diff options
author | Steve French <sfrench@us.ibm.com> | 2008-04-09 16:55:31 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-04-09 16:55:31 -0400 |
commit | cce246ee5f3c7f4d3539ea41d13feb7a07859145 (patch) | |
tree | 693fe2aa45f3772fba1416cb45ce8b278fd6a06e /fs | |
parent | 35028d71116926008f5c19b8fcb00aacaabf5eab (diff) |
[CIFS] Fix acl length when very short ACL being modified by chmod
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/cifsacl.c | 14 | ||||
-rw-r--r-- | fs/cifs/cifsacl.h | 1 |
2 files changed, 9 insertions, 6 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 1cb5b0a9f2ac..e99d4faf5f02 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c | |||
@@ -516,7 +516,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len, | |||
516 | 516 | ||
517 | /* Convert permission bits from mode to equivalent CIFS ACL */ | 517 | /* Convert permission bits from mode to equivalent CIFS ACL */ |
518 | static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, | 518 | static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, |
519 | int acl_len, struct inode *inode, __u64 nmode) | 519 | struct inode *inode, __u64 nmode) |
520 | { | 520 | { |
521 | int rc = 0; | 521 | int rc = 0; |
522 | __u32 dacloffset; | 522 | __u32 dacloffset; |
@@ -692,14 +692,14 @@ void acl_to_uid_mode(struct inode *inode, const char *path, const __u16 *pfid) | |||
692 | int mode_to_acl(struct inode *inode, const char *path, __u64 nmode) | 692 | int mode_to_acl(struct inode *inode, const char *path, __u64 nmode) |
693 | { | 693 | { |
694 | int rc = 0; | 694 | int rc = 0; |
695 | __u32 acllen = 0; | 695 | __u32 secdesclen = 0; |
696 | struct cifs_ntsd *pntsd = NULL; /* acl obtained from server */ | 696 | struct cifs_ntsd *pntsd = NULL; /* acl obtained from server */ |
697 | struct cifs_ntsd *pnntsd = NULL; /* modified acl to be sent to server */ | 697 | struct cifs_ntsd *pnntsd = NULL; /* modified acl to be sent to server */ |
698 | 698 | ||
699 | cFYI(DBG2, ("set ACL from mode for %s", path)); | 699 | cFYI(DBG2, ("set ACL from mode for %s", path)); |
700 | 700 | ||
701 | /* Get the security descriptor */ | 701 | /* Get the security descriptor */ |
702 | pntsd = get_cifs_acl(&acllen, inode, path, NULL); | 702 | pntsd = get_cifs_acl(&secdesclen, inode, path, NULL); |
703 | 703 | ||
704 | /* Add three ACEs for owner, group, everyone getting rid of | 704 | /* Add three ACEs for owner, group, everyone getting rid of |
705 | other ACEs as chmod disables ACEs and set the security descriptor */ | 705 | other ACEs as chmod disables ACEs and set the security descriptor */ |
@@ -709,20 +709,22 @@ int mode_to_acl(struct inode *inode, const char *path, __u64 nmode) | |||
709 | set security descriptor request security descriptor | 709 | set security descriptor request security descriptor |
710 | parameters, and secuirty descriptor itself */ | 710 | parameters, and secuirty descriptor itself */ |
711 | 711 | ||
712 | pnntsd = kmalloc(acllen, GFP_KERNEL); | 712 | secdesclen = secdesclen < DEFSECDESCLEN ? |
713 | DEFSECDESCLEN : secdesclen; | ||
714 | pnntsd = kmalloc(secdesclen, GFP_KERNEL); | ||
713 | if (!pnntsd) { | 715 | if (!pnntsd) { |
714 | cERROR(1, ("Unable to allocate security descriptor")); | 716 | cERROR(1, ("Unable to allocate security descriptor")); |
715 | kfree(pntsd); | 717 | kfree(pntsd); |
716 | return (-ENOMEM); | 718 | return (-ENOMEM); |
717 | } | 719 | } |
718 | 720 | ||
719 | rc = build_sec_desc(pntsd, pnntsd, acllen, inode, nmode); | 721 | rc = build_sec_desc(pntsd, pnntsd, inode, nmode); |
720 | 722 | ||
721 | cFYI(DBG2, ("build_sec_desc rc: %d", rc)); | 723 | cFYI(DBG2, ("build_sec_desc rc: %d", rc)); |
722 | 724 | ||
723 | if (!rc) { | 725 | if (!rc) { |
724 | /* Set the security descriptor */ | 726 | /* Set the security descriptor */ |
725 | rc = set_cifs_acl(pnntsd, acllen, inode, path); | 727 | rc = set_cifs_acl(pnntsd, secdesclen, inode, path); |
726 | cFYI(DBG2, ("set_cifs_acl rc: %d", rc)); | 728 | cFYI(DBG2, ("set_cifs_acl rc: %d", rc)); |
727 | } | 729 | } |
728 | 730 | ||
diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h index 93a7c3462ea2..6c8096cf5155 100644 --- a/fs/cifs/cifsacl.h +++ b/fs/cifs/cifsacl.h | |||
@@ -27,6 +27,7 @@ | |||
27 | #define NUM_SUBAUTHS 5 /* number of sub authority fields */ | 27 | #define NUM_SUBAUTHS 5 /* number of sub authority fields */ |
28 | #define NUM_WK_SIDS 7 /* number of well known sids */ | 28 | #define NUM_WK_SIDS 7 /* number of well known sids */ |
29 | #define SIDNAMELENGTH 20 /* long enough for the ones we care about */ | 29 | #define SIDNAMELENGTH 20 /* long enough for the ones we care about */ |
30 | #define DEFSECDESCLEN 192 /* sec desc len contaiting a dacl with three aces */ | ||
30 | 31 | ||
31 | #define READ_BIT 0x4 | 32 | #define READ_BIT 0x4 |
32 | #define WRITE_BIT 0x2 | 33 | #define WRITE_BIT 0x2 |