cifs: Call id to SID mapping functions to change owner/group (try #4 repost)
Now build security descriptor to change either owner or group at the server. Initially security descriptor was built to change only (D)ACL, that functionality has been extended. When either an Owner or a Group of a file object at the server is changed, rest of security descriptor remains same (DACL etc.). To set security descriptor, it is necessary to open that file with permission bits of either WRITE_DAC if DACL is being modified or WRITE_OWNER (Take Ownership) if Owner or Group is being changed. It is the server that decides whether a set security descriptor with either owner or group change succeeds or not. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
This commit is contained in:
Shirish Pargaonkar
committed by
Steve French
Steve French
parent
d59dad2be0
commit
a5ff376966
@@ -2096,6 +2096,8 @@ static int
|
||||
cifs_setattr_nounix(struct dentry *direntry, struct iattr *attrs)
|
||||
{
|
||||
int xid;
|
||||
uid_t uid = NO_CHANGE_32;
|
||||
gid_t gid = NO_CHANGE_32;
|
||||
struct inode *inode = direntry->d_inode;
|
||||
struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
|
||||
struct cifsInodeInfo *cifsInode = CIFS_I(inode);
|
||||
@@ -2146,13 +2148,25 @@ cifs_setattr_nounix(struct dentry *direntry, struct iattr *attrs)
|
||||
goto cifs_setattr_exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* Without unix extensions we can't send ownership changes to the
|
||||
* server, so silently ignore them. This is consistent with how
|
||||
* local DOS/Windows filesystems behave (VFAT, NTFS, etc). With
|
||||
* CIFSACL support + proper Windows to Unix idmapping, we may be
|
||||
* able to support this in the future.
|
||||
*/
|
||||
if (attrs->ia_valid & ATTR_UID)
|
||||
uid = attrs->ia_uid;
|
||||
|
||||
if (attrs->ia_valid & ATTR_GID)
|
||||
gid = attrs->ia_gid;
|
||||
|
||||
#ifdef CONFIG_CIFS_ACL
|
||||
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_ACL) {
|
||||
if (uid != NO_CHANGE_32 || gid != NO_CHANGE_32) {
|
||||
rc = id_mode_to_cifs_acl(inode, full_path, NO_CHANGE_64,
|
||||
uid, gid);
|
||||
if (rc) {
|
||||
cFYI(1, "%s: Setting id failed with error: %d",
|
||||
__func__, rc);
|
||||
goto cifs_setattr_exit;
|
||||
}
|
||||
}
|
||||
} else
|
||||
#endif /* CONFIG_CIFS_ACL */
|
||||
if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID))
|
||||
attrs->ia_valid &= ~(ATTR_UID | ATTR_GID);
|
||||
|
||||
@@ -2161,15 +2175,12 @@ cifs_setattr_nounix(struct dentry *direntry, struct iattr *attrs)
|
||||
attrs->ia_valid &= ~ATTR_MODE;
|
||||
|
||||
if (attrs->ia_valid & ATTR_MODE) {
|
||||
cFYI(1, "Mode changed to 0%o", attrs->ia_mode);
|
||||
mode = attrs->ia_mode;
|
||||
}
|
||||
|
||||
if (attrs->ia_valid & ATTR_MODE) {
|
||||
rc = 0;
|
||||
#ifdef CONFIG_CIFS_ACL
|
||||
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_ACL) {
|
||||
rc = mode_to_cifs_acl(inode, full_path, mode);
|
||||
rc = id_mode_to_cifs_acl(inode, full_path, mode,
|
||||
NO_CHANGE_32, NO_CHANGE_32);
|
||||
if (rc) {
|
||||
cFYI(1, "%s: Setting ACL failed with error: %d",
|
||||
__func__, rc);
|
||||
|
||||
Reference in New Issue
Block a user