diff options
| author | Rick Macklem <rmacklem@FreeBSD.org> | 2022-02-02 22:10:16 +0000 |
|---|---|---|
| committer | Rick Macklem <rmacklem@FreeBSD.org> | 2022-02-16 01:00:47 +0000 |
| commit | 3a42078ae9516aafd8c7917c8c39b69a2e3377b5 (patch) | |
| tree | 4aaad6f2b76feabf2620794d11246a241210577b | |
| parent | 389a668f7f1b8bfaef0cead0f77be4b4d87e506b (diff) | |
| download | src-3a42078ae9516aafd8c7917c8c39b69a2e3377b5.tar.gz src-3a42078ae9516aafd8c7917c8c39b69a2e3377b5.zip | |
nfsd: Allow file owners to perform Open(Delegate_cur)
Commit b0b7d978b6a8 changed the NFSv4 server's default
behaviour to check the file's mode or ACL for permission to
open the file, to be Linux and Solaris compatible.
However, it turns out that Linux makes an exception for
the case of Claim_delegate_cur(_fh).
When a NFSv4 client is returning a delegation, it must
acquire Opens against the server to replace the ones
done locally in the client. The client does this via
an Open operation with Claim_delegate_cur(_fh). If
this operation fails, due to a change to the file's
mode or ACL after the delegation was issued, the
client does not have any way to retain the open.
As such, the Linux client allows the file's owner
to perform an Open with Claim_delegate_cur(_fh)
no matter what the mode or ACL allows.
This patch makes the FreeBSD server allow this case,
to be Linux compatible.
This patch only affects the case where delegations
are enabled, which is not the default.
(cherry picked from commit e2fe58d61b7ca95cbe87ce841a87c9ae8cecb47b)
| -rw-r--r-- | sys/fs/nfsserver/nfs_nfsdserv.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c index 438e5b00c8d0..d72716ce7fd8 100644 --- a/sys/fs/nfsserver/nfs_nfsdserv.c +++ b/sys/fs/nfsserver/nfs_nfsdserv.c @@ -3133,12 +3133,14 @@ nfsrvd_open(struct nfsrv_descript *nd, __unused int isdgram, * operation's results to be consistent with NFSv3, but that is * not what the current Linux client appears to be doing. * Since both the Linux and OpenSolaris NFSv4 servers do this check, - * I have enabled it by default. + * I have enabled it by default. Since Linux does not apply this + * check for claim_delegate_cur, this code does the same. * If this semantic change causes a problem, it can be disabled by * setting the sysctl vfs.nfsd.v4openaccess to 0 to re-enable the * previous semantics. */ - if (nfsrv_openaccess && create == NFSV4OPEN_NOCREATE) + if (nfsrv_openaccess && create == NFSV4OPEN_NOCREATE && + (stp->ls_flags & NFSLCK_DELEGCUR) == 0) override = NFSACCCHK_NOOVERRIDE; else override = NFSACCCHK_ALLOWOWNER; |