From patchwork Sun May 24 22:45:15 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@redhat.com>
X-Patchwork-Id: 25703
Received: from lists.samba.org (mail.samba.org [66.70.73.150])
	by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n4OMjpfr015572
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Sun, 24 May 2009 22:45:51 GMT
Received: from dp.samba.org (localhost [127.0.0.1])
	by lists.samba.org (Postfix) with ESMTP id 10212163C17
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Sun, 24 May 2009 22:45:22 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.8 required=3.8 tests=AWL,BAYES_00,
	FORGED_RCVD_HELO,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.1.7
X-Original-To: linux-cifs-client@lists.samba.org
Delivered-To: linux-cifs-client@lists.samba.org
Received: from mx2.redhat.com (mx2.redhat.com [66.187.237.31])
	by lists.samba.org (Postfix) with ESMTP id B2477163B84
	for <linux-cifs-client@lists.samba.org>;
	Sun, 24 May 2009 22:44:54 +0000 (GMT)
Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com
	[172.16.27.26])
	by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n4OMjJ3u025835;
	Sun, 24 May 2009 18:45:19 -0400
Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id
	n4OMjI9L010735; Sun, 24 May 2009 18:45:19 -0400
Received: from localhost.localdomain (vpn-12-73.rdu.redhat.com [10.11.12.73])
	by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n4OMjHAK027591;
	Sun, 24 May 2009 18:45:18 -0400
From: Jeff Layton <jlayton@redhat.com>
To: smfrench@gmail.com
Date: Sun, 24 May 2009 18:45:15 -0400
Message-Id: <1243205117-3351-2-git-send-email-jlayton@redhat.com>
In-Reply-To: <1243205117-3351-1-git-send-email-jlayton@redhat.com>
References: <1243205117-3351-1-git-send-email-jlayton@redhat.com>
X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26
Cc: linux-cifs-client@lists.samba.org
Subject: [linux-cifs-client] [PATCH 1/3] cifs: make overriding of ownership
	conditional on new mount options
X-BeenThere: linux-cifs-client@lists.samba.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Linux CIFS VFS client <linux-cifs-client.lists.samba.org>
List-Unsubscribe: 
 <https://lists.samba.org/mailman/listinfo/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=unsubscribe>
List-Archive: <http://lists.samba.org/archive/linux-cifs-client>
List-Post: <mailto:linux-cifs-client@lists.samba.org>
List-Help: <mailto:linux-cifs-client-request@lists.samba.org?subject=help>
List-Subscribe: <https://lists.samba.org/mailman/listinfo/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=subscribe>
Sender: 
 linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org
Errors-To: 
 linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org

We have a bit of a problem with the uid= option. The basic issue is that
it means too many things and has too many side-effects.

It's possible to allow an unprivileged user to mount a filesystem if the
user owns the mountpoint, /bin/mount is setuid root, and the mount is
set up in /etc/fstab with the "user" option.

When doing this though, /bin/mount automatically adds the "uid=" and
"gid=" options to the share. This is fortunate since the correct uid=
option is needed in order to tell the upcall what user's credcache to
use when generating the SPNEGO blob.

On a mount without unix extensions this is fine -- you generally will
want the files to be owned by the "owner" of the mount. The problem
comes in on a mount with unix extensions. With those enabled, the
uid/gid options cause the ownership of files to be overriden even though
the server is sending along the ownership info.

This means that it's not possible to have a mount by an unprivileged
user that shows the server's file ownership info. The result is also
inode permissions that have no reflection at all on the server. You
simply cannot separate ownership from the mode in this fashion.

This behavior also makes MultiuserMount option less usable. Once you
pass in the uid= option for a mount, then you can't use unix ownership
info and allow someone to share the mount.

While I'm not thrilled with it, the only solution I can see is to stop
making uid=/gid= force the overriding of ownership on mounts, and to add
new mount options that turn this behavior on.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
 fs/cifs/connect.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 4aa81a5..4f5a03c 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1092,17 +1092,17 @@ cifs_parse_mount_options(char *options, const char *devname,
 				return 1;
 			}
 		} else if (strnicmp(data, "uid", 3) == 0) {
-			if (value && *value) {
+			if (value && *value)
 				vol->linux_uid =
 					simple_strtoul(value, &value, 0);
+		} else if (strnicmp(data, "forceuid", 8) == 0) {
 				vol->override_uid = 1;
-			}
 		} else if (strnicmp(data, "gid", 3) == 0) {
-			if (value && *value) {
+			if (value && *value)
 				vol->linux_gid =
 					simple_strtoul(value, &value, 0);
+		} else if (strnicmp(data, "forcegid", 8) == 0) {
 				vol->override_gid = 1;
-			}
 		} else if (strnicmp(data, "file_mode", 4) == 0) {
 			if (value && *value) {
 				vol->file_mode =