From: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
To: Steve French <smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: Steve French <steve.french-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org>
Subject: Re: [PATCH 1/2] Add new mount option to set owner uid and gid from special sids in acl
Date: Fri, 14 Oct 2016 14:34:37 -0400 [thread overview]
Message-ID: <1476470077.2727.6.camel@samba.org> (raw)
In-Reply-To: <1476457807-22055-1-git-send-email-smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
On Fri, 2016-10-14 at 10:10 -0500, Steve French wrote:
> Add "idsfromsid" mount option to indicate to cifs.ko that it should
> try to retrieve the uid and gid owner fields from special sids in the
> ACL if present. This first patch just adds the parsing for the mount
> option.
>
> Signed-off-by: Steve French <steve.french-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org>
> Reviewed-by: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> ---
> fs/cifs/cifs_fs_sb.h | 1 +
> fs/cifs/cifsfs.c | 2 ++
> fs/cifs/cifsglob.h | 1 +
> fs/cifs/connect.c | 8 +++++++-
> 4 files changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/cifs_fs_sb.h b/fs/cifs/cifs_fs_sb.h
> index 1418daa..07ed81c 100644
> --- a/fs/cifs/cifs_fs_sb.h
> +++ b/fs/cifs/cifs_fs_sb.h
> @@ -49,6 +49,7 @@
> #define CIFS_MOUNT_USE_PREFIX_PATH 0x1000000 /* make subpath with unaccessible
> * root mountable
> */
> +#define CIFS_MOUNT_UID_FROM_ACL 0x2000000 /* try to get UID via special SID */
>
> struct cifs_sb_info {
> struct rb_root tlink_tree;
> diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
> index f963c88..15261ba 100644
> --- a/fs/cifs/cifsfs.c
> +++ b/fs/cifs/cifsfs.c
> @@ -469,6 +469,8 @@ static void cifs_i_callback(struct rcu_head *head)
> seq_puts(s, ",posixpaths");
> if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID)
> seq_puts(s, ",setuids");
> + if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL)
> + seq_puts(s, ",idsfromsid");
> if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM)
> seq_puts(s, ",serverino");
> if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_RWPIDFORWARD)
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index 0c828d3..1f17f6b 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -478,6 +478,7 @@ struct smb_vol {
> bool retry:1;
> bool intr:1;
> bool setuids:1;
> + bool setuidfromacl:1;
> bool override_uid:1;
> bool override_gid:1;
> bool dynperm:1;
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 657369d..aab5227 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -75,7 +75,7 @@ enum {
> Opt_noposixpaths, Opt_nounix,
> Opt_nocase,
> Opt_brl, Opt_nobrl,
> - Opt_forcemandatorylock, Opt_setuids,
> + Opt_forcemandatorylock, Opt_setuidfromacl, Opt_setuids,
> Opt_nosetuids, Opt_dynperm, Opt_nodynperm,
> Opt_nohard, Opt_nosoft,
> Opt_nointr, Opt_intr,
> @@ -147,6 +147,7 @@ enum {
> { Opt_forcemandatorylock, "forcemand" },
> { Opt_setuids, "setuids" },
> { Opt_nosetuids, "nosetuids" },
> + { Opt_setuidfromacl, "idsfromsid" },
> { Opt_dynperm, "dynperm" },
> { Opt_nodynperm, "nodynperm" },
> { Opt_nohard, "nohard" },
> @@ -1376,6 +1377,9 @@ static int cifs_parse_security_flavors(char *value,
> case Opt_nosetuids:
> vol->setuids = 0;
> break;
> + case Opt_setuidfromacl:
> + vol->setuidfromacl = 1;
> + break;
> case Opt_dynperm:
> vol->dynperm = true;
> break;
> @@ -3279,6 +3283,8 @@ int cifs_setup_cifs_sb(struct smb_vol *pvolume_info,
> cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
> if (pvolume_info->setuids)
> cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
> + if (pvolume_info->setuidfromacl)
> + cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UID_FROM_ACL;
> if (pvolume_info->server_ino)
> cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
> if (pvolume_info->remap)
Is there any reason not to do this universally so we can avoid the new
mount option? If not, then can you also roll a patch to update the
mount.cifs manpage to document this?
Thanks,
--
Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
next prev parent reply other threads:[~2016-10-14 18:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-14 15:10 [PATCH 1/2] Add new mount option to set owner uid and gid from special sids in acl Steve French
[not found] ` <1476457807-22055-1-git-send-email-smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-10-14 15:10 ` [PATCH 2/2] Retrieve uid and gid from special sid if enabled Steve French
[not found] ` <1476457807-22055-2-git-send-email-smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-10-14 18:26 ` Jeff Layton
2016-10-14 19:12 ` Pavel Shilovsky
[not found] ` <CAKywueTJt+GG9TpxEfU464HREF=ia3wAs7Pf1D6g8aRt=KRQEA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-14 19:15 ` Steve French
2016-10-14 18:34 ` Jeff Layton [this message]
[not found] ` <1476470077.2727.6.camel-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2016-10-14 18:36 ` [PATCH 1/2] Add new mount option to set owner uid and gid from special sids in acl Steve French
[not found] ` <CAH2r5muStgeA6QJxRFJ3mZPbLbFVnQ8xpcOn+3QtWvx+3HGs0Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-14 18:41 ` Steve French
2016-10-14 19:09 ` Pavel Shilovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1476470077.2727.6.camel@samba.org \
--to=jlayton-eunubhrolfbytjvyw6ydsg@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=steve.french-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.