From da4898b1d724eeea484f2e1f85d4db5a4ba7f956 Mon Sep 17 00:00:00 2001 From: Thomas Quinot Date: Mon, 31 Mar 2003 23:26:10 +0000 Subject: [PATCH] Revert change 1.201 (removing mapping of VAPPEND to VWRITE). Instead, use the generic vaccess() operation to determine whether an operation is permitted. This avoids embedding knowledge on vnode permission bits such as VAPPEND in the NFS client. PR: kern/46515 vaccess() patch submitted by: "Peter Edwards" Approved by: tjr, roberto (mentor) --- sys/nfsclient/nfs_vnops.c | 34 ++-------------------------------- 1 file changed, 2 insertions(+), 32 deletions(-) diff --git a/sys/nfsclient/nfs_vnops.c b/sys/nfsclient/nfs_vnops.c index af198199a69..5a2f6ad658e 100644 --- a/sys/nfsclient/nfs_vnops.c +++ b/sys/nfsclient/nfs_vnops.c @@ -2975,21 +2975,12 @@ static int nfsspec_access(struct vop_access_args *ap) { struct vattr *vap; - gid_t *gp; struct ucred *cred = ap->a_cred; struct vnode *vp = ap->a_vp; mode_t mode = ap->a_mode; struct vattr vattr; - int i; int error; - /* - * Map VAPPEND to VWRITE; NFSv2 does not understand the concept - * of append-only files. XXX What about VADMIN and VSTAT? - */ - if (mode & VAPPEND) - mode = (mode & ~VAPPEND) | VWRITE; - /* * Disallow write attempts on filesystems mounted read-only; * unless the file is a socket, fifo, or a block or character @@ -3005,33 +2996,12 @@ nfsspec_access(struct vop_access_args *ap) break; } } - /* - * If you're the super-user, - * you always get access. - */ - if (cred->cr_uid == 0) - return (0); vap = &vattr; error = VOP_GETATTR(vp, vap, cred, ap->a_td); if (error) return (error); - /* - * Access check is based on only one of owner, group, public. - * If not owner, then check group. If not a member of the - * group, then check public access. - */ - if (cred->cr_uid != vap->va_uid) { - mode >>= 3; - gp = cred->cr_groups; - for (i = 0; i < cred->cr_ngroups; i++, gp++) - if (vap->va_gid == *gp) - goto found; - mode >>= 3; -found: - ; - } - error = (vap->va_mode & mode) == mode ? 0 : EACCES; - return (error); + return (vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid, + mode, cred, NULL)); } /*