From ab74af487aaddeed3fcf26ed61f1aabe0fa74303 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Tue, 15 Oct 2013 13:17:00 +0200
Subject: [PATCH] Check permissions when changing dir.

---
 src/VfsNs.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/VfsNs.cpp b/src/VfsNs.cpp
index d80d0e1..b9fe4b1 100644
--- a/src/VfsNs.cpp
+++ b/src/VfsNs.cpp
@@ -110,7 +110,14 @@ void VfsCatalog::setSecurityContext(const SecurityContext* ctx) throw (DmExcepti
 
 void VfsCatalog::changeDir(const std::string& path) throw (DmException)
 {
+  ExtendedStat meta;
+
+  meta = this->extendedStat(path);
+  if (checkPermissions(this->secCtx_, meta.acl, meta.stat, S_IEXEC | S_IREAD) != 0)
+    vfsThrow(EACCES, "not enough permissions for '%s' on '%s'", clientName.c_str(), meta.name.c_str());
+
   wrapCall(chdir(path.c_str()));
+  syslog(LOG_DEBUG, "%s: changed to '%s'", __func__, path.c_str());
 }
 
 
-- 
1.8.2.3