CVS commit: src/sys/miscfs/genfs

Fri, 03 Mar 2023 02:02:58 -0800 

Module Name:    src
Committed By:   hannken
Date:           Fri Mar  3 10:02:51 UTC 2023

Modified Files:
        src/sys/miscfs/genfs: genfs_vnops.c

Log Message:
Fix genfs_can_chtimes() to also handle the condition:

  If the time pointer is null, then write permission
  on the file is also sufficient.

>From FreeBSD.

Should fix PR kern/57246 "NFS group permissions regression"


To generate a diff of this commit:
cvs rdiff -u -r1.219 -r1.220 src/sys/miscfs/genfs/genfs_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/miscfs/genfs/genfs_vnops.c
diff -u src/sys/miscfs/genfs/genfs_vnops.c:1.219 src/sys/miscfs/genfs/genfs_vnops.c:1.220
--- src/sys/miscfs/genfs/genfs_vnops.c:1.219	Sun Mar 27 17:10:55 2022
+++ src/sys/miscfs/genfs/genfs_vnops.c	Fri Mar  3 10:02:51 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: genfs_vnops.c,v 1.219 2022/03/27 17:10:55 christos Exp $	*/
+/*	$NetBSD: genfs_vnops.c,v 1.220 2023/03/03 10:02:51 hannken Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.219 2022/03/27 17:10:55 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.220 2023/03/03 10:02:51 hannken Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -1315,23 +1315,14 @@ genfs_can_chtimes(vnode_t *vp, kauth_cre
 	 * will be allowed to set the times [..] to the current 
 	 * server time.
 	 */
-	if ((error = VOP_ACCESSX(vp, VWRITE_ATTRIBUTES, cred)) != 0)
-		return (vaflags & VA_UTIMES_NULL) == 0 ? EPERM : EACCES;
-
-	/* Must be owner, or... */
-	if (kauth_cred_geteuid(cred) == owner_uid)
-		return (0);
-
-	/* set the times to the current time, and... */
-	if ((vaflags & VA_UTIMES_NULL) == 0)
-		return (EPERM);
+	error = VOP_ACCESSX(vp, VWRITE_ATTRIBUTES, cred);
+	if (error != 0 && (vaflags & VA_UTIMES_NULL) != 0)
+		error = VOP_ACCESS(vp, VWRITE, cred);
 
-	/* have write access. */
-	error = VOP_ACCESS(vp, VWRITE, cred);
 	if (error)
-		return (error);
+		return (vaflags & VA_UTIMES_NULL) == 0 ? EPERM : EACCES;
 
-	return (0);
+	return 0;
 }
 
 /*

Reply via email to