1. 25 10月, 2011 4 次提交
  2. 23 10月, 2011 1 次提交
  3. 21 10月, 2011 1 次提交
  4. 20 10月, 2011 19 次提交
  5. 18 10月, 2011 2 次提交
  6. 17 10月, 2011 1 次提交
    • S
      cifs: Call id to SID mapping functions to change owner/group (try #4 repost) · a5ff3769
      Shirish Pargaonkar 提交于
      Now build security descriptor to change either owner or group at the
      server.  Initially security descriptor was built to change only
      (D)ACL, that functionality has been extended.
      
      When either an Owner or a Group of a file object at the server is changed,
      rest of security descriptor remains same (DACL etc.).
      
      To set security descriptor, it is necessary to open that file
      with permission bits of either WRITE_DAC if DACL is being modified or
      WRITE_OWNER (Take Ownership) if Owner or Group is being changed.
      
      It is the server that decides whether a set security descriptor with
      either owner or group change succeeds or not.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      a5ff3769
  7. 14 10月, 2011 4 次提交
  8. 13 10月, 2011 8 次提交
    • J
      cifs: simplify read_from_socket · a52c1eb7
      Jeff Layton 提交于
      Move the iovec handling entirely into read_from_socket. That simplifies
      the code and gets rid of the special handling for header reads. With
      this we can also get rid of the "goto incomplete_rcv" label in the main
      demultiplex thread function since we can now treat header and non-header
      receives the same way.
      
      Also, make it return an int (since we'll never receive enough to worry
      about the sign bit anyway), and simply make it return the amount of bytes
      read or a negative error code.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      a52c1eb7
    • S
      cifs: Add data structures and functions for uid/gid to SID mapping (try #4) · 21fed0d5
      Shirish Pargaonkar 提交于
      Add data structures and functions necessary to map a uid and gid to SID.
      These functions are very similar to the ones used to map a SID to uid and gid.
      This time, instead of storing sid to id mapping sorted on a sid value,
      id to sid is stored, sorted on an id.
      A cifs upcall sends an id (uid or gid) and expects a SID structure
      in return, if mapping was done successfully.
      
      A failed id to sid mapping to EINVAL.
      
      This patchset aims to enable chown and chgrp commands when
      cifsacl mount option is specified, especially to Windows SMB servers.
      Currently we can't do that.  So now along with chmod command,
      chown and chgrp work.
      
      Winbind is used to map id to a SID.  chown and chgrp use an upcall
      to provide an id to winbind and upcall returns with corrosponding
      SID if any exists. That SID is used to build security descriptor.
      The DACL part of a security descriptor is not changed by either
      chown or chgrp functionality.
      
      cifs client maintains a separate caches for uid to SID and
      gid to SID mapping. This is similar to the one used earlier
      to map SID to id (as part of ID mapping code).
      
      I tested it by mounting shares from a Windows (2003) server by
      authenticating as two users, one at a time, as Administrator and
      as a ordinary user.
      And then attempting to change owner of a file on the share.
      
      Depending on the permissions/privileges at the server for that file,
      chown request fails to either open a file (to change the ownership)
      or to set security descriptor.
      So it all depends on privileges on the file at the server and what
      user you are authenticated as at the server, cifs client is just a
      conduit.
      
      I compared the security descriptor during chown command to that
      what smbcacls sends when it is used with -M OWNNER: option
      and they are similar.
      
      This patchset aim to enable chown and chgrp commands when
      cifsacl mount option is specified, especially to Windows SMB servers.
      Currently we can't do that.  So now along with chmod command,
      chown and chgrp work.
      
      I tested it by mounting shares from a Windows (2003) server by
      authenticating as two users, one at a time, as Administrator and
      as a ordinary user.
      And then attempting to change owner of a file on the share.
      
      Depending on the permissions/privileges at the server for that file,
      chown request fails to either open a file (to change the ownership)
      or to set security descriptor.
      So it all depends on privileges on the file at the server and what
      user you are authenticated as at the server, cifs client is just a
      conduit.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      21fed0d5
    • S
      Typo in cifs readme in name of module parm directory · 20c3a200
      Steve French 提交于
      Suresh had a typo in his recent patch adding information on
      the new oplock_endabled parm. Should be documented as in
      directory /sys/module/cifs/parameters not /proc/module/cifs/parameters
      Signed-off-by: NSteve French <smfrench@gmail.com>
      20c3a200
    • S
      cifs: clean up unused encryption code · d0261686
      Shirish Pargaonkar 提交于
      Remove unsed  #if 0 encryption code.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      d0261686
    • S
      cifs: Add mount options for backup intent (try #6) · 3d3ea8e6
      Shirish Pargaonkar 提交于
      Add mount options backupuid and backugid.
      
      It allows an authenticated user to access files with the intent to back them
      up including their ACLs, who may not have access permission but has
      "Backup files and directories user right" on them (by virtue of being part
      of the built-in group Backup Operators.
      
      When mount options backupuid is specified, cifs client restricts the
      use of backup intents to the user whose effective user id is specified
      along with the mount option.
      
      When mount options backupgid is specified, cifs client restricts the
      use of backup intents to the users whose effective user id belongs to the
      group id specified along with the mount option.
      
      If an authenticated user is not part of the built-in group Backup Operators
      at the server, access to such files is denied, even if allowed by the client.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      3d3ea8e6
    • S
      cifs: warn about deprecation of /proc/fs/cifs/OplockEnabled interface · 8bc4392a
      Suresh Jayaraman 提交于
      The plan is to deprecate this interface by kernel version 3.4.
      
      Changes since v1
         - add a '\n' to the printk.
      Reported-by: NAlexander Swen <alex@swen.nu>
      Cc: Jeff Layton <jlayton@redhat.com>
      Signed-off-by: NSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      8bc4392a
    • S
      cifs: update README about the kernel module parameters · c9c4708f
      Suresh Jayaraman 提交于
      Reported-by: NAlexander Swen <alex@swen.nu>
      Cc: Jeff Layton <jlayton@redhat.com>
      Signed-off-by: NSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      c9c4708f
    • S
      add new module parameter 'enable_oplocks' · e7504734
      Steve French 提交于
      Thus spake Jeff Layton:
      
      "Making that a module parm would allow you to set that parameter at boot
      time without needing to add special startup scripts. IMO, all of the
      procfile "switches" under /proc/fs/cifs should be module parms
      instead."
      
      This patch doesn't alter the default behavior (Oplocks are enabled by
      default).
      
      To disable oplocks when loading the module, use
      
         modprobe cifs enable_oplocks=0
      
      (any of '0' or 'n' or 'N' conventions can be used).
      
      To disable oplocks at runtime using the new interface, use
      
         echo 0 > /sys/module/cifs/parameters/enable_oplocks
      
      The older /proc/fs/cifs/OplockEnabled interface will be deprecated
      after two releases. A subsequent patch will add an warning message
      about this deprecation.
      
      Changes since v2:
         - make enable_oplocks a 'bool'
      
      Changes since v1:
         - eliminate the use of extra variable by renaming the old one to
           enable_oplocks and make it an 'int' type.
      Reported-by: NAlexander Swen <alex@swen.nu>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      e7504734