diff options
| -rw-r--r-- | fs/nfsd/nfs4proc.c | 6 | ||||
| -rw-r--r-- | fs/nfsd/vfs.c | 11 |
2 files changed, 15 insertions, 2 deletions
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index e0c15f8..9d7e1ed 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -605,8 +605,12 @@ nfsd4_create(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, fh_init(&resfh, NFS4_FHSIZE); + /* + * We just check that parent is accessible here, nfsd_* do their + * own access permission checks + */ status = fh_verify(rqstp, &cstate->current_fh, S_IFDIR, - NFSD_MAY_CREATE); + NFSD_MAY_EXEC); if (status) return status; diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 6fbd81e..fda4f86 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1161,7 +1161,11 @@ nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, if (isdotent(fname, flen)) goto out; - err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE); + /* + * Even though it is a create, first let's see if we are even allowed + * to peek inside the parent + */ + err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC); if (err) goto out; @@ -1211,6 +1215,11 @@ nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, goto out; } + /* Now let's see if we actually have permissions to create */ + err = nfsd_permission(rqstp, fhp->fh_export, dentry, NFSD_MAY_CREATE); + if (err) + goto out; + if (!(iap->ia_valid & ATTR_MODE)) iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; |