From e1e3e35ae584c441606ae1c305dd377a84b7b51f Mon Sep 17 00:00:00 2001 From: Boris Protopopov Date: Thu, 17 Dec 2020 20:58:08 +0000 Subject: [PATCH 2/2] Add SMB 2 support for getting and setting SACLs Fix passing of the additional security info via version operations. Force new open when getting SACL and avoid reuse of files that were previously open without sufficient privileges to access SACLs. Signed-off-by: Boris Protopopov Signed-off-by: Steve French --- fs/cifs/cifsacl.c | 10 +++++----- fs/cifs/smb2ops.c | 4 ++-- fs/cifs/smb2pdu.c | 4 +++- fs/cifs/xattr.c | 10 ++++------ 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 4a1761139e00..f19274857292 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -3369,9 +3369,9 @@ get_smb2_acl(struct cifs_sb_info *cifs_sb, struct cifs_ntsd *pntsd = NULL; struct cifsFileInfo *open_file = NULL; - if (inode) + if (inode && !(info & SACL_SECINFO)) open_file = find_readable_file(CIFS_I(inode), true); - if (!open_file) + if (!open_file || (info & SACL_SECINFO)) return get_smb2_acl_by_path(cifs_sb, path, pacllen, info); pntsd = get_smb2_acl_by_fid(cifs_sb, &open_file->fid, pacllen, info); diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 202d8742d149..067eb44c7baa 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -3480,8 +3480,10 @@ SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon, int SMB2_query_acl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, u64 volatile_fid, - void **data, u32 *plen, u32 additional_info) + void **data, u32 *plen, u32 extra_info) { + __u32 additional_info = OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO | + extra_info; *plen = 0; return query_info(xid, tcon, persistent_fid, volatile_fid, diff --git a/fs/cifs/xattr.c b/fs/cifs/xattr.c index 9318a2acf4ee..6b658a1172ef 100644 --- a/fs/cifs/xattr.c +++ b/fs/cifs/xattr.c @@ -340,21 +340,19 @@ static int cifs_xattr_get(const struct xattr_handler *handler, * fetch owner, DACL, and SACL if asked for full descriptor, * fetch owner and DACL otherwise */ - u32 acllen, additional_info = 0; + u32 acllen, extra_info; struct cifs_ntsd *pacl; if (pTcon->ses->server->ops->get_acl == NULL) goto out; /* rc already EOPNOTSUPP */ if (handler->flags == XATTR_CIFS_NTSD_FULL) { - additional_info = OWNER_SECINFO | GROUP_SECINFO | - DACL_SECINFO | SACL_SECINFO; + extra_info = SACL_SECINFO; } else { - additional_info = OWNER_SECINFO | GROUP_SECINFO | - DACL_SECINFO; + extra_info = 0; } pacl = pTcon->ses->server->ops->get_acl(cifs_sb, - inode, full_path, &acllen, additional_info); + inode, full_path, &acllen, extra_info); if (IS_ERR(pacl)) { rc = PTR_ERR(pacl); cifs_dbg(VFS, "%s: error %zd getting sec desc\n", -- 2.27.0