From 76c8adf14b080d7936229551ee3b247ddeb39965 Mon Sep 17 00:00:00 2001
From: Derrick Brashear <shadow@dementia.org>
Date: Fri, 6 Jan 2006 03:03:26 +0000
Subject: [PATCH] STABLE14-macos-104-change-access-enforcement-20060105

don't improperly enforce read attribute restriction on child instead of parent
when it's a directory

avoid screwing ourselves on mode 0 files, also


(cherry picked from commit e07a781b20272a629f73cf8b2377ee8e3bd6cd99)
---
 src/afs/DARWIN/osi_vnodeops.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/afs/DARWIN/osi_vnodeops.c b/src/afs/DARWIN/osi_vnodeops.c
index 97741b093..3cb550563 100644
--- a/src/afs/DARWIN/osi_vnodeops.c
+++ b/src/afs/DARWIN/osi_vnodeops.c
@@ -583,10 +583,12 @@ afs_vop_access(ap)
           bits |= PRSFS_INSERT;
        if (ap->a_action & KAUTH_VNODE_DELETE_CHILD)
           bits |= PRSFS_DELETE;
+#if 0 /* I'd argue this should be enforced on the parent. But that's ugly */
        if (ap->a_action & KAUTH_VNODE_READ_ATTRIBUTES)
           bits |= PRSFS_LOOKUP;
        if (ap->a_action & KAUTH_VNODE_READ_SECURITY) /* mode bits/gid, not afs acl */
           bits |= PRSFS_LOOKUP;
+#endif
     } else {
        if (ap->a_action & KAUTH_VNODE_READ_DATA)
           bits |= PRSFS_READ;
@@ -595,9 +597,9 @@ afs_vop_access(ap)
        if (ap->a_action & KAUTH_VNODE_EXECUTE)
           bits |= PRSFS_READ; /* and mode bits.... */
        if (ap->a_action & KAUTH_VNODE_READ_ATTRIBUTES)
-          bits |= PRSFS_READ;
+          bits |= PRSFS_LOOKUP;
        if (ap->a_action & KAUTH_VNODE_READ_SECURITY) /* mode bits/gid, not afs acl */
-          bits |= PRSFS_READ;
+          bits |= PRSFS_LOOKUP;
     }
     if (ap->a_action & KAUTH_VNODE_WRITE_ATTRIBUTES)
        bits |= PRSFS_WRITE;
-- 
2.39.5