aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2005-11-29 23:20:10 -0500
committerSteve French <sfrench@us.ibm.com>2005-11-29 23:20:10 -0500
commit6473a559c336d5c407f9df412ca2f55357767ff8 (patch)
treeededf2b339de4541e98c78b5d537ab954d9dc413 /fs
parent3abb92722ab1784b419dadb5444daf8ea9636905 (diff)
[CIFS] Fix missing permission check on setattr when noperm mount option is
disabled. Also set mode, uid, gid better on mkdir and create for the case when Unix Extensions is not enabled and setuids is enabled. This is necessary to fix the hole in which chown could be allowed for non-root users in some cases if root mounted, and also to display the mode and uid properly in some cases. Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/cifs/CHANGES2
-rw-r--r--fs/cifs/README30
-rw-r--r--fs/cifs/TODO4
-rw-r--r--fs/cifs/dir.c9
-rw-r--r--fs/cifs/inode.c28
5 files changed, 60 insertions, 13 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index c40bd0df80ad..943ef9b82244 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -6,7 +6,7 @@ stress on writes). Modify cifs Kconfig options to expose CONFIG_CIFS_STATS2
6Fix SFU style symlinks and mknod needed for servers which do not support the 6Fix SFU style symlinks and mknod needed for servers which do not support the
7CIFS Unix Extensions. Fix setfacl/getfacl on bigendian. Timeout negative 7CIFS Unix Extensions. Fix setfacl/getfacl on bigendian. Timeout negative
8dentries so files that the client sees as deleted but that later get created 8dentries so files that the client sees as deleted but that later get created
9on the server will be recognized. 9on the server will be recognized. Add client side permission check on setattr.
10 10
11Version 1.38 11Version 1.38
12------------ 12------------
diff --git a/fs/cifs/README b/fs/cifs/README
index bb90941826ad..e5d09a2fc7a5 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -278,7 +278,9 @@ A partial list of the supported mount options follows:
278 (such as Windows), permissions can also be checked at the 278 (such as Windows), permissions can also be checked at the
279 client, and a crude form of client side permission checking 279 client, and a crude form of client side permission checking
280 can be enabled by specifying file_mode and dir_mode on 280 can be enabled by specifying file_mode and dir_mode on
281 the client 281 the client. Note that the mount.cifs helper must be
282 at version 1.10 or higher to support specifying the uid
283 (or gid) in non-numberic form.
282 gid If CIFS Unix extensions are not supported by the server 284 gid If CIFS Unix extensions are not supported by the server
283 this overrides the default gid for inodes. 285 this overrides the default gid for inodes.
284 file_mode If CIFS Unix extensions are not supported by the server 286 file_mode If CIFS Unix extensions are not supported by the server
@@ -345,7 +347,10 @@ A partial list of the supported mount options follows:
345 client system. It is typically only needed when the server 347 client system. It is typically only needed when the server
346 supports the CIFS Unix Extensions but the UIDs/GIDs on the 348 supports the CIFS Unix Extensions but the UIDs/GIDs on the
347 client and server system do not match closely enough to allow 349 client and server system do not match closely enough to allow
348 access by the user doing the mount. 350 access by the user doing the mount, but it may be useful with
351 non CIFS Unix Extension mounts for cases in which the default
352 mode is specified on the mount but is not to be enforced on the
353 client (e.g. perhaps when MultiUserMount is enabled)
349 Note that this does not affect the normal ACL check on the 354 Note that this does not affect the normal ACL check on the
350 target machine done by the server software (of the server 355 target machine done by the server software (of the server
351 ACL against the user name provided at mount time). 356 ACL against the user name provided at mount time).
@@ -368,15 +373,21 @@ A partial list of the supported mount options follows:
368 setuids If the CIFS Unix extensions are negotiated with the server 373 setuids If the CIFS Unix extensions are negotiated with the server
369 the client will attempt to set the effective uid and gid of 374 the client will attempt to set the effective uid and gid of
370 the local process on newly created files, directories, and 375 the local process on newly created files, directories, and
371 devices (create, mkdir, mknod). 376 devices (create, mkdir, mknod). If the CIFS Unix Extensions
377 are not negotiated, for newly created files and directories
378 instead of using the default uid and gid specified on the
379 the mount, cache the new file's uid and gid locally which means
380 that the uid for the file can change when the inode is
381 reloaded (or the user remounts the share).
372 nosetuids The client will not attempt to set the uid and gid on 382 nosetuids The client will not attempt to set the uid and gid on
373 on newly created files, directories, and devices (create, 383 on newly created files, directories, and devices (create,
374 mkdir, mknod) which will result in the server setting the 384 mkdir, mknod) which will result in the server setting the
375 uid and gid to the default (usually the server uid of the 385 uid and gid to the default (usually the server uid of the
376 user who mounted the share). Letting the server (rather than 386 user who mounted the share). Letting the server (rather than
377 the client) set the uid and gid is the default. This 387 the client) set the uid and gid is the default. If the CIFS
378 parameter has no effect if the CIFS Unix Extensions are not 388 Unix Extensions are not negotiated then the uid and gid for
379 negotiated. 389 new files will appear to be the uid (gid) of the mounter or the
390 uid (gid) parameter specified on the mount.
380 netbiosname When mounting to servers via port 139, specifies the RFC1001 391 netbiosname When mounting to servers via port 139, specifies the RFC1001
381 source name to use to represent the client netbios machine 392 source name to use to represent the client netbios machine
382 name when doing the RFC1001 netbios session initialize. 393 name when doing the RFC1001 netbios session initialize.
@@ -418,6 +429,13 @@ A partial list of the supported mount options follows:
418 byte range locks). 429 byte range locks).
419 remount remount the share (often used to change from ro to rw mounts 430 remount remount the share (often used to change from ro to rw mounts
420 or vice versa) 431 or vice versa)
432 sfu When the CIFS Unix Extensions are not negotiated, attempt to
433 create device files and fifos in a format compatible with
434 Services for Unix (SFU). In addition retrieve bits 10-12
435 of the mode via the SETFILEBITS extended attribute (as
436 SFU does). In the future the bottom 9 bits of the mode
437 mode also will be emulated using queries of the security
438 descriptor (ACL).
421 439
422The mount.cifs mount helper also accepts a few mount options before -o 440The mount.cifs mount helper also accepts a few mount options before -o
423including: 441including:
diff --git a/fs/cifs/TODO b/fs/cifs/TODO
index c909298d11ed..fc34c74ec4be 100644
--- a/fs/cifs/TODO
+++ b/fs/cifs/TODO
@@ -1,4 +1,4 @@
1version 1.37 October 9, 2005 1Version 1.39 November 30, 2005
2 2
3A Partial List of Missing Features 3A Partial List of Missing Features
4================================== 4==================================
@@ -58,7 +58,7 @@ o) Improve performance of readpages by sending more than one read
58at a time when 8 pages or more are requested. In conjuntion 58at a time when 8 pages or more are requested. In conjuntion
59add support for async_cifs_readpages. 59add support for async_cifs_readpages.
60 60
61p) Add support for storing symlink and fifo info to Windows servers 61p) Add support for storing symlink info to Windows servers
62in the Extended Attribute format their SFU clients would recognize. 62in the Extended Attribute format their SFU clients would recognize.
63 63
64q) Finish fcntl D_NOTIFY support so kde and gnome file list windows 64q) Finish fcntl D_NOTIFY support so kde and gnome file list windows
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index aa4ea965b329..32cc96cafa3e 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -228,8 +228,15 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
228 else { 228 else {
229 rc = cifs_get_inode_info(&newinode, full_path, 229 rc = cifs_get_inode_info(&newinode, full_path,
230 buf, inode->i_sb,xid); 230 buf, inode->i_sb,xid);
231 if(newinode) 231 if(newinode) {
232 newinode->i_mode = mode; 232 newinode->i_mode = mode;
233 if((oplock & CIFS_CREATE_ACTION) &&
234 (cifs_sb->mnt_cifs_flags &
235 CIFS_MOUNT_SET_UID)) {
236 newinode->i_uid = current->fsuid;
237 newinode->i_gid = current->fsgid;
238 }
239 }
233 } 240 }
234 241
235 if (rc != 0) { 242 if (rc != 0) {
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index d34325c887c4..053c1cadf703 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -710,7 +710,7 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
710 char *full_path = NULL; 710 char *full_path = NULL;
711 struct inode *newinode = NULL; 711 struct inode *newinode = NULL;
712 712
713 cFYI(1, ("In cifs_mkdir, mode = 0x%x inode = 0x%p ", mode, inode)); 713 cFYI(1, ("In cifs_mkdir, mode = 0x%x inode = 0x%p", mode, inode));
714 714
715 xid = GetXid(); 715 xid = GetXid();
716 716
@@ -768,7 +768,16 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
768 /* BB to be implemented via Windows secrty descriptors 768 /* BB to be implemented via Windows secrty descriptors
769 eg CIFSSMBWinSetPerms(xid, pTcon, full_path, mode, 769 eg CIFSSMBWinSetPerms(xid, pTcon, full_path, mode,
770 -1, -1, local_nls); */ 770 -1, -1, local_nls); */
771 } 771 if(direntry->d_inode) {
772 direntry->d_inode->i_mode = mode;
773 if(cifs_sb->mnt_cifs_flags &
774 CIFS_MOUNT_SET_UID) {
775 direntry->d_inode->i_uid =
776 current->fsuid;
777 direntry->d_inode->i_gid =
778 current->fsgid;
779 }
780 }
772 } 781 }
773 kfree(full_path); 782 kfree(full_path);
774 FreeXid(xid); 783 FreeXid(xid);
@@ -1111,9 +1120,20 @@ int cifs_setattr(struct dentry *direntry, struct iattr *attrs)
1111 1120
1112 cFYI(1, ("In cifs_setattr, name = %s attrs->iavalid 0x%x ", 1121 cFYI(1, ("In cifs_setattr, name = %s attrs->iavalid 0x%x ",
1113 direntry->d_name.name, attrs->ia_valid)); 1122 direntry->d_name.name, attrs->ia_valid));
1123
1114 cifs_sb = CIFS_SB(direntry->d_inode->i_sb); 1124 cifs_sb = CIFS_SB(direntry->d_inode->i_sb);
1115 pTcon = cifs_sb->tcon; 1125 pTcon = cifs_sb->tcon;
1116 1126
1127 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM == 0) {
1128 /* check if we have permission to change attrs */
1129 rc = inode_change_ok(direntry->d_inode, attrs);
1130 if(rc < 0) {
1131 FreeXid(xid);
1132 return rc;
1133 } else
1134 rc = 0;
1135 }
1136
1117 down(&direntry->d_sb->s_vfs_rename_sem); 1137 down(&direntry->d_sb->s_vfs_rename_sem);
1118 full_path = build_path_from_dentry(direntry); 1138 full_path = build_path_from_dentry(direntry);
1119 up(&direntry->d_sb->s_vfs_rename_sem); 1139 up(&direntry->d_sb->s_vfs_rename_sem);
@@ -1153,7 +1173,9 @@ int cifs_setattr(struct dentry *direntry, struct iattr *attrs)
1153 1 /* 45 seconds */); 1173 1 /* 45 seconds */);
1154 cFYI(1,("Wrt seteof rc %d", rc)); 1174 cFYI(1,("Wrt seteof rc %d", rc));
1155 } 1175 }
1156 } 1176 } else
1177 rc = -EINVAL;
1178
1157 if (rc != 0) { 1179 if (rc != 0) {
1158 /* Set file size by pathname rather than by handle 1180 /* Set file size by pathname rather than by handle
1159 either because no valid, writeable file handle for 1181 either because no valid, writeable file handle for