From 2fe6510fb72e242f71c7882db7744f0ec3e91d52 Mon Sep 17 00:00:00 2001 From: Marcio Barbosa Date: Thu, 14 Nov 2019 01:15:47 -0300 Subject: [PATCH] viced: prevent writes on readonly fileservers Currently, a fileserver can be initialized as readonly. In this mode, writes on this server should not be allowed. Unfortunately, updates on files stored by readonly fileservers are not completely prevented. In some situations, the check for RO server is omitted (e.g. if the user is the owner of the file to be updated). In other situations, the same check is redundant. To fix these problems, consolidate this check in one place. Reviewed-on: https://gerrit.openafs.org/13934 Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk (cherry picked from commit 0593017177edd5b3bc6609d9dfcce55f15bba3e9) Change-Id: I42034928d1f5e9342029121613ac8d716818c3ae Reviewed-on: https://gerrit.openafs.org/14018 Reviewed-by: Andrew Deason Reviewed-by: Michael Meffie Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Stephan Wiesand --- src/viced/afsfileprocs.c | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c index 588a8d9f7..f93d6a640 100644 --- a/src/viced/afsfileprocs.c +++ b/src/viced/afsfileprocs.c @@ -1077,6 +1077,9 @@ Check_PermissionRights(Vnode * targetptr, struct client *client, AUD_END); } } else { /* a store operation */ + if (readonlyServer) { + return (VREADONLY); + } if ((rights & PRSFS_INSERT) && OWNSp(client, targetptr) && (CallingRoutine != CHK_STOREACL) && (targetptr->disk.type == vFile)) { @@ -1085,9 +1088,7 @@ Check_PermissionRights(Vnode * targetptr, struct client *client, * unless you are a system administrator */ /****** InStatus->Owner && UnixModeBits better be SET!! */ if (CHOWN(InStatus, targetptr) || CHGRP(InStatus, targetptr)) { - if (readonlyServer) - return (VREADONLY); - else if (VanillaUser(client)) + if (VanillaUser(client)) return (EPERM); /* Was EACCES */ else osi_audit(PrivilegeEvent, 0, AUD_ID, @@ -1100,9 +1101,6 @@ Check_PermissionRights(Vnode * targetptr, struct client *client, (client ? client->z.ViceId : 0), AUD_INT, CallingRoutine, AUD_END); } else { - if (readonlyServer) { - return (VREADONLY); - } if (CallingRoutine == CHK_STOREACL) { if (!(rights & PRSFS_ADMINISTER) && !VolumeOwner(client, targetptr)) @@ -1111,9 +1109,7 @@ Check_PermissionRights(Vnode * targetptr, struct client *client, /* watch for chowns and chgrps */ if (CHOWN(InStatus, targetptr) || CHGRP(InStatus, targetptr)) { - if (readonlyServer) - return (VREADONLY); - else if (VanillaUser(client)) + if (VanillaUser(client)) return (EPERM); /* Was EACCES */ else osi_audit(PrivilegeEvent, 0, AUD_ID, @@ -1127,8 +1123,6 @@ Check_PermissionRights(Vnode * targetptr, struct client *client, #else (InStatus->UnixModeBits & (S_ISUID | S_ISGID)) != 0) { #endif - if (readonlyServer) - return (VREADONLY); if (VanillaUser(client)) return (EACCES); else @@ -1137,8 +1131,6 @@ Check_PermissionRights(Vnode * targetptr, struct client *client, CallingRoutine, AUD_END); } if (CallingRoutine == CHK_STOREDATA) { - if (readonlyServer) - return (VREADONLY); if (!(rights & PRSFS_WRITE)) return (EACCES); /* Next thing is tricky. We want to prevent people @@ -1166,8 +1158,6 @@ Check_PermissionRights(Vnode * targetptr, struct client *client, #endif if ((targetptr->disk.type != vDirectory) && (!(targetptr->disk.modeBits & OWNERWRITE))) { - if (readonlyServer) - return (VREADONLY); if (VanillaUser(client)) return (EACCES); else @@ -1176,8 +1166,6 @@ Check_PermissionRights(Vnode * targetptr, struct client *client, AUD_INT, CallingRoutine, AUD_END); } } else { /* a status store */ - if (readonlyServer) - return (VREADONLY); if (targetptr->disk.type == vDirectory) { if (!(rights & PRSFS_DELETE) && !(rights & PRSFS_INSERT)) -- 2.39.5