Bug 824065
Summary: | cifs: Introduce code required for cifs idmap and ACL support | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Sachin Prabhu <sprabhu> |
Component: | kernel | Assignee: | Sachin Prabhu <sprabhu> |
Status: | CLOSED ERRATA | QA Contact: | Jian Li <jiali> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.4 | CC: | bugproxy, cifs-maint, jiali, kzhang, nmurray, rwheeler, xzhou |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel-2.6.32-298.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 06:14:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 798385 |
Description
Sachin Prabhu
2012-05-22 16:34:05 UTC
Backport of the following upstream patches 2fbc2f1729e785a7b2faf9d8d60926bb1ff62af0 cifs: Use mask of ACEs for SID Everyone to calculate all three permissions user, group, and other b73b9a4ba753dfd7d304ee6ee4685b827524c533 [CIFS] Allow to set extended attribute cifs_acl (try #2) 4d79dba0e00749fa40de8ef13a9b85ce57a1603b cifs: Add idmap key and related data structures and functions (try #17 repost) 9409ae58e0759d010b347e7b19ebc90ab5d4b98f cifs: Invoke id mapping functions (try #17 repost) c4aca0c09f80ca40dbcecb2370af9594fbe9051d cifs: Change key name to cifs.idmap, misc. clean-up 383c55350fb4ab6bd08abfab82038ae0364f1f48 [CIFS] Fix endian error comparing authusers when cifsacl enabled 4f61258f6111e2afd56cf40989e5a43cba9e59c8 [CIFS] Follow on to cifsacl endian patch (__constant_cpu_to_le32 was required) e22906c564c2f9c73ee4621ef3b93fe374539f00 cifs: Do not set cifs/ntfs acl using a file handle (try #4) 21fed0d5b763b94a7d1568c27d0cce892ab8d43e cifs: Add data structures and functions for uid/gid to SID mapping (try #4) a5ff376966c079bd2f078524eff11b0c63cc2507 cifs: Call id to SID mapping functions to change owner/group (try #4 repost) 7250170c9ed00f3b74b11b98afefab45020672dd cifs: integer overflow in parse_dacl() b0f8ef202ec7f07ba9bd93150d54ef4327851422 cifs: possible memory leak in xattr. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. windows acl and xattr test are needed. Patch(es) available on kernel-2.6.32-298.el6 *** Bug 822596 has been marked as a duplicate of this bug. *** Hi sachin, In my test, {s,g}etcifsacl works well, bug chown failed. [root@dhcp-8-128 test]# chown "TEST\Administrator" test chown: changing ownership of `test': Input/output error With tshark, the last two smb packet are: SET_PATH_INFO, smb server return STATUS_SUCCESS. wireshark seems not able to parse these two packets. Please give some suggestions. ------- Comment From shirishp.com 2013-01-24 12:33 EDT------- (In reply to comment #12) > Hi sachin, > > In my test, {s,g}etcifsacl works well, bug chown failed. > > [root@dhcp-8-128 test]# chown "TEST\Administrator" test > chown: changing ownership of `test': Input/output error > > With tshark, the last two smb packet are: SET_PATH_INFO, smb server return > STATUS_SUCCESS. > > wireshark seems not able to parse these two packets. > > Please give some suggestions. IMO, chown error/bug should be treated separately and not part of this feature request. Jian/Sirish, I checked with the latest rawhide kernels and we get the same error message. The problem stems from the fact that the cifs client attemts to do a NT_SET_SECURITY TRANS command which fails with a STATUS_INVALID_OWNER. This is mapped to EIO which returns the invalid IO error. When attempting to perform the same command when logged in as a user who is allowed to change ownership, we do not get any errors and the ownership for the file is accordingly changed. The changes will have to be first made upstream before we backport it to RHEL 6. I agree with Sirish and recommend that we open a new bz for the chown problem and treat this bz only for get/set cifs acl. Sachin Prabhu Test details: (add, modify, delete replace ACEs) [root@hp-xw4600-01 test]# ls -l total 1 -rwx------. 1 root RHTS-ENG-NAY+domain users 48 Jan 24 03:11 desktop.ini ----------. 1 RHTS-ENG-NAY+root RHTS-ENG-NAY+domain users 4 Jan 28 02:13 test drwx------. 1 RHTS-ENG-NAY+administrator RHTS-ENG-NAY+domain users 0 Jan 24 02:43 testdir [root@hp-xw4600-01 test]# grep "/mnt/test" /proc/mounts //ibm-x3250m4-03/cifs/ /mnt/test cifs rw,relatime,sec=ntlmi,cache=loose,unc=\\ibm-x3250m4-03\cifs,username=administrator,uid= 0,noforceuid,gid=0,noforcegid,addr=10.66.86.144,file_mode=0755,dir_mode=0755,nounix,serverino,cifsacl,rsize=16384,wsize=16408 ,actimeo=1 0 0 [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8404 OWNER:RHTS-ENG-NAY\root GROUP:RHTS-ENG-NAY\Domain Users ACL:RHTS-ENG-NAY\Administrator:ALLOWED/I/FULL ACL:NT AUTHORITY\SYSTEM:ALLOWED/I/FULL ACL:BUILTIN\Administrators:ALLOWED/I/FULL ACL:BUILTIN\Users:ALLOWED/I/READ [root@hp-xw4600-01 test]# getcifsacl testdir REVISION:0x1 CONTROL:0x8404 OWNER:RHTS-ENG-NAY\Administrator GROUP:RHTS-ENG-NAY\Domain Users ACL:NT AUTHORITY\SYSTEM:ALLOWED/OI|CI/FULL ACL:BUILTIN\Administrators:ALLOWED/OI|CI/FULL ACL:BUILTIN\Users:ALLOWED/OI|CI/READ ACL:BUILTIN\Users:ALLOWED/CI/0x4 ACL:BUILTIN\Users:ALLOWED/CI/0x2 ACL:BUILTIN\Administrators:ALLOWED/0x0/FULL ACL:RHTS-ENG-NAY\Administrator:ALLOWED/I/FULL ACL:CREATOR OWNER:ALLOWED/OI|CI|IO|I/FULL ACL:RHTS-ENG-NAY\Administrator:ALLOWED/OI|CI|IO|I/FULL ACL:NT AUTHORITY\SYSTEM:ALLOWED/OI|CI|I/FULL ACL:BUILTIN\Administrators:ALLOWED/OI|CI|I/FULL ACL:BUILTIN\Users:ALLOWED/OI|CI|I/READ ACL:BUILTIN\Users:ALLOWED/CI|I/0x4 ACL:BUILTIN\Users:ALLOWED/CI|I/0x2 ACL:CREATOR OWNER:ALLOWED/OI|CI|IO|I/ [root@hp-xw4600-01 test]# setcifsacl -a "ACL:RHTS-ENG-NAY\root:ALLOWED/I/FULL" test [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8004 OWNER:RHTS-ENG-NAY\root GROUP:RHTS-ENG-NAY\Domain Users ACL:RHTS-ENG-NAY\Administrator:ALLOWED/I/FULL ACL:NT AUTHORITY\SYSTEM:ALLOWED/I/FULL ACL:BUILTIN\Administrators:ALLOWED/I/FULL ACL:BUILTIN\Users:ALLOWED/I/READ ACL:RHTS-ENG-NAY\root:ALLOWED/I/FULL [root@hp-xw4600-01 test]# setcifsacl -D "ACL:RHTS-ENG-NAY\root:ALLOWED/I/FULL" test [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8004 OWNER:RHTS-ENG-NAY\root GROUP:RHTS-ENG-NAY\Domain Users ACL:RHTS-ENG-NAY\Administrator:ALLOWED/I/FULL ACL:NT AUTHORITY\SYSTEM:ALLOWED/I/FULL ACL:BUILTIN\Administrators:ALLOWED/I/FULL ACL:BUILTIN\Users:ALLOWED/I/READ [root@hp-xw4600-01 test]# setcifsacl -M "ACL:RHTS-ENG-NAY\root:ALLOWED/I/READ" test [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8004 OWNER:RHTS-ENG-NAY\root GROUP:RHTS-ENG-NAY\Domain Users ACL:RHTS-ENG-NAY\Administrator:ALLOWED/I/FULL ACL:NT AUTHORITY\SYSTEM:ALLOWED/I/FULL ACL:BUILTIN\Administrators:ALLOWED/I/FULL ACL:BUILTIN\Users:ALLOWED/I/READ ACL:RHTS-ENG-NAY\root:ALLOWED/I/READ [root@hp-xw4600-01 test]# setcifsacl -S "ACL:RHTS-ENG-NAY\Administrator:ALLOWED/I/FULL" test [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8004 OWNER:RHTS-ENG-NAY\administrator GROUP:RHTS-ENG-NAY\Domain Users ACL:RHTS-ENG-NAY\administrator:ALLOWED/I/FULL Test detail about id/sid translation: [root@hp-xw4600-01 test]# chmod 755 test [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8004 OWNER:RHTS-ENG-NAY\Administrator GROUP:RHTS-ENG-NAY\Domain Users ACL:RHTS-ENG-NAY\Administrator:ALLOWED/0x0/FULL ACL:RHTS-ENG-NAY\Domain Users:ALLOWED/0x0/0x1f01b9 ACL:Everyone:ALLOWED/0x0/0x1f01b9 [root@hp-xw4600-01 test]# chmod 700 test [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8004 OWNER:RHTS-ENG-NAY\Administrator GROUP:RHTS-ENG-NAY\Domain Users ACL:RHTS-ENG-NAY\Administrator:ALLOWED/0x0/FULL ACL:RHTS-ENG-NAY\Domain Users:ALLOWED/0x0/0x120088 ACL:Everyone:ALLOWED/0x0/0x120088 [root@hp-xw4600-01 test]# chmod 755 test [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8004 OWNER:RHTS-ENG-NAY\Administrator GROUP:RHTS-ENG-NAY\Domain Users ACL:RHTS-ENG-NAY\Administrator:ALLOWED/0x0/FULL ACL:RHTS-ENG-NAY\Domain Users:ALLOWED/0x0/0x1f01b9 ACL:Everyone:ALLOWED/0x0/0x1f01b9 [root@hp-xw4600-01 test]# chown RHTS-ENG-NAY+root test [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8004 OWNER:RHTS-ENG-NAY\root GROUP:RHTS-ENG-NAY\Domain Users ACL:RHTS-ENG-NAY\Administrator:ALLOWED/0x0/FULL ACL:RHTS-ENG-NAY\Domain Users:ALLOWED/0x0/0x1f01b9 ACL:Everyone:ALLOWED/0x0/0x1f01b9 [root@hp-xw4600-01 test]# ls -l test -r-xr-xr-x. 1 RHTS-ENG-NAY+root RHTS-ENG-NAY+domain users 4 Jan 28 02:13 test [root@hp-xw4600-01 test]# chown ":RHTS-ENG-NAY+domain admins" test [root@hp-xw4600-01 test]# getcifsacl test REVISION:0x1 CONTROL:0x8004 OWNER:RHTS-ENG-NAY\root GROUP:RHTS-ENG-NAY\domain admins ACL:RHTS-ENG-NAY\administrator:ALLOWED/0x0/FULL ACL:RHTS-ENG-NAY\Domain Users:ALLOWED/0x0/0x1f01b9 ACL:Everyone:ALLOWED/0x0/0x1f01b9 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0496.html ------- Comment From sglass.com 2013-02-21 17:22 EDT------- Shipped in RHEL 6.4 GA 2/21/2013 |