Branch: refs/heads/master Home: https://github.com/xrootd/xrootd Commit: 6e01c0d22bc037fac184ff4b55d860c8f9a32fa5 https://github.com/xrootd/xrootd/commit/6e01c0d22bc037fac184ff4b55d860c8f9a32fa5 Author: Brian Bockelman <[log in to unmask]> Date: 2022-05-07 (Sat, 07 May 2022) Changed paths: M src/XrdHttp/XrdHttpReq.cc Log Message: ----------- Ensure MOVE destination has any necessary CGI entries. This causes the MOVE destination to have the token associated with the MOVE request; without it, the token is only applied to the source. Commit: d7e422ec021b6bac6fed3aef1a9795308b5386d9 https://github.com/xrootd/xrootd/commit/d7e422ec021b6bac6fed3aef1a9795308b5386d9 Author: Brian Bockelman <[log in to unmask]> Date: 2022-05-07 (Sat, 07 May 2022) Changed paths: M src/XrdAcc/XrdAccAccess.cc M src/XrdThrottle/XrdThrottleFile.cc M src/XrdXrootd/XrdXrootdXeq.cc Log Message: ----------- Ignore request.name if it is empty. This allows an external caller to "unset" the request.name attribute. Commit: a9b0b65de6e21727eae8e9bd0379d35105117007 https://github.com/xrootd/xrootd/commit/a9b0b65de6e21727eae8e9bd0379d35105117007 Author: Brian Bockelman <[log in to unmask]> Date: 2022-05-07 (Sat, 07 May 2022) Changed paths: M src/XrdAcc/XrdAccAuthorize.hh M src/XrdApps/XrdAccTest.cc M src/XrdMacaroons/XrdMacaroonsAuthz.cc M src/XrdOfs/XrdOfs.cc M src/XrdSciTokens/XrdSciTokensAccess.cc Log Message: ----------- Introduce 'exclusive' operations. With this, file creation and rename can be performed with a lower- privileged 'exclusive' authorization level. Code paths are unchanged for existing authorization but, on authz failure, we will test for these new lower-privileges and, if present, allow the creation to continue provided there is no preexisting data that will be overwritten. Commit: 694df451d8b95c65f3f05d44145939ffcac2e001 https://github.com/xrootd/xrootd/commit/694df451d8b95c65f3f05d44145939ffcac2e001 Author: Oliver Freyermuth <[log in to unmask]> Date: 2022-05-07 (Sat, 07 May 2022) Changed paths: M src/XrdSciTokens/XrdSciTokensAccess.cc Log Message: ----------- [XrdSciTokens] Differentiate between WLCG tokens and SciTokens. This detects SciTokens by having write, but neither create nor modify permission for a path. Based on this, more granular permissions for WLCG tokens can be implemented. Commit: b29c119108782d2fa4fc77d39b64aa69a195ac6a https://github.com/xrootd/xrootd/commit/b29c119108782d2fa4fc77d39b64aa69a195ac6a Author: Brian Bockelman <[log in to unmask]> Date: 2022-05-07 (Sat, 07 May 2022) Changed paths: M src/XrdSciTokens/XrdSciTokensAccess.cc Log Message: ----------- Only provide non-destructive authorization. Commit: c63d3a8295b4d2896622af80028c58370fffddeb https://github.com/xrootd/xrootd/commit/c63d3a8295b4d2896622af80028c58370fffddeb Author: Brian Bockelman <[log in to unmask]> Date: 2022-05-07 (Sat, 07 May 2022) Changed paths: M src/XrdOfs/XrdOfs.cc Log Message: ----------- Correct comment about deleting the request.name. We need to remove the side-effects of running a successful authorization as we need to do a second authorization check. Commit: d9ebf33e155da97f553e2a8de5072bb552cb4aef https://github.com/xrootd/xrootd/commit/d9ebf33e155da97f553e2a8de5072bb552cb4aef Author: Brian Bockelman <[log in to unmask]> Date: 2022-05-07 (Sat, 07 May 2022) Changed paths: M src/XrdOfs/XrdOfs.cc Log Message: ----------- Avoid file creation for rename permission check. When we want to avoid overwriting data, we have a choice of either creating an exclusive file (side-effect: could leave a file dangling) or test-then-rename (side-effect: race condition). This changes the implementation to test-then-rename as it was decided that it would be the lesser of two evils. Commit: ec7743f03d8c9655288c84d0127de2d758f8f79a https://github.com/xrootd/xrootd/commit/ec7743f03d8c9655288c84d0127de2d758f8f79a Author: Brian Bockelman <[log in to unmask]> Date: 2022-05-07 (Sat, 07 May 2022) Changed paths: M src/XrdHttp/XrdHttpReq.cc Log Message: ----------- Correct HTTP status code for MOVE failures. We calculate the HTTP status code in a common place at the top of the function; however, the correct status code was ignored in favor of a hardcoded one. Given client tools react based on the HTTP status code, we need to switch to the correct one. Commit: a2d38a175c3cd613be3e4d7afcc23c1ee3f79b08 https://github.com/xrootd/xrootd/commit/a2d38a175c3cd613be3e4d7afcc23c1ee3f79b08 Author: Brian Bockelman <[log in to unmask]> Date: 2022-05-10 (Tue, 10 May 2022) Changed paths: M src/XrdOfs/XrdOfs.cc Log Message: ----------- Correct comment; we check existence, not open in exclusive mode! Commit: 70ec697c9458c2e843b84afc3eae5035fc715f01 https://github.com/xrootd/xrootd/commit/70ec697c9458c2e843b84afc3eae5035fc715f01 Author: Andrew Hanushevsky <[log in to unmask]> Date: 2022-05-10 (Tue, 10 May 2022) Changed paths: M src/XrdAcc/XrdAccAccess.cc M src/XrdAcc/XrdAccAuthorize.hh M src/XrdApps/XrdAccTest.cc M src/XrdHttp/XrdHttpReq.cc M src/XrdMacaroons/XrdMacaroonsAuthz.cc M src/XrdOfs/XrdOfs.cc M src/XrdSciTokens/XrdSciTokensAccess.cc M src/XrdThrottle/XrdThrottleFile.cc M src/XrdXrootd/XrdXrootdXeq.cc Log Message: ----------- Merge pull request #1697 from bbockelm/avoid_overwrite Separate out authorization to overwrite data Compare: https://github.com/xrootd/xrootd/compare/b15cc51b04eb...70ec697c9458 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1