[PATCH] cifs: on multiuser mount, set ownership to current_fsuid/current_fsgid (try #5)

[PATCH] cifs: on multiuser mount, set ownership to current_fsuid/current_fsgid (try #5)

[Jeff Layton]

...when unix extensions aren't enabled. This makes everything on the
mount appear to be owned by the current user.

This version of the patch differs from previous versions however in that
the admin can still force the ownership of all files to appear as a
single user via the uid=/gid= options.

Signed-off-by: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
---
 fs/cifs/inode.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index dcd0886..7cf3d93 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -1761,11 +1761,21 @@ check_inval:
 int cifs_getattr(struct vfsmount *mnt, struct dentry *dentry,
 	struct kstat *stat)
 {
+	struct cifs_sb_info *cifs_sb = CIFS_SB(dentry->d_sb);
+	struct cifsTconInfo *tcon = cifs_sb_master_tcon(cifs_sb);
 	int err = cifs_revalidate_dentry(dentry);
+
 	if (!err) {
 		generic_fillattr(dentry->d_inode, stat);
 		stat->blksize = CIFS_MAX_MSGSIZE;
 		stat->ino = CIFS_I(dentry->d_inode)->uniqueid;
+		if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER) &&
+		    !tcon->unix_ext) {
+			if (!cifs_sb->mnt_uid)
+				stat->uid = current_fsuid();
+			if (!cifs_sb->mnt_uid)
+				stat->gid = current_fsgid();
+		}
 	}
 	return err;
 }
-- 
1.7.2.3

Re: [PATCH] cifs: on multiuser mount, set ownership to current_fsuid/current_fsgid (try #5)

[Steve French]

Thanks - as I had commented before, I think this will help a few cases
where admin has to be override uid and mode to get apps to work.

On Thu, Oct 7, 2010 at 1:46 PM, Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> ...when unix extensions aren't enabled. This makes everything on the
> mount appear to be owned by the current user.
>
> This version of the patch differs from previous versions however in that
> the admin can still force the ownership of all files to appear as a
> single user via the uid=/gid= options.
>
> Signed-off-by: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> ---
>  fs/cifs/inode.c |   10 ++++++++++
>  1 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
> index dcd0886..7cf3d93 100644
> --- a/fs/cifs/inode.c
> +++ b/fs/cifs/inode.c
> @@ -1761,11 +1761,21 @@ check_inval:
>  int cifs_getattr(struct vfsmount *mnt, struct dentry *dentry,
>        struct kstat *stat)
>  {
> +       struct cifs_sb_info *cifs_sb = CIFS_SB(dentry->d_sb);
> +       struct cifsTconInfo *tcon = cifs_sb_master_tcon(cifs_sb);
>        int err = cifs_revalidate_dentry(dentry);
> +
>        if (!err) {
>                generic_fillattr(dentry->d_inode, stat);
>                stat->blksize = CIFS_MAX_MSGSIZE;
>                stat->ino = CIFS_I(dentry->d_inode)->uniqueid;
> +               if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER) &&
> +                   !tcon->unix_ext) {
> +                       if (!cifs_sb->mnt_uid)
> +                               stat->uid = current_fsuid();
> +                       if (!cifs_sb->mnt_uid)
> +                               stat->gid = current_fsgid();
> +               }
>        }
>        return err;
>  }
> --
> 1.7.2.3
>
>



-- 
Thanks,

Steve

Re: [PATCH] cifs: on multiuser mount, set ownership to current_fsuid/current_fsgid (try #5)

[Jeff Layton]

On Thu, 7 Oct 2010 22:25:23 -0500
Steve French <smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

> One case does seem strange - I forgot what happens when you specify a
> mnt_uid of 0 (root)
> 

Oof, you're right... we should base this on CIFS_MOUNT_OVERR_UID and
CIFS_MOUNT_OVERR_GID flags instead. I'll send a fixed patch once I've
tested it.

Now that I think about this though, maybe we shouldn't do this based on
CIFS_MOUNT_MULTIUSER but instead on CIFS_MOUNT_NO_PERM? It would mean
a behavior change for anyone currently "-o noperm" on a mount without
unix extensions but I think it would make a bit more sense than special
casing CIFS_MOUNT_MULTIUSER here.

Thoughts?
-- 
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

Re: [PATCH] cifs: on multiuser mount, set ownership to current_fsuid/current_fsgid (try #5)

[Steve French]

On Fri, Oct 8, 2010 at 6:11 AM, Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> On Thu, 7 Oct 2010 22:25:23 -0500
> Steve French <smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>> One case does seem strange - I forgot what happens when you specify a
>> mnt_uid of 0 (root)
>>
>
> Oof, you're right... we should base this on CIFS_MOUNT_OVERR_UID and
> CIFS_MOUNT_OVERR_GID flags instead. I'll send a fixed patch once I've
> tested it.
>
> Now that I think about this though, maybe we shouldn't do this based on
> CIFS_MOUNT_MULTIUSER but instead on CIFS_MOUNT_NO_PERM? It would mean
> a behavior change for anyone currently "-o noperm" on a mount without
> unix extensions but I think it would make a bit more sense than special
> casing CIFS_MOUNT_MULTIUSER here.

When the MOUNT_NO_PERM is not set (ie where both client and server
evaluate permissions) I agree that it doesn't make sense to change
uids on the fly (to current_fsuid) since it becomes almost meaningless
to set and evaluate a mode if we are always owner.   For the case
where you MOUNT_NO_PERM, I lean toward the following heirarchy:

1) report the uid owner that the admin tells us to report.  In some
cases admins won't know what they are doing, and won't know when to
set a uid on mount, but if we want to help the admin decide whether to
override it or not, we could do the warnings in the user space
helpers.

... if no uid specified on mount then:

2) report the "correct" uid if we can
    - if the unix extensions are on (eventually we can do the
"WHO_AM_I" cifs unix extension call and/or use the domain name of the
server and/or winbind upcall as hints to see if we are not in the same
uid namespace).
   - when we have an upcall to winbind or uid mapping info, we can do
this for Windows servers as well

... if no uid specified on mount and we don't know the right uids

3) report a "default uid"
    - for the noperm multiuser case we could report the current user,
seems reasonable
   - for the case where it is noperm but not multiuser, we are sending
the mount users credentials on every operation, so new files will be
created as that user - probably better to still report the user who
did the mount as owner since those are the credentials used
    - otherwise whoever did the mount is the default user

-- 
Thanks,

Steve