From owner-freebsd-audit  Wed Feb  5  9:33:47 2003
Delivered-To: freebsd-audit@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4F0AD37B401; Wed,  5 Feb 2003 09:33:45 -0800 (PST)
Received: from melusine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org [62.212.105.185])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A884043F9B; Wed,  5 Feb 2003 09:33:44 -0800 (PST)
	(envelope-from thomas@freebsd.org)
Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000)
	id C4A672C3D3; Wed,  5 Feb 2003 18:33:43 +0100 (CET)
Date: Wed, 5 Feb 2003 18:33:43 +0100
From: Thomas Quinot <thomas@freebsd.org>
To: freebsd-audit@freebsd.org, roberto@freebsd.org
Subject: Fix for kern/46515 (NFSv2 client denies O_APPEND)
Message-ID: <20030205173343.GA24808@melusine.cuivre.fr.eu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
X-message-flag: WARNING! Using Outlook can damage your computer.
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

Unless anyone objects to it, I would like to commit the enclosed
fix for PR 46515. It was submitted by Peter Edwards
<pmedwards@eircom.net> and I have been running it here without problems.

Thomas.

Index: nfs_vnops.c
===================================================================
RCS file: /home/ncvs/src/sys/nfsclient/nfs_vnops.c,v
retrieving revision 1.190
diff -u -r1.190 nfs_vnops.c
--- nfs_vnops.c	23 Dec 2002 06:20:41 -0000	1.190
+++ nfs_vnops.c	30 Dec 2002 15:32:36 -0000
@@ -2979,12 +2979,10 @@
 nfsspec_access(struct vop_access_args *ap)
 {
 	struct vattr *vap;
-	gid_t *gp;
 	struct ucred *cred = ap->a_cred;
 	struct vnode *vp = ap->a_vp;
 	mode_t mode = ap->a_mode;
 	struct vattr vattr;
-	int i;
 	int error;
 
 	/*
@@ -3002,33 +3000,12 @@
 			break;
 		}
 	}
-	/*
-	 * If you're the super-user,
-	 * you always get access.
-	 */
-	if (cred->cr_uid == 0)
-		return (0);
 	vap = &vattr;
 	error = VOP_GETATTR(vp, vap, cred, ap->a_td);
 	if (error)
 		return (error);
-	/*
-	 * Access check is based on only one of owner, group, public.
-	 * If not owner, then check group. If not a member of the
-	 * group, then check public access.
-	 */
-	if (cred->cr_uid != vap->va_uid) {
-		mode >>= 3;
-		gp = cred->cr_groups;
-		for (i = 0; i < cred->cr_ngroups; i++, gp++)
-			if (vap->va_gid == *gp)
-				goto found;
-		mode >>= 3;
-found:
-		;
-	}
-	error = (vap->va_mode & mode) == mode ? 0 : EACCES;
-	return (error);
+	return (vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid,
+	    mode, cred, NULL));
 }
 
 /*
-- 
    Thomas.Quinot@Cuivre.FR.EU.ORG

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message