|
@ -1,189 +0,0 @@ |
|
|
From f408c6c45013c80d62ed4b793ee79d76e4b582e0 Mon Sep 17 00:00:00 2001 |
|
|
|
|
|
From: Namjae Jeon <namjae.jeon@samsung.com> |
|
|
|
|
|
Date: Wed, 11 Aug 2021 15:21:04 +0900 |
|
|
|
|
|
Subject: [PATCH] ksmbd: remove select FS_POSIX_ACL in Kconfig |
|
|
|
|
|
|
|
|
|
|
|
ksmbd is forcing to turn on FS_POSIX_ACL in Kconfig to use vfs acl |
|
|
|
|
|
functions(posix_acl_alloc, get_acl, set_posix_acl). OpenWRT and other |
|
|
|
|
|
platform doesn't use acl and this config is disable by default in |
|
|
|
|
|
kernel. This patch use IS_ENABLED() to know acl config is enable and use |
|
|
|
|
|
acl function if it is enable. |
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> |
|
|
|
|
|
---
|
|
|
|
|
|
Kconfig | 1 - |
|
|
|
|
|
smb2pdu.c | 8 +++--- |
|
|
|
|
|
smbacl.c | 80 ++++++++++++++++++++++++++++++++----------------------- |
|
|
|
|
|
vfs.c | 9 +++++++ |
|
|
|
|
|
4 files changed, 60 insertions(+), 38 deletions(-) |
|
|
|
|
|
|
|
|
|
|
|
--- a/Kconfig
|
|
|
|
|
|
+++ b/Kconfig
|
|
|
|
|
|
@@ -19,7 +19,6 @@ config SMB_SERVER
|
|
|
|
|
|
select CRYPTO_GCM |
|
|
|
|
|
select ASN1 |
|
|
|
|
|
select OID_REGISTRY |
|
|
|
|
|
- select FS_POSIX_ACL
|
|
|
|
|
|
default n |
|
|
|
|
|
help |
|
|
|
|
|
Choose Y here if you want to allow SMB3 compliant clients |
|
|
|
|
|
--- a/smb2pdu.c
|
|
|
|
|
|
+++ b/smb2pdu.c
|
|
|
|
|
|
@@ -2387,9 +2387,11 @@ static void ksmbd_acls_fattr(struct smb_
|
|
|
|
|
|
fattr->cf_mode = inode->i_mode; |
|
|
|
|
|
fattr->cf_dacls = NULL; |
|
|
|
|
|
|
|
|
|
|
|
- fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS);
|
|
|
|
|
|
- if (S_ISDIR(inode->i_mode))
|
|
|
|
|
|
- fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT);
|
|
|
|
|
|
+ if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
|
|
|
|
|
|
+ fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS);
|
|
|
|
|
|
+ if (S_ISDIR(inode->i_mode))
|
|
|
|
|
|
+ fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT);
|
|
|
|
|
|
+ }
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
--- a/smbacl.c
|
|
|
|
|
|
+++ b/smbacl.c
|
|
|
|
|
|
@@ -533,22 +533,29 @@ static void parse_dacl(struct user_names
|
|
|
|
|
|
|
|
|
|
|
|
if (acl_state.users->n || acl_state.groups->n) { |
|
|
|
|
|
acl_state.mask.allow = 0x07; |
|
|
|
|
|
- fattr->cf_acls = posix_acl_alloc(acl_state.users->n +
|
|
|
|
|
|
- acl_state.groups->n + 4, GFP_KERNEL);
|
|
|
|
|
|
- if (fattr->cf_acls) {
|
|
|
|
|
|
- cf_pace = fattr->cf_acls->a_entries;
|
|
|
|
|
|
- posix_state_to_acl(&acl_state, cf_pace);
|
|
|
|
|
|
+
|
|
|
|
|
|
+ if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
|
|
|
|
|
|
+ fattr->cf_acls =
|
|
|
|
|
|
+ posix_acl_alloc(acl_state.users->n +
|
|
|
|
|
|
+ acl_state.groups->n + 4, GFP_KERNEL);
|
|
|
|
|
|
+ if (fattr->cf_acls) {
|
|
|
|
|
|
+ cf_pace = fattr->cf_acls->a_entries;
|
|
|
|
|
|
+ posix_state_to_acl(&acl_state, cf_pace);
|
|
|
|
|
|
+ }
|
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (default_acl_state.users->n || default_acl_state.groups->n) { |
|
|
|
|
|
default_acl_state.mask.allow = 0x07; |
|
|
|
|
|
- fattr->cf_dacls =
|
|
|
|
|
|
- posix_acl_alloc(default_acl_state.users->n +
|
|
|
|
|
|
- default_acl_state.groups->n + 4, GFP_KERNEL);
|
|
|
|
|
|
- if (fattr->cf_dacls) {
|
|
|
|
|
|
- cf_pdace = fattr->cf_dacls->a_entries;
|
|
|
|
|
|
- posix_state_to_acl(&default_acl_state, cf_pdace);
|
|
|
|
|
|
+
|
|
|
|
|
|
+ if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
|
|
|
|
|
|
+ fattr->cf_dacls =
|
|
|
|
|
|
+ posix_acl_alloc(default_acl_state.users->n +
|
|
|
|
|
|
+ default_acl_state.groups->n + 4, GFP_KERNEL);
|
|
|
|
|
|
+ if (fattr->cf_dacls) {
|
|
|
|
|
|
+ cf_pdace = fattr->cf_dacls->a_entries;
|
|
|
|
|
|
+ posix_state_to_acl(&default_acl_state, cf_pdace);
|
|
|
|
|
|
+ }
|
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
free_acl_state(&acl_state); |
|
|
|
|
|
@@ -1221,31 +1228,36 @@ int smb_check_perm_dacl(struct ksmbd_con
|
|
|
|
|
|
granted = GENERIC_ALL_FLAGS; |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
- posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS);
|
|
|
|
|
|
- if (posix_acls && !found) {
|
|
|
|
|
|
- unsigned int id = -1;
|
|
|
|
|
|
-
|
|
|
|
|
|
- pa_entry = posix_acls->a_entries;
|
|
|
|
|
|
- for (i = 0; i < posix_acls->a_count; i++, pa_entry++) {
|
|
|
|
|
|
- if (pa_entry->e_tag == ACL_USER)
|
|
|
|
|
|
- id = from_kuid(user_ns,
|
|
|
|
|
|
- pa_entry->e_uid);
|
|
|
|
|
|
- else if (pa_entry->e_tag == ACL_GROUP)
|
|
|
|
|
|
- id = from_kgid(user_ns,
|
|
|
|
|
|
- pa_entry->e_gid);
|
|
|
|
|
|
- else
|
|
|
|
|
|
- continue;
|
|
|
|
|
|
-
|
|
|
|
|
|
- if (id == uid) {
|
|
|
|
|
|
- mode_to_access_flags(pa_entry->e_perm, 0777, &access_bits);
|
|
|
|
|
|
- if (!access_bits)
|
|
|
|
|
|
- access_bits = SET_MINIMUM_RIGHTS;
|
|
|
|
|
|
- goto check_access_bits;
|
|
|
|
|
|
+ if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
|
|
|
|
|
|
+ posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS);
|
|
|
|
|
|
+ if (posix_acls && !found) {
|
|
|
|
|
|
+ unsigned int id = -1;
|
|
|
|
|
|
+
|
|
|
|
|
|
+ pa_entry = posix_acls->a_entries;
|
|
|
|
|
|
+ for (i = 0; i < posix_acls->a_count; i++, pa_entry++) {
|
|
|
|
|
|
+ if (pa_entry->e_tag == ACL_USER)
|
|
|
|
|
|
+ id = from_kuid(user_ns,
|
|
|
|
|
|
+ pa_entry->e_uid);
|
|
|
|
|
|
+ else if (pa_entry->e_tag == ACL_GROUP)
|
|
|
|
|
|
+ id = from_kgid(user_ns,
|
|
|
|
|
|
+ pa_entry->e_gid);
|
|
|
|
|
|
+ else
|
|
|
|
|
|
+ continue;
|
|
|
|
|
|
+
|
|
|
|
|
|
+ if (id == uid) {
|
|
|
|
|
|
+ mode_to_access_flags(pa_entry->e_perm,
|
|
|
|
|
|
+ 0777,
|
|
|
|
|
|
+ &access_bits);
|
|
|
|
|
|
+ if (!access_bits)
|
|
|
|
|
|
+ access_bits =
|
|
|
|
|
|
+ SET_MINIMUM_RIGHTS;
|
|
|
|
|
|
+ goto check_access_bits;
|
|
|
|
|
|
+ }
|
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
+ if (posix_acls)
|
|
|
|
|
|
+ posix_acl_release(posix_acls);
|
|
|
|
|
|
} |
|
|
|
|
|
- if (posix_acls)
|
|
|
|
|
|
- posix_acl_release(posix_acls);
|
|
|
|
|
|
|
|
|
|
|
|
if (!found) { |
|
|
|
|
|
if (others_ace) { |
|
|
|
|
|
@@ -1308,7 +1320,7 @@ int set_info_sec(struct ksmbd_conn *conn
|
|
|
|
|
|
|
|
|
|
|
|
ksmbd_vfs_remove_acl_xattrs(user_ns, path->dentry); |
|
|
|
|
|
/* Update posix acls */ |
|
|
|
|
|
- if (fattr.cf_dacls) {
|
|
|
|
|
|
+ if (IS_ENABLED(CONFIG_FS_POSIX_ACL) && fattr.cf_dacls) {
|
|
|
|
|
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0) |
|
|
|
|
|
rc = set_posix_acl(user_ns, inode, |
|
|
|
|
|
ACL_TYPE_ACCESS, |
|
|
|
|
|
--- a/vfs.c
|
|
|
|
|
|
+++ b/vfs.c
|
|
|
|
|
|
@@ -1508,6 +1508,9 @@ static struct xattr_smb_acl *ksmbd_vfs_m
|
|
|
|
|
|
struct xattr_acl_entry *xa_entry; |
|
|
|
|
|
int i; |
|
|
|
|
|
|
|
|
|
|
|
+ if (!IS_ENABLED(CONFIG_FS_POSIX_ACL))
|
|
|
|
|
|
+ return NULL;
|
|
|
|
|
|
+
|
|
|
|
|
|
posix_acls = get_acl(inode, acl_type); |
|
|
|
|
|
if (!posix_acls) |
|
|
|
|
|
return NULL; |
|
|
|
|
|
@@ -2322,6 +2325,9 @@ int ksmbd_vfs_set_init_posix_acl(struct
|
|
|
|
|
|
struct posix_acl *acls; |
|
|
|
|
|
int rc; |
|
|
|
|
|
|
|
|
|
|
|
+ if (!IS_ENABLED(CONFIG_FS_POSIX_ACL))
|
|
|
|
|
|
+ return -EOPNOTSUPP;
|
|
|
|
|
|
+
|
|
|
|
|
|
ksmbd_debug(SMB, "Set posix acls\n"); |
|
|
|
|
|
rc = init_acl_state(&acl_state, 1); |
|
|
|
|
|
if (rc) |
|
|
|
|
|
@@ -2377,6 +2383,9 @@ int ksmbd_vfs_inherit_posix_acl(struct u
|
|
|
|
|
|
struct posix_acl_entry *pace; |
|
|
|
|
|
int rc, i; |
|
|
|
|
|
|
|
|
|
|
|
+ if (!IS_ENABLED(CONFIG_FS_POSIX_ACL))
|
|
|
|
|
|
+ return -EOPNOTSUPP;
|
|
|
|
|
|
+
|
|
|
|
|
|
acls = get_acl(parent_inode, ACL_TYPE_DEFAULT); |
|
|
|
|
|
if (!acls) |
|
|
|
|
|
return -ENOENT; |
|
|
|