This PR introduces a lower-privileged versions of `AOP_Insert` and `AOP_Create` which do not permit overwriting / destroying existing data during `rename` and `open` operations, respectively. Through the use of the `O_EXCL` flag in the filesystem, xrootd now refuses to overwrite data if a session has the lower-privileged version instead of the full-fledged authorization. With this, the `UPLOAD` Macaroon authorization and `storage.create` SciToken authorization are correctly implemented. Note one other fixup had to be included: for HTTP MOVE operations, we now append the token correctly to the destination as well as the source. Finally, because https://github.com/xrootd/xrootd/pull/1644 iterates through the list of operations, I decided to apply this branch on top of #1644; please do not merge this PR until #1644 is across the finish line. Fixes #1655 You can view, comment on, or merge this pull request online at: https://github.com/xrootd/xrootd/pull/1697 -- Commit Summary -- * Populate XrdSciTokens with more detailed log messages. * Bump logging level of exceptions to warning. * Rework configuration to utilize new XrdOucGatherInfo class. * Ensure MOVE destination has any necessary CGI entries. * Ignore request.name if it is empty. * Introduce 'exclusive' operations. * [XrdSciTokens] Differentiate between WLCG tokens and SciTokens. -- File Changes -- M src/XrdAcc/XrdAccAccess.cc (4) M src/XrdAcc/XrdAccAuthorize.hh (30) M src/XrdApps/XrdAccTest.cc (3) M src/XrdHttp/XrdHttpReq.cc (7) M src/XrdMacaroons/XrdMacaroonsAuthz.cc (10) M src/XrdOfs/XrdOfs.cc (55) M src/XrdSciTokens/XrdSciTokensAccess.cc (250) M src/XrdThrottle/XrdThrottleFile.cc (3) M src/XrdXrootd/XrdXrootdXeq.cc (2) -- Patch Links -- https://github.com/xrootd/xrootd/pull/1697.patch https://github.com/xrootd/xrootd/pull/1697.diff -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/1697 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1