* [PATCH v2 2/2] cifs: modefromsid: write mode ACE with DENY first [not found] <CAH2r5mu+=ACLDGiauPAMh-7DDzhsORpuUvVKMoAhxC6WTT7bsw@mail.gmail.com> @ 2019-09-16 19:09 ` Aurelien Aptel 2019-09-16 23:47 ` [PATCH v3 2/2] cifs: modefromsid: write mode ACE first Aurelien Aptel 0 siblings, 1 reply; 2+ messages in thread From: Aurelien Aptel @ 2019-09-16 19:09 UTC (permalink / raw) To: linux-cifs; +Cc: smfrench, Aurelien Aptel, Steve French DACL should start with denying ACE first but we are putting it at the end. reorder them to put it first. Signed-off-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Steve French <stfrench@microsoft.com> --- fs/cifs/cifsacl.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 3e0c5ed9ca20..5cde4ec5534e 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -809,18 +809,11 @@ static int set_chmod_dacl(struct cifs_acl *pndacl, struct cifs_sid *pownersid, struct cifs_sid *pgrpsid, __u64 nmode, bool modefromsid) { u16 size = 0; + u32 num_aces = 0; struct cifs_acl *pnndacl; pnndacl = (struct cifs_acl *)((char *)pndacl + sizeof(struct cifs_acl)); - size += fill_ace_for_sid((struct cifs_ace *) ((char *)pnndacl + size), - pownersid, nmode, S_IRWXU); - size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), - pgrpsid, nmode, S_IRWXG); - size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), - &sid_everyone, nmode, S_IRWXO); - - /* TBD: Move this ACE to the top of ACE list instead of bottom */ if (modefromsid) { struct cifs_ace *pntace = (struct cifs_ace *)((char *)pnndacl + size); @@ -828,11 +821,9 @@ static int set_chmod_dacl(struct cifs_acl *pndacl, struct cifs_sid *pownersid, pntace->type = ACCESS_DENIED; pntace->flags = 0x0; + pntace->access_req = 0; pntace->sid.num_subauth = 3; pntace->sid.revision = 1; - /* size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4) */ - pntace->size = cpu_to_le16(28); - size += 28; for (i = 0; i < NUM_AUTHS; i++) pntace->sid.authority[i] = sid_unix_NFS_mode.authority[i]; @@ -840,12 +831,23 @@ static int set_chmod_dacl(struct cifs_acl *pndacl, struct cifs_sid *pownersid, pntace->sid.sub_auth[1] = sid_unix_NFS_mode.sub_auth[1]; pntace->sid.sub_auth[2] = cpu_to_le32(nmode & 07777); - pndacl->num_aces = cpu_to_le32(4); - size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), - &sid_unix_NFS_mode, nmode, S_IRWXO); - } else - pndacl->num_aces = cpu_to_le32(3); + /* size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth*4) */ + pntace->size = cpu_to_le16(28); + size += 28; + num_aces++; + } + + size += fill_ace_for_sid((struct cifs_ace *) ((char *)pnndacl + size), + pownersid, nmode, S_IRWXU); + num_aces++; + size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), + pgrpsid, nmode, S_IRWXG); + num_aces++; + size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), + &sid_everyone, nmode, S_IRWXO); + num_aces++; + pndacl->num_aces = cpu_to_le32(num_aces); pndacl->size = cpu_to_le16(size + sizeof(struct cifs_acl)); return 0; -- 2.16.4 ^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH v3 2/2] cifs: modefromsid: write mode ACE first 2019-09-16 19:09 ` [PATCH v2 2/2] cifs: modefromsid: write mode ACE with DENY first Aurelien Aptel @ 2019-09-16 23:47 ` Aurelien Aptel 0 siblings, 0 replies; 2+ messages in thread From: Aurelien Aptel @ 2019-09-16 23:47 UTC (permalink / raw) To: linux-cifs; +Cc: smfrench, Aurelien Aptel, Steve French DACL should start with mode ACE first but we are putting it at the end. reorder them to put it first. Signed-off-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Steve French <stfrench@microsoft.com> --- fs/cifs/cifsacl.c | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 3e0c5ed9ca20..f842944a5c76 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -809,30 +809,21 @@ static int set_chmod_dacl(struct cifs_acl *pndacl, struct cifs_sid *pownersid, struct cifs_sid *pgrpsid, __u64 nmode, bool modefromsid) { u16 size = 0; + u32 num_aces = 0; struct cifs_acl *pnndacl; pnndacl = (struct cifs_acl *)((char *)pndacl + sizeof(struct cifs_acl)); - size += fill_ace_for_sid((struct cifs_ace *) ((char *)pnndacl + size), - pownersid, nmode, S_IRWXU); - size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), - pgrpsid, nmode, S_IRWXG); - size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), - &sid_everyone, nmode, S_IRWXO); - - /* TBD: Move this ACE to the top of ACE list instead of bottom */ if (modefromsid) { struct cifs_ace *pntace = (struct cifs_ace *)((char *)pnndacl + size); int i; - pntace->type = ACCESS_DENIED; + pntace->type = ACCESS_ALLOWED; pntace->flags = 0x0; + pntace->access_req = 0; pntace->sid.num_subauth = 3; pntace->sid.revision = 1; - /* size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4) */ - pntace->size = cpu_to_le16(28); - size += 28; for (i = 0; i < NUM_AUTHS; i++) pntace->sid.authority[i] = sid_unix_NFS_mode.authority[i]; @@ -840,12 +831,23 @@ static int set_chmod_dacl(struct cifs_acl *pndacl, struct cifs_sid *pownersid, pntace->sid.sub_auth[1] = sid_unix_NFS_mode.sub_auth[1]; pntace->sid.sub_auth[2] = cpu_to_le32(nmode & 07777); - pndacl->num_aces = cpu_to_le32(4); - size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), - &sid_unix_NFS_mode, nmode, S_IRWXO); - } else - pndacl->num_aces = cpu_to_le32(3); + /* size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth*4) */ + pntace->size = cpu_to_le16(28); + size += 28; + num_aces++; + } + + size += fill_ace_for_sid((struct cifs_ace *) ((char *)pnndacl + size), + pownersid, nmode, S_IRWXU); + num_aces++; + size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), + pgrpsid, nmode, S_IRWXG); + num_aces++; + size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size), + &sid_everyone, nmode, S_IRWXO); + num_aces++; + pndacl->num_aces = cpu_to_le32(num_aces); pndacl->size = cpu_to_le16(size + sizeof(struct cifs_acl)); return 0; -- 2.16.4 ^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-16 23:47 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <CAH2r5mu+=ACLDGiauPAMh-7DDzhsORpuUvVKMoAhxC6WTT7bsw@mail.gmail.com> 2019-09-16 19:09 ` [PATCH v2 2/2] cifs: modefromsid: write mode ACE with DENY first Aurelien Aptel 2019-09-16 23:47 ` [PATCH v3 2/2] cifs: modefromsid: write mode ACE first Aurelien Aptel
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).