Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
ffa50ea5
Commit
ffa50ea5
authored
Jul 18, 2004
by
Steve French
Browse files
Options
Browse Files
Download
Plain Diff
Merge
bk://linux.bkbits.net/linux-2.5
into hostme.bitkeeper.com:/repos/c/cifs/linux-2.5cifs
parents
1bb0fa18
69da8a3f
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
96 additions
and
18 deletions
+96
-18
fs/cifs/CHANGES
fs/cifs/CHANGES
+13
-0
fs/cifs/README
fs/cifs/README
+27
-1
fs/cifs/cifs_fs_sb.h
fs/cifs/cifs_fs_sb.h
+4
-0
fs/cifs/cifsfs.c
fs/cifs/cifsfs.c
+3
-7
fs/cifs/connect.c
fs/cifs/connect.c
+16
-0
fs/cifs/dir.c
fs/cifs/dir.c
+19
-4
fs/cifs/inode.c
fs/cifs/inode.c
+14
-6
No files found.
fs/cifs/CHANGES
View file @
ffa50ea5
Version 1.21
------------
Add new mount parm to control whether mode check (vfs_permission) is done on
the client. If Unix extensions are enabled and the uids on the client
and server do not match, client permission checks are meaningless on
server uids that do not exist on the client (this does not affect the
normal ACL check which occurs on the server). Fix default uid
on mknod to match create and mkdir. Add optional mount parm to allow
override of the default uid behavior (in which the server sets the uid
and gid of newly created files). Normally for network filesystem mounts
user want the server to set the uid/gid on newly created files (rather than
using uid of the client processes you would in a local filesystem).
Version 1.20
------------
Make transaction counts more consistent. Merge /proc/fs/cifs/SimultaneousOps
...
...
fs/cifs/README
View file @
ffa50ea5
...
...
@@ -255,7 +255,33 @@ A partial list of the supported mount options follows:
mount helper will not prompt the user for a password
if guest is specified on the mount options. If no
password is specified a null password will be used.
perm Client does permission checks (vfs_permission check of uid
and gid of the file against the mode and desired operation),
Note that this is in addition to the normal ACL check on the
target machine done by the server software.
Client permission checking is enabled by default.
noperm Client does not do permission checks. This can expose
files on this mount to access by other users on the local
client system. It is typically only needed when the server
supports the CIFS Unix Extensions but the UIDs/GIDs on the
client and server system do not match closely enough to allow
access by the user doing the mount.
Note that this does not affect the normal ACL check on the
target machine done by the server software (of the server
ACL against the user name provided at mount time).
setuids If the CIFS Unix extensions are negotiated with the server
the client will attempt to set the effective uid and gid of
the local process on newly created files, directories, and
devices (create, mkdir, mknod).
nosetuids The client will not attempt to set the uid and gid on
on newly created files, directories, and devices (create,
mkdir, mknod) which will result in the server setting the
uid and gid to the default (usually the server uid of the
usern who mounted the share). Letting the server (rather than
the client) set the uid and gid is the default. This
parameter has no effect if the CIFS Unix Extensions are not
negotiated.
The mount.cifs mount helper also accepts a few mount options before -o
including:
...
...
fs/cifs/cifs_fs_sb.h
View file @
ffa50ea5
...
...
@@ -18,6 +18,9 @@
#ifndef _CIFS_FS_SB_H
#define _CIFS_FS_SB_H
#define CIFS_MOUNT_NO_PERM 1
/* do not do client vfs_perm check */
#define CIFS_MOUNT_SET_UID 2
/* set current->euid in create etc. */
struct
cifs_sb_info
{
struct
cifsTconInfo
*
tcon
;
/* primary mount */
struct
list_head
nested_tcon_q
;
...
...
@@ -28,5 +31,6 @@ struct cifs_sb_info {
gid_t
mnt_gid
;
mode_t
mnt_file_mode
;
mode_t
mnt_dir_mode
;
int
mnt_cifs_flags
;
};
#endif
/* _CIFS_FS_SB_H */
fs/cifs/cifsfs.c
View file @
ffa50ea5
...
...
@@ -192,15 +192,11 @@ cifs_statfs(struct super_block *sb, struct kstatfs *buf)
static
int
cifs_permission
(
struct
inode
*
inode
,
int
mask
,
struct
nameidata
*
nd
)
{
struct
cifs_sb_info
*
cifs_sb
;
struct
cifs_sb_info
*
cifs_sb
;
cifs_sb
=
CIFS_SB
(
inode
->
i_sb
);
cifs_sb
=
CIFS_SB
(
inode
->
i_sb
);
if
(
cifs_sb
->
tcon
->
ses
->
capabilities
&
CAP_UNIX
)
{
/* the server supports the Unix-like mode bits and does its
own permission checks, and therefore we do not allow the file
mode to be overriden on these mounts - so do not do perm
check on client side */
if
(
cifs_sb
->
mnt_cifs_flags
&
CIFS_MOUNT_NO_PERM
)
{
return
0
;
}
else
/* file mode might have been restricted at mount time
on the client (above and beyond ACL on servers) for
...
...
fs/cifs/connect.c
View file @
ffa50ea5
...
...
@@ -64,6 +64,8 @@ struct smb_vol {
int
rw
:
1
;
int
retry
:
1
;
int
intr
:
1
;
int
setuids
:
1
;
int
noperm
:
1
;
unsigned
int
rsize
;
unsigned
int
wsize
;
unsigned
int
sockopt
;
...
...
@@ -740,6 +742,14 @@ cifs_parse_mount_options(char *options, const char *devname, struct smb_vol *vol
vol
->
retry
=
1
;
}
else
if
(
strnicmp
(
data
,
"soft"
,
4
)
==
0
)
{
vol
->
retry
=
0
;
}
else
if
(
strnicmp
(
data
,
"perm"
,
4
)
==
0
)
{
vol
->
noperm
=
0
;
}
else
if
(
strnicmp
(
data
,
"noperm"
,
6
)
==
0
)
{
vol
->
noperm
=
1
;
}
else
if
(
strnicmp
(
data
,
"setuids"
,
7
)
==
0
)
{
vol
->
setuids
=
1
;
}
else
if
(
strnicmp
(
data
,
"nosetuids"
,
9
)
==
0
)
{
vol
->
setuids
=
0
;
}
else
if
(
strnicmp
(
data
,
"nohard"
,
6
)
==
0
)
{
vol
->
retry
=
0
;
}
else
if
(
strnicmp
(
data
,
"nosoft"
,
6
)
==
0
)
{
...
...
@@ -1314,6 +1324,12 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
cifs_sb
->
mnt_file_mode
=
volume_info
.
file_mode
;
cifs_sb
->
mnt_dir_mode
=
volume_info
.
dir_mode
;
cFYI
(
1
,(
"file mode: 0x%x dir mode: 0x%x"
,
cifs_sb
->
mnt_file_mode
,
cifs_sb
->
mnt_dir_mode
));
if
(
volume_info
.
noperm
)
cifs_sb
->
mnt_cifs_flags
|=
CIFS_MOUNT_NO_PERM
;
if
(
volume_info
.
setuids
)
cifs_sb
->
mnt_cifs_flags
|=
CIFS_MOUNT_SET_UID
;
tcon
=
find_unc
(
sin_server
.
sin_addr
.
s_addr
,
volume_info
.
UNC
,
volume_info
.
username
);
...
...
fs/cifs/dir.c
View file @
ffa50ea5
...
...
@@ -243,11 +243,19 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
then we now have to set the mode if possible */
if
((
cifs_sb
->
tcon
->
ses
->
capabilities
&
CAP_UNIX
)
&&
(
oplock
&
CIFS_CREATE_ACTION
))
CIFSSMBUnixSetPerms
(
xid
,
pTcon
,
full_path
,
mode
,
if
(
cifs_sb
->
mnt_cifs_flags
&
CIFS_MOUNT_SET_UID
)
{
CIFSSMBUnixSetPerms
(
xid
,
pTcon
,
full_path
,
mode
,
(
__u64
)
current
->
euid
,
(
__u64
)
current
->
egid
,
0
/* dev */
,
cifs_sb
->
local_nls
);
}
else
{
CIFSSMBUnixSetPerms
(
xid
,
pTcon
,
full_path
,
mode
,
(
__u64
)
-
1
,
(
__u64
)
-
1
,
0
/* dev */
,
cifs_sb
->
local_nls
);
}
else
{
/* BB implement via Windows security descriptors */
/* eg CIFSSMBWinSetPerms(xid,pTcon,full_path,mode,-1,-1,local_nls);*/
...
...
@@ -348,9 +356,16 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode, dev_t dev
rc
=
-
ENOMEM
;
if
(
full_path
&&
(
pTcon
->
ses
->
capabilities
&
CAP_UNIX
))
{
rc
=
CIFSSMBUnixSetPerms
(
xid
,
pTcon
,
full_path
,
mode
,
current
->
euid
,
current
->
egid
,
device_number
,
cifs_sb
->
local_nls
);
if
(
cifs_sb
->
mnt_cifs_flags
&
CIFS_MOUNT_SET_UID
)
{
rc
=
CIFSSMBUnixSetPerms
(
xid
,
pTcon
,
full_path
,
mode
,(
__u64
)
current
->
euid
,(
__u64
)
current
->
egid
,
device_number
,
cifs_sb
->
local_nls
);
}
else
{
rc
=
CIFSSMBUnixSetPerms
(
xid
,
pTcon
,
full_path
,
mode
,
(
__u64
)
-
1
,
(
__u64
)
-
1
,
device_number
,
cifs_sb
->
local_nls
);
}
if
(
!
rc
)
{
rc
=
cifs_get_inode_info_unix
(
&
newinode
,
full_path
,
inode
->
i_sb
,
xid
);
...
...
fs/cifs/inode.c
View file @
ffa50ea5
...
...
@@ -480,12 +480,20 @@ cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
d_instantiate
(
direntry
,
newinode
);
if
(
direntry
->
d_inode
)
direntry
->
d_inode
->
i_nlink
=
2
;
if
(
cifs_sb
->
tcon
->
ses
->
capabilities
&
CAP_UNIX
)
CIFSSMBUnixSetPerms
(
xid
,
pTcon
,
full_path
,
mode
,
(
__u64
)
-
1
,
(
__u64
)
-
1
,
0
/* dev_t */
,
cifs_sb
->
local_nls
);
if
(
cifs_sb
->
tcon
->
ses
->
capabilities
&
CAP_UNIX
)
if
(
cifs_sb
->
mnt_cifs_flags
&
CIFS_MOUNT_SET_UID
)
{
CIFSSMBUnixSetPerms
(
xid
,
pTcon
,
full_path
,
mode
,
(
__u64
)
current
->
euid
,
(
__u64
)
current
->
egid
,
0
/* dev_t */
,
cifs_sb
->
local_nls
);
}
else
{
CIFSSMBUnixSetPerms
(
xid
,
pTcon
,
full_path
,
mode
,
(
__u64
)
-
1
,
(
__u64
)
-
1
,
0
/* dev_t */
,
cifs_sb
->
local_nls
);
}
else
{
/* BB to be implemented via Windows secrty descriptors*/
/* eg CIFSSMBWinSetPerms(xid,pTcon,full_path,mode,-1,-1,local_nls);*/
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment