[CIFS] Don't request too much permission when reading an ACL

We were requesting GENERIC_READ but that fails when we do not have read permission on the file (even if we could read the ACL). Also move the dump access control entry code into debug ifdef. Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Steve French <sfrench@us.ibm.com> 2007-10-31 00:54:42 -0400
committer: Steve French <sfrench@us.ibm.com> 2007-10-31 00:54:42 -0400
commit: 953f868138dbf4300196780379476ab9f07f263a (patch)
tree: e0dfbaebe02e75094033425fc4274328c5928dd0 /fs/cifs/cifsacl.c
parent: e01b64001359034d04c695388870936ed3d1b56b (diff)
1 files changed, 25 insertions, 7 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 629b96c21639..f1215df7fbee 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -162,7 +162,8 @@ static void access_flags_to_mode(__u32 ace_flags, umode_t *pmode,
 }
-static void parse_ace(struct cifs_ace *pace, char *end_of_acl)
+#ifdef CONFIG_CIFS_DEBUG2
+static void dump_ace(struct cifs_ace *pace, char *end_of_acl)
 {
        int num_subauth;
@@ -180,7 +181,6 @@ static void parse_ace(struct cifs_ace *pace, char *end_of_acl)
        num_subauth = pace->sid.num_subauth;
        if (num_subauth) {
-#ifdef CONFIG_CIFS_DEBUG2
                int i;
                cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",
                        pace->sid.revision, pace->sid.num_subauth, pace->type,
@@ -192,11 +192,11 @@ static void parse_ace(struct cifs_ace *pace, char *end_of_acl)
                /* BB add length check to make sure that we do not have huge
                        num auths and therefore go off the end */
-#endif
        }
        return;
 }
+#endif
 static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
@@ -240,9 +240,9 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
                for (i = 0; i < num_aces; ++i) {
                        ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
+#ifdef CONFIG_CIFS_DEBUG2
-                        parse_ace(ppace[i], end_of_acl);
+                        dump_ace(ppace[i], end_of_acl);
+#endif
                        if (compare_sids(&(ppace[i]->sid), pownersid))
                                access_flags_to_mode(ppace[i]->access_req,
                                                &(inode->i_mode), S_IRWXU);
@@ -385,7 +385,7 @@ void acl_to_uid_mode(struct inode *inode, const char *path)
                int oplock = FALSE;
                /* open file */
                rc = CIFSSMBOpen(xid, cifs_sb->tcon, path, FILE_OPEN,
-                                GENERIC_READ, 0, &fid, &oplock, NULL,
+                                READ_CONTROL, 0, &fid, &oplock, NULL,
                                cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
                                        CIFS_MOUNT_MAP_SPECIAL_CHR);
                if (rc != 0) {
@@ -409,4 +409,22 @@ void acl_to_uid_mode(struct inode *inode, const char *path)
        FreeXid(xid);
        return;
 }
+int mode_to_acl(struct inode *inode, const char *path)
+{
+        int rc = 0;
+        __u32 acllen = 0;
+        struct cifs_ntsd *pntsd = NULL;
+        cFYI(1, ("set ACL from mode for %s", path));
+        /* Get the security descriptor */
+        /* Add/Modify the three ACEs for owner, group, everyone */
+        /* Set the security descriptor */
+        kfree(pntsd);
+        return rc;
+}
 #endif /* CONFIG_CIFS_EXPERIMENTAL */
author	Steve French <sfrench@us.ibm.com>	2007-10-31 00:54:42 -0400
committer	Steve French <sfrench@us.ibm.com>	2007-10-31 00:54:42 -0400
commit	953f868138dbf4300196780379476ab9f07f263a (patch)
tree	e0dfbaebe02e75094033425fc4274328c5928dd0 /fs/cifs/cifsacl.c
parent	e01b64001359034d04c695388870936ed3d1b56b (diff)

diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 629b96c21639..f1215df7fbee 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c
@@ -162,7 +162,8 @@ static void access_flags_to_mode(__u32 ace_flags, umode_t *pmode,
162	}	162	}
163		163
164		164
165	static void parse_ace(struct cifs_ace pace, char end_of_acl)	165	#ifdef CONFIG_CIFS_DEBUG2
		166	static void dump_ace(struct cifs_ace pace, char end_of_acl)
166	{	167	{
167	int num_subauth;	168	int num_subauth;
168		169
@@ -180,7 +181,6 @@ static void parse_ace(struct cifs_ace pace, char end_of_acl)
180		181
181	num_subauth = pace->sid.num_subauth;	182	num_subauth = pace->sid.num_subauth;
182	if (num_subauth) {	183	if (num_subauth) {
183	#ifdef CONFIG_CIFS_DEBUG2
184	int i;	184	int i;
185	cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",	185	cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",
186	pace->sid.revision, pace->sid.num_subauth, pace->type,	186	pace->sid.revision, pace->sid.num_subauth, pace->type,
@@ -192,11 +192,11 @@ static void parse_ace(struct cifs_ace pace, char end_of_acl)
192		192
193	/* BB add length check to make sure that we do not have huge	193	/* BB add length check to make sure that we do not have huge
194	num auths and therefore go off the end */	194	num auths and therefore go off the end */
195	#endif
196	}	195	}
197		196
198	return;	197	return;
199	}	198	}
		199	#endif
200		200
201		201
202	static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,	202	static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,
@@ -240,9 +240,9 @@ static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,
240		240
241	for (i = 0; i < num_aces; ++i) {	241	for (i = 0; i < num_aces; ++i) {
242	ppace[i] = (struct cifs_ace *) (acl_base + acl_size);	242	ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
243		243	#ifdef CONFIG_CIFS_DEBUG2
244	parse_ace(ppace[i], end_of_acl);	244	dump_ace(ppace[i], end_of_acl);
245		245	#endif
246	if (compare_sids(&(ppace[i]->sid), pownersid))	246	if (compare_sids(&(ppace[i]->sid), pownersid))
247	access_flags_to_mode(ppace[i]->access_req,	247	access_flags_to_mode(ppace[i]->access_req,
248	&(inode->i_mode), S_IRWXU);	248	&(inode->i_mode), S_IRWXU);
@@ -385,7 +385,7 @@ void acl_to_uid_mode(struct inode inode, const char path)
385	int oplock = FALSE;	385	int oplock = FALSE;
386	/* open file */	386	/* open file */
387	rc = CIFSSMBOpen(xid, cifs_sb->tcon, path, FILE_OPEN,	387	rc = CIFSSMBOpen(xid, cifs_sb->tcon, path, FILE_OPEN,
388	GENERIC_READ, 0, &fid, &oplock, NULL,	388	READ_CONTROL, 0, &fid, &oplock, NULL,
389	cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &	389	cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
390	CIFS_MOUNT_MAP_SPECIAL_CHR);	390	CIFS_MOUNT_MAP_SPECIAL_CHR);
391	if (rc != 0) {	391	if (rc != 0) {
@@ -409,4 +409,22 @@ void acl_to_uid_mode(struct inode inode, const char path)
409	FreeXid(xid);	409	FreeXid(xid);
410	return;	410	return;
411	}	411	}
		412
		413	int mode_to_acl(struct inode inode, const char path)
		414	{
		415	int rc = 0;
		416	__u32 acllen = 0;
		417	struct cifs_ntsd *pntsd = NULL;
		418
		419	cFYI(1, ("set ACL from mode for %s", path));
		420
		421	/* Get the security descriptor */
		422
		423	/* Add/Modify the three ACEs for owner, group, everyone */
		424
		425	/* Set the security descriptor */
		426	kfree(pntsd);
		427
		428	return rc;
		429	}
412	#endif /* CONFIG_CIFS_EXPERIMENTAL */	430	#endif /* CONFIG_CIFS_EXPERIMENTAL */