Mercurial > illumos > git > illumos-omnios
changeset 21404:fbbf913eecac
10994 Removal of "Read Attributes" prevents reading directory over SMB
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
author | Matt Barden <matt.barden@nexenta.com> |
---|---|
date | Mon, 12 Feb 2018 16:36:31 -0500 |
parents | da3a5bcef56c |
children | afafd6629b96 |
files | usr/src/uts/common/fs/smbsrv/smb_vops.c |
diffstat | 1 files changed, 25 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/uts/common/fs/smbsrv/smb_vops.c Fri Jan 12 09:44:08 2018 -0500 +++ b/usr/src/uts/common/fs/smbsrv/smb_vops.c Mon Feb 12 16:36:31 2018 -0500 @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2013 Nexenta Systems, Inc. All rights reserved. + * Copyright 2018 Nexenta Systems, Inc. All rights reserved. */ #include <sys/types.h> @@ -501,7 +501,7 @@ int smb_vop_space(vnode_t *vp, int cmd, flock64_t *bfp, int flags, - offset_t offset, cred_t *cr) + offset_t offset, cred_t *cr) { int error; @@ -529,19 +529,32 @@ if (mode == 0) return (0); - if ((flags == V_ACE_MASK) && (mode & ACE_DELETE)) { - if (dir_vp) { - error = VOP_ACCESS(dir_vp, ACE_DELETE_CHILD, flags, - cr, NULL); + error = VOP_ACCESS(vp, mode, flags, cr, NULL); + + if (error == 0) + return (0); + + if ((mode & (ACE_DELETE|ACE_READ_ATTRIBUTES)) == 0 || + flags != V_ACE_MASK || dir_vp == NULL) + return (error); - if (error == 0) - mode &= ~ACE_DELETE; - } + if ((mode & ACE_DELETE) != 0) { + error = VOP_ACCESS(dir_vp, ACE_DELETE_CHILD, flags, + cr, NULL); + + if (error == 0) + mode &= ~ACE_DELETE; + } + if ((mode & ACE_READ_ATTRIBUTES) != 0) { + error = VOP_ACCESS(dir_vp, ACE_LIST_DIRECTORY, flags, + cr, NULL); + + if (error == 0) + mode &= ~ACE_READ_ATTRIBUTES; } - if (mode) { + if (mode != 0) error = VOP_ACCESS(vp, mode, flags, cr, NULL); - } return (error); } @@ -554,7 +567,7 @@ * vpp: looked-up vnode (out) * od_name: on-disk name of file (out). * This parameter is optional. If a pointer is passed in, it - * must be allocated with MAXNAMELEN bytes + * must be allocated with MAXNAMELEN bytes * rootvp: vnode of the tree root (in) * This parameter is always passed in non-NULL except at the time * of share set up.