I did a review early this month and Shirish seems to have incorporated the
feedback so I plan to rereview the kernel part of the patchset after
the ntlmv2 and FindFirst patches are done/tested/merged
On Thu, Aug 25, 2011 at 12:54 PM, Jeff Layton <jlayton@xxxxxxxxx> wrote:
> On Thu, 25 Aug 2011 06:44:29 -0500
> Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote:
>
>> On Tue, Aug 9, 2011 at 2:31 PM, <shirishpargaonkar@xxxxxxxxx> wrote:
>> > From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
>> >
>> >
>> > Add functions to map a uid and gid to a SID. These functions are
>> > similar to SID to uid and gid mapping functions.
>> > A SID is what is returned to the cifs module.
>> >
>> >
>> > Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
>> > ---
>> > cifs.idmap.c | 37 +++++++++++++++++++++++++++++++++++++
>> > 1 files changed, 37 insertions(+), 0 deletions(-)
>> >
>> > diff --git a/cifs.idmap.c b/cifs.idmap.c
>> > index 56edb58..80802d7 100644
>> > --- a/cifs.idmap.c
>> > +++ b/cifs.idmap.c
>> > @@ -134,6 +134,43 @@ cifs_idmap(const key_serial_t key, const char *key_descr)
>> > goto cifs_idmap_ret;
>> > }
>> >
>> > + sidstr = strget(key_descr, "oi:");
>> > + if (sidstr) {
>> > + uid = atoi(sidstr);
>> > + syslog(LOG_DEBUG, "SID: %s, uid: %d", sidstr, uid);
>> > + rc = wbcUidToSid(uid, &sid);
>> > + if (rc)
>> > + syslog(LOG_DEBUG, "uid %d to SID error: %d", uid, rc);
>> > + if (!rc) { /* SID has been mapped to a uid */
>> > + rc = keyctl_instantiate(key, &sid,
>> > + sizeof(struct wbcDomainSid), 0);
>> > + if (rc)
>> > + syslog(LOG_ERR, "%s: key inst: %s",
>> > + __func__, strerror(errno));
>> > + }
>> > +
>> > + goto cifs_idmap_ret;
>> > + }
>> > +
>> > + sidstr = strget(key_descr, "gi:");
>> > + if (sidstr) {
>> > + gid = atoi(sidstr);
>> > + syslog(LOG_DEBUG, "SID: %s, gid: %d", sidstr, gid);
>> > + rc = wbcGidToSid(gid, &sid);
>> > + if (rc)
>> > + syslog(LOG_DEBUG, "gid %d to SID error: %d", gid, rc);
>> > + if (!rc) { /* SID has been mapped to a gid */
>> > + rc = keyctl_instantiate(key, &sid,
>> > + sizeof(struct wbcDomainSid), 0);
>> > + if (rc)
>> > + syslog(LOG_ERR, "%s: key inst: %s",
>> > + __func__, strerror(errno));
>> > + }
>> > +
>> > + goto cifs_idmap_ret;
>> > + }
>> > +
>> > +
>> > syslog(LOG_DEBUG, "Invalid key: %s", key_descr);
>> >
>> > cifs_idmap_ret:
>> > --
>> > 1.6.0.2
>> >
>> >
>>
>> Jeff, any comments on this? I think this patch and kernel parts
>> of this patchset, should be doing similar to what is done currently
>> for server that support unix extensions.
>> A care is taken so that only the server ids can be assigned as
>> an id to change to, if an id can't be resolved, then chown/chgrp fail
>> and if an id can be resolved, the server is the one which whether
>> to apply the changed security descriptor or not.
>>
>> Regards,
>>
>> Shirish
>
> The userspace part of this looks fine. I don't have the time to review
> the kernel pieces however. If Steve plans to review and commit those,
> then I'll plan to pull the userspace patch into the next cifs-utils
> release.
>
> --
> Jeff Layton <jlayton@xxxxxxxxx>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
Thanks,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
