From dc8952ff29584a8bbc7be66a53f6c4fffd3178f3 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Tue, 3 Jul 2012 15:58:01 -0400
Subject: [PATCH] viced: RXAFS_GetVolumeStatus remove access check

The AFS file server had always performed a PRSFS_READ permission
check on the volume's root directory (1.1) vnode before responding
succesfully to the client.  A successful response contains the
following volume state information:

  Message of the day (if any)
  Offline message (if any)
  Online flag
  InService flag
  Blessed flag
  NeedsSalvage flag
  Type
  MinQuota
  MaxQuota
  BlocksInUse
  PartBlocksAvail
  PartMaxBlocks

All of this information is publicly available to anonymous users
via other services so it is odd that it is hidden from anonymous
cache managers.

As sites begin to tighten the ACLs on volumes due to privacy
and security concerns this READ permission check is begin to
cause problems for Windows clients that rely upon the quota and
block counts to determine whether or not it is likely to be safe
to perform an extending write.  In many environments volumes are
being configured such that the root directory is 'l' for all and
only the subdirectories provide for 'ridw'.  Under these situations
the user is able to read/write the data but cannot determine how
much free space is available.  Since all of the data returned by
RXAFS_GetVolumeStatus is publicly available, the patchset removes
the access check entirely.

Reviewed-on: http://gerrit.openafs.org/7705
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit d2d591caf2c9b4cf2ebae708cc9b4c8b78ca5a5a)

Change-Id: I94886f2325ee46995dd886bbf2d359f6d3af76fe
Reviewed-on: http://gerrit.openafs.org/9489
Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
---
 src/viced/afsfileprocs.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index f00ae9bb3..3b236634d 100644
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -6798,10 +6798,6 @@ SRXAFS_GetVolumeStatus(struct rx_call * acall, afs_int32 avolid,
 			  &rights, &anyrights)))
 	goto Bad_GetVolumeStatus;
 
-    if ((VanillaUser(client)) && (!(rights & PRSFS_READ))) {
-	errorCode = EACCES;
-	goto Bad_GetVolumeStatus;
-    }
     (void)RXGetVolumeStatus(FetchVolStatus, Name, OfflineMsg, Motd, volptr);
 
   Bad_GetVolumeStatus:
-- 
2.39.5