nfsd: refine and rename NFSD_MAY_LOCK (4cc9b9f2) · Commits · git / linux-net

fs/nfsd/lockd.c

+11 −2

Original line number	Diff line number	Diff line
		@@ -38,8 +38,17 @@ nlm_fopen(struct svc_rqst rqstp, struct nfs_fh f, struct file **filp,
		memcpy(&fh.fh_handle.fh_raw, f->data, f->size);
		fh.fh_export = NULL;

		/*
		* Allow BYPASS_GSS as some client implementations use AUTH_SYS
		* for NLM even when GSS is used for NFS.
		* Allow OWNER_OVERRIDE as permission might have been changed
		* after the file was opened.
		* Pass MAY_NLM so that authentication can be completely bypassed
		* if NFSEXP_NOAUTHNLM is set. Some older clients use AUTH_NULL
		* for NLM requests.
		*/
		access = (mode == O_WRONLY) ? NFSD_MAY_WRITE : NFSD_MAY_READ;
		access \|= NFSD_MAY_LOCK;
		access \|= NFSD_MAY_NLM \| NFSD_MAY_OWNER_OVERRIDE \| NFSD_MAY_BYPASS_GSS;
		nfserr = nfsd_open(rqstp, &fh, S_IFREG, access, filp);
		fh_put(&fh);
		/* We return nlm error codes as nlm doesn't know

+4 −8

Original line number	Diff line number	Diff line
		@@ -363,13 +363,10 @@ __fh_verify(struct svc_rqst *rqstp,
		if (error)
		goto out;

		/*
		* pseudoflavor restrictions are not enforced on NLM,
		* which clients virtually always use auth_sys for,
		* even while using RPCSEC_GSS for NFS.
		*/
		if (access & NFSD_MAY_LOCK)
		goto skip_pseudoflavor_check;
		if ((access & NFSD_MAY_NLM) && (exp->ex_flags & NFSEXP_NOAUTHNLM))
		/* NLM is allowed to fully bypass authentication */
		goto out;

		if (access & NFSD_MAY_BYPASS_GSS)
		may_bypass_gss = true;
		/*
		@@ -385,7 +382,6 @@ __fh_verify(struct svc_rqst *rqstp,
		if (error)
		goto out;

		skip_pseudoflavor_check:
		/* Finally, check access permissions. */
		error = nfsd_permission(cred, exp, dentry, access);
		out:

+1 −1

Original line number	Diff line number	Diff line
		@@ -79,7 +79,7 @@ DEFINE_NFSD_XDR_ERR_EVENT(cant_encode);
		{ NFSD_MAY_READ, "READ" }, \
		{ NFSD_MAY_SATTR, "SATTR" }, \
		{ NFSD_MAY_TRUNC, "TRUNC" }, \
		{ NFSD_MAY_LOCK, "LOCK" }, \
		{ NFSD_MAY_NLM, "NLM" }, \
		{ NFSD_MAY_OWNER_OVERRIDE, "OWNER_OVERRIDE" }, \
		{ NFSD_MAY_LOCAL_ACCESS, "LOCAL_ACCESS" }, \
		{ NFSD_MAY_BYPASS_GSS_ON_ROOT, "BYPASS_GSS_ON_ROOT" }, \

+1 −11

Original line number	Diff line number	Diff line
		@@ -2506,7 +2506,7 @@ nfsd_permission(struct svc_cred cred, struct svc_export exp,
		(acc & NFSD_MAY_EXEC)? " exec" : "",
		(acc & NFSD_MAY_SATTR)? " sattr" : "",
		(acc & NFSD_MAY_TRUNC)? " trunc" : "",
		(acc & NFSD_MAY_LOCK)? " lock" : "",
		(acc & NFSD_MAY_NLM)? " nlm" : "",
		(acc & NFSD_MAY_OWNER_OVERRIDE)? " owneroverride" : "",
		inode->i_mode,
		IS_IMMUTABLE(inode)? " immut" : "",
		@@ -2531,16 +2531,6 @@ nfsd_permission(struct svc_cred cred, struct svc_export exp,
		if ((acc & NFSD_MAY_TRUNC) && IS_APPEND(inode))
		return nfserr_perm;

		if (acc & NFSD_MAY_LOCK) {
		/* If we cannot rely on authentication in NLM requests,
		* just allow locks, otherwise require read permission, or
		* ownership
		*/
		if (exp->ex_flags & NFSEXP_NOAUTHNLM)
		return 0;
		else
		acc = NFSD_MAY_READ \| NFSD_MAY_OWNER_OVERRIDE;
		}
		/*
		* The file owner always gets access permission for accesses that
		* would normally be checked at open time. This is to make

+1 −1

Original line number	Diff line number	Diff line
		@@ -20,7 +20,7 @@
		#define NFSD_MAY_READ 0x004 /* == MAY_READ */
		#define NFSD_MAY_SATTR 0x008
		#define NFSD_MAY_TRUNC 0x010
		#define NFSD_MAY_LOCK 0x020
		#define NFSD_MAY_NLM 0x020 /* request is from lockd */
		#define NFSD_MAY_MASK 0x03f

		/* extra hints to permission and open routines: */