Branch: refs/heads/master
Home: https://github.com/xrootd/xrootd
Commit: 6e01c0d22bc037fac184ff4b55d860c8f9a32fa5
https://github.com/xrootd/xrootd/commit/6e01c0d22bc037fac184ff4b55d860c8f9a32fa5
Author: Brian Bockelman <[log in to unmask]>
Date: 2022-05-07 (Sat, 07 May 2022)
Changed paths:
M src/XrdHttp/XrdHttpReq.cc
Log Message:
-----------
Ensure MOVE destination has any necessary CGI entries.
This causes the MOVE destination to have the token associated with
the MOVE request; without it, the token is only applied to the source.
Commit: d7e422ec021b6bac6fed3aef1a9795308b5386d9
https://github.com/xrootd/xrootd/commit/d7e422ec021b6bac6fed3aef1a9795308b5386d9
Author: Brian Bockelman <[log in to unmask]>
Date: 2022-05-07 (Sat, 07 May 2022)
Changed paths:
M src/XrdAcc/XrdAccAccess.cc
M src/XrdThrottle/XrdThrottleFile.cc
M src/XrdXrootd/XrdXrootdXeq.cc
Log Message:
-----------
Ignore request.name if it is empty.
This allows an external caller to "unset" the request.name attribute.
Commit: a9b0b65de6e21727eae8e9bd0379d35105117007
https://github.com/xrootd/xrootd/commit/a9b0b65de6e21727eae8e9bd0379d35105117007
Author: Brian Bockelman <[log in to unmask]>
Date: 2022-05-07 (Sat, 07 May 2022)
Changed paths:
M src/XrdAcc/XrdAccAuthorize.hh
M src/XrdApps/XrdAccTest.cc
M src/XrdMacaroons/XrdMacaroonsAuthz.cc
M src/XrdOfs/XrdOfs.cc
M src/XrdSciTokens/XrdSciTokensAccess.cc
Log Message:
-----------
Introduce 'exclusive' operations.
With this, file creation and rename can be performed with a lower-
privileged 'exclusive' authorization level.
Code paths are unchanged for existing authorization but, on authz
failure, we will test for these new lower-privileges and, if present,
allow the creation to continue provided there is no preexisting data
that will be overwritten.
Commit: 694df451d8b95c65f3f05d44145939ffcac2e001
https://github.com/xrootd/xrootd/commit/694df451d8b95c65f3f05d44145939ffcac2e001
Author: Oliver Freyermuth <[log in to unmask]>
Date: 2022-05-07 (Sat, 07 May 2022)
Changed paths:
M src/XrdSciTokens/XrdSciTokensAccess.cc
Log Message:
-----------
[XrdSciTokens] Differentiate between WLCG tokens and SciTokens.
This detects SciTokens by having write, but neither create nor modify
permission for a path. Based on this, more granular permissions
for WLCG tokens can be implemented.
Commit: b29c119108782d2fa4fc77d39b64aa69a195ac6a
https://github.com/xrootd/xrootd/commit/b29c119108782d2fa4fc77d39b64aa69a195ac6a
Author: Brian Bockelman <[log in to unmask]>
Date: 2022-05-07 (Sat, 07 May 2022)
Changed paths:
M src/XrdSciTokens/XrdSciTokensAccess.cc
Log Message:
-----------
Only provide non-destructive authorization.
Commit: c63d3a8295b4d2896622af80028c58370fffddeb
https://github.com/xrootd/xrootd/commit/c63d3a8295b4d2896622af80028c58370fffddeb
Author: Brian Bockelman <[log in to unmask]>
Date: 2022-05-07 (Sat, 07 May 2022)
Changed paths:
M src/XrdOfs/XrdOfs.cc
Log Message:
-----------
Correct comment about deleting the request.name.
We need to remove the side-effects of running a successful authorization
as we need to do a second authorization check.
Commit: d9ebf33e155da97f553e2a8de5072bb552cb4aef
https://github.com/xrootd/xrootd/commit/d9ebf33e155da97f553e2a8de5072bb552cb4aef
Author: Brian Bockelman <[log in to unmask]>
Date: 2022-05-07 (Sat, 07 May 2022)
Changed paths:
M src/XrdOfs/XrdOfs.cc
Log Message:
-----------
Avoid file creation for rename permission check.
When we want to avoid overwriting data, we have a choice of either
creating an exclusive file (side-effect: could leave a file dangling)
or test-then-rename (side-effect: race condition). This changes the
implementation to test-then-rename as it was decided that it would
be the lesser of two evils.
Commit: ec7743f03d8c9655288c84d0127de2d758f8f79a
https://github.com/xrootd/xrootd/commit/ec7743f03d8c9655288c84d0127de2d758f8f79a
Author: Brian Bockelman <[log in to unmask]>
Date: 2022-05-07 (Sat, 07 May 2022)
Changed paths:
M src/XrdHttp/XrdHttpReq.cc
Log Message:
-----------
Correct HTTP status code for MOVE failures.
We calculate the HTTP status code in a common place at the top of
the function; however, the correct status code was ignored in favor
of a hardcoded one.
Given client tools react based on the HTTP status code, we need to
switch to the correct one.
Commit: a2d38a175c3cd613be3e4d7afcc23c1ee3f79b08
https://github.com/xrootd/xrootd/commit/a2d38a175c3cd613be3e4d7afcc23c1ee3f79b08
Author: Brian Bockelman <[log in to unmask]>
Date: 2022-05-10 (Tue, 10 May 2022)
Changed paths:
M src/XrdOfs/XrdOfs.cc
Log Message:
-----------
Correct comment; we check existence, not open in exclusive mode!
Commit: 70ec697c9458c2e843b84afc3eae5035fc715f01
https://github.com/xrootd/xrootd/commit/70ec697c9458c2e843b84afc3eae5035fc715f01
Author: Andrew Hanushevsky <[log in to unmask]>
Date: 2022-05-10 (Tue, 10 May 2022)
Changed paths:
M src/XrdAcc/XrdAccAccess.cc
M src/XrdAcc/XrdAccAuthorize.hh
M src/XrdApps/XrdAccTest.cc
M src/XrdHttp/XrdHttpReq.cc
M src/XrdMacaroons/XrdMacaroonsAuthz.cc
M src/XrdOfs/XrdOfs.cc
M src/XrdSciTokens/XrdSciTokensAccess.cc
M src/XrdThrottle/XrdThrottleFile.cc
M src/XrdXrootd/XrdXrootdXeq.cc
Log Message:
-----------
Merge pull request #1697 from bbockelm/avoid_overwrite
Separate out authorization to overwrite data
Compare: https://github.com/xrootd/xrootd/compare/b15cc51b04eb...70ec697c9458
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
