The AFS file server had always performed a PRSFS_READ permission
check on the volume's root directory (1.1) vnode before responding
succesfully to the client. A successful response contains the
following volume state information:
Message of the day (if any)
Offline message (if any)
Online flag
InService flag
Blessed flag
NeedsSalvage flag
Type
MinQuota
MaxQuota
BlocksInUse
PartBlocksAvail
PartMaxBlocks
All of this information is publicly available to anonymous users
via other services so it is odd that it is hidden from anonymous
cache managers.
As sites begin to tighten the ACLs on volumes due to privacy
and security concerns this READ permission check is begin to
cause problems for Windows clients that rely upon the quota and
block counts to determine whether or not it is likely to be safe
to perform an extending write. In many environments volumes are
being configured such that the root directory is 'l' for all and
only the subdirectories provide for 'ridw'. Under these situations
the user is able to read/write the data but cannot determine how
much free space is available. Since all of the data returned by
RXAFS_GetVolumeStatus is publicly available, the patchset removes
the access check entirely.
Reviewed-on: http://gerrit.openafs.org/7705
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit
d2d591caf2c9b4cf2ebae708cc9b4c8b78ca5a5a)
Change-Id: I94886f2325ee46995dd886bbf2d359f6d3af76fe
Reviewed-on: http://gerrit.openafs.org/9489
Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
projects / packages / o / openafs.git / commitdiff