mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 04:04:43 +01:00
NFSD: Do not allow NFSv4 (N)VERIFY to check POSIX ACL attributes
Section 9.3 of draft-ietf-nfsv4-posix-acls-00 prohibits use of the POSIX ACL attributes with VERIFY and NVERIFY operations: the server MUST reply NFS4ERR_INVAL when a client attempts this. Beyond the protocol requirement, comparison of POSIX draft ACLs via (N)VERIFY presents an implementation challenge. Clients are not required to order the ACEs within a POSIX ACL in any particular way, making reliable attribute comparison impractical. Return nfserr_inval when the client requests FATTR4_POSIX_ACCESS_ACL or FATTR4_POSIX_DEFAULT_ACL in a VERIFY or NVERIFY operation. Signed-off-by: Rick Macklem <rmacklem@uoguelph.ca> Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
This commit is contained in:
Rick Macklem
Chuck Lever
parent
97e9a9ec32
commit
9ac6fc0fab
1 changed files with 5 additions and 0 deletions
|
|
@ -2380,6 +2380,11 @@ _nfsd4_verify(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
|
|||
if (verify->ve_attrlen & 3)
|
||||
return nfserr_inval;
|
||||
|
||||
/* The POSIX draft ACLs cannot be tested via (N)VERIFY. */
|
||||
if (verify->ve_bmval[2] & (FATTR4_WORD2_POSIX_DEFAULT_ACL |
|
||||
FATTR4_WORD2_POSIX_ACCESS_ACL))
|
||||
return nfserr_inval;
|
||||
|
||||
/* count in words:
|
||||
* bitmap_len(1) + bitmap(2) + attr_len(1) = 4
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue