From 981e73dc61c4e4bea10ed5e425b1fdfcde931720 Mon Sep 17 00:00:00 2001 From: Olga Kornievskaia Date: Tue, 4 Oct 2011 10:57:06 -0400 Subject: [PATCH] [driver] read-only mount option if the nfs_mount passes us a read-only mount option. then return access_denied if: 1. requests for open with desired access of write or append, 2. we get a write irp, 3. requests for setattr, setattrex, setacl 4. ignore the delete_on_open flag passed to open --- sys/nfs41_driver.c | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c index 2ab356a..2504ff6 100644 --- a/sys/nfs41_driver.c +++ b/sys/nfs41_driver.c @@ -345,7 +345,8 @@ typedef struct _NFS41_V_NET_ROOT_EXTENSION { HANDLE session; BYTE FsAttrs[FS_ATTR_LEN]; LONG FsAttrsLen; - DWORD sec_flavor; + DWORD sec_flavor; + BOOLEAN read_only; } NFS41_V_NET_ROOT_EXTENSION, *PNFS41_V_NET_ROOT_EXTENSION; #define NFS41GetVNetRootExtension(pVNetRoot) \ (((pVNetRoot) == NULL) ? NULL : \ @@ -2658,6 +2659,7 @@ NTSTATUS nfs41_CreateVNetRoot( &Config); if (status != STATUS_SUCCESS) goto out; + pVNetRootContext->read_only = Config.ReadOnly; } else { /* use the SRV_CALL name (without leading \) as the hostname */ Config.SrvName.Buffer = pSrvCall->pSrvCallName->Buffer + 1; @@ -3100,6 +3102,14 @@ NTSTATUS nfs41_Create( goto out; } + if (pVNetRootContext->read_only && + ((params.DesiredAccess & FILE_WRITE_DATA) || + (params.DesiredAccess & FILE_APPEND_DATA))) { + DbgP("Read-only mount\n"); + status = STATUS_ACCESS_DENIED; + goto out; + } + status = nfs41_UpcallCreate(NFS41_OPEN, NULL, pVNetRootContext->session, INVALID_HANDLE_VALUE, pNetRootContext->nfs41d_version, &entry); if (status) @@ -3289,7 +3299,7 @@ NTSTATUS nfs41_Create( SrvOpen->BufferingFlags |= FCB_STATE_DISABLE_LOCAL_BUFFERING; } - if (params.CreateOptions & FILE_DELETE_ON_CLOSE) { + if ((params.CreateOptions & FILE_DELETE_ON_CLOSE) && !pVNetRootContext->read_only) { DbgP("We need to delete this file on close\n"); nfs41_fcb->StandardInfo.DeletePending = TRUE; } @@ -3964,6 +3974,12 @@ NTSTATUS nfs41_SetEaInformation ( print_debug_header(RxContext); print_ea_info(1, eainfo); + if (pVNetRootContext->read_only) { + DbgP("Read-only mount\n"); + status = STATUS_ACCESS_DENIED; + goto out; + } + status = nfs41_UpcallCreate(NFS41_EA_SET, &nfs41_fobx->sec_ctx, pVNetRootContext->session, nfs41_fobx->nfs41_open_state, pNetRootContext->nfs41d_version, &entry); @@ -4304,6 +4320,12 @@ NTSTATUS nfs41_SetSecurityInformation ( print_debug_header(RxContext); print_acl_args(info_class); + if (pVNetRootContext->read_only) { + DbgP("Read-only mount\n"); + status = STATUS_ACCESS_DENIED; + goto out; + } + /* check that ACL is present */ if (info_class & DACL_SECURITY_INFORMATION) { PACL acl; @@ -4600,6 +4622,13 @@ NTSTATUS nfs41_SetFileInformation ( DbgEn(); print_setfile_args(RxContext); + + if (pVNetRootContext->read_only) { + DbgP("Read-only mount\n"); + status = STATUS_ACCESS_DENIED; + goto out; + } + /* http://msdn.microsoft.com/en-us/library/ff469355(v=PROT.10).aspx * http://msdn.microsoft.com/en-us/library/ff469424(v=PROT.10).aspx * If Open.GrantedAccess does not contain FILE_WRITE_DATA, the operation @@ -4957,6 +4986,12 @@ NTSTATUS nfs41_Write ( DbgEn(); print_readwrite_args(RxContext); + if (pVNetRootContext->read_only) { + DbgP("Read-only mount\n"); + status = STATUS_ACCESS_DENIED; + goto out; + } + status = nfs41_UpcallCreate(NFS41_WRITE, &nfs41_fobx->sec_ctx, pVNetRootContext->session, nfs41_fobx->nfs41_open_state, pNetRootContext->nfs41d_version, &entry);