From quinot@ACT-Europe.FR  Tue Dec 24 07:26:31 2002
Return-Path: <quinot@ACT-Europe.FR>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D8E8D37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 24 Dec 2002 07:26:31 -0800 (PST)
Received: from dublin.ACT-Europe.FR (dublin.act-europe.fr [212.157.227.154])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EB27143E4A
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 24 Dec 2002 07:26:30 -0800 (PST)
	(envelope-from quinot@ACT-Europe.FR)
Received: from zuydcoote.int.act-europe.fr (zuydcoote.int.act-europe.fr [10.10.0.161])
	by dublin.ACT-Europe.FR (Postfix) with ESMTP id 69312229E50
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 24 Dec 2002 16:26:24 +0100 (MET)
Received: by zuydcoote.int.act-europe.fr (Postfix, from userid 529)
	id 523E2A7; Tue, 24 Dec 2002 16:26:23 +0100 (CET)
Message-Id: <20021224152623.523E2A7@zuydcoote.int.act-europe.fr>
Date: Tue, 24 Dec 2002 16:26:23 +0100 (CET)
From: Thomas Quinot <thomas@freebsd.org>
Sender: quinot@ACT-Europe.FR
Reply-To: Thomas Quinot <thomas@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: NFSv2 client denies O_APPEND open on existing file
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         46515
>Category:       kern
>Synopsis:       NFSv2 client denies O_APPEND open on existing file
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 24 07:30:01 PST 2002
>Closed-Date:    Mon Mar 31 15:29:18 PST 2003
>Last-Modified:  Mon Mar 31 15:29:18 PST 2003
>Originator:     Thomas Quinot
>Release:        FreeBSD 5.0-DP2 i386
>Organization:
>Environment:
System: FreeBSD zuydcoote 5.0-DP2 FreeBSD 5.0-DP2 #1: Sat Nov 16 13:38:33 GMT 2002 root@tomcat.bmah.org:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
	NFS server: Debian GNU/Linux, kernel is 2.2.19.
	NFS client: 5.0-DP2.

>How-To-Repeat:
Script started on Tue Dec 24 16:09:54 2002
(quinot@zuydcoote) ~ $ echo x >> foo
  --> this works and correctly creates the file
(quinot@zuydcoote) ~ $ echo x >> foo
zsh: permission denied: foo

The only network traffic caused by the second command line is:

16:14:37.753138 10.10.0.161.427357544 > 10.10.0.140.2049: 124 getattr fh Unknown/1
16:14:37.753642 10.10.0.140.2049 > 10.10.0.161.427357544: reply ok 96 getattr DIR 40755 ids 529/0 sz 4096
16:14:37.753861 10.10.0.161.427357545 > 10.10.0.140.2049: 124 getattr fh Unknown/1
16:14:37.754307 10.10.0.140.2049 > 10.10.0.161.427357545: reply ok 96 getattr REG 100644 ids 529/101 sz 2

(no traffic if the file's attributes are still in cache, apparently).

The 5.0 client seems to work fine with a FreeBSD 4.7-REL NFS server.
The Linux server is offering NFSv2 only, the 4.7 server has v2 and v3,
both of which work correctly.

tcpdump excerpt with the 4.7 server:

16:19:44.485952 10.10.0.161.427357873 > 10.10.0.159.2049: 124 getattr fh 982,166744/2764801
16:19:44.486445 10.10.0.159.2049 > 10.10.0.161.427357873: reply ok 96 getattr DIR 40775 ids 1001/101 sz 8704
16:19:44.486618 10.10.0.161.427357874 > 10.10.0.159.2049: 124 getattr fh 982,166744/2765207
16:19:44.487013 10.10.0.159.2049 > 10.10.0.161.427357874: reply ok 96 getattr REG 100644 ids 529/101 sz 2

Complete capture files will be provided on request.

>Fix:
	None so far.


>Release-Note:
>Audit-Trail:

From: Thomas Quinot <thomas@FreeBSD.ORG>
To: bug-followup@freebsd.org
Cc: dillon@freebsd.org
Subject: Re: kern/46515: NFSv2 client denies O_APPEND open on existing file
Date: Sat, 28 Dec 2002 19:41:41 +0100

 Le 2002-12-24, Thomas Quinot crivait :
 
 > >Fix:
 > 	None so far.
 
 The pattch below seems to work around the problem (and to print the
 message 'Ignoring VAPPEND' at the times where I previously had
 permission denied problems). I am really puzzled as to why nobody
 stumbled on this problem, though.
 
 Index: nfs_vnops.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/nfsclient/nfs_vnops.c,v
 retrieving revision 1.189
 diff -u -r1.189 nfs_vnops.c
 --- nfs_vnops.c	11 Oct 2002 14:58:32 -0000	1.189
 +++ nfs_vnops.c	28 Dec 2002 18:34:30 -0000
 @@ -3022,6 +3022,10 @@
  		;
  	}
  	error = (vap->va_mode & mode) == mode ? 0 : EACCES;
 +	if (error == EACCES && ((vap->va_mode & mode) == (mode & ~VAPPEND))) {
 +		printf ("nfsspec_access: ignoring VAPPEND\n");
 +		error = 0;
 +	}
  	return (error);
  }
  
 -- 
     Thomas.Quinot@Cuivre.FR.EU.ORG

From: "Peter Edwards" <pmedwards@eircom.net>
To: freebsd-gnats-submit@FreeBSD.org, thomas@freebsd.org
Cc: dillon@freebsd.org
Subject: Re: kern/46515: NFSv3 client denies O_APPEND open on existing file
Date: Mon, 30 Dec 2002 14:58:20 +0000

 Hm.
 It would seem more natural to have the NFS client code just use "vaccess",
 like other filesystems, thus avoiding having to teach NFS about file
 access modes it knows nothing about...
 
 
 Index: nfs_vnops.c
 ===================================================================
 RCS file: /pub/FreeBSD/development/FreeBSD-CVS/src/sys/nfsclient/nfs_vnops.c,v
 retrieving revision 1.190
 diff -u -r1.190 nfs_vnops.c
 --- nfs_vnops.c 23 Dec 2002 06:20:41 -0000      1.190
 +++ nfs_vnops.c 30 Dec 2002 14:41:17 -0000
 @@ -2979,12 +2979,10 @@
  nfsspec_access(struct vop_access_args *ap)
  {
         struct vattr *vap;
 -       gid_t *gp;
         struct ucred *cred = ap->a_cred;
         struct vnode *vp = ap->a_vp;
         mode_t mode = ap->a_mode;
         struct vattr vattr;
 -       int i;
         int error;
  
         /*
 @@ -3002,33 +3000,12 @@
                         break;
                 }
         }
 -       /*
 -        * If you're the super-user,
 -        * you always get access.
 -        */
 -       if (cred->cr_uid == 0)
 -               return (0);
         vap = &vattr;
         error = VOP_GETATTR(vp, vap, cred, ap->a_td);
         if (error)
                 return (error);
 -       /*
 -        * Access check is based on only one of owner, group, public.
 -        * If not owner, then check group. If not a member of the
 -        * group, then check public access.
 -        */
 -       if (cred->cr_uid != vap->va_uid) {
 -               mode >>= 3;
 -               gp = cred->cr_groups;
 -               for (i = 0; i < cred->cr_ngroups; i++, gp++)
 -                       if (vap->va_gid == *gp)
 -                               goto found;
 -               mode >>= 3;
 -found:
 -               ;
 -       }
 -       error = (vap->va_mode & mode) == mode ? 0 : EACCES;
 -       return (error);
 +       return (vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid,
 +           mode, cred, NULL));
  }
  
  /*
 
 
 
 -- 
 Peter Edwards.
 

From: Thomas Quinot <thomas@FreeBSD.ORG>
To: Peter Edwards <pmedwards@eircom.net>
Cc: freebsd-gnats-submit@FreeBSD.org, thomas@freebsd.org,
	dillon@freebsd.org
Subject: Re: kern/46515: NFSv2 client denies O_APPEND open on existing file
Date: Mon, 30 Dec 2002 16:29:41 +0100

 Le 2002-12-30, Peter Edwards crivait :
 
 > It would seem more natural to have the NFS client code just use "vaccess",
 > like other filesystems, thus avoiding having to teach NFS about file
 > access modes it knows nothing about...
 
 Ah, yes, that seems to make sense. I was not aware of vaccess. I'll
 check that this patch resolves my problem.
 
 Thanks,
 Thomas.
 
 -- 
     Thomas.Quinot@Cuivre.FR.EU.ORG

From: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: Thomas Quinot <thomas@FreeBSD.ORG>
Cc: Peter Edwards <pmedwards@eircom.net>,
	freebsd-gnats-submit@FreeBSD.org, dillon@freebsd.org
Subject: Re: kern/46515: NFSv2 client denies O_APPEND open on existing file
Date: Mon, 30 Dec 2002 16:48:58 +0100

 Le 2002-12-30, Thomas Quinot crivait :
 
 > Ah, yes, that seems to make sense. I was not aware of vaccess. I'll
 > check that this patch resolves my problem.
 
 Looks OK. Thanks!
 Thomas.
 
 -- 
     Thomas.Quinot@Cuivre.FR.EU.ORG
State-Changed-From-To: open->closed 
State-Changed-By: thomas 
State-Changed-When: Mon Mar 31 15:27:56 PST 2003 
State-Changed-Why:  
Patch committed in nfs_vnops.c rev. 1.202, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46515 
>Unformatted:
