From: Jeff Layton <jlayton@redhat.com> Subject: Re: [RHEL5.1 PATCH] make CIFS respect umask when unix extensions are enabled Date: Mon, 30 Jul 2007 20:10:09 -0400 Bugzilla: 246667 Message-Id: <20070730201009.02580a1e.jlayton@redhat.com> Changelog: [CIFS] respect umask when unix extensions are enabled > On Thu, Jul 05, 2007 at 10:07:10AM -0400, Jeff Layton wrote: > > Late breaking CIFS patch... > > > > Currently, when unix extensions are enabled for a mount, CIFS does not > > respect the umask at all. The following patch corrects this. > > > > I tested this myself and verified that it corrects the issue. My hope is > > to get this into 5.1 since it likely has security implications. > diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c index 7be188c..0037dea 100644 --- a/fs/cifs/dir.c +++ b/fs/cifs/dir.c @@ -226,7 +226,8 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode) /* If Open reported that we actually created a file then we now have to set the mode if possible */ if ((cifs_sb->tcon->ses->capabilities & CAP_UNIX) && - (oplock & CIFS_CREATE_ACTION)) + (oplock & CIFS_CREATE_ACTION)) { + mode &= ~current->fs->umask; if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { CIFSSMBUnixSetPerms(xid, pTcon, full_path, mode, (__u64)current->fsuid, @@ -244,7 +245,7 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode) cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR); } - else { + } else { /* BB implement mode setting via Windows security descriptors */ /* eg CIFSSMBWinSetPerms(xid,pTcon,full_path,mode,-1,-1,local_nls);*/ /* could set r/o dos attribute if mode & 0222 == 0 */ @@ -363,6 +364,7 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode, int devic if(full_path == NULL) rc = -ENOMEM; else if (pTcon->ses->capabilities & CAP_UNIX) { + mode &= ~current->fs->umask; if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { rc = CIFSSMBUnixSetPerms(xid, pTcon, full_path, mode,(__u64)current->fsuid,(__u64)current->fsgid, diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c index 6fe80c6..21b711c 100644 --- a/fs/cifs/inode.c +++ b/fs/cifs/inode.c @@ -782,7 +782,8 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode) d_instantiate(direntry, newinode); if (direntry->d_inode) direntry->d_inode->i_nlink = 2; - if (cifs_sb->tcon->ses->capabilities & CAP_UNIX) + if (cifs_sb->tcon->ses->capabilities & CAP_UNIX) { + mode &= ~current->fs->umask; if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { CIFSSMBUnixSetPerms(xid, pTcon, full_path, mode, @@ -800,7 +801,7 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode) cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR); } - else { + } else { /* BB to be implemented via Windows secrty descriptors eg CIFSSMBWinSetPerms(xid, pTcon, full_path, mode, -1, -1, local_nls); */ -- 1.5.2.2