From 790f92d55000d320521999261141938244f3e825 Mon Sep 17 00:00:00 2001
From: Derrick Brashear <shadow@dementia.org>
Date: Mon, 7 Feb 2011 10:54:51 -0500
Subject: [PATCH] fileserver: dropbox mode shouldn't allow readback from
 anonymous

if you're writing files as anonymous, don't let them be read back.
things which potentially need to page back in will just have to be
authenticated, or lose.

Reviewed-on: http://gerrit.openafs.org/3901
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 470a6d46175125bfe15bb267ee8f77d60132592a)

Change-Id: Ia81a9871a2d38843d0ad2c61af06c8bbaaef3d81
Reviewed-on: http://gerrit.openafs.org/4091
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
---
 src/viced/afsfileprocs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index 5b49535a0..368b53b9f 100644
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -891,7 +891,8 @@ Check_PermissionRights(Vnode * targetptr, struct client *client,
 	    } else {		/* file */
 		/* must have read access, or be owner and have insert access */
 		if (!(rights & PRSFS_READ)
-		    && !(OWNSp(client, targetptr) && (rights & PRSFS_INSERT)))
+		    && !((OWNSp(client, targetptr) && (rights & PRSFS_INSERT)
+			  && (client->ViceId != AnonymousID))))
 		    return (EACCES);
 	    }
 	    if (CallingRoutine == CHK_FETCHDATA
-- 
2.39.5