genfs

Christos Zoulas Mon, 18 May 2020 12:43:12 -0700

Module Name:    src
Committed By:   christos
Date:           Mon May 18 19:42:16 UTC 2020


Modified Files:
        src/sys/miscfs/genfs: genfs_vnops.c

Log Message:
Fix EPERM vs EACCES return.


To generate a diff of this commit:
cvs rdiff -u -r1.204 -r1.205 src/sys/miscfs/genfs/genfs_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/miscfs/genfs/genfs_vnops.c
diff -u src/sys/miscfs/genfs/genfs_vnops.c:1.204 src/sys/miscfs/genfs/genfs_vnops.c:1.205
--- src/sys/miscfs/genfs/genfs_vnops.c:1.204	Sat May 16 14:31:51 2020
+++ src/sys/miscfs/genfs/genfs_vnops.c	Mon May 18 15:42:16 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: genfs_vnops.c,v 1.204 2020/05/16 18:31:51 christos Exp $	*/
+/*	$NetBSD: genfs_vnops.c,v 1.205 2020/05/18 19:42:16 christos Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.204 2020/05/16 18:31:51 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.205 2020/05/18 19:42:16 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -695,7 +695,13 @@ genfs_can_access(vnode_t *vp, kauth_cred
 
 	KASSERT((accmode & ~(VEXEC | VWRITE | VREAD | VADMIN | VAPPEND)) == 0);
 	KASSERT((accmode & VAPPEND) == 0 || (accmode & VWRITE));
-
+#ifdef ACL_DEBUG
+	char buf[128];
+	snprintb(buf, sizeof(buf), __VNODE_PERM_BITS, accmode);
+	printf("%s: %s cred_uid=%d cred_gid=%d file_uid=%d file_gid=%d\n",
+	    __func__, buf, kauth_cred_geteuid(cred), kauth_cred_getegid(cred),
+	    file_uid, file_gid);
+#endif
 	/*
 	 * Look for a normal, non-privileged way to access the file/directory
 	 * as requested.  If it exists, go with that.
@@ -713,7 +719,11 @@ genfs_can_access(vnode_t *vp, kauth_cred
 		if (file_mode & S_IWUSR)
 			dac_granted |= (VWRITE | VAPPEND);
 
-		return (accmode & dac_granted) == accmode ? 0 : EPERM;
+#ifdef ACL_DEBUG
+		printf("%s: owner %o %o\n", __func__,
+		    accmode & dac_granted, accmode);
+#endif
+		goto privchk;
 	}
 
 	/* Otherwise, check the groups (first match) */
@@ -729,7 +739,11 @@ genfs_can_access(vnode_t *vp, kauth_cred
 		if (file_mode & S_IWGRP)
 			dac_granted |= (VWRITE | VAPPEND);
 
-		return (accmode & dac_granted) == accmode ? 0 : EACCES;
+#ifdef ACL_DEBUG
+		printf("%s: group %o %o\n", __func__,
+		    accmode & dac_granted, accmode);
+#endif
+		goto privchk;
 	}
 
 	/* Otherwise, check everyone else. */
@@ -739,8 +753,16 @@ genfs_can_access(vnode_t *vp, kauth_cred
 		dac_granted |= VREAD;
 	if (file_mode & S_IWOTH)
 		dac_granted |= (VWRITE | VAPPEND);
-	return (accmode & dac_granted) == accmode ? 0 : EACCES;
-		return (0);
+
+#ifdef ACL_DEBUG
+	printf("%s: others %o %o\n", __func__,
+	    accmode & dac_granted, accmode);
+#endif
+privchk:
+	if ((accmode & dac_granted) == accmode)
+		return 0;
+
+	return (accmode & VADMIN) ? EPERM : EACCES;
 }
 
 /*
@@ -1108,7 +1130,7 @@ genfs_can_access_acl_nfs4(vnode_t *vp, k
 #ifdef ACL_DEBUG
 	char buf[128];
 	snprintb(buf, sizeof(buf), __VNODE_PERM_BITS, accmode);
-	printf("%s: %s uid=%d gid=%d\n", __func__, buf, file_uid, file_gid);
+	printf("%s: %s file_uid=%d file_gid=%d\n", __func__, buf, file_uid, file_gid);
 #endif
 
 	if (accmode & VADMIN)

CVS commit: src/sys/miscfs/genfs

Reply via email to