparse the file's vnode number to get a "uniquifier" */
     do {
@@ -258,8 +259,10 @@ long cm_CheckOpen(cm_scache_t *scp, int openMode, int trunc, cm_user_t *userp,
     long code;
 
     rights = 0;
-    if (openMode != 1) rights |= PRSFS_READ;
-    if (openMode == 1 || openMode == 2 || trunc) rights |= PRSFS_WRITE;
+    if (openMode != 1) 
+       rights |= PRSFS_READ;
+    if (openMode == 1 || openMode == 2 || trunc) 
+       rights |= PRSFS_WRITE;
         
     lock_ObtainMutex(&scp->mx);
 
@@ -3572,7 +3575,7 @@ long cm_LockCheckPerms(cm_scache_t * scp,
     if (lock_type == LockRead)
         rights |= PRSFS_LOCK;
     else if (lock_type == LockWrite)
-        rights |= PRSFS_WRITE;
+        rights |= PRSFS_WRITE | PRSFS_LOCK;
     else {
         /* hmmkay */
         osi_assert(FALSE);