OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_2-49-gdc8952f

Gerrit Code Review gerrit@openafs.org
Fri, 22 Mar 2013 08:04:29 -0700 (PDT) 

The following commit has been merged in the openafs-stable-1_6_x branch:
commit dc8952ff29584a8bbc7be66a53f6c4fffd3178f3
Author: Jeffrey Altman <jaltman@your-file-system.com>
Date:   Tue Jul 3 15:58:01 2012 -0400

    viced: RXAFS_GetVolumeStatus remove access check
    
    The AFS file server had always performed a PRSFS_READ permission
    check on the volume's root directory (1.1) vnode before responding
    succesfully to the client.  A successful response contains the
    following volume state information:
    
      Message of the day (if any)
      Offline message (if any)
      Online flag
      InService flag
      Blessed flag
      NeedsSalvage flag
      Type
      MinQuota
      MaxQuota
      BlocksInUse
      PartBlocksAvail
      PartMaxBlocks
    
    All of this information is publicly available to anonymous users
    via other services so it is odd that it is hidden from anonymous
    cache managers.
    
    As sites begin to tighten the ACLs on volumes due to privacy
    and security concerns this READ permission check is begin to
    cause problems for Windows clients that rely upon the quota and
    block counts to determine whether or not it is likely to be safe
    to perform an extending write.  In many environments volumes are
    being configured such that the root directory is 'l' for all and
    only the subdirectories provide for 'ridw'.  Under these situations
    the user is able to read/write the data but cannot determine how
    much free space is available.  Since all of the data returned by
    RXAFS_GetVolumeStatus is publicly available, the patchset removes
    the access check entirely.
    
    Reviewed-on: http://gerrit.openafs.org/7705
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
    Reviewed-by: Derrick Brashear <shadow@dementix.org>
    (cherry picked from commit d2d591caf2c9b4cf2ebae708cc9b4c8b78ca5a5a)
    
    Change-Id: I94886f2325ee46995dd886bbf2d359f6d3af76fe
    Reviewed-on: http://gerrit.openafs.org/9489
    Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com>
    Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
    Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
    Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
    Reviewed-by: Andrew Deason <adeason@sinenomine.net>
    Tested-by: BuildBot <buildbot@rampaginggeek.com>

 src/viced/afsfileprocs.c |    4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)

-- 
OpenAFS Master Repository