OpenAFS Master Repository branch, openafs-devel-1_7_x, updated. openafs-devel-1_7_21-24-gcd7ae7e

Gerrit Code Review gerrit@openafs.org
Mon, 21 Jan 2013 20:44:45 -0800 (PST)


The following commit has been merged in the openafs-devel-1_7_x branch:
commit cd7ae7e60231fd003a7b83c5710a9773b308b6a6
Author: Rod Widdowson <rdw@steadingsoftware.com>
Date:   Fri Dec 28 15:00:15 2012 +0000

    Windows: Police the DEBUG TRACE ioctls
    
    When we get a IOCTL_AFS_GET_TRACE_BUFFER, a IOCTL_AFS_CONFIGURE_DEBUG_TRACE
    or a IOCTL_AFS_FORCE_CRASH, we check to see whether the caller is in the
    Administrators group and if it isn't we fail the request with ACCESS_DENIED.
    
    NOTE that this does not check whether the user has done the "run as admin"
    thing.  We actually need to determine which priviledges are appropriate to
    this action and use that rather than group membership to police these actions
    and this will be added in a later patch.  Meanwhile this represents a
    significant increment in security from previously.
    
    Reviewed-on: http://gerrit.openafs.org/8843
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
    Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
    (cherry picked from commit dd672fffe9bfef6bd872b008e7f3e3dd5f904a80)
    
    Change-Id: I3566649677e2a0962167f3a7d0fb2b8b201b5c7d
    Reviewed-on: http://gerrit.openafs.org/8934
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

 src/WINNT/afsrdr/kernel/fs/AFSCommSupport.cpp    |   21 ++++++++++++++++
 src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp |   28 ++++++++++++++++++++++
 src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h   |    3 ++
 3 files changed, 52 insertions(+), 0 deletions(-)

-- 
OpenAFS Master Repository