From a792012a66e4334bd7a60bbd0b50eef8894f402a Mon Sep 17 00:00:00 2001
From: Justin Hiemstra <jhiemstra@wisc.edu>
Date: Thu, 7 Mar 2024 01:21:21 +0000
Subject: [PATCH] Configure 'sec.protbind' for public origins

---
 param/parameters_struct.go         |  4 ++--
 xrootd/resources/xrootd-origin.cfg |  3 +++
 xrootd/xrootd_config.go            | 35 +++++++++++++++---------------
 3 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/param/parameters_struct.go b/param/parameters_struct.go
index 48c3ba450..b9a22c027 100644
--- a/param/parameters_struct.go
+++ b/param/parameters_struct.go
@@ -30,9 +30,9 @@ type Config struct {
 		EnableVoms bool
 		ExportLocation string
 		Port int
+		RunLocation string
 		SelfTest bool
 		SelfTestInterval time.Duration
-		RunLocation string
 		Url string
 		XRootDPrefix string
 	}
@@ -256,9 +256,9 @@ type configWithType struct {
 		EnableVoms struct { Type string; Value bool }
 		ExportLocation struct { Type string; Value string }
 		Port struct { Type string; Value int }
+		RunLocation struct { Type string; Value string }
 		SelfTest struct { Type string; Value bool }
 		SelfTestInterval struct { Type string; Value time.Duration }
-		RunLocation struct { Type string; Value string }
 		Url struct { Type string; Value string }
 		XRootDPrefix struct { Type string; Value string }
 	}
diff --git a/xrootd/resources/xrootd-origin.cfg b/xrootd/resources/xrootd-origin.cfg
index 2f8727146..19c57390d 100644
--- a/xrootd/resources/xrootd-origin.cfg
+++ b/xrootd/resources/xrootd-origin.cfg
@@ -31,6 +31,9 @@ xrd.tlsca certfile {{.Server.TLSCACertificateFile}}
 {{if eq .Origin.EnableDirListing false}}
 http.listingdeny true
 {{end}}
+{{if eq .Origin.EnablePublicReads true}}
+sec.protbind * none
+{{end}}
 {{if .Origin.EnableMacaroons}}
 http.exthandler xrdmacaroons libXrdMacaroons.so
 macaroons.secretkey {{.Xrootd.MacaroonsKeyFile}}
diff --git a/xrootd/xrootd_config.go b/xrootd/xrootd_config.go
index 7cd7f0451..89b4fc904 100644
--- a/xrootd/xrootd_config.go
+++ b/xrootd/xrootd_config.go
@@ -79,23 +79,24 @@ enable = true
 
 type (
 	OriginConfig struct {
-		Multiuser        bool
-		EnableCmsd       bool
-		EnableMacaroons  bool
-		EnableVoms       bool
-		EnableDirListing bool
-		SelfTest         bool
-		CalculatedPort   string
-		NamespacePrefix  string
-		RunLocation      string
-		Mode             string
-		S3Bucket         string
-		S3Region         string
-		S3ServiceName    string
-		S3ServiceUrl     string
-		S3AccessKeyfile  string
-		S3SecretKeyfile  string
-		S3UrlStyle       string
+		Multiuser         bool
+		EnableCmsd        bool
+		EnableMacaroons   bool
+		EnableVoms        bool
+		EnablePublicReads bool
+		EnableDirListing  bool
+		SelfTest          bool
+		CalculatedPort    string
+		NamespacePrefix   string
+		RunLocation       string
+		Mode              string
+		S3Bucket          string
+		S3Region          string
+		S3ServiceName     string
+		S3ServiceUrl      string
+		S3AccessKeyfile   string
+		S3SecretKeyfile   string
+		S3UrlStyle        string
 	}
 
 	CacheConfig struct {