From ce510dd972483969f03c56913d32af7951315956 Mon Sep 17 00:00:00 2001 From: franklahm Date: Tue, 6 Apr 2010 12:00:27 +0000 Subject: [PATCH] Documentation for changed upriv -> noupriv option --- NEWS | 1 + etc/afpd/volume.c | 7 ++++--- man/man5/AppleVolumes.default.5.tmpl | 14 +++++++++----- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index 3f5aca4d..21c7f429 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,7 @@ Changes in 2.1-beta2 * NEW: afpd: static generated AFP signature stored in afp_signature.conf, cf man 5 afp_signature.conf * NEW: afpd: clustering support: new per volume option "cnidserver". +* UPD: afpd: new volume options default: UNIX priveleges ("upriv") on * FIX: afpd: prevent security attack guessing valid server accounts. afpd now returns error -5023 for unknown users, as does AppleFileServer. diff --git a/etc/afpd/volume.c b/etc/afpd/volume.c index d68cb7ba..bcdcef47 100644 --- a/etc/afpd/volume.c +++ b/etc/afpd/volume.c @@ -1,5 +1,5 @@ /* - * $Id: volume.c,v 1.123 2010-04-04 15:04:45 franklahm Exp $ + * $Id: volume.c,v 1.124 2010-04-06 12:00:27 franklahm Exp $ * * Copyright (c) 1990,1993 Regents of The University of Michigan. * All Rights Reserved. See COPYRIGHT. @@ -444,8 +444,8 @@ static void volset(struct vol_option *options, struct vol_option *save, options[VOLOPT_PREEXEC].i_value = 1; else if (strcasecmp(p, "root_preexec_close") == 0) options[VOLOPT_ROOTPREEXEC].i_value = 1; - else if (strcasecmp(p, "upriv") == 0) - options[VOLOPT_FLAGS].i_value |= AFPVOL_UNIX_PRIV; + else if (strcasecmp(p, "noupriv") == 0) + options[VOLOPT_FLAGS].i_value &= ~AFPVOL_UNIX_PRIV; else if (strcasecmp(p, "acls") == 0) options[VOLOPT_FLAGS].i_value |= AFPVOL_ACLS; else if (strcasecmp(p, "nodev") == 0) @@ -1119,6 +1119,7 @@ static int readvolfile(AFPObj *obj, struct afp_volume_name *p1, char *p2, int us /* Enable some default options for all volumes */ save_options[VOLOPT_FLAGS].i_value |= AFPVOL_CACHE; + save_options[VOLOPT_FLAGS].i_value |= AFPVOL_UNIX_PRIV; save_options[VOLOPT_EA_VFS].i_value = AFPVOL_EA_AUTO; while ( myfgets( buf, sizeof( buf ), fp ) != NULL ) { diff --git a/man/man5/AppleVolumes.default.5.tmpl b/man/man5/AppleVolumes.default.5.tmpl index 998c90d6..38139f12 100644 --- a/man/man5/AppleVolumes.default.5.tmpl +++ b/man/man5/AppleVolumes.default.5.tmpl @@ -2,12 +2,12 @@ .\" Title: AppleVolumes.default .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.74.3 -.\" Date: 31 Mar 2010 +.\" Date: 06 Apr 2010 .\" Manual: Netatalk 2.1 .\" Source: Netatalk 2.1 .\" Language: English .\" -.TH "APPLEVOLUMES\&.DEFAU" "5" "31 Mar 2010" "Netatalk 2.1" "Netatalk 2.1" +.TH "APPLEVOLUMES\&.DEFAU" "5" "06 Apr 2010" "Netatalk 2.1" "Netatalk 2.1" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -55,7 +55,11 @@ line\&. Though newline escaping is supported\&. .RE .PP It is possible to specify default options for all volumes with a -\fI:DEFAULT: \fRline preceeding these volume definitions:.PP \fBExample.\ \&:DEFAULT: configuration line\fR .PP :DEFAULT: options:upriv,usedots dbpath:/var/dbd/AppleDB/$v dperm:0775 fperm:0664 +\fI:DEFAULT: \fRline preceeding these volume definitions: +.PP +\fBExample.\ \&:DEFAULT: configuration line\fR +.PP +:DEFAULT: options:usedots dbpath:/var/dbd/AppleDB/$v dperm:0775 fperm:0664 .PP The possible options and their meanings are: .PP @@ -217,9 +221,9 @@ root_preexec_close a non\-zero return code from root_preexec closes the volume immediately, preventing clients to mount/see the volume in question\&. .RE .PP -upriv +noupriv .RS 4 -use AFP3 unix privileges\&. Become familiar with the new "unix privileges" AFP permissions concepts in MacOS X before using this option\&. See also: +Don\'t use AFP3 unix privileges\&. See also: \fBperm|fperm|dperm\fR\&. .RE .PP -- 2.39.2