Add SMB 2 support for getting and setting SACLs

Fix passing of the additional security info via version
operations. Force new open when getting SACL and avoid
reuse of files that were previously open without
sufficient privileges to access SACLs.

Signed-off-by: Boris Protopopov <pboris@amazon.com>
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 4a1761139e00264eef0875a42a9936b1d92da665..f19274857292b5d271970a35797fd3372e8a9838 100644 (file)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -3369,9 +3369,9 @@ get_smb2_acl(struct cifs_sb_info *cifs_sb,
        struct cifs_ntsd *pntsd = NULL;
        struct cifsFileInfo *open_file = NULL;
 
-       if (inode)
+       if (inode && !(info & SACL_SECINFO))
                open_file = find_readable_file(CIFS_I(inode), true);
-       if (!open_file)
+       if (!open_file || (info & SACL_SECINFO))
                return get_smb2_acl_by_path(cifs_sb, path, pacllen, info);
 
        pntsd = get_smb2_acl_by_fid(cifs_sb, &open_file->fid, pacllen, info);

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 202d8742d149335e600220d2ca7f8b9b63498a6f..067eb44c7baa863c1e7ccd2c2f599be0b067f320 100644 (file)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -3480,8 +3480,10 @@ SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon,
 int
 SMB2_query_acl(const unsigned int xid, struct cifs_tcon *tcon,
               u64 persistent_fid, u64 volatile_fid,
-              void **data, u32 *plen, u32 additional_info)
+              void **data, u32 *plen, u32 extra_info)
 {
+       __u32 additional_info = OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO |
+                               extra_info;
        *plen = 0;
 
        return query_info(xid, tcon, persistent_fid, volatile_fid,

diff --git a/fs/cifs/xattr.c b/fs/cifs/xattr.c
index 9318a2acf4ee5812532c0e60b514d33e922f47bf..6b658a1172ef00e1ec5ff7c40435346561e3e290 100644 (file)
--- a/fs/cifs/xattr.c
+++ b/fs/cifs/xattr.c
@@ -340,21 +340,19 @@ static int cifs_xattr_get(const struct xattr_handler *handler,
                 * fetch owner, DACL, and SACL if asked for full descriptor,
                 * fetch owner and DACL otherwise
                 */
-               u32 acllen, additional_info = 0;
+               u32 acllen, extra_info;
                struct cifs_ntsd *pacl;
 
                if (pTcon->ses->server->ops->get_acl == NULL)
                        goto out; /* rc already EOPNOTSUPP */
 
                if (handler->flags == XATTR_CIFS_NTSD_FULL) {
-                       additional_info = OWNER_SECINFO | GROUP_SECINFO |
-                               DACL_SECINFO | SACL_SECINFO;
+                       extra_info = SACL_SECINFO;
                } else {
-                       additional_info = OWNER_SECINFO | GROUP_SECINFO |
-                               DACL_SECINFO;
+                       extra_info = 0;
                }
                pacl = pTcon->ses->server->ops->get_acl(cifs_sb,
-                               inode, full_path, &acllen, additional_info);
+                               inode, full_path, &acllen, extra_info);
                if (IS_ERR(pacl)) {
                        rc = PTR_ERR(pacl);
                        cifs_dbg(VFS, "%s: error %zd getting sec desc\n",