OpenAFS CVS Commit: openafs/src/WINNT/afsrdr/user by jaltman

[cvs@GRAND.CENTRAL.ORG]

Update of /cvs/openafs/src/WINNT/afsrdr/user
In directory GRAND.CENTRAL.ORG:/home/jaltman/openafs/cvs-kdfs/src/WINNT/afsrdr/user

Modified Files:
      Tag: openafs-windows-kdfs-ifs-branch
	RDRFunction.c 
Log Message:
DELTA KDFS-windows-afsrdr-user-20082021
AUTHOR jaltman@secure-endpoints.com
LICENSE MIT

Pass error codes through cm_MapRPCError() before translating
with smb_MapNTError() in order to translate CRT and AFS error
codes to CM_ERROR_ values before translating to NTSTATUS values
for the file system.

Add RDR_GetLocalSystemUser() which returns the cm_user_t belonging
to the local system account, S-1-5-18.  If an open request is received
from this account, do not perform the open checks.   The account has
no tokens and unless the object being accessed is world readable an
attempt to open will fail.  Unfortunately, requests initiated by
csrss.exe must succeed in order for executable files to be memory 
mapped and csrss.exe is a local system account process.  The open
check is advisory, it does not provide any real access to the data
so there is no information leak.

In the release extents functions, add additional trace logging for
extents that are released by the file system but which are not owned
by the file system.  



--- DELTA config for openafs-windows-kdfs-ifs-branch follows ---
KDFS-windows-afsrdr-user-20082021 openafs/src/WINNT/afsrdr/user/RDRFunction.c 1.1.2.26 1.1.2.27