diff options
author | Steve French <sfrench@us.ibm.com> | 2007-10-31 04:54:42 +0000 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2007-10-31 04:54:42 +0000 |
commit | 953f868138dbf4300196780379476ab9f07f263a (patch) | |
tree | e0dfbaebe02e75094033425fc4274328c5928dd0 /fs/cifs/cifsacl.c | |
parent | e01b64001359034d04c695388870936ed3d1b56b (diff) | |
download | lwn-953f868138dbf4300196780379476ab9f07f263a.tar.gz lwn-953f868138dbf4300196780379476ab9f07f263a.zip |
[CIFS] Don't request too much permission when reading an ACL
We were requesting GENERIC_READ but that fails when we do not have
read permission on the file (even if we could read the ACL).
Also move the dump access control entry code into debug ifdef.
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/cifsacl.c')
-rw-r--r-- | fs/cifs/cifsacl.c | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 629b96c21639..f1215df7fbee 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -162,7 +162,8 @@ static void access_flags_to_mode(__u32 ace_flags, umode_t *pmode, } -static void parse_ace(struct cifs_ace *pace, char *end_of_acl) +#ifdef CONFIG_CIFS_DEBUG2 +static void dump_ace(struct cifs_ace *pace, char *end_of_acl) { int num_subauth; @@ -180,7 +181,6 @@ static void parse_ace(struct cifs_ace *pace, char *end_of_acl) num_subauth = pace->sid.num_subauth; if (num_subauth) { -#ifdef CONFIG_CIFS_DEBUG2 int i; cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d", pace->sid.revision, pace->sid.num_subauth, pace->type, @@ -192,11 +192,11 @@ static void parse_ace(struct cifs_ace *pace, char *end_of_acl) /* BB add length check to make sure that we do not have huge num auths and therefore go off the end */ -#endif } return; } +#endif static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl, @@ -240,9 +240,9 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl, for (i = 0; i < num_aces; ++i) { ppace[i] = (struct cifs_ace *) (acl_base + acl_size); - - parse_ace(ppace[i], end_of_acl); - +#ifdef CONFIG_CIFS_DEBUG2 + dump_ace(ppace[i], end_of_acl); +#endif if (compare_sids(&(ppace[i]->sid), pownersid)) access_flags_to_mode(ppace[i]->access_req, &(inode->i_mode), S_IRWXU); @@ -385,7 +385,7 @@ void acl_to_uid_mode(struct inode *inode, const char *path) int oplock = FALSE; /* open file */ rc = CIFSSMBOpen(xid, cifs_sb->tcon, path, FILE_OPEN, - GENERIC_READ, 0, &fid, &oplock, NULL, + READ_CONTROL, 0, &fid, &oplock, NULL, cifs_sb->local_nls, cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR); if (rc != 0) { @@ -409,4 +409,22 @@ void acl_to_uid_mode(struct inode *inode, const char *path) FreeXid(xid); return; } + +int mode_to_acl(struct inode *inode, const char *path) +{ + int rc = 0; + __u32 acllen = 0; + struct cifs_ntsd *pntsd = NULL; + + cFYI(1, ("set ACL from mode for %s", path)); + + /* Get the security descriptor */ + + /* Add/Modify the three ACEs for owner, group, everyone */ + + /* Set the security descriptor */ + kfree(pntsd); + + return rc; +} #endif /* CONFIG_CIFS_EXPERIMENTAL */ |