Commit a001e5b5 authored by David Howells's avatar David Howells Committed by James Morris

CRED: Wrap task credential accesses in the CIFS filesystem

Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarJames Morris <jmorris@namei.org>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Cc: Steve French <sfrench@samba.org>
Cc: linux-cifs-client@lists.samba.org
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 1109b07b
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
#define _CIFS_FS_SB_H #define _CIFS_FS_SB_H
#define CIFS_MOUNT_NO_PERM 1 /* do not do client vfs_perm check */ #define CIFS_MOUNT_NO_PERM 1 /* do not do client vfs_perm check */
#define CIFS_MOUNT_SET_UID 2 /* set current->euid in create etc. */ #define CIFS_MOUNT_SET_UID 2 /* set current's euid in create etc. */
#define CIFS_MOUNT_SERVER_INUM 4 /* inode numbers from uniqueid from server */ #define CIFS_MOUNT_SERVER_INUM 4 /* inode numbers from uniqueid from server */
#define CIFS_MOUNT_DIRECT_IO 8 /* do not write nor read through page cache */ #define CIFS_MOUNT_DIRECT_IO 8 /* do not write nor read through page cache */
#define CIFS_MOUNT_NO_XATTR 0x10 /* if set - disable xattr support */ #define CIFS_MOUNT_NO_XATTR 0x10 /* if set - disable xattr support */
......
...@@ -39,7 +39,7 @@ extern int smb_send(struct socket *, struct smb_hdr *, ...@@ -39,7 +39,7 @@ extern int smb_send(struct socket *, struct smb_hdr *,
unsigned int /* length */ , struct sockaddr *, bool); unsigned int /* length */ , struct sockaddr *, bool);
extern unsigned int _GetXid(void); extern unsigned int _GetXid(void);
extern void _FreeXid(unsigned int); extern void _FreeXid(unsigned int);
#define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current->fsuid)); #define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current_fsuid()));
#define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));} #define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));}
extern char *build_path_from_dentry(struct dentry *); extern char *build_path_from_dentry(struct dentry *);
extern char *build_wildcard_path_from_dentry(struct dentry *direntry); extern char *build_wildcard_path_from_dentry(struct dentry *direntry);
......
...@@ -833,8 +833,8 @@ cifs_parse_mount_options(char *options, const char *devname, ...@@ -833,8 +833,8 @@ cifs_parse_mount_options(char *options, const char *devname,
/* null target name indicates to use *SMBSERVR default called name /* null target name indicates to use *SMBSERVR default called name
if we end up sending RFC1001 session initialize */ if we end up sending RFC1001 session initialize */
vol->target_rfc1001_name[0] = 0; vol->target_rfc1001_name[0] = 0;
vol->linux_uid = current->uid; /* current->euid instead? */ vol->linux_uid = current_uid(); /* use current_euid() instead? */
vol->linux_gid = current->gid; vol->linux_gid = current_gid();
vol->dir_mode = S_IRWXUGO; vol->dir_mode = S_IRWXUGO;
/* 2767 perms indicate mandatory locking support */ /* 2767 perms indicate mandatory locking support */
vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP); vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
......
...@@ -235,11 +235,11 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode, ...@@ -235,11 +235,11 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
}; };
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
args.uid = (__u64) current->fsuid; args.uid = (__u64) current_fsuid();
if (inode->i_mode & S_ISGID) if (inode->i_mode & S_ISGID)
args.gid = (__u64) inode->i_gid; args.gid = (__u64) inode->i_gid;
else else
args.gid = (__u64) current->fsgid; args.gid = (__u64) current_fsgid();
} else { } else {
args.uid = NO_CHANGE_64; args.uid = NO_CHANGE_64;
args.gid = NO_CHANGE_64; args.gid = NO_CHANGE_64;
...@@ -271,13 +271,13 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode, ...@@ -271,13 +271,13 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
if ((oplock & CIFS_CREATE_ACTION) && if ((oplock & CIFS_CREATE_ACTION) &&
(cifs_sb->mnt_cifs_flags & (cifs_sb->mnt_cifs_flags &
CIFS_MOUNT_SET_UID)) { CIFS_MOUNT_SET_UID)) {
newinode->i_uid = current->fsuid; newinode->i_uid = current_fsuid();
if (inode->i_mode & S_ISGID) if (inode->i_mode & S_ISGID)
newinode->i_gid = newinode->i_gid =
inode->i_gid; inode->i_gid;
else else
newinode->i_gid = newinode->i_gid =
current->fsgid; current_fsgid();
} }
} }
} }
...@@ -375,8 +375,8 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode, ...@@ -375,8 +375,8 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode,
.device = device_number, .device = device_number,
}; };
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
args.uid = (__u64) current->fsuid; args.uid = (__u64) current_fsuid();
args.gid = (__u64) current->fsgid; args.gid = (__u64) current_fsgid();
} else { } else {
args.uid = NO_CHANGE_64; args.uid = NO_CHANGE_64;
args.gid = NO_CHANGE_64; args.gid = NO_CHANGE_64;
......
...@@ -1143,11 +1143,11 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode) ...@@ -1143,11 +1143,11 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
.device = 0, .device = 0,
}; };
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
args.uid = (__u64)current->fsuid; args.uid = (__u64)current_fsuid();
if (inode->i_mode & S_ISGID) if (inode->i_mode & S_ISGID)
args.gid = (__u64)inode->i_gid; args.gid = (__u64)inode->i_gid;
else else
args.gid = (__u64)current->fsgid; args.gid = (__u64)current_fsgid();
} else { } else {
args.uid = NO_CHANGE_64; args.uid = NO_CHANGE_64;
args.gid = NO_CHANGE_64; args.gid = NO_CHANGE_64;
...@@ -1184,13 +1184,13 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode) ...@@ -1184,13 +1184,13 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
if (cifs_sb->mnt_cifs_flags & if (cifs_sb->mnt_cifs_flags &
CIFS_MOUNT_SET_UID) { CIFS_MOUNT_SET_UID) {
direntry->d_inode->i_uid = direntry->d_inode->i_uid =
current->fsuid; current_fsuid();
if (inode->i_mode & S_ISGID) if (inode->i_mode & S_ISGID)
direntry->d_inode->i_gid = direntry->d_inode->i_gid =
inode->i_gid; inode->i_gid;
else else
direntry->d_inode->i_gid = direntry->d_inode->i_gid =
current->fsgid; current_fsgid();
} }
} }
} }
......
...@@ -65,7 +65,7 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg) ...@@ -65,7 +65,7 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg)
switch (command) { switch (command) {
case CIFS_IOC_CHECKUMOUNT: case CIFS_IOC_CHECKUMOUNT:
cFYI(1, ("User unmount attempted")); cFYI(1, ("User unmount attempted"));
if (cifs_sb->mnt_uid == current->uid) if (cifs_sb->mnt_uid == current_uid())
rc = 0; rc = 0;
else { else {
rc = -EACCES; rc = -EACCES;
......
...@@ -347,13 +347,13 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , ...@@ -347,13 +347,13 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ ,
/* BB Add support for establishing new tCon and SMB Session */ /* BB Add support for establishing new tCon and SMB Session */
/* with userid/password pairs found on the smb session */ /* with userid/password pairs found on the smb session */
/* for other target tcp/ip addresses BB */ /* for other target tcp/ip addresses BB */
if (current->fsuid != treeCon->ses->linux_uid) { if (current_fsuid() != treeCon->ses->linux_uid) {
cFYI(1, ("Multiuser mode and UID " cFYI(1, ("Multiuser mode and UID "
"did not match tcon uid")); "did not match tcon uid"));
read_lock(&GlobalSMBSeslock); read_lock(&GlobalSMBSeslock);
list_for_each(temp_item, &GlobalSMBSessionList) { list_for_each(temp_item, &GlobalSMBSessionList) {
ses = list_entry(temp_item, struct cifsSesInfo, cifsSessionList); ses = list_entry(temp_item, struct cifsSesInfo, cifsSessionList);
if (ses->linux_uid == current->fsuid) { if (ses->linux_uid == current_fsuid()) {
if (ses->server == treeCon->ses->server) { if (ses->server == treeCon->ses->server) {
cFYI(1, ("found matching uid substitute right smb_uid")); cFYI(1, ("found matching uid substitute right smb_uid"));
buffer->Uid = ses->Suid; buffer->Uid = ses->Suid;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment