diff mbox series

[SMB3] backup intent flag missing from directory and symlink opens

Message ID CAH2r5muifJ4_dyZfn6FHT75cf=g1H04NTa51bC1NEvkS+XuOcQ@mail.gmail.com (mailing list archive)
State New, archived
Headers show
Series [SMB3] backup intent flag missing from directory and symlink opens | expand

Commit Message

Steve French Aug. 27, 2018, 10:16 p.m. UTC
SMB3: Backup intent flag missing for directory opens with backupuid mounts

    When "backup intent" is requested on the mount (e.g. backupuid or
    backupgid mount options), the corresponding flag needs to be set
    on opens of directories (and files) but was missing in some
    places causing access denied trying to enumerate and backup
    servers.

    Fixes kernel bugzilla #200953
    https://bugzilla.kernel.org/show_bug.cgi?id=200953

    Reported-and-tested-by: <whh@rubrik.com>
    Signed-off-by: Steve French <stfrench@microsoft.com>
    CC: Stable <stable@vger.kernel.org>


@@ -779,7 +782,10 @@ smb2_query_eas(const unsigned int xid, struct
cifs_tcon *tcon,
        oparms.tcon = tcon;
        oparms.desired_access = FILE_READ_EA;
        oparms.disposition = FILE_OPEN;
-       oparms.create_options = 0;
+       if (backup_cred(cifs_sb))
+               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
+       else
+               oparms.create_options = 0;
        oparms.fid = &fid;
        oparms.reconnect = false;

@@ -858,7 +864,10 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
        oparms.tcon = tcon;
        oparms.desired_access = FILE_WRITE_EA;
        oparms.disposition = FILE_OPEN;
-       oparms.create_options = 0;
+       if (backup_cred(cifs_sb))
+               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
+       else
+               oparms.create_options = 0;
        oparms.fid = &fid;
        oparms.reconnect = false;

@@ -1453,7 +1462,10 @@ smb2_query_dir_first(const unsigned int xid,
struct cifs_tcon *tcon,
        oparms.tcon = tcon;
        oparms.desired_access = FILE_READ_ATTRIBUTES | FILE_READ_DATA;
        oparms.disposition = FILE_OPEN;
-       oparms.create_options = 0;
+       if (backup_cred(cifs_sb))
+               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
+       else
+               oparms.create_options = 0;
        oparms.fid = fid;
        oparms.reconnect = false;

@@ -1857,7 +1869,10 @@ smb2_query_symlink(const unsigned int xid,
struct cifs_tcon *tcon,
        oparms.tcon = tcon;
        oparms.desired_access = FILE_READ_ATTRIBUTES;
        oparms.disposition = FILE_OPEN;
-       oparms.create_options = 0;
+       if (backup_cred(cifs_sb))
+               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
+       else
+               oparms.create_options = 0;
        oparms.fid = &fid;
        oparms.reconnect = false;

Comments

Pavel Shilovsky Aug. 28, 2018, 1:43 a.m. UTC | #1
пн, 27 авг. 2018 г. в 15:17, Steve French <smfrench@gmail.com>:
>
>     SMB3: Backup intent flag missing for directory opens with backupuid mounts
>
>     When "backup intent" is requested on the mount (e.g. backupuid or
>     backupgid mount options), the corresponding flag needs to be set
>     on opens of directories (and files) but was missing in some
>     places causing access denied trying to enumerate and backup
>     servers.
>
>     Fixes kernel bugzilla #200953
>     https://bugzilla.kernel.org/show_bug.cgi?id=200953
>
>     Reported-and-tested-by: <whh@rubrik.com>
>     Signed-off-by: Steve French <stfrench@microsoft.com>
>     CC: Stable <stable@vger.kernel.org>
>
> diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
> index d32eaa4b2437..6e8765f44508 100644
> --- a/fs/cifs/inode.c
> +++ b/fs/cifs/inode.c
> @@ -467,6 +467,8 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path,
>         oparms.cifs_sb = cifs_sb;
>         oparms.desired_access = GENERIC_READ;
>         oparms.create_options = CREATE_NOT_DIR;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options |= CREATE_OPEN_BACKUP_INTENT;
>         oparms.disposition = FILE_OPEN;
>         oparms.path = path;
>         oparms.fid = &fid;
> diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> index f551afca2152..32cae6e49ea2 100644
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -630,7 +630,10 @@ smb2_is_path_accessible(const unsigned int xid,
> struct cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_READ_ATTRIBUTES;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = &fid;
>         oparms.reconnect = false;
>
> @@ -779,7 +782,10 @@ smb2_query_eas(const unsigned int xid, struct
> cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_READ_EA;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = &fid;
>         oparms.reconnect = false;
>
> @@ -858,7 +864,10 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_WRITE_EA;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = &fid;
>         oparms.reconnect = false;
>
> @@ -1453,7 +1462,10 @@ smb2_query_dir_first(const unsigned int xid,
> struct cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_READ_ATTRIBUTES | FILE_READ_DATA;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = fid;
>         oparms.reconnect = false;
>
> @@ -1857,7 +1869,10 @@ smb2_query_symlink(const unsigned int xid,
> struct cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_READ_ATTRIBUTES;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = &fid;
>         oparms.reconnect = false;
>
> --
> Thanks,
>
> Steve

Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>

--
Best regards,
Pavel Shilovsky
Steve French Aug. 28, 2018, 9:25 p.m. UTC | #2
Related patch pointed out by testing of mkdir by whh.  Note that due
to Ronnie's changes (compounding mkdir/rmdir and various setinfo
scenarios) this has a prereq of Ronnie's compounding series.

(which is tentatively in for-next in any case)
On Mon, Aug 27, 2018 at 5:16 PM Steve French <smfrench@gmail.com> wrote:
>
>     SMB3: Backup intent flag missing for directory opens with backupuid mounts
>
>     When "backup intent" is requested on the mount (e.g. backupuid or
>     backupgid mount options), the corresponding flag needs to be set
>     on opens of directories (and files) but was missing in some
>     places causing access denied trying to enumerate and backup
>     servers.
>
>     Fixes kernel bugzilla #200953
>     https://bugzilla.kernel.org/show_bug.cgi?id=200953
>
>     Reported-and-tested-by: <whh@rubrik.com>
>     Signed-off-by: Steve French <stfrench@microsoft.com>
>     CC: Stable <stable@vger.kernel.org>
>
> diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
> index d32eaa4b2437..6e8765f44508 100644
> --- a/fs/cifs/inode.c
> +++ b/fs/cifs/inode.c
> @@ -467,6 +467,8 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path,
>         oparms.cifs_sb = cifs_sb;
>         oparms.desired_access = GENERIC_READ;
>         oparms.create_options = CREATE_NOT_DIR;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options |= CREATE_OPEN_BACKUP_INTENT;
>         oparms.disposition = FILE_OPEN;
>         oparms.path = path;
>         oparms.fid = &fid;
> diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> index f551afca2152..32cae6e49ea2 100644
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -630,7 +630,10 @@ smb2_is_path_accessible(const unsigned int xid,
> struct cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_READ_ATTRIBUTES;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = &fid;
>         oparms.reconnect = false;
>
> @@ -779,7 +782,10 @@ smb2_query_eas(const unsigned int xid, struct
> cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_READ_EA;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = &fid;
>         oparms.reconnect = false;
>
> @@ -858,7 +864,10 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_WRITE_EA;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = &fid;
>         oparms.reconnect = false;
>
> @@ -1453,7 +1462,10 @@ smb2_query_dir_first(const unsigned int xid,
> struct cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_READ_ATTRIBUTES | FILE_READ_DATA;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = fid;
>         oparms.reconnect = false;
>
> @@ -1857,7 +1869,10 @@ smb2_query_symlink(const unsigned int xid,
> struct cifs_tcon *tcon,
>         oparms.tcon = tcon;
>         oparms.desired_access = FILE_READ_ATTRIBUTES;
>         oparms.disposition = FILE_OPEN;
> -       oparms.create_options = 0;
> +       if (backup_cred(cifs_sb))
> +               oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
> +       else
> +               oparms.create_options = 0;
>         oparms.fid = &fid;
>         oparms.reconnect = false;
>
> --
> Thanks,
>
> Steve
diff mbox series

Patch

From bf4ca49a13107878360cf743bce271d92d1263ff Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Mon, 27 Aug 2018 17:04:13 -0500
Subject: [PATCH] SMB3: Backup intent flag missing for directory opens with
 backupuid mounts

When "backup intent" is requested on the mount (e.g. backupuid or
backupgid mount options), the corresponding flag needs to be set
on opens of directories (and files) but was missing in some
places causing access denied trying to enumerate and backup
servers.

Fixes kernel bugzilla #200953
https://bugzilla.kernel.org/show_bug.cgi?id=200953

Reported-and-tested-by: <whh@rubrik.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
---
 fs/cifs/inode.c   |  2 ++
 fs/cifs/smb2ops.c | 25 ++++++++++++++++++++-----
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index d32eaa4b2437..6e8765f44508 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -467,6 +467,8 @@  cifs_sfu_type(struct cifs_fattr *fattr, const char *path,
 	oparms.cifs_sb = cifs_sb;
 	oparms.desired_access = GENERIC_READ;
 	oparms.create_options = CREATE_NOT_DIR;
+	if (backup_cred(cifs_sb))
+		oparms.create_options |= CREATE_OPEN_BACKUP_INTENT;
 	oparms.disposition = FILE_OPEN;
 	oparms.path = path;
 	oparms.fid = &fid;
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index f551afca2152..32cae6e49ea2 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -630,7 +630,10 @@  smb2_is_path_accessible(const unsigned int xid, struct cifs_tcon *tcon,
 	oparms.tcon = tcon;
 	oparms.desired_access = FILE_READ_ATTRIBUTES;
 	oparms.disposition = FILE_OPEN;
-	oparms.create_options = 0;
+	if (backup_cred(cifs_sb))
+		oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
+	else
+		oparms.create_options = 0;
 	oparms.fid = &fid;
 	oparms.reconnect = false;
 
@@ -779,7 +782,10 @@  smb2_query_eas(const unsigned int xid, struct cifs_tcon *tcon,
 	oparms.tcon = tcon;
 	oparms.desired_access = FILE_READ_EA;
 	oparms.disposition = FILE_OPEN;
-	oparms.create_options = 0;
+	if (backup_cred(cifs_sb))
+		oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
+	else
+		oparms.create_options = 0;
 	oparms.fid = &fid;
 	oparms.reconnect = false;
 
@@ -858,7 +864,10 @@  smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
 	oparms.tcon = tcon;
 	oparms.desired_access = FILE_WRITE_EA;
 	oparms.disposition = FILE_OPEN;
-	oparms.create_options = 0;
+	if (backup_cred(cifs_sb))
+		oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
+	else
+		oparms.create_options = 0;
 	oparms.fid = &fid;
 	oparms.reconnect = false;
 
@@ -1453,7 +1462,10 @@  smb2_query_dir_first(const unsigned int xid, struct cifs_tcon *tcon,
 	oparms.tcon = tcon;
 	oparms.desired_access = FILE_READ_ATTRIBUTES | FILE_READ_DATA;
 	oparms.disposition = FILE_OPEN;
-	oparms.create_options = 0;
+	if (backup_cred(cifs_sb))
+		oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
+	else
+		oparms.create_options = 0;
 	oparms.fid = fid;
 	oparms.reconnect = false;
 
@@ -1857,7 +1869,10 @@  smb2_query_symlink(const unsigned int xid, struct cifs_tcon *tcon,
 	oparms.tcon = tcon;
 	oparms.desired_access = FILE_READ_ATTRIBUTES;
 	oparms.disposition = FILE_OPEN;
-	oparms.create_options = 0;
+	if (backup_cred(cifs_sb))
+		oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
+	else
+		oparms.create_options = 0;
 	oparms.fid = &fid;
 	oparms.reconnect = false;
 
-- 
2.17.1