Re: [PATCH 0/2] cifs: Improve access without FILE_READ_ATTRIBUTES permission
From: Pali Rohár
Date: Sat Oct 05 2024 - 14:45:30 EST
On Saturday 05 October 2024 13:32:12 Steve French wrote:
> The obvious question to check is whether this would lead to any issues
> if desired_access is not passed in in oparms in any cases (ie if it
> ends up 0),
This is good point. IIRC if zero value is in OPEN/CREATE desired_access
request then SMB server returns STATUS_ACCESS_DENIED.
So it needs to be checked that desired_access is filled in all usage
correctly.
> and also that this would not hurt any cases where we want
> to keep the handle cached (deferred close) but don't have sufficient
> permission for it to be usable by the subsequent operation (e.g.
> revalidate or stat)
I see, so the code needs to be properly checked or tested that all these
conditions are handled.
> On Sat, Oct 5, 2024 at 11:10 AM Pali Rohár <pali@xxxxxxxxxx> wrote:
> >
> > Linux SMB client currently is not able to access files for which do not
> > have FILE_READ_ATTRIBUTES permission.
> >
> > For example it is not able to write data into file on SMB server to
> > which has only write access (no read or read attributes access). And
> > applications are not able to get result of stat() syscall on such file.
> >
> > Test case against Windows SMB server:
> >
> > 1) On SMB server prepare file with only GENERIC_WRITE access for Everyone:
> > ACL:S-1-1-0:ALLOWED/0x0/0x40000000
> >
> > 2) On SMB server remove all access for file's parent directory
> >
> > 3) Mount share by Linux SMB client and try to append data to that file:
> > echo test >> /mnt/share/dir/file
> >
> > 4) Try to call: stat /mnt/share/dir/file
> >
> > Without this change the write test fails because Linux SMB client is trying
> > to open SMB path "\dir\file" with GENERIC_WRITE|FILE_READ_ATTRIBUTES. With
> > this change the test pass as Linux SMB client is not opening file with
> > FILE_READ_ATTRIBUTES access anymore.
> >
> > Similarly without this change the stat test always fails as Linux SMB
> > client is trying to read attributes via SMB2_OP_QUERY_INFO. With this
> > change, if SMB2_OP_QUERY_INFO fails then Linux SMB client fallbacks for
> > reading stat attributes via OPEN with MAXIMUM_ALLOWED access (which will
> > pass if there is some permission) and OPEN reply will contain attributes
> > required for stat().
> >
> > Pali Rohár (2):
> > cifs: Do not issue SMB2 CREATE always with FILE_READ_ATTRIBUTES
> > cifs: Improve stat() to work also without FILE_READ_ATTRIBUTES
> >
> > fs/smb/client/cifspdu.h | 1 +
> > fs/smb/client/smb2file.c | 1 -
> > fs/smb/client/smb2glob.h | 1 +
> > fs/smb/client/smb2inode.c | 71 ++++++++++++++++++++++++++++++++++++++-
> > 4 files changed, 72 insertions(+), 2 deletions(-)
> >
> > --
> > 2.20.1
> >
> >
>
>
> --
> Thanks,
>
> Steve