From: NeilBrown <neilb@suse.com>
To: "J. Bruce Fields" <bfields@fieldses.org>,
Anna Schumaker <anna.schumaker@netapp.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: Jan Harkes <jaharkes@cs.cmu.edu>,
linux-nfs@vger.kernel.org, Miklos Szeredi <miklos@szeredi.hu>,
Jeff Layton <jlayton@kernel.org>,
linux-kernel@vger.kernel.org, linux-afs@lists.infradead.org,
David Howells <dhowells@redhat.com>,
coda@cs.cmu.edu, linux-fsdevel@vger.kernel.org,
Christoph Hellwig <hch@lst.de>
Subject: [PATCH 3/3] NFSD - Use MAY_ACT_AS_OWNER
Date: Thu, 04 Oct 2018 11:02:43 +1000 [thread overview]
Message-ID: <153861496336.30373.7984309432171094818.stgit@noble> (raw)
In-Reply-To: <153861471803.30373.6184444014227748848.stgit@noble>
The NFSD_MAY_OWNER_OVERRIDE has exactly the same meaning
as the new MAY_ACT_AS_OWNER flag, so simplify the
code by making use of the identity.
The move NFSD_MAY_OWNER_OVERRIDE into NFSD_MAY_MASK, but that
is not a problem is it is always set together with a flag
that is already in the MASK.
Signed-off-by: NeilBrown <neilb@suse.com>
---
fs/nfsd/vfs.c | 11 ++++++-----
fs/nfsd/vfs.h | 14 +++++++-------
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 55a099e47ba2..d89d23e6e2fe 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -2038,12 +2038,13 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
* We must trust the client to do permission checking - using "ACCESS"
* with NFSv3.
*/
- if ((acc & NFSD_MAY_OWNER_OVERRIDE) &&
- uid_eq(inode->i_uid, current_fsuid()))
- return 0;
- /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */
- err = inode_permission(inode, acc & (MAY_READ|MAY_WRITE|MAY_EXEC));
+ /*
+ * This works as NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC}
+ * and NFSD_MAY_OWNER_OVERRIDE == MAY_ACT_AS_OWNER
+ */
+ err = inode_permission(inode, (acc & (MAY_READ|MAY_WRITE|
+ MAY_EXEC|MAY_ACT_AS_OWNER)));
/* Allow read access to binaries even when mode 111 */
if (err == -EACCES && S_ISREG(inode->i_mode) &&
diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h
index 2b1c70d3757a..f6e96dba76a5 100644
--- a/fs/nfsd/vfs.h
+++ b/fs/nfsd/vfs.h
@@ -16,6 +16,7 @@
#define NFSD_MAY_EXEC MAY_EXEC
#define NFSD_MAY_WRITE MAY_WRITE
#define NFSD_MAY_READ MAY_READ
+#define NFSD_MAY_OWNER_OVERRIDE MAY_ACT_AS_OWNER
#define NFSD_MAY_SATTR (__MAY_UNUSED << 0)
#define NFSD_MAY_TRUNC (__MAY_UNUSED << 1)
#define NFSD_MAY_LOCK (__MAY_UNUSED << 2)
@@ -23,16 +24,15 @@
#define NFSD_MAY_MASK (__NFSD_MAY_FIRST_HINT - 1)
/* extra hints to permission and open routines: */
-#define NFSD_MAY_OWNER_OVERRIDE (__NFSD_MAY_FIRST_HINT << 0)
/* for device special files */
-#define NFSD_MAY_LOCAL_ACCESS (__NFSD_MAY_FIRST_HINT << 1)
-#define NFSD_MAY_BYPASS_GSS_ON_ROOT (__NFSD_MAY_FIRST_HINT << 2)
-#define NFSD_MAY_NOT_BREAK_LEASE (__NFSD_MAY_FIRST_HINT << 3)
-#define NFSD_MAY_BYPASS_GSS (__NFSD_MAY_FIRST_HINT << 4)
-#define NFSD_MAY_READ_IF_EXEC (__NFSD_MAY_FIRST_HINT << 5)
+#define NFSD_MAY_LOCAL_ACCESS (__NFSD_MAY_FIRST_HINT << 0)
+#define NFSD_MAY_BYPASS_GSS_ON_ROOT (__NFSD_MAY_FIRST_HINT << 1)
+#define NFSD_MAY_NOT_BREAK_LEASE (__NFSD_MAY_FIRST_HINT << 2)
+#define NFSD_MAY_BYPASS_GSS (__NFSD_MAY_FIRST_HINT << 3)
+#define NFSD_MAY_READ_IF_EXEC (__NFSD_MAY_FIRST_HINT << 4)
/* 64 bit readdir cookies for >= NFSv3 */
-#define NFSD_MAY_64BIT_COOKIE (__NFSD_MAY_FIRST_HINT << 6)
+#define NFSD_MAY_64BIT_COOKIE (__NFSD_MAY_FIRST_HINT << 5)
#define NFSD_MAY_CREATE (NFSD_MAY_EXEC|NFSD_MAY_WRITE)
#define NFSD_MAY_REMOVE (NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC)
next prev parent reply other threads:[~2018-10-04 7:54 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-04 1:02 [PATCH 0/3] Fix regression in NFSv3 ACL setting NeilBrown
2018-10-04 1:02 ` NeilBrown [this message]
2018-10-04 1:02 ` [PATCH 1/3] VFS: introduce MAY_ACT_AS_OWNER NeilBrown
2018-10-04 1:02 ` [PATCH 2/3] VFS: allow MAY_ flags to be easily extended NeilBrown
2018-10-04 2:11 ` [PATCH 2/3 v2] " NeilBrown
2018-10-04 14:10 ` [PATCH 1/3] VFS: introduce MAY_ACT_AS_OWNER David Howells
2018-10-04 14:42 ` Jan Harkes
2018-10-04 21:55 ` NeilBrown
2018-10-04 21:52 ` NeilBrown
2018-10-04 22:50 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=153861496336.30373.7984309432171094818.stgit@noble \
--to=neilb@suse.com \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=coda@cs.cmu.edu \
--cc=dhowells@redhat.com \
--cc=hch@lst.de \
--cc=jaharkes@cs.cmu.edu \
--cc=jlayton@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=trond.myklebust@hammerspace.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).