diff mbox series

Additional patches added to for-next

Message ID CAH2r5murjsjwoFBs0okQq=if0mbXK_nnChkF==3x781zJjVhOA@mail.gmail.com (mailing list archive)
State New
Headers show
Series Additional patches added to for-next | expand

Commit Message

Steve French April 1, 2025, 7:11 a.m. UTC 
Added seven additional patches from Pali's cifs branch to cifs-2.6.git
for-next (six others from that branch have already been merged to
mainline)

His branch with all 41 patches is
https://git.kernel.org/pub/scm/linux/kernel/git/pali/linux.git

The seven that I have tentatively added to for-next are:
4236ac9fe5b8 cifs: Fix querying and creating MF symlinks over SMB1
6aa9f1c9cd09 cifs: Fix access_flags_to_smbopen_mode
e94e882a6d69 cifs: Fix negotiate retry functionality
665e18794804 cifs: Improve handling of NetBIOS packets
7d14dd683b1b cifs: Allow to disable or force initialization of NetBIOS session
b1a37df6ba2f cifs: Add a new xattr system.smb3_ntsd_owner for getting
or setting owner
bf782ada459e cifs: Add a new xattr system.smb3_ntsd_sacl for getting
or setting SACLs

See attached.  If any objections, or if additional RB or Tested-By let me know.

The other 28 in that branch are trickier to review/test since many
require older SMB1 servers, and many of those are lower priority, but
review feedback on those would still be appreciated especially if any

Comments

Steve French April 1, 2025, 10:01 a.m. UTC | #1 
And three additional ones look potentially useful, and I have also
added to for-next (see attached).  Opinions welcome, and let me know
if any additional Reviewed or Tested-by for these

e97aec788954 cifs: Do not add FILE_READ_ATTRIBUTES when using
GENERIC_READ/EXECUTE/ALL
b07687edee99 cifs: Improve SMB2+ stat() to work also without
FILE_READ_ATTRIBUTES
e255612b5ed9 cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES



On Tue, Apr 1, 2025 at 2:11 AM Steve French <smfrench@gmail.com> wrote:
>
> Added seven additional patches from Pali's cifs branch to cifs-2.6.git
> for-next (six others from that branch have already been merged to
> mainline)
>
> His branch with all 41 patches is
> https://git.kernel.org/pub/scm/linux/kernel/git/pali/linux.git
>
> The seven that I have tentatively added to for-next are:
> 4236ac9fe5b8 cifs: Fix querying and creating MF symlinks over SMB1
> 6aa9f1c9cd09 cifs: Fix access_flags_to_smbopen_mode
> e94e882a6d69 cifs: Fix negotiate retry functionality
> 665e18794804 cifs: Improve handling of NetBIOS packets
> 7d14dd683b1b cifs: Allow to disable or force initialization of NetBIOS session
> b1a37df6ba2f cifs: Add a new xattr system.smb3_ntsd_owner for getting
> or setting owner
> bf782ada459e cifs: Add a new xattr system.smb3_ntsd_sacl for getting
> or setting SACLs
>
> See attached.  If any objections, or if additional RB or Tested-By let me know.
>
> The other 28 in that branch are trickier to review/test since many
> require older SMB1 servers, and many of those are lower priority, but
> review feedback on those would still be appreciated especially if any
>
> --
> Thanks,
>
> Steve
diff mbox series

Patch

From f1f1ef811c90bad17c61cba369e7dbb7e40a5055 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali@kernel.org>
Date: Mon, 14 Oct 2024 13:51:21 +0200
Subject: [PATCH 14/41] cifs: Add a new xattr system.smb3_ntsd_sacl for getting
 or setting SACLs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Access to SACL part of SMB security descriptor is granted by SACL privilege
which by default is accessible only for local administrator. But it can be
granted to any other user by local GPO or AD. SACL access is not granted by
DACL permissions and therefore is it possible that some user would not have
access to DACLs of some file, but would have access to SACLs of all files.
So it means that for accessing SACLs (either getting or setting) in some
cases requires not touching or asking for DACLs.

Currently Linux SMB client does not allow to get or set SACLs without
touching DACLs. Which means that user without DACL access is not able to
get or set SACLs even if it has access to SACLs.

Fix this problem by introducing a new xattr "system.smb3_ntsd_sacl" for
accessing only SACLs part of the security descriptor (therefore without
DACLs and OWNER/GROUP).

Signed-off-by: Pali Rohár <pali@kernel.org>
---
 fs/smb/client/xattr.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/fs/smb/client/xattr.c b/fs/smb/client/xattr.c
index 7d49f38f01f3..95b8269851f3 100644
--- a/fs/smb/client/xattr.c
+++ b/fs/smb/client/xattr.c
@@ -31,6 +31,7 @@ 
  * secure, replaced by SMB2 (then even more highly secure SMB3) many years ago
  */
 #define SMB3_XATTR_CIFS_ACL "system.smb3_acl" /* DACL only */
+#define SMB3_XATTR_CIFS_NTSD_SACL "system.smb3_ntsd_sacl" /* SACL only */
 #define SMB3_XATTR_CIFS_NTSD "system.smb3_ntsd" /* owner plus DACL */
 #define SMB3_XATTR_CIFS_NTSD_FULL "system.smb3_ntsd_full" /* owner/DACL/SACL */
 #define SMB3_XATTR_ATTRIB "smb3.dosattrib"  /* full name: user.smb3.dosattrib */
@@ -38,6 +39,7 @@ 
 /* BB need to add server (Samba e.g) support for security and trusted prefix */
 
 enum { XATTR_USER, XATTR_CIFS_ACL, XATTR_ACL_ACCESS, XATTR_ACL_DEFAULT,
+	XATTR_CIFS_NTSD_SACL,
 	XATTR_CIFS_NTSD, XATTR_CIFS_NTSD_FULL };
 
 static int cifs_attrib_set(unsigned int xid, struct cifs_tcon *pTcon,
@@ -160,6 +162,7 @@  static int cifs_xattr_set(const struct xattr_handler *handler,
 		break;
 
 	case XATTR_CIFS_ACL:
+	case XATTR_CIFS_NTSD_SACL:
 	case XATTR_CIFS_NTSD:
 	case XATTR_CIFS_NTSD_FULL: {
 		struct smb_ntsd *pacl;
@@ -187,6 +190,9 @@  static int cifs_xattr_set(const struct xattr_handler *handler,
 						    CIFS_ACL_GROUP |
 						    CIFS_ACL_DACL);
 					break;
+				case XATTR_CIFS_NTSD_SACL:
+					aclflags = CIFS_ACL_SACL;
+					break;
 				case XATTR_CIFS_ACL:
 				default:
 					aclflags = CIFS_ACL_DACL;
@@ -308,6 +314,7 @@  static int cifs_xattr_get(const struct xattr_handler *handler,
 		break;
 
 	case XATTR_CIFS_ACL:
+	case XATTR_CIFS_NTSD_SACL:
 	case XATTR_CIFS_NTSD:
 	case XATTR_CIFS_NTSD_FULL: {
 		/*
@@ -327,6 +334,9 @@  static int cifs_xattr_get(const struct xattr_handler *handler,
 		case XATTR_CIFS_NTSD:
 			extra_info = OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO;
 			break;
+		case XATTR_CIFS_NTSD_SACL:
+			extra_info = SACL_SECINFO;
+			break;
 		case XATTR_CIFS_ACL:
 		default:
 			extra_info = DACL_SECINFO;
@@ -448,6 +458,13 @@  static const struct xattr_handler smb3_acl_xattr_handler = {
 	.set = cifs_xattr_set,
 };
 
+static const struct xattr_handler smb3_ntsd_sacl_xattr_handler = {
+	.name = SMB3_XATTR_CIFS_NTSD_SACL,
+	.flags = XATTR_CIFS_NTSD_SACL,
+	.get = cifs_xattr_get,
+	.set = cifs_xattr_set,
+};
+
 static const struct xattr_handler cifs_cifs_ntsd_xattr_handler = {
 	.name = CIFS_XATTR_CIFS_NTSD,
 	.flags = XATTR_CIFS_NTSD,
@@ -493,6 +510,7 @@  const struct xattr_handler * const cifs_xattr_handlers[] = {
 	&cifs_os2_xattr_handler,
 	&cifs_cifs_acl_xattr_handler,
 	&smb3_acl_xattr_handler, /* alias for above since avoiding "cifs" */
+	&smb3_ntsd_sacl_xattr_handler,
 	&cifs_cifs_ntsd_xattr_handler,
 	&smb3_ntsd_xattr_handler, /* alias for above since avoiding "cifs" */
 	&cifs_cifs_ntsd_full_xattr_handler,
-- 
2.43.0