[OpenAFS-devel] Re: [AFS3-std] Changing RXAFS_GetVolumeStatus access check to support volume lock down

Jeffrey Altman jaltman@secure-endpoints.com
Thu, 05 Jul 2012 18:48:26 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBB6DF95F3BE9CB50716D0D63
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 7/5/2012 1:23 PM, Jeffrey Hutzelman wrote:
> I think it is fine to skip access control checks on this call entirely.=

> As you point out, the information available via this RPC is also
> available to unauthenticated clients via the volserver.

I have modified http://gerrit.openafs.org/#change,7705 to remove all
access control checks.  I was being conservative by changing the check
to RXAFS_LOOKUP but I am in agreement that the check is not needed at all=
=2E

Jeffrey Altman


--------------enigBB6DF95F3BE9CB50716D0D63
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJP9hm6AAoJENxm1CNJffh4OzIH/0atT3tIIptCOeaHqYLuWtSa
dnO/r51V3+DLyK/gqB15R+RlzYdrndxJBS3tI36HJaSRZNWfD+cSMnq5BSld1KPP
1ZDjgffZBmc+/rFnNic2C/YMD+f1at2GR7KU9vR0IypB3vp4raFBImHwoq1tPYmZ
D619Otqi9WT3DrVfkD1rHgYTajkJbotMmHjgHujDx6pB4p4pX3dgMLMlC0UOwpQd
ptvIfg+rBHXIUmLNGYMBn2sNbjdahlmQI9gog7EZTOaiYnlAqVoGOVF5MxccJNN4
LiB4BaiUrGKqb66aJqWVdixojE+gq4RnFuNk1dCFi3tceEQe87WwOgSQs/O4lHI=
=ZY7e
-----END PGP SIGNATURE-----

--------------enigBB6DF95F3BE9CB50716D0D63--