2 Replies
      Latest reply on Sep 13, 2016 1:56 AM by Vishal S
      Vishal S Level 1 Level 1 (0 points)


        I am using Kauth KAUTH_VNODE_WRITE_DATA to perform validations before a file is opened.

        However, in case of smb shares the file is already truncated by the time I try to access it during vnode authorization callback when overwriting with O_TRUNC.

        I can reproduce the issue using cp or creating a simple program that uses open(..., O_TRUNC) call on the smbfs destination path.


        Looking at smbfs source code (https://opensource.apple.com/source/smb/smb-759.40.1/kernel/smbfs/smbfs_vnops.c)

        Although I might be wrong, it seems that at least in one of the places the authorizer is called after open

        authorizer is called at line

        1725 error = ap->a_open_existing_authorizer(vp, cnp, fmode, context, NULL);

        the file however was already opened at (not sure if truncation is handled here)

        1701  error = smbfs_create_open(share, dvp, cnp, vap, open_disp, fmode, &fid, fap, &vp, context);


        Has anyone seen similar issue? Is this behavior by design or is it a bug?

        I am using 10.10.5/10.11.6 for testing.