mirror of
https://github.com/torvalds/linux.git
synced 2024-11-23 12:42:02 +00:00
NFSv4: Fix OPEN w/create access mode checking
POSIX states that open("foo", O_CREAT|O_RDONLY, 000) should succeed if the file "foo" does not already exist. With the current NFS client, it will fail with an EACCES error because of the permissions checks in nfs4_opendata_access(). Fix is to turn that test off if the server says that we created the file. Reported-by: "Frank S. Filz" <ffilzlnx@mindspring.com> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
This commit is contained in:
parent
31434f496a
commit
f3792d63d2
@ -1952,6 +1952,14 @@ static int _nfs4_recover_proc_open(struct nfs4_opendata *data)
|
||||
return status;
|
||||
}
|
||||
|
||||
/*
|
||||
* Additional permission checks in order to distinguish between an
|
||||
* open for read, and an open for execute. This works around the
|
||||
* fact that NFSv4 OPEN treats read and execute permissions as being
|
||||
* the same.
|
||||
* Note that in the non-execute case, we want to turn off permission
|
||||
* checking if we just created a new file (POSIX open() semantics).
|
||||
*/
|
||||
static int nfs4_opendata_access(struct rpc_cred *cred,
|
||||
struct nfs4_opendata *opendata,
|
||||
struct nfs4_state *state, fmode_t fmode,
|
||||
@ -1966,14 +1974,14 @@ static int nfs4_opendata_access(struct rpc_cred *cred,
|
||||
return 0;
|
||||
|
||||
mask = 0;
|
||||
/* don't check MAY_WRITE - a newly created file may not have
|
||||
* write mode bits, but POSIX allows the creating process to write.
|
||||
* use openflags to check for exec, because fmode won't
|
||||
* always have FMODE_EXEC set when file open for exec. */
|
||||
/*
|
||||
* Use openflags to check for exec, because fmode won't
|
||||
* always have FMODE_EXEC set when file open for exec.
|
||||
*/
|
||||
if (openflags & __FMODE_EXEC) {
|
||||
/* ONLY check for exec rights */
|
||||
mask = MAY_EXEC;
|
||||
} else if (fmode & FMODE_READ)
|
||||
} else if ((fmode & FMODE_READ) && !opendata->file_created)
|
||||
mask = MAY_READ;
|
||||
|
||||
cache.cred = cred;
|
||||
|
Loading…
Reference in New Issue
Block a user