1. 24 Oct, 2011 4 commits
  2. 22 Oct, 2011 1 commit
  3. 21 Oct, 2011 1 commit
  4. 20 Oct, 2011 3 commits
  5. 19 Oct, 2011 16 commits
  6. 18 Oct, 2011 2 commits
  7. 17 Oct, 2011 1 commit
    • Shirish Pargaonkar's avatar
      cifs: Call id to SID mapping functions to change owner/group (try #4 repost) · a5ff3769
      Shirish Pargaonkar authored
      Now build security descriptor to change either owner or group at the
      server.  Initially security descriptor was built to change only
      (D)ACL, that functionality has been extended.
      
      When either an Owner or a Group of a file object at the server is changed,
      rest of security descriptor remains same (DACL etc.).
      
      To set security descriptor, it is necessary to open that file
      with permission bits of either WRITE_DAC if DACL is being modified or
      WRITE_OWNER (Take Ownership) if Owner or Group is being changed.
      
      It is the server that decides whether a set security descriptor with
      either owner or group change succeeds or not.
      Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      a5ff3769
  8. 14 Oct, 2011 1 commit
  9. 13 Oct, 2011 11 commits
    • Jeff Layton's avatar
      cifs: clean up check_rfc1002_header · fe11e4cc
      Jeff Layton authored
      Rename it for better clarity as to what it does and have the caller pass
      in just the single type byte. Turn the if statement into a switch and
      optimize it by placing the most common message type at the top. Move the
      header length check back into cifs_demultiplex_thread in preparation
      for adding a new receive phase and normalize the cFYI messages.
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      fe11e4cc
    • Pavel Shilovsky's avatar
      CIFS: Simplify byte range locking code · 03776f45
      Pavel Shilovsky authored
      Split cifs_lock into several functions and let CIFSSMBLock get pid
      as an argument.
      Signed-off-by: default avatarPavel Shilovsky <piastry@etersoft.ru>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      03776f45
    • Pavel Shilovsky's avatar
      CIFS: Fix incorrect max RFC1002 write size value · 94443f43
      Pavel Shilovsky authored
      ..the length field has only 17 bits.
      
      Cc: <stable@kernel.org>
      Acked-by: default avatarJeff Layton <jlayton@samba.org>
      Signed-off-by: default avatarPavel Shilovsky <piastry@etersoft.ru>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      94443f43
    • Jeff Layton's avatar
      cifs: simplify read_from_socket · a52c1eb7
      Jeff Layton authored
      Move the iovec handling entirely into read_from_socket. That simplifies
      the code and gets rid of the special handling for header reads. With
      this we can also get rid of the "goto incomplete_rcv" label in the main
      demultiplex thread function since we can now treat header and non-header
      receives the same way.
      
      Also, make it return an int (since we'll never receive enough to worry
      about the sign bit anyway), and simply make it return the amount of bytes
      read or a negative error code.
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      a52c1eb7
    • Shirish Pargaonkar's avatar
      cifs: Add data structures and functions for uid/gid to SID mapping (try #4) · 21fed0d5
      Shirish Pargaonkar authored
      Add data structures and functions necessary to map a uid and gid to SID.
      These functions are very similar to the ones used to map a SID to uid and gid.
      This time, instead of storing sid to id mapping sorted on a sid value,
      id to sid is stored, sorted on an id.
      A cifs upcall sends an id (uid or gid) and expects a SID structure
      in return, if mapping was done successfully.
      
      A failed id to sid mapping to EINVAL.
      
      This patchset aims to enable chown and chgrp commands when
      cifsacl mount option is specified, especially to Windows SMB servers.
      Currently we can't do that.  So now along with chmod command,
      chown and chgrp work.
      
      Winbind is used to map id to a SID.  chown and chgrp use an upcall
      to provide an id to winbind and upcall returns with corrosponding
      SID if any exists. That SID is used to build security descriptor.
      The DACL part of a security descriptor is not changed by either
      chown or chgrp functionality.
      
      cifs client maintains a separate caches for uid to SID and
      gid to SID mapping. This is similar to the one used earlier
      to map SID to id (as part of ID mapping code).
      
      I tested it by mounting shares from a Windows (2003) server by
      authenticating as two users, one at a time, as Administrator and
      as a ordinary user.
      And then attempting to change owner of a file on the share.
      
      Depending on the permissions/privileges at the server for that file,
      chown request fails to either open a file (to change the ownership)
      or to set security descriptor.
      So it all depends on privileges on the file at the server and what
      user you are authenticated as at the server, cifs client is just a
      conduit.
      
      I compared the security descriptor during chown command to that
      what smbcacls sends when it is used with -M OWNNER: option
      and they are similar.
      
      This patchset aim to enable chown and chgrp commands when
      cifsacl mount option is specified, especially to Windows SMB servers.
      Currently we can't do that.  So now along with chmod command,
      chown and chgrp work.
      
      I tested it by mounting shares from a Windows (2003) server by
      authenticating as two users, one at a time, as Administrator and
      as a ordinary user.
      And then attempting to change owner of a file on the share.
      
      Depending on the permissions/privileges at the server for that file,
      chown request fails to either open a file (to change the ownership)
      or to set security descriptor.
      So it all depends on privileges on the file at the server and what
      user you are authenticated as at the server, cifs client is just a
      conduit.
      Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      21fed0d5
    • Steve French's avatar
      Typo in cifs readme in name of module parm directory · 20c3a200
      Steve French authored
      Suresh had a typo in his recent patch adding information on
      the new oplock_endabled parm. Should be documented as in
      directory /sys/module/cifs/parameters not /proc/module/cifs/parameters
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      20c3a200
    • Shirish Pargaonkar's avatar
      cifs: clean up unused encryption code · d0261686
      Shirish Pargaonkar authored
      Remove unsed  #if 0 encryption code.
      Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      d0261686
    • Shirish Pargaonkar's avatar
      cifs: Add mount options for backup intent (try #6) · 3d3ea8e6
      Shirish Pargaonkar authored
      Add mount options backupuid and backugid.
      
      It allows an authenticated user to access files with the intent to back them
      up including their ACLs, who may not have access permission but has
      "Backup files and directories user right" on them (by virtue of being part
      of the built-in group Backup Operators.
      
      When mount options backupuid is specified, cifs client restricts the
      use of backup intents to the user whose effective user id is specified
      along with the mount option.
      
      When mount options backupgid is specified, cifs client restricts the
      use of backup intents to the users whose effective user id belongs to the
      group id specified along with the mount option.
      
      If an authenticated user is not part of the built-in group Backup Operators
      at the server, access to such files is denied, even if allowed by the client.
      Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      3d3ea8e6
    • Suresh Jayaraman's avatar
      cifs: warn about deprecation of /proc/fs/cifs/OplockEnabled interface · 8bc4392a
      Suresh Jayaraman authored
      The plan is to deprecate this interface by kernel version 3.4.
      
      Changes since v1
         - add a '\n' to the printk.
      Reported-by: default avatarAlexander Swen <alex@swen.nu>
      Cc: Jeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      8bc4392a
    • Suresh Jayaraman's avatar
      cifs: update README about the kernel module parameters · c9c4708f
      Suresh Jayaraman authored
      Reported-by: default avatarAlexander Swen <alex@swen.nu>
      Cc: Jeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      c9c4708f
    • Steve French's avatar
      add new module parameter 'enable_oplocks' · e7504734
      Steve French authored
      Thus spake Jeff Layton:
      
      "Making that a module parm would allow you to set that parameter at boot
      time without needing to add special startup scripts. IMO, all of the
      procfile "switches" under /proc/fs/cifs should be module parms
      instead."
      
      This patch doesn't alter the default behavior (Oplocks are enabled by
      default).
      
      To disable oplocks when loading the module, use
      
         modprobe cifs enable_oplocks=0
      
      (any of '0' or 'n' or 'N' conventions can be used).
      
      To disable oplocks at runtime using the new interface, use
      
         echo 0 > /sys/module/cifs/parameters/enable_oplocks
      
      The older /proc/fs/cifs/OplockEnabled interface will be deprecated
      after two releases. A subsequent patch will add an warning message
      about this deprecation.
      
      Changes since v2:
         - make enable_oplocks a 'bool'
      
      Changes since v1:
         - eliminate the use of extra variable by renaming the old one to
           enable_oplocks and make it an 'int' type.
      Reported-by: default avatarAlexander Swen <alex@swen.nu>
      Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      e7504734