Re: [PATCH] cifs-utils: Add uid/gid to SID mapping functions (try #4)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 9, 2011 at 2:31 PM,  <shirishpargaonkar@xxxxxxxxx> wrote:
> From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
>
>
> Add functions to map a uid and gid to a SID.  These functions are
> similar to SID to uid and gid mapping functions.
> A SID is what is returned to the cifs module.
>
>
> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
> ---
>  cifs.idmap.c |   37 +++++++++++++++++++++++++++++++++++++
>  1 files changed, 37 insertions(+), 0 deletions(-)
>
> diff --git a/cifs.idmap.c b/cifs.idmap.c
> index 56edb58..80802d7 100644
> --- a/cifs.idmap.c
> +++ b/cifs.idmap.c
> @@ -134,6 +134,43 @@ cifs_idmap(const key_serial_t key, const char *key_descr)
>                goto cifs_idmap_ret;
>        }
>
> +       sidstr = strget(key_descr, "oi:");
> +       if (sidstr) {
> +               uid = atoi(sidstr);
> +               syslog(LOG_DEBUG, "SID: %s, uid: %d", sidstr, uid);
> +               rc = wbcUidToSid(uid, &sid);
> +               if (rc)
> +                       syslog(LOG_DEBUG, "uid %d to SID  error: %d", uid, rc);
> +               if (!rc) { /* SID has been mapped to a uid */
> +                       rc = keyctl_instantiate(key, &sid,
> +                                       sizeof(struct wbcDomainSid), 0);
> +                       if (rc)
> +                               syslog(LOG_ERR, "%s: key inst: %s",
> +                                       __func__, strerror(errno));
> +               }
> +
> +               goto cifs_idmap_ret;
> +       }
> +
> +       sidstr = strget(key_descr, "gi:");
> +       if (sidstr) {
> +               gid = atoi(sidstr);
> +               syslog(LOG_DEBUG, "SID: %s, gid: %d", sidstr, gid);
> +               rc = wbcGidToSid(gid, &sid);
> +               if (rc)
> +                       syslog(LOG_DEBUG, "gid %d to SID error: %d", gid, rc);
> +               if (!rc) { /* SID has been mapped to a gid */
> +                       rc = keyctl_instantiate(key, &sid,
> +                                       sizeof(struct wbcDomainSid), 0);
> +                       if (rc)
> +                               syslog(LOG_ERR, "%s: key inst: %s",
> +                                       __func__, strerror(errno));
> +               }
> +
> +               goto cifs_idmap_ret;
> +       }
> +
> +
>        syslog(LOG_DEBUG, "Invalid key: %s", key_descr);
>
>  cifs_idmap_ret:
> --
> 1.6.0.2
>
>

Jeff, any comments on this? I think this patch and kernel parts
of this patchset, should be doing similar to what is done currently
for server that support unix extensions.
A care is taken so that only the server ids can be assigned as
an id to change to, if an id can't be resolved, then chown/chgrp fail
and if an id can be resolved, the server is the one which whether
to apply the changed security descriptor or not.

Regards,

Shirish
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux