From 39a71ce16ec44736549cd5a5dc4965ce0828eb28 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Fri, 5 Jan 2007 17:21:30 +0000
Subject: [PATCH] STABLE14-windows-unix-mode-bit-enforcement-20070105

modify the write-lock permission test so that the UnixMode bits do not
subtract PRSFS_WRITE from the rights when testing PRSFS_WRITE | PRSFS_LOCK.

PRSFS_WRITE implies PRSFS_LOCK so add it

Add new registry value "DeleteReadOnly" to permit deletion of read-only
files.  The default is 0.  Set to non-zero value to activate.


(cherry picked from commit 290b05b6b6e13fd93d40a8c021f0d8fdf697f7af)
---
 src/WINNT/afsd/afsd_init.c   |  9 +++++++++
 src/WINNT/afsd/cm_access.c   | 12 ++++++++++--
 src/WINNT/afsd/cm_vnodeops.c |  9 ++++++---
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/src/WINNT/afsd/afsd_init.c b/src/WINNT/afsd/afsd_init.c
index eafca6407..2f040a9dc 100644
--- a/src/WINNT/afsd/afsd_init.c
+++ b/src/WINNT/afsd/afsd_init.c
@@ -38,6 +38,7 @@ extern int RXAFSCB_ExecuteRequest(struct rx_call *z_call);
 extern int RXSTATS_ExecuteRequest(struct rx_call *z_call);
 
 extern afs_int32 cryptall;
+extern int cm_deleteReadOnly;
 
 osi_log_t *afsd_logp;
 
@@ -1022,6 +1023,14 @@ int afsd_InitCM(char **reasonP)
                            (BYTE *) &HardDeadtimeout, &dummyLen);
     afsi_log("HardDeadTimeout is %d", HardDeadtimeout);
 
+    dummyLen = sizeof(DWORD);
+    code = RegQueryValueEx(parmKey, "DeleteReadOnly", NULL, NULL,
+	                  (BYTE *) &dwValue, &dummyLen);
+    if (code == ERROR_SUCCESS) {
+        cm_deleteReadOnly = (unsigned short) dwValue;
+    }
+    afsi_log("CM DeleteReadOnly is %u", cm_deleteReadOnly);
+
     RegCloseKey (parmKey);
 
     /* Call lanahelper to get Netbios name, lan adapter number and gateway flag */
diff --git a/src/WINNT/afsd/cm_access.c b/src/WINNT/afsd/cm_access.c
index 2191e4ef9..5d70bd43a 100644
--- a/src/WINNT/afsd/cm_access.c
+++ b/src/WINNT/afsd/cm_access.c
@@ -24,6 +24,8 @@
 
 #include "afsd.h"
 
+int cm_deleteReadOnly = 0;
+
 /* called with scp write-locked, check to see if we have the ACL info we need
  * and can get it w/o blocking for any locks.
  *
@@ -93,8 +95,14 @@ int cm_HaveAccessRights(struct cm_scache *scp, struct cm_user *up, long rights,
     /* check mode bits */
     if (!(scp->unixModeBits & 0400))
         *outRightsp &= ~PRSFS_READ;
-    if (!(scp->unixModeBits & 0200))
-        *outRightsp &= ~(PRSFS_WRITE|PRSFS_DELETE);
+    if (!(scp->unixModeBits & 0200) && !(rights == (PRSFS_WRITE | PRSFS_LOCK)))
+        *outRightsp &= ~PRSFS_WRITE;
+    if (!(scp->unixModeBits & 0200) && !cm_deleteReadOnly)
+        *outRightsp &= ~PRSFS_DELETE;
+
+    /* if the user can obtain a write-lock, read-locks are implied */
+    if (*outRightsp & PRSFS_WRITE)
+	*outRightsp |= PRSFS_LOCK;
 
     code = 1;
     /* fall through */
diff --git a/src/WINNT/afsd/cm_vnodeops.c b/src/WINNT/afsd/cm_vnodeops.c
index 74a2d6222..dcbeff03a 100644
--- a/src/WINNT/afsd/cm_vnodeops.c
+++ b/src/WINNT/afsd/cm_vnodeops.c
@@ -186,7 +186,8 @@ void cm_Gen8Dot3Name(cm_dirEntry_t *dep, char *shortName, char **shortNameEndp)
     int vnode = ntohl(dep->fid.vnode);
     char *lastDot;
     int validExtension = 0;
-    char tc, *temp, *name;
+    char tc, *temp;
+    const char *name;
 
     /* Unparse the file's vnode number to get a "uniquifier" */
     do {
@@ -258,8 +259,10 @@ long cm_CheckOpen(cm_scache_t *scp, int openMode, int trunc, cm_user_t *userp,
     long code;
 
     rights = 0;
-    if (openMode != 1) rights |= PRSFS_READ;
-    if (openMode == 1 || openMode == 2 || trunc) rights |= PRSFS_WRITE;
+    if (openMode != 1) 
+	rights |= PRSFS_READ;
+    if (openMode == 1 || openMode == 2 || trunc) 
+	rights |= PRSFS_WRITE;
         
     lock_ObtainMutex(&scp->mx);
 
-- 
2.39.5