From 703f7219ab1eb43cefe6f2805d5c46122dcff226 Mon Sep 17 00:00:00 2001 From: Christof Hanke Date: Thu, 12 Sep 2013 13:34:04 +0200 Subject: [PATCH] client: flag in cachemanager if rmtsys is enabled when processing "fs sysname" on a client, a rmtsys-related checks are executed by default. These prevent a user with gid 2748 and 2750 (0xabc and 0xabe) from executing this command. Add a new flag inside the cachemanager for the rmtsys- functionality. This flag is set through a new ioctl by the afsd on startup. Reviewed-on: http://gerrit.openafs.org/10245 Tested-by: BuildBot Reviewed-by: Derrick Brashear (cherry picked from commit db1de98ecf6fd22b9c36b3ba284984f03cb0ae35) Change-Id: Ia2a367e4675782a681b4f6efd6365da482adfab8 Reviewed-on: https://gerrit.openafs.org/12607 Reviewed-by: Mark Vitale Reviewed-by: Stephan Wiesand Tested-by: Stephan Wiesand --- src/afs/afs.h | 1 + src/afs/afs_call.c | 4 ++++ src/afs/afs_pioctl.c | 5 +++-- src/afsd/afsd.c | 3 +++ src/config/afs_args.h | 1 + 5 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/afs/afs.h b/src/afs/afs.h index f03609ca3..5831047e7 100644 --- a/src/afs/afs.h +++ b/src/afs/afs.h @@ -1472,6 +1472,7 @@ struct afs_fakestat_state { }; extern int afs_fakestat_enable; +extern int afs_rmtsys_enable; extern int afsd_dynamic_vcaches; /* diff --git a/src/afs/afs_call.c b/src/afs/afs_call.c index 1c1f48d52..7a12d8e4d 100644 --- a/src/afs/afs_call.c +++ b/src/afs/afs_call.c @@ -78,6 +78,7 @@ static int afs_InitSetup_done = 0; afs_int32 afs_numcachefiles = -1; afs_int32 afs_numfilesperdir = -1; char afs_cachebasedir[1024]; +afs_int32 afs_rmtsys_enable = 0; afs_int32 afs_rx_deadtime = AFS_RXDEADTIME; afs_int32 afs_rx_harddead = AFS_HARDDEADTIME; @@ -1300,6 +1301,9 @@ afs_syscall_call(long parm, long parm2, long parm3, rx_MyMaxSendSize = rx_maxReceiveSizeUser = rx_maxReceiveSize = parm2; } else if (parm == AFSOP_SET_RXMAXFRAGS) { rxi_nSendFrags = rxi_nRecvFrags = parm2; + } else if (parm == AFSOP_SET_RMTSYS_FLAG) { + afs_rmtsys_enable = parm2; + code = 0; } else { code = EINVAL; } diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c index 13dab6951..d96d7b714 100644 --- a/src/afs/afs_pioctl.c +++ b/src/afs/afs_pioctl.c @@ -28,6 +28,7 @@ #include "afs/afs_bypasscache.h" #include "rx/rx_globals.h" +extern int afs_rmtsys_enable; struct VenusFid afs_rootFid; afs_int32 afs_waitForever = 0; short afs_waitForeverCount = 0; @@ -3777,8 +3778,8 @@ DECL_PIOCTL(PSetSysName) return EINVAL; num = count; } - if (afs_cr_gid(*acred) == RMTUSER_REQ || - afs_cr_gid(*acred) == RMTUSER_REQ_PRIV) { /* Handles all exporters */ + if (afs_rmtsys_enable && (afs_cr_gid(*acred) == RMTUSER_REQ || + afs_cr_gid(*acred) == RMTUSER_REQ_PRIV)) { /* Handles all exporters */ if (allpags && afs_cr_gid(*acred) != RMTUSER_REQ_PRIV) { return EPERM; } diff --git a/src/afsd/afsd.c b/src/afsd/afsd.c index 0d5f41354..4adfc0942 100644 --- a/src/afsd/afsd.c +++ b/src/afsd/afsd.c @@ -2496,6 +2496,9 @@ afsd_run(void) if (afsd_verbose) printf("%s: Forking 'rmtsys' daemon.\n", rn); afsd_fork(0, rmtsysd_thread, NULL); + code = afsd_call_syscall(AFSOP_SET_RMTSYS_FLAG, 1); + if (code) + printf("%s: Error enabling rmtsys support.\n", rn); } #endif /* !UKERNEL */ /* diff --git a/src/config/afs_args.h b/src/config/afs_args.h index 09316d597..73d3ee62c 100644 --- a/src/config/afs_args.h +++ b/src/config/afs_args.h @@ -51,6 +51,7 @@ #define AFSOP_SET_RXMAXMTU 40 /* set rx_MyMaxSendSize,rx_maxReceiveSizeUser,rx_maxReceiveSize */ #define AFSOP_BKG_HANDLER 41 /* userspace-capable Bkg daemon */ #define AFSOP_SET_RXMAXFRAGS 43 /* set rxi_nSendFrags, rxi_nRecvFrags */ +#define AFSOP_SET_RMTSYS_FLAG 44 /* set flag if rmtsys is enabled */ /* The range 20-30 is reserved for AFS system offsets in the afs_syscall */ #define AFSCALL_PIOCTL 20 -- 2.39.5