OpenAFS Master Repository branch, openafs-devel-1_7_x, updated. openafs-devel-1_7_21-21-g94bdfb9
Gerrit Code Review
gerrit@openafs.org
Mon, 7 Jan 2013 11:41:25 -0800 (PST)
The following commit has been merged in the openafs-devel-1_7_x branch:
commit 52fb1b1ac5adcfc32408a09049c6f6cb38b9267a
Author: Rod Widdowson <rdw@steadingsoftware.com>
Date: Fri Dec 28 14:40:40 2012 +0000
Windows: Only allow the local system account to speak to the redirector
When we get the IOCTL_AFS_INITIALIZE_CONTROL_DEVICE IOCTL we check to
see whether the calling process is the LOCAL_SYSTEM_SID (the one that
services run at if they are not running as a specified SID). If we
are not then the initialize fails ACCESS_DENIED.
If the debug build ONLY, setting the AFS_DBG_DISABLE_SYSTEM_SID_CHECK
bit in OpenAFSDebugFlags circumvents this check, allowing interactive
debugging.
Existing code stops two processes (or even handles) from trying to
initialize the system.
Change-Id: I2ef8ca3a0df908acba38b435178d0509e96d6114
Reviewed-on: http://gerrit.openafs.org/8842
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 5138c07abd076e0fa90d70a175a3a822fb127ef5)
Reviewed-on: http://gerrit.openafs.org/8885
src/WINNT/afsrdr/common/AFSRedirCommonDefines.h | 13 ++++++-----
src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp | 10 ++++++++-
src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp | 25 ++++++++++++++++++++++
src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h | 3 ++
4 files changed, 44 insertions(+), 7 deletions(-)
--
OpenAFS Master Repository