Commit c11d7fd1 authored by Frank van der Linden's avatar Frank van der Linden Committed by Chuck Lever
Browse files

nfsd: take xattr bits into account for permission checks 



Since the NFSv4.2 extended attributes extension defines 3 new access
bits for xattr operations, take them in to account when validating
what the client is asking for, and when checking permissions.

Signed-off-by: default avatarFrank van der Linden <fllinden@amazon.com>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent 32119446

fs/nfsd/nfs4proc.c

+7 −1
Original line number Diff line number Diff line
@@ -566,8 +566,14 @@ nfsd4_access(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 
	     union nfsd4_op_u *u)

{

	struct nfsd4_access *access = &u->access;

	u32 access_full;



	if (access->ac_req_access & ~NFS3_ACCESS_FULL)

	access_full = NFS3_ACCESS_FULL;

	if (cstate->minorversion >= 2)

		access_full |= NFS4_ACCESS_XALIST | NFS4_ACCESS_XAREAD |

			       NFS4_ACCESS_XAWRITE;



	if (access->ac_req_access & ~access_full)

		return nfserr_inval;



	access->ac_resp_access = access->ac_req_access;

fs/nfsd/vfs.c

+12 −0
Original line number Diff line number Diff line
@@ -612,6 +612,12 @@ static struct accessmap nfs3_regaccess[] = { 
    {	NFS3_ACCESS_MODIFY,	NFSD_MAY_WRITE|NFSD_MAY_TRUNC	},

    {	NFS3_ACCESS_EXTEND,	NFSD_MAY_WRITE			},



#ifdef CONFIG_NFSD_V4

    {	NFS4_ACCESS_XAREAD,	NFSD_MAY_READ			},

    {	NFS4_ACCESS_XAWRITE,	NFSD_MAY_WRITE			},

    {	NFS4_ACCESS_XALIST,	NFSD_MAY_READ			},

#endif



    {	0,			0				}

};
@@ -622,6 +628,12 @@ static struct accessmap nfs3_diraccess[] = { 
    {	NFS3_ACCESS_EXTEND,	NFSD_MAY_EXEC|NFSD_MAY_WRITE	},

    {	NFS3_ACCESS_DELETE,	NFSD_MAY_REMOVE			},



#ifdef CONFIG_NFSD_V4

    {	NFS4_ACCESS_XAREAD,	NFSD_MAY_READ			},

    {	NFS4_ACCESS_XAWRITE,	NFSD_MAY_WRITE			},

    {	NFS4_ACCESS_XALIST,	NFSD_MAY_READ			},

#endif



    {	0,			0				}

};

CRA Git | Maintained and supported by SUSTech CRA and CCSE