fileserver: dropbox mode shouldn't allow readback from anonymous

if you're writing files as anonymous, don't let them be read back.
things which potentially need to page back in will just have to be
authenticated, or lose.

Reviewed-on: http://gerrit.openafs.org/3901
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 470a6d46175125bfe15bb267ee8f77d60132592a)

Change-Id: Ia81a9871a2d38843d0ad2c61af06c8bbaaef3d81
Reviewed-on: http://gerrit.openafs.org/4091
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index 5b49535a024527d4d466e3b33e56720ff9dfb70a..368b53b9f7e3c137a76d9f7fef4bc94711753adb 100644 (file)
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -891,7 +891,8 @@ Check_PermissionRights(Vnode * targetptr, struct client *client,
            } else {            /* file */
                /* must have read access, or be owner and have insert access */
                if (!(rights & PRSFS_READ)
-                   && !(OWNSp(client, targetptr) && (rights & PRSFS_INSERT)))
+                   && !((OWNSp(client, targetptr) && (rights & PRSFS_INSERT)
+                         && (client->ViceId != AnonymousID))))
                    return (EACCES);
            }
            if (CallingRoutine == CHK_FETCHDATA