1. 14 Dec, 2009 1 commit
    • J. Bruce Fields's avatar
      nfsd4: fix share mode permissions · 57ecb34f
      J. Bruce Fields authored
      NFSv4 opens may function as locks denying other NFSv4 users the rights
      to open a file.
      
      We're requiring a user to have write permissions before they can deny
      write.  We're *not* requiring a user to have write permissions to deny
      read, which is if anything a more drastic denial.
      
      What was intended was to require write permissions for DENY_READ.
      Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
      57ecb34f
  2. 25 Nov, 2009 1 commit
    • J. Bruce Fields's avatar
      nfsd: simplify fh_verify access checks · 864f0f61
      J. Bruce Fields authored
      All nfsd security depends on the security checks in fh_verify, and
      especially on nfsd_setuser().
      
      It therefore bothers me that the nfsd_setuser call may be made from
      three different places, depending on whether the filehandle has already
      been mapped to a dentry, and on whether subtreechecking is in force.
      
      Instead, make an unconditional call in fh_verify(), so it's trivial to
      verify that the call always occurs.
      
      That leaves us with a redundant nfsd_setuser() call in the subtreecheck
      case--it needs the correct user set earlier in order to check execute
      permissions on the path to this filehandle--but I'm willing to accept
      that minor inefficiency in the subtreecheck case in return for more
      straightforward permission checking.
      Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
      864f0f61
  3. 23 Nov, 2009 2 commits
  4. 19 Nov, 2009 9 commits
  5. 18 Nov, 2009 27 commits