From patchwork Tue Aug 9 19:30:39 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shirish Pargaonkar X-Patchwork-Id: 1050722 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p79JNGg9030985 for ; Tue, 9 Aug 2011 19:24:55 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750722Ab1HITYz (ORCPT ); Tue, 9 Aug 2011 15:24:55 -0400 Received: from mail-yw0-f46.google.com ([209.85.213.46]:62909 "EHLO mail-yw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750695Ab1HITYy (ORCPT ); Tue, 9 Aug 2011 15:24:54 -0400 Received: by mail-yw0-f46.google.com with SMTP id 7so229607ywf.19 for ; Tue, 09 Aug 2011 12:24:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; bh=vr0edwxU1GGjWn7Ly9HvfLUgK85clTplmkQ4PG89PDY=; b=A7B7M8DkXVsWyvz0nj76ffphUum917Ta5RG6uVCo5nJPrgopEpb6pIm3jXe5gYSxt7 UH0K0enYscp1qWw9NbujJvluFqTm2dJnL3esZ1uPiqsIogo9viRIgBeHkTBNWD6GJOZG wnt2gj9TFuvzVvJJjiM/oEPmtHALGIHdVs7XU= Received: by 10.150.48.17 with SMTP id v17mr7341467ybv.206.1312917894376; Tue, 09 Aug 2011 12:24:54 -0700 (PDT) Received: from localhost ([32.97.110.58]) by mx.google.com with ESMTPS id 7sm154478ybm.12.2011.08.09.12.24.53 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 09 Aug 2011 12:24:53 -0700 (PDT) From: shirishpargaonkar@gmail.com To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, Shirish Pargaonkar Subject: [PATCH 1/3] cifs: Do not set cifs/ntfs acl using a file handle (try #4) Date: Tue, 9 Aug 2011 14:30:39 -0500 Message-Id: <1312918239-23711-1-git-send-email-shirishpargonkar@gmail.com> X-Mailer: git-send-email 1.6.0.2 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Tue, 09 Aug 2011 19:24:55 +0000 (UTC) From: Shirish Pargaonkar Set security descriptor using path name instead of a file handle. We can't be sure that the file handle has adequate permission to set a security descriptor (to modify DACL). Function set_cifs_acl_by_fid() has been removed since we can't be sure how a file was opened for writing, a valid request can fail if the file was not opened with two above mentioned permissions. We could have opted to add on WRITE_DAC and WRITE_OWNER permissions to file opens and then use that file handle but adding addtional permissions such as WRITE_DAC and WRITE_OWNER could cause an any open to fail. And it was incorrect to look for read file handle to set a security descriptor anyway. Signed-off-by: Shirish Pargaonkar --- fs/cifs/cifsacl.c | 28 +--------------------------- 1 files changed, 1 insertions(+), 27 deletions(-) diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 21de1d6..d0f59fa 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -991,24 +991,6 @@ struct cifs_ntsd *get_cifs_acl(struct cifs_sb_info *cifs_sb, return pntsd; } -static int set_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb, __u16 fid, - struct cifs_ntsd *pnntsd, u32 acllen) -{ - int xid, rc; - struct tcon_link *tlink = cifs_sb_tlink(cifs_sb); - - if (IS_ERR(tlink)) - return PTR_ERR(tlink); - - xid = GetXid(); - rc = CIFSSMBSetCIFSACL(xid, tlink_tcon(tlink), fid, pnntsd, acllen); - FreeXid(xid); - cifs_put_tlink(tlink); - - cFYI(DBG2, "SetCIFSACL rc = %d", rc); - return rc; -} - static int set_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, const char *path, struct cifs_ntsd *pnntsd, u32 acllen) { @@ -1047,18 +1029,10 @@ int set_cifs_acl(struct cifs_ntsd *pnntsd, __u32 acllen, struct inode *inode, const char *path) { struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); - struct cifsFileInfo *open_file; - int rc; cFYI(DBG2, "set ACL for %s from mode 0x%x", path, inode->i_mode); - open_file = find_readable_file(CIFS_I(inode), true); - if (!open_file) - return set_cifs_acl_by_path(cifs_sb, path, pnntsd, acllen); - - rc = set_cifs_acl_by_fid(cifs_sb, open_file->netfid, pnntsd, acllen); - cifsFileInfo_put(open_file); - return rc; + return set_cifs_acl_by_path(cifs_sb, path, pnntsd, acllen); } /* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */