git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Pali Rohár <pali@kernel.org>
	Mon, 14 Oct 2024 11:43:23 +0000 (13:43 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 8 Feb 2025 09:02:18 +0000 (10:02 +0100)
commit	98676bcfcb517903e2e3c12c9bb5b09e1658e940
tree	068028b456a0bc57c8029e9843d459b3ecce1c76	tree \| snapshot
parent	be14d5bd2b30bbd536452aafc7229232c0e751f3	commit \| diff

cifs: Fix getting and setting SACLs over SMB1

[ Upstream commit 8b19dfb34d17e77a0809d433cc128b779282131b ]

SMB1 callback get_cifs_acl_by_fid() currently ignores its last argument and
therefore ignores request for SACL_SECINFO. Fix this issue by correctly
propagating info argument from get_cifs_acl() and get_cifs_acl_by_fid() to
CIFSSMBGetCIFSACL() function and pass SACL_SECINFO when requested.

For accessing SACLs it is needed to open object with SYSTEM_SECURITY
access. Pass this flag when trying to get or set SACLs.

Same logic is in the SMB2+ code path.

This change fixes getting and setting of "system.cifs_ntsd_full" and
"system.smb3_ntsd_full" xattrs over SMB1 as currently it silentely ignored
SACL part of passed xattr buffer.

Fixes: 3970acf7ddb9 ("SMB3: Add support for getting and setting SACLs")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

fs/smb/client/cifsacl.c		diff \| blob \| blame \| history
fs/smb/client/cifsproto.h		diff \| blob \| blame \| history
fs/smb/client/cifssmb.c		diff \| blob \| blame \| history