From: Jeff Layton <jlayton@redhat.com>
Subject: Re: [RHEL5.1 PATCH] make CIFS respect umask when unix extensions 	are enabled
Date: Mon, 30 Jul 2007 20:10:09 -0400
Bugzilla: 246667
Message-Id: <20070730201009.02580a1e.jlayton@redhat.com>
Changelog: [CIFS] respect umask when unix extensions are enabled

> On Thu, Jul 05, 2007 at 10:07:10AM -0400, Jeff Layton wrote:
> > Late breaking CIFS patch...
> > 
> > Currently, when unix extensions are enabled for a mount, CIFS does not
> > respect the umask at all. The following patch corrects this.
> > 
> > I tested this myself and verified that it corrects the issue. My hope is
> > to get this into 5.1 since it likely has security implications.
> 

diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index 7be188c..0037dea 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -226,7 +226,8 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode)
 		/* If Open reported that we actually created a file
 		then we now have to set the mode if possible */
 		if ((cifs_sb->tcon->ses->capabilities & CAP_UNIX) &&
-			(oplock & CIFS_CREATE_ACTION))
+			(oplock & CIFS_CREATE_ACTION)) {
+			mode &= ~current->fs->umask;
 			if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
 				CIFSSMBUnixSetPerms(xid, pTcon, full_path, mode,
 					(__u64)current->fsuid,
@@ -244,7 +245,7 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode)
 					cifs_sb->mnt_cifs_flags & 
 						CIFS_MOUNT_MAP_SPECIAL_CHR);
 			}
-		else {
+		} else {
 			/* BB implement mode setting via Windows security descriptors */
 			/* eg CIFSSMBWinSetPerms(xid,pTcon,full_path,mode,-1,-1,local_nls);*/
 			/* could set r/o dos attribute if mode & 0222 == 0 */
@@ -363,6 +364,7 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode, int devic
 	if(full_path == NULL)
 		rc = -ENOMEM;
 	else if (pTcon->ses->capabilities & CAP_UNIX) {
+		mode &= ~current->fs->umask;
 		if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
 			rc = CIFSSMBUnixSetPerms(xid, pTcon, full_path,
 				mode,(__u64)current->fsuid,(__u64)current->fsgid,
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index 6fe80c6..21b711c 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -782,7 +782,8 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
 		d_instantiate(direntry, newinode);
 		if (direntry->d_inode)
 			direntry->d_inode->i_nlink = 2;
-		if (cifs_sb->tcon->ses->capabilities & CAP_UNIX)
+		if (cifs_sb->tcon->ses->capabilities & CAP_UNIX) {
+			mode &= ~current->fs->umask;
 			if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
 				CIFSSMBUnixSetPerms(xid, pTcon, full_path,
 						    mode,
@@ -800,7 +801,7 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
 						    cifs_sb->mnt_cifs_flags & 
 						    CIFS_MOUNT_MAP_SPECIAL_CHR);
 			}
-		else {
+		} else {
 			/* BB to be implemented via Windows secrty descriptors
 			   eg CIFSSMBWinSetPerms(xid, pTcon, full_path, mode,
 						 -1, -1, local_nls); */
-- 
1.5.2.2