From: Christian Brauner <brauner@kernel.org> To: Steve French <stfrench@microsoft.com>, Christoph Hellwig <hch@infradead.org>, Namjae Jeon <namjae.jeon@samsung.com>, linux-cifs@vger.kernel.org Cc: Hyunchul Lee <hyc.lee@gmail.com>, Sergey Senozhatsky <senozhatsky@chromium.org>, Christian Brauner <christian.brauner@ubuntu.com> Subject: [PATCH 04/11] smb2pdu: fix translation in ksmbd_acls_fattr() Date: Mon, 23 Aug 2021 17:13:50 +0200 [thread overview] Message-ID: <20210823151357.471691-5-brauner@kernel.org> (raw) In-Reply-To: <20210823151357.471691-1-brauner@kernel.org> From: Christian Brauner <christian.brauner@ubuntu.com> When creating new filesystem objects ksmbd translates between k*ids and s*ids. For this it often uses struct smb_fattr and stashes the k*ids in cf_uid and cf_gid. Let cf_uid and cf_gid always contain the final information taking any potential idmapped mounts into account. When finally translation cf_*id into s*ids translate them into the user namespace of ksmbd since that is the relevant user namespace here. Cc: Steve French <stfrench@microsoft.com> Cc: Christoph Hellwig <hch@infradead.org> Cc: Namjae Jeon <namjae.jeon@samsung.com> Cc: Hyunchul Lee <hyc.lee@gmail.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: linux-cifs@vger.kernel.org Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> --- fs/ksmbd/smb2pdu.c | 12 +++++++----- fs/ksmbd/smbacl.c | 8 ++++---- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 559bfa2623f2..1b0a9242be88 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2381,10 +2381,12 @@ static int smb2_create_sd_buffer(struct ksmbd_work *work, le32_to_cpu(sd_buf->ccontext.DataLength), true); } -static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode) +static void ksmbd_acls_fattr(struct smb_fattr *fattr, + struct user_namespace *mnt_userns, + struct inode *inode) { - fattr->cf_uid = inode->i_uid; - fattr->cf_gid = inode->i_gid; + fattr->cf_uid = i_uid_into_mnt(mnt_userns, inode); + fattr->cf_gid = i_gid_into_mnt(mnt_userns, inode); fattr->cf_mode = inode->i_mode; fattr->cf_acls = NULL; fattr->cf_dacls = NULL; @@ -2893,7 +2895,7 @@ int smb2_open(struct ksmbd_work *work) struct smb_ntsd *pntsd; int pntsd_size, ace_num = 0; - ksmbd_acls_fattr(&fattr, inode); + ksmbd_acls_fattr(&fattr, user_ns, inode); if (fattr.cf_acls) ace_num = fattr.cf_acls->a_count; if (fattr.cf_dacls) @@ -5006,7 +5008,7 @@ static int smb2_get_info_sec(struct ksmbd_work *work, user_ns = file_mnt_user_ns(fp->filp); inode = file_inode(fp->filp); - ksmbd_acls_fattr(&fattr, inode); + ksmbd_acls_fattr(&fattr, user_ns, inode); if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index 5456e3ad943e..a7025b31d2f2 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -723,7 +723,7 @@ static void set_mode_dacl(struct user_namespace *user_ns, } /* owner RID */ - uid = from_kuid(user_ns, fattr->cf_uid); + uid = from_kuid(&init_user_ns, fattr->cf_uid); if (uid) sid = &server_conf.domain_sid; else @@ -739,7 +739,7 @@ static void set_mode_dacl(struct user_namespace *user_ns, ace_size = fill_ace_for_sid(pace, &sid_unix_groups, ACCESS_ALLOWED, 0, fattr->cf_mode, 0070); pace->sid.sub_auth[pace->sid.num_subauth++] = - cpu_to_le32(from_kgid(user_ns, fattr->cf_gid)); + cpu_to_le32(from_kgid(&init_user_ns, fattr->cf_gid)); pace->size = cpu_to_le16(ace_size + 4); size += le16_to_cpu(pace->size); pace = (struct smb_ace *)((char *)pndace + size); @@ -880,7 +880,7 @@ int build_sec_desc(struct user_namespace *user_ns, if (!nowner_sid_ptr) return -ENOMEM; - uid = from_kuid(user_ns, fattr->cf_uid); + uid = from_kuid(&init_user_ns, fattr->cf_uid); if (!uid) sid_type = SIDUNIX_USER; id_to_sid(uid, sid_type, nowner_sid_ptr); @@ -891,7 +891,7 @@ int build_sec_desc(struct user_namespace *user_ns, return -ENOMEM; } - gid = from_kgid(user_ns, fattr->cf_gid); + gid = from_kgid(&init_user_ns, fattr->cf_gid); id_to_sid(gid, SIDUNIX_GROUP, ngroup_sid_ptr); offset = sizeof(struct smb_ntsd); -- 2.30.2
next prev parent reply other threads:[~2021-08-23 15:15 UTC|newest] Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <CGME20210823030840epcas1p24b226d445a683012925efd81a72ecb6d@epcas1p2.samsung.com> 2021-08-23 2:58 ` [PATCH v8 00/13] ksmbd: introduce new SMB3 kernel server Namjae Jeon [not found] ` <CGME20210823030841epcas1p1a811d4a6aec75c09581a9b0fb575d23e@epcas1p1.samsung.com> 2021-08-23 2:58 ` [PATCH v8 01/13] ksmbd: add document Namjae Jeon [not found] ` <CGME20210823030842epcas1p27cdeb782776f6659826110cd9a3524d4@epcas1p2.samsung.com> 2021-08-23 2:58 ` [PATCH v8 02/13] ksmbd: add server handler Namjae Jeon [not found] ` <CGME20210823030843epcas1p4502dad130066a74f08745c849b981112@epcas1p4.samsung.com> 2021-08-23 2:58 ` [PATCH v8 03/13] ksmbd: add tcp transport layer Namjae Jeon [not found] ` <CGME20210823030844epcas1p2a9dc2c02d32df86e9eb3c2af975c7d81@epcas1p2.samsung.com> 2021-08-23 2:58 ` [PATCH v8 04/13] ksmbd: add ipc " Namjae Jeon [not found] ` <CGME20210823030845epcas1p3ff50078868ed215c43898356c9248d24@epcas1p3.samsung.com> 2021-08-23 2:58 ` [PATCH v8 05/13] ksmbd: add rdma " Namjae Jeon [not found] ` <CGME20210823030845epcas1p2c72588cd470ca46463fd46b42b7b9603@epcas1p2.samsung.com> 2021-08-23 2:58 ` [PATCH v8 06/13] ksmbd: add a utility code that tracks (and caches) sessions data Namjae Jeon [not found] ` <CGME20210823030846epcas1p35bd3c665d8afd6205c617840e709afc7@epcas1p3.samsung.com> 2021-08-23 2:58 ` [PATCH v8 07/13] ksmbd: add authentication Namjae Jeon [not found] ` <CGME20210823030849epcas1p39035b8f9ec5cdc87dc7beca86590932c@epcas1p3.samsung.com> 2021-08-23 2:58 ` [PATCH v8 10/13] ksmbd: add oplock/lease cache mechanism Namjae Jeon [not found] ` <CGME20210823030850epcas1p1eea7803d1ca2e854a0199f4c83cd8190@epcas1p1.samsung.com> 2021-08-23 2:58 ` [PATCH v8 11/13] ksmbd: add file operations Namjae Jeon [not found] ` <CGME20210823030851epcas1p2d141386b64cd9039121a9f6a5074a362@epcas1p2.samsung.com> 2021-08-23 2:58 ` [PATCH v8 12/13] ksmbd: add Kconfig and Makefile Namjae Jeon [not found] ` <CGME20210823030851epcas1p3df6319948e331e2e0225adba4e81e660@epcas1p3.samsung.com> 2021-08-23 2:58 ` [PATCH v8 13/13] MAINTAINERS: add ksmbd kernel server Namjae Jeon 2021-08-23 15:13 ` [PATCH 00/11] ksmbd: various fixes Christian Brauner 2021-08-23 15:13 ` [PATCH 01/11] ksmbd: fix lookup on idmapped mounts Christian Brauner 2021-08-23 15:13 ` [PATCH 02/11] ksmbd: fix translation in smb2_populate_readdir_entry() Christian Brauner 2021-08-23 15:13 ` [PATCH 03/11] ksmbd: fix translation in create_posix_rsp_buf() Christian Brauner 2021-08-23 15:13 ` Christian Brauner [this message] 2021-08-23 15:13 ` [PATCH 05/11] ksmbd: fix translation in acl entries Christian Brauner 2021-08-23 15:13 ` [PATCH 06/11] ksmbd: fix subauth 0 handling in sid_to_id() Christian Brauner 2021-08-24 8:13 ` Namjae Jeon 2021-08-24 11:37 ` Christian Brauner 2021-08-23 15:13 ` [PATCH 07/11] ksmbd: fix translation " Christian Brauner 2021-08-23 15:13 ` [PATCH 08/11] ndr: fix translation in ndr_encode_posix_acl() Christian Brauner 2021-08-23 15:13 ` [PATCH 09/11] ksmbd: ensure error is surfaced in set_file_basic_info() Christian Brauner 2021-08-23 15:13 ` [PATCH 10/11] ksmbd: remove setattr preparations " Christian Brauner 2021-09-01 12:47 ` Namjae Jeon 2021-09-02 13:43 ` Christian Brauner 2021-10-01 18:51 ` Marios Makassikis 2021-10-02 0:41 ` Namjae Jeon 2021-10-02 19:29 ` Marios Makassikis 2021-10-03 0:12 ` Namjae Jeon 2021-08-23 15:13 ` [PATCH 11/11] ksmbd: defer notify_change() call Christian Brauner 2021-08-24 8:20 ` Namjae Jeon 2021-08-24 11:36 ` Christian Brauner 2021-09-01 12:53 ` Namjae Jeon 2021-09-02 13:42 ` Christian Brauner
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210823151357.471691-5-brauner@kernel.org \ --to=brauner@kernel.org \ --cc=christian.brauner@ubuntu.com \ --cc=hch@infradead.org \ --cc=hyc.lee@gmail.com \ --cc=linux-cifs@vger.kernel.org \ --cc=namjae.jeon@samsung.com \ --cc=senozhatsky@chromium.org \ --cc=stfrench@microsoft.com \ --subject='Re: [PATCH 04/11] smb2pdu: fix translation in ksmbd_acls_fattr()' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).