diff options
| author | J. Bruce Fields <bfields@redhat.com> | 2013-05-03 16:09:09 -0400 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2013-05-30 14:34:51 +0100 |
| commit | 26bdeae55b558d983d7c6033200eac14f52f063d (patch) | |
| tree | 8fc7f6fa3acea1448b9fe318d60b34cb5809093e /fs/nfsd | |
| parent | 8e590dc654420b9aa0172b6a3ff64a7675927672 (diff) | |
| download | kernel_samsung_smdk4412-26bdeae55b558d983d7c6033200eac14f52f063d.zip kernel_samsung_smdk4412-26bdeae55b558d983d7c6033200eac14f52f063d.tar.gz kernel_samsung_smdk4412-26bdeae55b558d983d7c6033200eac14f52f063d.tar.bz2 | |
nfsd4: don't allow owner override on 4.1 CLAIM_FH opens
commit 9f415eb25574db4b73a9a712a4438e41dc284922 upstream.
The Linux client is using CLAIM_FH to implement regular opens, not just
recovery cases, so it depends on the server to check permissions
correctly.
Therefore the owner override, which may make sense in the delegation
recovery case, isn't right in the CLAIM_FH case.
Symptoms: on a client with 49f9a0fafd844c32f2abada047c0b9a5ba0d6255
"NFSv4.1: Enable open-by-filehandle", Bryan noticed this:
touch test.txt
chmod 000 test.txt
echo test > test.txt
succeeding.
Reported-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'fs/nfsd')
| -rw-r--r-- | fs/nfsd/nfs4proc.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 08921b8..e065497 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -267,6 +267,7 @@ static __be32 do_open_fhandle(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open) { __be32 status; + int accmode = 0; /* Only reclaims from previously confirmed clients are valid */ if ((status = nfs4_check_open_reclaim(&open->op_clientid))) @@ -284,9 +285,19 @@ do_open_fhandle(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_ open->op_truncate = (open->op_iattr.ia_valid & ATTR_SIZE) && (open->op_iattr.ia_size == 0); + /* + * In the delegation case, the client is telling us about an + * open that it *already* performed locally, some time ago. We + * should let it succeed now if possible. + * + * In the case of a CLAIM_FH open, on the other hand, the client + * may be counting on us to enforce permissions (the Linux 4.1 + * client uses this for normal opens, for example). + */ + if (open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH) + accmode = NFSD_MAY_OWNER_OVERRIDE; - status = do_open_permission(rqstp, current_fh, open, - NFSD_MAY_OWNER_OVERRIDE); + status = do_open_permission(rqstp, current_fh, open, accmode); return status; } |