OpenAFS Master Repository branch, master, updated. openafs-devel-1_5_76-3258-g5138c07

Gerrit Code Review gerrit@openafs.org
Mon, 7 Jan 2013 07:24:30 -0800 (PST)


The following commit has been merged in the master branch:
commit 5138c07abd076e0fa90d70a175a3a822fb127ef5
Author: Rod Widdowson <rdw@steadingsoftware.com>
Date:   Fri Dec 28 14:40:40 2012 +0000

    Windows: Only allow the local system account to speak to the redirector
    
    When we get the IOCTL_AFS_INITIALIZE_CONTROL_DEVICE IOCTL we check to
    see whether the calling process is the LOCAL_SYSTEM_SID (the one that
    services run at if they are not running as a specified SID).  If we
    are not then the initialize fails ACCESS_DENIED.
    
    If the debug build ONLY, setting the AFS_DBG_DISABLE_SYSTEM_SID_CHECK
    bit in OpenAFSDebugFlags circumvents this check, allowing interactive
    debugging.
    
    Existing code stops two processes (or even handles) from trying to
    initialize the system.
    
    Change-Id: I2ef8ca3a0df908acba38b435178d0509e96d6114
    Reviewed-on: http://gerrit.openafs.org/8842
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
    Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

 src/WINNT/afsrdr/common/AFSRedirCommonDefines.h  |   13 ++++++-----
 src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp    |   10 ++++++++-
 src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp |   25 ++++++++++++++++++++++
 src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h   |    3 ++
 4 files changed, 44 insertions(+), 7 deletions(-)

-- 
OpenAFS Master Repository