From: Christian Brauner <brauner@kernel.org>
To: Steve French <stfrench@microsoft.com>,
Christoph Hellwig <hch@infradead.org>,
Namjae Jeon <namjae.jeon@samsung.com>,
linux-cifs@vger.kernel.org
Cc: Hyunchul Lee <hyc.lee@gmail.com>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: [PATCH 04/11] smb2pdu: fix translation in ksmbd_acls_fattr()
Date: Mon, 23 Aug 2021 17:13:50 +0200 [thread overview]
Message-ID: <20210823151357.471691-5-brauner@kernel.org> (raw)
In-Reply-To: <20210823151357.471691-1-brauner@kernel.org>
From: Christian Brauner <christian.brauner@ubuntu.com>
When creating new filesystem objects ksmbd translates between k*ids and
s*ids. For this it often uses struct smb_fattr and stashes the k*ids in
cf_uid and cf_gid. Let cf_uid and cf_gid always contain the final
information taking any potential idmapped mounts into account. When
finally translation cf_*id into s*ids translate them into the user
namespace of ksmbd since that is the relevant user namespace here.
Cc: Steve French <stfrench@microsoft.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Namjae Jeon <namjae.jeon@samsung.com>
Cc: Hyunchul Lee <hyc.lee@gmail.com>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: linux-cifs@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
fs/ksmbd/smb2pdu.c | 12 +++++++-----
fs/ksmbd/smbacl.c | 8 ++++----
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 559bfa2623f2..1b0a9242be88 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -2381,10 +2381,12 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work,
le32_to_cpu(sd_buf->ccontext.DataLength), true);
}
-static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode)
+static void ksmbd_acls_fattr(struct smb_fattr *fattr,
+ struct user_namespace *mnt_userns,
+ struct inode *inode)
{
- fattr->cf_uid = inode->i_uid;
- fattr->cf_gid = inode->i_gid;
+ fattr->cf_uid = i_uid_into_mnt(mnt_userns, inode);
+ fattr->cf_gid = i_gid_into_mnt(mnt_userns, inode);
fattr->cf_mode = inode->i_mode;
fattr->cf_acls = NULL;
fattr->cf_dacls = NULL;
@@ -2893,7 +2895,7 @@ int smb2_open(struct ksmbd_work *work)
struct smb_ntsd *pntsd;
int pntsd_size, ace_num = 0;
- ksmbd_acls_fattr(&fattr, inode);
+ ksmbd_acls_fattr(&fattr, user_ns, inode);
if (fattr.cf_acls)
ace_num = fattr.cf_acls->a_count;
if (fattr.cf_dacls)
@@ -5006,7 +5008,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work,
user_ns = file_mnt_user_ns(fp->filp);
inode = file_inode(fp->filp);
- ksmbd_acls_fattr(&fattr, inode);
+ ksmbd_acls_fattr(&fattr, user_ns, inode);
if (test_share_config_flag(work->tcon->share_conf,
KSMBD_SHARE_FLAG_ACL_XATTR))
diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c
index 5456e3ad943e..a7025b31d2f2 100644
--- a/fs/ksmbd/smbacl.c
+++ b/fs/ksmbd/smbacl.c
@@ -723,7 +723,7 @@ static void set_mode_dacl(struct user_namespace *user_ns,
}
/* owner RID */
- uid = from_kuid(user_ns, fattr->cf_uid);
+ uid = from_kuid(&init_user_ns, fattr->cf_uid);
if (uid)
sid = &server_conf.domain_sid;
else
@@ -739,7 +739,7 @@ static void set_mode_dacl(struct user_namespace *user_ns,
ace_size = fill_ace_for_sid(pace, &sid_unix_groups,
ACCESS_ALLOWED, 0, fattr->cf_mode, 0070);
pace->sid.sub_auth[pace->sid.num_subauth++] =
- cpu_to_le32(from_kgid(user_ns, fattr->cf_gid));
+ cpu_to_le32(from_kgid(&init_user_ns, fattr->cf_gid));
pace->size = cpu_to_le16(ace_size + 4);
size += le16_to_cpu(pace->size);
pace = (struct smb_ace *)((char *)pndace + size);
@@ -880,7 +880,7 @@ int build_sec_desc(struct user_namespace *user_ns,
if (!nowner_sid_ptr)
return -ENOMEM;
- uid = from_kuid(user_ns, fattr->cf_uid);
+ uid = from_kuid(&init_user_ns, fattr->cf_uid);
if (!uid)
sid_type = SIDUNIX_USER;
id_to_sid(uid, sid_type, nowner_sid_ptr);
@@ -891,7 +891,7 @@ int build_sec_desc(struct user_namespace *user_ns,
return -ENOMEM;
}
- gid = from_kgid(user_ns, fattr->cf_gid);
+ gid = from_kgid(&init_user_ns, fattr->cf_gid);
id_to_sid(gid, SIDUNIX_GROUP, ngroup_sid_ptr);
offset = sizeof(struct smb_ntsd);
--
2.30.2
next prev parent reply other threads:[~2021-08-23 15:15 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20210823030840epcas1p24b226d445a683012925efd81a72ecb6d@epcas1p2.samsung.com>
2021-08-23 2:58 ` [PATCH v8 00/13] ksmbd: introduce new SMB3 kernel server Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 01/13] ksmbd: add document Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 02/13] ksmbd: add server handler Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 03/13] ksmbd: add tcp transport layer Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 04/13] ksmbd: add ipc " Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 05/13] ksmbd: add rdma " Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 06/13] ksmbd: add a utility code that tracks (and caches) sessions data Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 07/13] ksmbd: add authentication Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 08/13] ksmbd: add smb3 engine part 1 Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 09/13] ksmbd: add smb3 engine part 2 Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 10/13] ksmbd: add oplock/lease cache mechanism Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 11/13] ksmbd: add file operations Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 12/13] ksmbd: add Kconfig and Makefile Namjae Jeon
2021-08-23 2:58 ` [PATCH v8 13/13] MAINTAINERS: add ksmbd kernel server Namjae Jeon
2021-08-23 15:13 ` [PATCH 00/11] ksmbd: various fixes Christian Brauner
2021-08-23 15:13 ` [PATCH 01/11] ksmbd: fix lookup on idmapped mounts Christian Brauner
2021-08-23 15:13 ` [PATCH 02/11] ksmbd: fix translation in smb2_populate_readdir_entry() Christian Brauner
2021-08-23 15:13 ` [PATCH 03/11] ksmbd: fix translation in create_posix_rsp_buf() Christian Brauner
2021-08-23 15:13 ` Christian Brauner [this message]
2021-08-23 15:13 ` [PATCH 05/11] ksmbd: fix translation in acl entries Christian Brauner
2021-08-23 15:13 ` [PATCH 06/11] ksmbd: fix subauth 0 handling in sid_to_id() Christian Brauner
2021-08-24 8:13 ` Namjae Jeon
2021-08-24 11:37 ` Christian Brauner
2021-08-23 15:13 ` [PATCH 07/11] ksmbd: fix translation " Christian Brauner
2021-08-23 15:13 ` [PATCH 08/11] ndr: fix translation in ndr_encode_posix_acl() Christian Brauner
2021-08-23 15:13 ` [PATCH 09/11] ksmbd: ensure error is surfaced in set_file_basic_info() Christian Brauner
2021-08-23 15:13 ` [PATCH 10/11] ksmbd: remove setattr preparations " Christian Brauner
2021-09-01 12:47 ` Namjae Jeon
2021-09-02 13:43 ` Christian Brauner
2021-10-01 18:51 ` Marios Makassikis
2021-10-02 0:41 ` Namjae Jeon
2021-10-02 19:29 ` Marios Makassikis
2021-10-03 0:12 ` Namjae Jeon
2021-08-23 15:13 ` [PATCH 11/11] ksmbd: defer notify_change() call Christian Brauner
2021-08-24 8:20 ` Namjae Jeon
2021-08-24 11:36 ` Christian Brauner
2021-09-01 12:53 ` Namjae Jeon
2021-09-02 13:42 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210823151357.471691-5-brauner@kernel.org \
--to=brauner@kernel.org \
--cc=christian.brauner@ubuntu.com \
--cc=hch@infradead.org \
--cc=hyc.lee@gmail.com \
--cc=linux-cifs@vger.kernel.org \
--cc=namjae.jeon@samsung.com \
--cc=senozhatsky@chromium.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.