aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
diff options
context:
space:
mode:
authorShirish Pargaonkar <shirishpargaonkar@gmail.com>2011-08-09 15:30:39 -0400
committerSteve French <sfrench@us.ibm.com>2011-08-11 14:23:45 -0400
commite22906c564c2f9c73ee4621ef3b93fe374539f00 (patch)
tree4f59f2616b6723204dccc28ec3d8d6033573e111 /fs/cifs
parent789e66612367f9975d704c9e4990025cbbbb45ec (diff)
cifs: Do not set cifs/ntfs acl using a file handle (try #4)
Set security descriptor using path name instead of a file handle. We can't be sure that the file handle has adequate permission to set a security descriptor (to modify DACL). Function set_cifs_acl_by_fid() has been removed since we can't be sure how a file was opened for writing, a valid request can fail if the file was not opened with two above mentioned permissions. We could have opted to add on WRITE_DAC and WRITE_OWNER permissions to file opens and then use that file handle but adding addtional permissions such as WRITE_DAC and WRITE_OWNER could cause an any open to fail. And it was incorrect to look for read file handle to set a security descriptor anyway. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/cifsacl.c28
1 files changed, 1 insertions, 27 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 21de1d6d5849..d0f59faefb78 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -991,24 +991,6 @@ struct cifs_ntsd *get_cifs_acl(struct cifs_sb_info *cifs_sb,
991 return pntsd; 991 return pntsd;
992} 992}
993 993
994static int set_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb, __u16 fid,
995 struct cifs_ntsd *pnntsd, u32 acllen)
996{
997 int xid, rc;
998 struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);
999
1000 if (IS_ERR(tlink))
1001 return PTR_ERR(tlink);
1002
1003 xid = GetXid();
1004 rc = CIFSSMBSetCIFSACL(xid, tlink_tcon(tlink), fid, pnntsd, acllen);
1005 FreeXid(xid);
1006 cifs_put_tlink(tlink);
1007
1008 cFYI(DBG2, "SetCIFSACL rc = %d", rc);
1009 return rc;
1010}
1011
1012static int set_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, const char *path, 994static int set_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, const char *path,
1013 struct cifs_ntsd *pnntsd, u32 acllen) 995 struct cifs_ntsd *pnntsd, u32 acllen)
1014{ 996{
@@ -1047,18 +1029,10 @@ int set_cifs_acl(struct cifs_ntsd *pnntsd, __u32 acllen,
1047 struct inode *inode, const char *path) 1029 struct inode *inode, const char *path)
1048{ 1030{
1049 struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); 1031 struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
1050 struct cifsFileInfo *open_file;
1051 int rc;
1052 1032
1053 cFYI(DBG2, "set ACL for %s from mode 0x%x", path, inode->i_mode); 1033 cFYI(DBG2, "set ACL for %s from mode 0x%x", path, inode->i_mode);
1054 1034
1055 open_file = find_readable_file(CIFS_I(inode), true); 1035 return set_cifs_acl_by_path(cifs_sb, path, pnntsd, acllen);
1056 if (!open_file)
1057 return set_cifs_acl_by_path(cifs_sb, path, pnntsd, acllen);
1058
1059 rc = set_cifs_acl_by_fid(cifs_sb, open_file->netfid, pnntsd, acllen);
1060 cifsFileInfo_put(open_file);
1061 return rc;
1062} 1036}
1063 1037
1064/* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */ 1038/* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */