From patchwork Sat Apr 17 02:05:58 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 50374 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.samba.org (fn.samba.org [216.83.154.106]) by ozlabs.org (Postfix) with ESMTP id 99D31B7D06 for ; Sat, 17 Apr 2010 12:06:32 +1000 (EST) Received: from fn.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id C31114667E; Fri, 16 Apr 2010 20:06:33 -0600 (MDT) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fn.samba.org X-Spam-Level: X-Spam-Status: No, score=-9.3 required=3.8 tests=AWL, BAYES_00, RCVD_IN_DNSWL_HI, SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.2.5 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by lists.samba.org (Postfix) with ESMTP id B62A346591 for ; Fri, 16 Apr 2010 20:06:11 -0600 (MDT) Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o3H267lv001118 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 16 Apr 2010 22:06:08 -0400 Received: from localhost.localdomain (vpn-9-156.rdu.redhat.com [10.11.9.156]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o3H25wfl015547; Fri, 16 Apr 2010 22:06:06 -0400 From: Jeff Layton To: sfrench@gmail.com Date: Fri, 16 Apr 2010 22:05:58 -0400 Message-Id: <1271469958-4894-12-git-send-email-jlayton@redhat.com> In-Reply-To: <1271469958-4894-1-git-send-email-jlayton@redhat.com> References: <1271469958-4894-1-git-send-email-jlayton@redhat.com> X-Scanned-By: MIMEDefang 2.67 on 10.5.11.12 Cc: linux-cifs-client@lists.samba.org Subject: [linux-cifs-client] [PATCH 11/11] cifs: add separate cred_uid field to sesInfo X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: linux-cifs-client-bounces@lists.samba.org Errors-To: linux-cifs-client-bounces@lists.samba.org First, do a little cleanup -- remove the unused cifsUidInfo struct. Right now, there's no clear separation between the uid that owns the credentials used to do the mount and the overriding owner of the files on that mount. Add a separate cred_uid field that is set to the real uid of the mount user. Unlike the linux_uid, the uid= option does not override this parameter. The parm is sent to cifs.upcall, which can then preferentially use the creduid= parm instead of the uid= parm for finding credentials. Note that I'm not 100% sure if this is the best way to handle this. Should we instead consider a module parameter that governs what uid= value gets sent in the upcall? We could consider setting it so that the current behavior is default for now, and change the default at some predetermined point in the future. Cc: Harald Milz Signed-off-by: Jeff Layton --- fs/cifs/cifs_spnego.c | 3 +++ fs/cifs/cifsglob.h | 19 ++----------------- fs/cifs/connect.c | 7 +++++-- 3 files changed, 10 insertions(+), 19 deletions(-) diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c index 683d8b2..e938933 100644 --- a/fs/cifs/cifs_spnego.c +++ b/fs/cifs/cifs_spnego.c @@ -144,6 +144,9 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo) sprintf(dp, ";uid=0x%x", sesInfo->linux_uid); dp = description + strlen(description); + sprintf(dp, ";creduid=0x%x", sesInfo->cred_uid); + + dp = description + strlen(description); sprintf(dp, ";user=%s", sesInfo->userName); dp = description + strlen(description); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index eae6033..4f24590 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -194,28 +194,12 @@ struct TCP_Server_Info { }; /* - * The following is our shortcut to user information. We surface the uid, - * and name. We always get the password on the fly in case it - * has changed. We also hang a list of sessions owned by this user off here. - */ -struct cifsUidInfo { - struct list_head userList; - struct list_head sessionList; /* SMB sessions for this user */ - uid_t linux_uid; - char user[MAX_USERNAME_SIZE + 1]; /* ascii name of user */ - /* BB may need ptr or callback for PAM or WinBind info */ -}; - -/* * Session structure. One of these for each uid session with a particular host */ struct cifsSesInfo { struct list_head smb_ses_list; struct list_head tcon_list; struct mutex session_mutex; -#if 0 - struct cifsUidInfo *uidInfo; /* pointer to user info */ -#endif struct TCP_Server_Info *server; /* pointer to server info */ int ses_count; /* reference counter */ enum statusEnum status; @@ -227,7 +211,8 @@ struct cifsSesInfo { char *serverNOS; /* name of network operating system of server */ char *serverDomain; /* security realm of server */ int Suid; /* remote smb uid */ - uid_t linux_uid; /* local Linux uid */ + uid_t linux_uid; /* value of uid= option, or real uid at mount */ + uid_t cred_uid; /* owner of credentials */ int capabilities; char serverName[SERVER_NAME_LEN_WITH_NULL * 2]; /* BB make bigger for TCP names - will ipv6 and sctp addresses fit? */ diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 74a7663..1a9650d 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -66,6 +66,7 @@ struct smb_vol { char *iocharset; /* local code page for mapping to and from Unicode */ char source_rfc1001_name[16]; /* netbios name of client */ char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */ + uid_t cred_uid; uid_t linux_uid; gid_t linux_gid; mode_t file_mode; @@ -830,7 +831,8 @@ cifs_parse_mount_options(char *options, const char *devname, /* null target name indicates to use *SMBSERVR default called name if we end up sending RFC1001 session initialize */ vol->target_rfc1001_name[0] = 0; - vol->linux_uid = current_uid(); /* use current_euid() instead? */ + vol->cred_uid = current_uid(); + vol->linux_uid = current_uid(); vol->linux_gid = current_gid(); /* default to only allowing write access to owner of the mount */ @@ -1751,7 +1753,7 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol) case Kerberos: if (ses->secType != Kerberos) continue; - if (vol->linux_uid != ses->linux_uid) + if (vol->cred_uid != ses->cred_uid) continue; break; default: @@ -1867,6 +1869,7 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info) if (ses->domainName) strcpy(ses->domainName, volume_info->domainname); } + ses->cred_uid = volume_info->cred_uid; ses->linux_uid = volume_info->linux_uid; mutex_lock(&ses->session_mutex);