提交 2fbc2f17 编写于 作者: S Shirish Pargaonkar 提交者: Steve French

cifs: Use mask of ACEs for SID Everyone to calculate all three permissions user, group, and other

If a DACL has entries for ACEs for SID Everyone and Authenticated Users,
factor in mask in respective entries during calculation of permissions
for all three, user, group, and other.

http://technet.microsoft.com/en-us/library/bb463216.aspxSigned-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
Reviewed-by: NJeff Layton <jlayton@redhat.com>
Signed-off-by: NSteve French <sfrench@us.ibm.com>
上级 540b2e37
...@@ -41,9 +41,12 @@ static struct cifs_wksid wksidarr[NUM_WK_SIDS] = { ...@@ -41,9 +41,12 @@ static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
; ;
/* security id for everyone */ /* security id for everyone/world system group */
static const struct cifs_sid sid_everyone = { static const struct cifs_sid sid_everyone = {
1, 1, {0, 0, 0, 0, 0, 1}, {0} }; 1, 1, {0, 0, 0, 0, 0, 1}, {0} };
/* security id for Authenticated Users system group */
static const struct cifs_sid sid_authusers = {
1, 1, {0, 0, 0, 0, 0, 5}, {11} };
/* group users */ /* group users */
static const struct cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {} }; static const struct cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {} };
...@@ -365,7 +368,7 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl, ...@@ -365,7 +368,7 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
if (num_aces > 0) { if (num_aces > 0) {
umode_t user_mask = S_IRWXU; umode_t user_mask = S_IRWXU;
umode_t group_mask = S_IRWXG; umode_t group_mask = S_IRWXG;
umode_t other_mask = S_IRWXO; umode_t other_mask = S_IRWXU | S_IRWXG | S_IRWXO;
ppace = kmalloc(num_aces * sizeof(struct cifs_ace *), ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
GFP_KERNEL); GFP_KERNEL);
...@@ -390,6 +393,12 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl, ...@@ -390,6 +393,12 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
ppace[i]->type, ppace[i]->type,
&fattr->cf_mode, &fattr->cf_mode,
&other_mask); &other_mask);
if (compare_sids(&(ppace[i]->sid), &sid_authusers))
access_flags_to_mode(ppace[i]->access_req,
ppace[i]->type,
&fattr->cf_mode,
&other_mask);
/* memcpy((void *)(&(cifscred->aces[i])), /* memcpy((void *)(&(cifscred->aces[i])),
(void *)ppace[i], (void *)ppace[i],
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册