aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2010-07-19 18:00:17 -0400
committerSteve French <sfrench@us.ibm.com>2010-08-02 08:40:39 -0400
commit3e4b3e1f68c10510ec8d3076cffc5729b88f8de6 (patch)
treebee962570f8a54547cfb67550f76874d82981fea /fs/cifs
parentf55fdcca6bf1c17e86a270a8c0d81c6677c61222 (diff)
cifs: add separate cred_uid field to sesInfo
Right now, there's no clear separation between the uid that owns the credentials used to do the mount and the overriding owner of the files on that mount. Add a separate cred_uid field that is set to the real uid of the mount user. Unlike the linux_uid, the uid= option does not override this parameter. The parm is sent to cifs.upcall, which can then preferentially use the creduid= parm instead of the uid= parm for finding credentials. This is not the only way to solve this. We could try to do all of this in kernel instead by having a module parameter that affects what gets passed in the uid= field of the upcall. That said, we have a lot more flexibility to change things in userspace so I think it probably makes sense to do it this way. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/cifs_spnego.c3
-rw-r--r--fs/cifs/cifsglob.h3
-rw-r--r--fs/cifs/connect.c7
3 files changed, 10 insertions, 3 deletions
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index 379bd7d9c05f..6effccff85a5 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -144,6 +144,9 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
144 sprintf(dp, ";uid=0x%x", sesInfo->linux_uid); 144 sprintf(dp, ";uid=0x%x", sesInfo->linux_uid);
145 145
146 dp = description + strlen(description); 146 dp = description + strlen(description);
147 sprintf(dp, ";creduid=0x%x", sesInfo->cred_uid);
148
149 dp = description + strlen(description);
147 sprintf(dp, ";user=%s", sesInfo->userName); 150 sprintf(dp, ";user=%s", sesInfo->userName);
148 151
149 dp = description + strlen(description); 152 dp = description + strlen(description);
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 9b7cf9aa3a00..59906146ad36 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -214,7 +214,8 @@ struct cifsSesInfo {
214 char *serverNOS; /* name of network operating system of server */ 214 char *serverNOS; /* name of network operating system of server */
215 char *serverDomain; /* security realm of server */ 215 char *serverDomain; /* security realm of server */
216 int Suid; /* remote smb uid */ 216 int Suid; /* remote smb uid */
217 uid_t linux_uid; /* local Linux uid */ 217 uid_t linux_uid; /* overriding owner of files on the mount */
218 uid_t cred_uid; /* owner of credentials */
218 int capabilities; 219 int capabilities;
219 char serverName[SERVER_NAME_LEN_WITH_NULL * 2]; /* BB make bigger for 220 char serverName[SERVER_NAME_LEN_WITH_NULL * 2]; /* BB make bigger for
220 TCP names - will ipv6 and sctp addresses fit? */ 221 TCP names - will ipv6 and sctp addresses fit? */
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 399b60129b74..52a7646cc7af 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -67,6 +67,7 @@ struct smb_vol {
67 char *iocharset; /* local code page for mapping to and from Unicode */ 67 char *iocharset; /* local code page for mapping to and from Unicode */
68 char source_rfc1001_name[16]; /* netbios name of client */ 68 char source_rfc1001_name[16]; /* netbios name of client */
69 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */ 69 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
70 uid_t cred_uid;
70 uid_t linux_uid; 71 uid_t linux_uid;
71 gid_t linux_gid; 72 gid_t linux_gid;
72 mode_t file_mode; 73 mode_t file_mode;
@@ -832,7 +833,8 @@ cifs_parse_mount_options(char *options, const char *devname,
832 /* null target name indicates to use *SMBSERVR default called name 833 /* null target name indicates to use *SMBSERVR default called name
833 if we end up sending RFC1001 session initialize */ 834 if we end up sending RFC1001 session initialize */
834 vol->target_rfc1001_name[0] = 0; 835 vol->target_rfc1001_name[0] = 0;
835 vol->linux_uid = current_uid(); /* use current_euid() instead? */ 836 vol->cred_uid = current_uid();
837 vol->linux_uid = current_uid();
836 vol->linux_gid = current_gid(); 838 vol->linux_gid = current_gid();
837 839
838 /* default to only allowing write access to owner of the mount */ 840 /* default to only allowing write access to owner of the mount */
@@ -1658,7 +1660,7 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
1658 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { 1660 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
1659 switch (server->secType) { 1661 switch (server->secType) {
1660 case Kerberos: 1662 case Kerberos:
1661 if (vol->linux_uid != ses->linux_uid) 1663 if (vol->cred_uid != ses->cred_uid)
1662 continue; 1664 continue;
1663 break; 1665 break;
1664 default: 1666 default:
@@ -1775,6 +1777,7 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1775 if (ses->domainName) 1777 if (ses->domainName)
1776 strcpy(ses->domainName, volume_info->domainname); 1778 strcpy(ses->domainName, volume_info->domainname);
1777 } 1779 }
1780 ses->cred_uid = volume_info->cred_uid;
1778 ses->linux_uid = volume_info->linux_uid; 1781 ses->linux_uid = volume_info->linux_uid;
1779 ses->overrideSecFlg = volume_info->secFlg; 1782 ses->overrideSecFlg = volume_info->secFlg;
1780 1783