Print

Print

 
This PR introduces a lower-privileged versions of `AOP_Insert` and `AOP_Create` which do not permit overwriting / destroying existing data during `rename` and `open` operations, respectively.  Through the use of the `O_EXCL` flag in the filesystem, xrootd now refuses to overwrite data if a session has the lower-privileged version instead of the full-fledged authorization.

With this, the `UPLOAD` Macaroon authorization and `storage.create` SciToken authorization are correctly implemented.

Note one other fixup had to be included: for HTTP MOVE operations, we now append the token correctly to the destination as well as the source.

Finally, because https://github.com/xrootd/xrootd/pull/1644 iterates through the list of operations, I decided to apply this branch on top of #1644; please do not merge this PR until #1644 is across the finish line.

Fixes #1655 
You can view, comment on, or merge this pull request online at:

  https://github.com/xrootd/xrootd/pull/1697

-- Commit Summary --

  * Populate XrdSciTokens with more detailed log messages.
  * Bump logging level of exceptions to warning.
  * Rework configuration to utilize new XrdOucGatherInfo class.
  * Ensure MOVE destination has any necessary CGI entries.
  * Ignore request.name if it is empty.
  * Introduce 'exclusive' operations.
  * [XrdSciTokens] Differentiate between WLCG tokens and SciTokens.

-- File Changes --

    M src/XrdAcc/XrdAccAccess.cc (4)
    M src/XrdAcc/XrdAccAuthorize.hh (30)
    M src/XrdApps/XrdAccTest.cc (3)
    M src/XrdHttp/XrdHttpReq.cc (7)
    M src/XrdMacaroons/XrdMacaroonsAuthz.cc (10)
    M src/XrdOfs/XrdOfs.cc (55)
    M src/XrdSciTokens/XrdSciTokensAccess.cc (250)
    M src/XrdThrottle/XrdThrottleFile.cc (3)
    M src/XrdXrootd/XrdXrootdXeq.cc (2)

-- Patch Links --

https://github.com/xrootd/xrootd/pull/1697.patch
https://github.com/xrootd/xrootd/pull/1697.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/1697
You are receiving this because you are subscribed to this thread.

Message ID: <[log in to unmask]>

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1