From patchwork Fri Jun 12 15:40:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 11601903 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E6B1490 for ; Fri, 12 Jun 2020 15:40:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CA16F20838 for ; Fri, 12 Jun 2020 15:40:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RN6TQ4Nh" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726085AbgFLPkc (ORCPT ); Fri, 12 Jun 2020 11:40:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726053AbgFLPkc (ORCPT ); Fri, 12 Jun 2020 11:40:32 -0400 Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 04248C03E96F for ; Fri, 12 Jun 2020 08:40:31 -0700 (PDT) Received: by mail-yb1-xb36.google.com with SMTP id d13so5096392ybk.8 for ; Fri, 12 Jun 2020 08:40:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=kvGnRG67ud9orNAO/VmmKAXUX0xoZoI8pwsEZnbIR34=; b=RN6TQ4NhyO+4PNIm0tkQUpe3tpy4IkHULbdmppLUukINOezy+/BRg6jEVB+piRUVyE KhBIS/ghyJeF7wgFUdf3S2Knq82v5m3b86qsrRp7zpdBmZpPlLUwvwFWt/cw3sSrEuE7 +XzMMcKz9j3Lr9+OBEJyqUC13l0AG676hY3ZG3BB/cinRxrhFsY4TOJa6BZ51MCRGPsa wTkkoLSkTEHMXHjCqk2wy+oivGONXTKN4LC3dA2ULSZyIgPUGUGwBe5zD6nypBujvhZy QWinBKT1H7qoZ8apSYfuFZozDmDPtzBPTP+K8QIAOB2WJ4rVoWGxca3Bv2aHQI71GDHT jFHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=kvGnRG67ud9orNAO/VmmKAXUX0xoZoI8pwsEZnbIR34=; b=TD5mZuAIVQaYUXuEEMw5t2nD8Db1piINMBoYTJ5L6OooodPQO3Tmz55/xZUv3eXi7y 0bnz9JWcWGluJ0d9h2BsgKH5BZj4+fYnWCMq1xAaOJeSyZbX6xkOQ7p82BF2QYCDZLCK mbxplwpe5EtCMQ4NkKJTaH8V0HMyFpKVXO/4+bcSV6A3gR/WondjZ4pydEcF2t8J04Nh 4RLi4ZCJQ/P8fviLps/V6UZFgE9KDVvartkQajJl2PxTZtu6Vg9NQsf5KaF3ozK/wlfj xBrM0lNHNG4Kn8IJg7wvrAiB3iteLPcdVnjMjIQcSM0rQr2YPbKQ5vSYajxhK2Y30hgI CPmA== X-Gm-Message-State: AOAM531dl2m8pA42DKi9gMiWJEccwskNoPm9vn+CIkIyPA9Yl6NgIRuY hxGsQJxW+5L4KPTjZpvDRxcbXgELiROC6PCuCUZx5lrlxpw= X-Google-Smtp-Source: ABdhPJyDnHhN+n0Xddrv1RzZv8zzsEHKs8TdFvC15aBeHeIQzPbKIfFshrmt9BpoNSulvKDDvELRZ562Lzh4R3nea5Y= X-Received: by 2002:a25:ec0d:: with SMTP id j13mr21483402ybh.364.1591976430334; Fri, 12 Jun 2020 08:40:30 -0700 (PDT) MIME-Version: 1.0 From: Steve French Date: Fri, 12 Jun 2020 10:40:19 -0500 Message-ID: Subject: [PATCH] cifs: fix chown and chgrp when idsfromsid mount option enabled To: CIFS Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org idsfromsid was ignored in chown and chgrp causing it to fail when upcalls were not configured for lookup. idsfromsid allows mapping users when setting user or group ownership using "special SID" (reserved for this). Add support for chmod and chgrp when idsfromsid mount option is enabled. Reviewed-by: Pavel Shilovsky From 4d4c6091ac523390d9fe1c1597aa879d98eb3a73 Mon Sep 17 00:00:00 2001 From: Steve French Date: Fri, 12 Jun 2020 10:36:37 -0500 Subject: [PATCH] cifs: fix chown and chgrp when idsfromsid mount option enabled idsfromsid was ignored in chown and chgrp causing it to fail when upcalls were not configured for lookup. idsfromsid allows mapping users when setting user or group ownership using "special SID" (reserved for this). Add support for chmod and chgrp when idsfromsid mount option is enabled. Signed-off-by: Steve French --- fs/cifs/cifsacl.c | 57 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 63aaa363ed14..6025d7fc7bbf 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -1000,7 +1000,7 @@ static int parse_sec_desc(struct cifs_sb_info *cifs_sb, /* Convert permission bits from mode to equivalent CIFS ACL */ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, __u32 secdesclen, __u64 nmode, kuid_t uid, kgid_t gid, - bool mode_from_sid, int *aclflag) + bool mode_from_sid, bool id_from_sid, int *aclflag) { int rc = 0; __u32 dacloffset; @@ -1041,12 +1041,23 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, if (!nowner_sid_ptr) return -ENOMEM; id = from_kuid(&init_user_ns, uid); - rc = id_to_sid(id, SIDOWNER, nowner_sid_ptr); - if (rc) { - cifs_dbg(FYI, "%s: Mapping error %d for owner id %d\n", - __func__, rc, id); - kfree(nowner_sid_ptr); - return rc; + if (id_from_sid) { + struct owner_sid *osid = (struct owner_sid *)nowner_sid_ptr; + /* Populate the user ownership fields S-1-5-88-1 */ + osid->Revision = 1; + osid->NumAuth = 3; + osid->Authority[5] = 5; + osid->SubAuthorities[0] = cpu_to_le32(88); + osid->SubAuthorities[1] = cpu_to_le32(1); + osid->SubAuthorities[2] = cpu_to_le32(id); + } else { /* lookup sid with upcall */ + rc = id_to_sid(id, SIDOWNER, nowner_sid_ptr); + if (rc) { + cifs_dbg(FYI, "%s: Mapping error %d for owner id %d\n", + __func__, rc, id); + kfree(nowner_sid_ptr); + return rc; + } } cifs_copy_sid(owner_sid_ptr, nowner_sid_ptr); kfree(nowner_sid_ptr); @@ -1061,12 +1072,23 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, if (!ngroup_sid_ptr) return -ENOMEM; id = from_kgid(&init_user_ns, gid); - rc = id_to_sid(id, SIDGROUP, ngroup_sid_ptr); - if (rc) { - cifs_dbg(FYI, "%s: Mapping error %d for group id %d\n", - __func__, rc, id); - kfree(ngroup_sid_ptr); - return rc; + if (id_from_sid) { + struct owner_sid *gsid = (struct owner_sid *)ngroup_sid_ptr; + /* Populate the group ownership fields S-1-5-88-2 */ + gsid->Revision = 1; + gsid->NumAuth = 3; + gsid->Authority[5] = 5; + gsid->SubAuthorities[0] = cpu_to_le32(88); + gsid->SubAuthorities[1] = cpu_to_le32(2); + gsid->SubAuthorities[2] = cpu_to_le32(id); + } else { /* lookup sid with upcall */ + rc = id_to_sid(id, SIDGROUP, ngroup_sid_ptr); + if (rc) { + cifs_dbg(FYI, "%s: Mapping error %d for group id %d\n", + __func__, rc, id); + kfree(ngroup_sid_ptr); + return rc; + } } cifs_copy_sid(group_sid_ptr, ngroup_sid_ptr); kfree(ngroup_sid_ptr); @@ -1269,7 +1291,7 @@ id_mode_to_cifs_acl(struct inode *inode, const char *path, __u64 nmode, struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct tcon_link *tlink = cifs_sb_tlink(cifs_sb); struct smb_version_operations *ops; - bool mode_from_sid; + bool mode_from_sid, id_from_sid; if (IS_ERR(tlink)) return PTR_ERR(tlink); @@ -1312,8 +1334,13 @@ id_mode_to_cifs_acl(struct inode *inode, const char *path, __u64 nmode, else mode_from_sid = false; + if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL) + id_from_sid = true; + else + id_from_sid = false; + rc = build_sec_desc(pntsd, pnntsd, secdesclen, nmode, uid, gid, - mode_from_sid, &aclflag); + mode_from_sid, id_from_sid, &aclflag); cifs_dbg(NOISY, "build_sec_desc rc: %d\n", rc); -- 2.25.1