From: Richard Basch <probe@mit.edu>
Date: Sat, 22 Jun 2002 05:32:45 +0000 (+0000)
Subject: Update_TargetVnodeStatus() checks and strips setuid bits for non admin
X-Git-Tag: openafs-devel_1_3_3~93
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=30433f36a953187f27b5db9fb432f3b7dce91e6b;p=packages%2Fo%2Fopenafs.git

Update_TargetVnodeStatus() checks and strips setuid bits for non admin
clients; it should do the same thing for setgid files.
---

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index a65abc3a7..571ff046e 100644
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -149,6 +149,8 @@ pthread_mutex_t fileproc_glock_mutex;
 #define	NOTACTIVECALL	0
 #define	ACTIVECALL	1
 
+#define CREATE_SGUID_ADMIN_ONLY 1
+
 extern struct afsconf_dir *confDir;
 extern afs_int32 dataVersionHigh;
 
@@ -6071,7 +6073,12 @@ Update_TargetVnodeStatus(targetptr, Caller, client, InStatus, parentptr, volptr,
     if (Caller & TVS_SDATA) {
       targetptr->disk.dataVersion++;
       if (VanillaUser(client))
+	{
 	  targetptr->disk.modeBits &= ~04000; /* turn off suid for file. */
+#ifdef CREATE_SGUID_ADMIN_ONLY
+	  targetptr->disk.modeBits &= ~02000; /* turn off sgid for file. */
+#endif
+	}
     }
     if (Caller & TVS_SSTATUS) {	/* update time on non-status change */
 	/* store status, must explicitly request to change the date */
@@ -6084,7 +6091,12 @@ Update_TargetVnodeStatus(targetptr, Caller, client, InStatus, parentptr, volptr,
     if (InStatus->Mask & AFS_SETOWNER) {
 	/* admin is allowed to do chmod, chown as well as chown, chmod. */
 	if (VanillaUser(client))
+	  {
 	    targetptr->disk.modeBits &= ~04000; /* turn off suid for file. */
+#ifdef CREATE_SGUID_ADMIN_ONLY
+	    targetptr->disk.modeBits &= ~02000; /* turn off sgid for file. */
+#endif
+	  }
 	targetptr->disk.owner = InStatus->Owner;
 	if (VolumeRootVnode (targetptr)) {
 	    Error errorCode = 0;	/* what should be done with this? */