diff options
| author | Shirish Pargaonkar <shirishpargaonkar@gmail.com> | 2011-08-09 15:30:39 -0400 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2011-08-11 14:23:45 -0400 |
| commit | e22906c564c2f9c73ee4621ef3b93fe374539f00 (patch) | |
| tree | 4f59f2616b6723204dccc28ec3d8d6033573e111 | |
| parent | 789e66612367f9975d704c9e4990025cbbbb45ec (diff) | |
cifs: Do not set cifs/ntfs acl using a file handle (try #4)
Set security descriptor using path name instead of a file handle.
We can't be sure that the file handle has adequate permission to
set a security descriptor (to modify DACL).
Function set_cifs_acl_by_fid() has been removed since we can't be
sure how a file was opened for writing, a valid request can fail
if the file was not opened with two above mentioned permissions.
We could have opted to add on WRITE_DAC and WRITE_OWNER permissions
to file opens and then use that file handle but adding addtional
permissions such as WRITE_DAC and WRITE_OWNER could cause an
any open to fail.
And it was incorrect to look for read file handle to set a
security descriptor anyway.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
| -rw-r--r-- | fs/cifs/cifsacl.c | 28 |
1 files changed, 1 insertions, 27 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 21de1d6d5849..d0f59faefb78 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c | |||
| @@ -991,24 +991,6 @@ struct cifs_ntsd *get_cifs_acl(struct cifs_sb_info *cifs_sb, | |||
| 991 | return pntsd; | 991 | return pntsd; |
| 992 | } | 992 | } |
| 993 | 993 | ||
| 994 | static int set_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb, __u16 fid, | ||
| 995 | struct cifs_ntsd *pnntsd, u32 acllen) | ||
| 996 | { | ||
| 997 | int xid, rc; | ||
| 998 | struct tcon_link *tlink = cifs_sb_tlink(cifs_sb); | ||
| 999 | |||
| 1000 | if (IS_ERR(tlink)) | ||
| 1001 | return PTR_ERR(tlink); | ||
| 1002 | |||
| 1003 | xid = GetXid(); | ||
| 1004 | rc = CIFSSMBSetCIFSACL(xid, tlink_tcon(tlink), fid, pnntsd, acllen); | ||
| 1005 | FreeXid(xid); | ||
| 1006 | cifs_put_tlink(tlink); | ||
| 1007 | |||
| 1008 | cFYI(DBG2, "SetCIFSACL rc = %d", rc); | ||
| 1009 | return rc; | ||
| 1010 | } | ||
| 1011 | |||
| 1012 | static int set_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, const char *path, | 994 | static int set_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, const char *path, |
| 1013 | struct cifs_ntsd *pnntsd, u32 acllen) | 995 | struct cifs_ntsd *pnntsd, u32 acllen) |
| 1014 | { | 996 | { |
| @@ -1047,18 +1029,10 @@ int set_cifs_acl(struct cifs_ntsd *pnntsd, __u32 acllen, | |||
| 1047 | struct inode *inode, const char *path) | 1029 | struct inode *inode, const char *path) |
| 1048 | { | 1030 | { |
| 1049 | struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); | 1031 | struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); |
| 1050 | struct cifsFileInfo *open_file; | ||
| 1051 | int rc; | ||
| 1052 | 1032 | ||
| 1053 | cFYI(DBG2, "set ACL for %s from mode 0x%x", path, inode->i_mode); | 1033 | cFYI(DBG2, "set ACL for %s from mode 0x%x", path, inode->i_mode); |
| 1054 | 1034 | ||
| 1055 | open_file = find_readable_file(CIFS_I(inode), true); | 1035 | return set_cifs_acl_by_path(cifs_sb, path, pnntsd, acllen); |
| 1056 | if (!open_file) | ||
| 1057 | return set_cifs_acl_by_path(cifs_sb, path, pnntsd, acllen); | ||
| 1058 | |||
| 1059 | rc = set_cifs_acl_by_fid(cifs_sb, open_file->netfid, pnntsd, acllen); | ||
| 1060 | cifsFileInfo_put(open_file); | ||
| 1061 | return rc; | ||
| 1062 | } | 1036 | } |
| 1063 | 1037 | ||
| 1064 | /* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */ | 1038 | /* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */ |