| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cd3c1e93-4830-4295-8d6b-56e4513617ec@linux.dev>
Date: Wed, 29 Oct 2025 09:17:31 +0800
From: ChenXiaoSong <chenxiaosong.chenxiaosong@...ux.dev>
To: Steve French <smfrench@...il.com>
Cc: Namjae Jeon <linkinjeon@...nel.org>, Steve French <sfrench@...ba.org>,
Namjae Jeon <linkinjeon@...ba.org>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
ChenXiaoSong <chenxiaosong@...inos.cn>, linux-cifs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 06/24] smb: move file access permission bits
definitions to common/smb1pdu.h
Got it, thanks for your suggestion.
On 10/28/25 10:56 PM, Steve French wrote:
> The goal would be to have things (#defines flags, structs, code) only
> used by smb1, thus not used by ksmbd (which doesn't support smb1, it is
> only supported by cifs.ko and even then only when smb1 is enabled in
> kernel config) in distinct headers (that wouldn't have to be in fs/smb/
> common) so we don't ever confuse current secure smb311 code with smb1
>
> Thanks,
>
> Steve
>
> On Tue, Oct 28, 2025, 12:11 AM ChenXiaoSong
> <chenxiaosong.chenxiaosong@...ux.dev
> <mailto:chenxiaosong.chenxiaosong@...ux.dev>> wrote:
>
> Do you mean merging smb1pdu.h and smb2pdu.h into smbpdu.h?
>
> On 10/28/25 11:54 AM, Steve French wrote:
> > We don't want to encourage smb1 so where possible things used for
> smb2
> > and later especially smb3 and later should never be in something
> that
> > sounds like smb1. ideally most of smb1 code could be ifdef out
> but also
> > we don't want to look like we require smb1
> >
> > Thanks,
> >
> > Steve
> >
> > On Mon, Oct 27, 2025, 11:37 PM Namjae Jeon <linkinjeon@...nel.org
> <mailto:linkinjeon@...nel.org>
> > <mailto:linkinjeon@...nel.org <mailto:linkinjeon@...nel.org>>> wrote:
> >
> > On Mon, Oct 27, 2025 at 4:15 PM
> <chenxiaosong.chenxiaosong@...ux.dev
> <mailto:chenxiaosong.chenxiaosong@...ux.dev>
> > <mailto:chenxiaosong.chenxiaosong@...ux.dev
> <mailto:chenxiaosong.chenxiaosong@...ux.dev>>> wrote:
> > >
> > > From: ChenXiaoSong <chenxiaosong@...inos.cn
> <mailto:chenxiaosong@...inos.cn>
> > <mailto:chenxiaosong@...inos.cn
> <mailto:chenxiaosong@...inos.cn>>>
> > >
> > > There are only 2 different definitions between the client
> and server:
> > >
> > > - SET_FILE_READ_RIGHTS:
> > > - client: rename to CLIENT_SET_FILE_READ_RIGHTS
> > > - server: rename to SERVER_SET_FILE_READ_RIGHTS
> > > - SET_FILE_WRITE_RIGHTS
> > > - client: rename to CLIENT_SET_FILE_WRITE_RIGHTS
> > > - server: rename to SERVER_SET_FILE_WRITE_RIGHTS
> > >
> > > Perhaps in the future we can change them to be the same,
> move them to
> > > common header file.
> > >
> > > Signed-off-by: ChenXiaoSong <chenxiaosong@...inos.cn
> <mailto:chenxiaosong@...inos.cn>
> > <mailto:chenxiaosong@...inos.cn
> <mailto:chenxiaosong@...inos.cn>>>
> > > ---
> > > fs/smb/client/cifsacl.c | 4 +-
> > > fs/smb/client/cifspdu.h | 112
> ---------------------------------
> > > fs/smb/common/smb1pdu.h | 123 ++++++++++++++++++++++++
> +++++++
> > +++++-
> > > fs/smb/common/smb2pdu.h | 6 --
> > > fs/smb/server/smb_common.h | 55 -----------------
> > > fs/smb/server/smbacl.c | 2 +-
> > > 6 files changed, 125 insertions(+), 177 deletions(-)
> > >
> > > diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c
> > > index ce2ebc213a1d..5c3d8eb68868 100644
> > > --- a/fs/smb/client/cifsacl.c
> > > +++ b/fs/smb/client/cifsacl.c
> > > @@ -654,9 +654,9 @@ static void mode_to_access_flags(umode_t
> > mode, umode_t bits_to_use,
> > > is this but we have cleared all the bits sans
> RWX for
> > > either user or group or other as per bits_to_use */
> > > if (mode & S_IRUGO)
> > > - *pace_flags |= SET_FILE_READ_RIGHTS;
> > > + *pace_flags |= CLIENT_SET_FILE_READ_RIGHTS;
> > > if (mode & S_IWUGO)
> > > - *pace_flags |= SET_FILE_WRITE_RIGHTS;
> > > + *pace_flags |= CLIENT_SET_FILE_WRITE_RIGHTS;
> > > if (mode & S_IXUGO)
> > > *pace_flags |= SET_FILE_EXEC_RIGHTS;
> > >
> > > diff --git a/fs/smb/client/cifspdu.h b/fs/smb/client/cifspdu.h
> > > index 86167875574c..a063c98683bc 100644
> > > --- a/fs/smb/client/cifspdu.h
> > > +++ b/fs/smb/client/cifspdu.h
> > > @@ -117,118 +117,6 @@
> > > #define SMBOPEN_OTRUNC 0x0002
> > > #define SMBOPEN_OAPPEND 0x0001
> > >
> > > -/*
> > > - * These are the file access permission bits defined in
> CIFS for the
> > > - * NTCreateAndX as well as the level 0x107
> > > - * TRANS2_QUERY_PATH_INFORMATION API. The level 0x107,
> > SMB_QUERY_FILE_ALL_INFO
> > > - * responds with the AccessFlags.
> > > - * The AccessFlags specifies the access permissions a
> caller has
> > to the
> > > - * file and can have any suitable combination of the
> following
> > values:
> > > - */
> > > -
> > > -#define FILE_READ_DATA 0x00000001 /* Data can be read
> > from the file */
> > > - /* or directory
> child
> > entries can */
> > > - /* be listed
> together
> > with the */
> > > - /* associated child
> > attributes */
> > > - /* (so the
> > FILE_READ_ATTRIBUTES on */
> > > - /* the child
> entry is
> > not needed) */
> > > -#define FILE_WRITE_DATA 0x00000002 /* Data can be
> written
> > to the file */
> > > - /* or new file
> can be
> > created in */
> > > - /* the directory
> > */
> > > -#define FILE_APPEND_DATA 0x00000004 /* Data can be
> > appended to the file */
> > > - /* (for non-
> local files
> > over SMB it */
> > > - /* is same as
> > FILE_WRITE_DATA) */
> > > - /* or new
> subdirectory
> > can be */
> > > - /* created in the
> > directory */
> > > -#define FILE_READ_EA 0x00000008 /* Extended
> attributes
> > associated */
> > > - /* with the file
> can be
> > read */
> > > -#define FILE_WRITE_EA 0x00000010 /* Extended
> attributes
> > associated */
> > > - /* with the file
> can be
> > written */
> > > -#define FILE_EXECUTE 0x00000020 /*Data can be read
> > into memory from */
> > > - /* the file using
> > system paging I/O */
> > > - /* for executing the
> > file / script */
> > > - /* or right to
> traverse
> > directory */
> > > - /* (but by
> default all
> > users have */
> > > - /* directory bypass
> > traverse */
> > > - /* privilege and
> do not
> > need this */
> > > - /* permission on
> > directories at all)*/
> > > -#define FILE_DELETE_CHILD 0x00000040 /* Child entry
> can be
> > deleted from */
> > > - /* the directory (so
> > the DELETE on */
> > > - /* the child
> entry is
> > not needed) */
> > > -#define FILE_READ_ATTRIBUTES 0x00000080 /* Attributes
> > associated with the */
> > > - /* file or directory
> > can be read */
> > > -#define FILE_WRITE_ATTRIBUTES 0x00000100 /* Attributes
> > associated with the */
> > > - /* file or directory
> > can be written */
> > > -#define DELETE 0x00010000 /* The file or
> dir can
> > be deleted */
> > > -#define READ_CONTROL 0x00020000 /* The
> discretionary
> > access control */
> > > - /* list and
> ownership
> > associated */
> > > - /* with the file
> or dir
> > can be read */
> > > -#define WRITE_DAC 0x00040000 /* The
> discretionary
> > access control */
> > > - /* list
> associated with
> > the file or */
> > > - /* directory can be
> > written */
> > > -#define WRITE_OWNER 0x00080000 /* Ownership
> > information associated */
> > > - /* with the file/dir
> > can be written */
> > > -#define SYNCHRONIZE 0x00100000 /* The file
> handle can
> > waited on to */
> > > - /* synchronize
> with the
> > completion */
> > > - /* of an input/
> output
> > request */
> > > -#define SYSTEM_SECURITY 0x01000000 /* The system
> access
> > control list */
> > > - /* associated
> with the
> > file or */
> > > - /* directory can be
> > read or written */
> > > - /* (cannot be in
> DACL,
> > can in SACL) */
> > > -#define MAXIMUM_ALLOWED 0x02000000 /* Maximal
> subset of
> > GENERIC_ALL */
> > > - /* permissions which
> > can be granted */
> > > - /* (cannot be in
> DACL
> > nor SACL) */
> > > -#define GENERIC_ALL 0x10000000 /* Same as:
> > GENERIC_EXECUTE | */
> > > - /*
> > GENERIC_WRITE | */
> > > - /*
> > GENERIC_READ | */
> > > - /*
> > FILE_DELETE_CHILD | */
> > > - /*
> DELETE |
> > */
> > > - /*
> WRITE_DAC |
> > */
> > > - /*
> > WRITE_OWNER */
> > > - /* So GENERIC_ALL
> > contains all bits */
> > > - /* mentioned above
> > except these two */
> > > - /* SYSTEM_SECURITY
> > MAXIMUM_ALLOWED */
> > > -#define GENERIC_EXECUTE 0x20000000 /* Same as:
> > FILE_EXECUTE | */
> > > - /*
> > FILE_READ_ATTRIBUTES | */
> > > - /*
> > READ_CONTROL | */
> > > - /*
> > SYNCHRONIZE */
> > > -#define GENERIC_WRITE 0x40000000 /* Same as:
> > FILE_WRITE_DATA | */
> > > - /*
> > FILE_APPEND_DATA | */
> > > - /*
> > FILE_WRITE_EA | */
> > > - /*
> > FILE_WRITE_ATTRIBUTES | */
> > > - /*
> > READ_CONTROL | */
> > > - /*
> > SYNCHRONIZE */
> > > -#define GENERIC_READ 0x80000000 /* Same as:
> > FILE_READ_DATA | */
> > > - /*
> > FILE_READ_EA | */
> > > - /*
> > FILE_READ_ATTRIBUTES | */
> > > - /*
> > READ_CONTROL | */
> > > - /*
> > SYNCHRONIZE */
> > > -
> > > -#define FILE_READ_RIGHTS (FILE_READ_DATA | FILE_READ_EA |
> > FILE_READ_ATTRIBUTES)
> > > -#define FILE_WRITE_RIGHTS (FILE_WRITE_DATA |
> FILE_APPEND_DATA \
> > > - | FILE_WRITE_EA |
> > FILE_WRITE_ATTRIBUTES)
> > > -#define FILE_EXEC_RIGHTS (FILE_EXECUTE)
> > > -
> > > -#define SET_FILE_READ_RIGHTS (FILE_READ_DATA | FILE_READ_EA |
> > FILE_WRITE_EA \
> > > - | FILE_READ_ATTRIBUTES \
> > > - | FILE_WRITE_ATTRIBUTES \
> > > - | DELETE | READ_CONTROL |
> WRITE_DAC \
> > > - | WRITE_OWNER | SYNCHRONIZE)
> > > -#define SET_FILE_WRITE_RIGHTS (FILE_WRITE_DATA |
> FILE_APPEND_DATA \
> > > - | FILE_READ_EA |
> FILE_WRITE_EA \
> > > - | FILE_READ_ATTRIBUTES \
> > > - | FILE_WRITE_ATTRIBUTES \
> > > - | DELETE | READ_CONTROL |
> WRITE_DAC \
> > > - | WRITE_OWNER | SYNCHRONIZE)
> > > -#define SET_FILE_EXEC_RIGHTS (FILE_READ_EA | FILE_WRITE_EA |
> > FILE_EXECUTE \
> > > - | FILE_READ_ATTRIBUTES \
> > > - | FILE_WRITE_ATTRIBUTES \
> > > - | DELETE | READ_CONTROL |
> WRITE_DAC \
> > > - | WRITE_OWNER | SYNCHRONIZE)
> > > -
> > > -#define SET_MINIMUM_RIGHTS (FILE_READ_EA |
> FILE_READ_ATTRIBUTES \
> > > - | READ_CONTROL | SYNCHRONIZE)
> > > -
> > > /*
> > > * Invalid readdir handle
> > > */
> > > diff --git a/fs/smb/common/smb1pdu.h b/fs/smb/common/smb1pdu.h
> > > index f14d3d9aac22..9fe6fc4b05a7 100644
> > > --- a/fs/smb/common/smb1pdu.h
> > > +++ b/fs/smb/common/smb1pdu.h
> > > @@ -75,7 +75,128 @@
> > > #define SMBFLG2_UNICODE cpu_to_le16(0x8000)
> > >
> > > /*
> > > - * File Attribute flags
> > > + * These are the file access permission bits defined in
> CIFS for the
> > > + * NTCreateAndX as well as the level 0x107
> > > + * TRANS2_QUERY_PATH_INFORMATION API. The level 0x107,
> > SMB_QUERY_FILE_ALL_INFO
> > > + * responds with the AccessFlags.
> > > + * The AccessFlags specifies the access permissions a
> caller has
> > to the
> > > + * file and can have any suitable combination of the
> following
> > values:
> > > + */
> > > +
> > > +#define FILE_READ_DATA 0x00000001 /* Data can be read
> > from the file */
> > Please don't move them to smb1pdu.h.
> > These are common definitions that are also defined in the smb2
> > specification.
> > > + /* or directory
> child
> > entries can */
> > > + /* be listed
> together
> > with the */
> > > + /* associated child
> > attributes */
> > > + /* (so the
> > FILE_READ_ATTRIBUTES on */
> > > + /* the child
> entry is
> > not needed) */
> > > +#define FILE_WRITE_DATA 0x00000002 /* Data can be
> written
> > to the file */
> > > + /* or new file
> can be
> > created in */
> > > + /* the directory
> > */
> > > +#define FILE_APPEND_DATA 0x00000004 /* Data can be
> > appended to the file */
> > > + /* (for non-
> local files
> > over SMB it */
> > > + /* is same as
> > FILE_WRITE_DATA) */
> > > + /* or new
> subdirectory
> > can be */
> > > + /* created in the
> > directory */
> > > +#define FILE_READ_EA 0x00000008 /* Extended
> attributes
> > associated */
> > > + /* with the file
> can be
> > read */
> > > +#define FILE_WRITE_EA 0x00000010 /* Extended
> attributes
> > associated */
> > > + /* with the file
> can be
> > written */
> > > +#define FILE_EXECUTE 0x00000020 /*Data can be read
> > into memory from */
> > > + /* the file using
> > system paging I/O */
> > > + /* for executing the
> > file / script */
> > > + /* or right to
> traverse
> > directory */
> > > + /* (but by
> default all
> > users have */
> > > + /* directory bypass
> > traverse */
> > > + /* privilege and
> do not
> > need this */
> > > + /* permission on
> > directories at all)*/
> > > +#define FILE_DELETE_CHILD 0x00000040 /* Child entry
> can be
> > deleted from */
> > > + /* the directory (so
> > the DELETE on */
> > > + /* the child
> entry is
> > not needed) */
> > > +#define FILE_READ_ATTRIBUTES 0x00000080 /* Attributes
> > associated with the */
> > > + /* file or directory
> > can be read */
> > > +#define FILE_WRITE_ATTRIBUTES 0x00000100 /* Attributes
> > associated with the */
> > > + /* file or directory
> > can be written */
> > > +#define DELETE 0x00010000 /* The file or
> dir can
> > be deleted */
> > > +#define READ_CONTROL 0x00020000 /* The
> discretionary
> > access control */
> > > + /* list and
> ownership
> > associated */
> > > + /* with the file
> or dir
> > can be read */
> > > +#define WRITE_DAC 0x00040000 /* The
> discretionary
> > access control */
> > > + /* list
> associated with
> > the file or */
> > > + /* directory can be
> > written */
> > > +#define WRITE_OWNER 0x00080000 /* Ownership
> > information associated */
> > > + /* with the file/dir
> > can be written */
> > > +#define SYNCHRONIZE 0x00100000 /* The file
> handle can
> > waited on to */
> > > + /* synchronize
> with the
> > completion */
> > > + /* of an input/
> output
> > request */
> > > +#define SYSTEM_SECURITY 0x01000000 /* The system
> access
> > control list */
> > > + /* associated
> with the
> > file or */
> > > + /* directory can be
> > read or written */
> > > + /* (cannot be in
> DACL,
> > can in SACL) */
> > > +#define MAXIMUM_ALLOWED 0x02000000 /* Maximal
> subset of
> > GENERIC_ALL */
> > > + /* permissions which
> > can be granted */
> > > + /* (cannot be in
> DACL
> > nor SACL) */
> > > +#define GENERIC_ALL 0x10000000 /* Same as:
> > GENERIC_EXECUTE | */
> > > + /*
> > GENERIC_WRITE | */
> > > + /*
> > GENERIC_READ | */
> > > + /*
> > FILE_DELETE_CHILD | */
> > > + /*
> DELETE |
> > */
> > > + /*
> WRITE_DAC |
> > */
> > > + /*
> > WRITE_OWNER */
> > > + /* So GENERIC_ALL
> > contains all bits */
> > > + /* mentioned above
> > except these two */
> > > + /* SYSTEM_SECURITY
> > MAXIMUM_ALLOWED */
> > > +#define GENERIC_EXECUTE 0x20000000 /* Same as:
> > FILE_EXECUTE | */
> > > + /*
> > FILE_READ_ATTRIBUTES | */
> > > + /*
> > READ_CONTROL | */
> > > + /*
> > SYNCHRONIZE */
> > > +#define GENERIC_WRITE 0x40000000 /* Same as:
> > FILE_WRITE_DATA | */
> > > + /*
> > FILE_APPEND_DATA | */
> > > + /*
> > FILE_WRITE_EA | */
> > > + /*
> > FILE_WRITE_ATTRIBUTES | */
> > > + /*
> > READ_CONTROL | */
> > > + /*
> > SYNCHRONIZE */
> > > +#define GENERIC_READ 0x80000000 /* Same as:
> > FILE_READ_DATA | */
> > > + /*
> > FILE_READ_EA | */
> > > + /*
> > FILE_READ_ATTRIBUTES | */
> > > + /*
> > READ_CONTROL | */
> > > + /*
> > SYNCHRONIZE */
> > > +
> > > +#define FILE_READ_RIGHTS (FILE_READ_DATA | FILE_READ_EA |
> > FILE_READ_ATTRIBUTES)
> > > +#define FILE_WRITE_RIGHTS (FILE_WRITE_DATA |
> FILE_APPEND_DATA \
> > > + | FILE_WRITE_EA |
> > FILE_WRITE_ATTRIBUTES)
> > > +#define FILE_EXEC_RIGHTS (FILE_EXECUTE)
> > > +
> > > +#define CLIENT_SET_FILE_READ_RIGHTS (FILE_READ_DATA |
> > FILE_READ_EA | FILE_WRITE_EA \
> > > + | FILE_READ_ATTRIBUTES \
> > > + | FILE_WRITE_ATTRIBUTES \
> > > + | DELETE | READ_CONTROL |
> WRITE_DAC \
> > > + | WRITE_OWNER | SYNCHRONIZE)
> > > +#define SERVER_SET_FILE_READ_RIGHTS (FILE_READ_DATA |
> FILE_READ_EA \
> > > + | FILE_READ_ATTRIBUTES \
> > > + | DELETE | READ_CONTROL |
> WRITE_DAC \
> > > + | WRITE_OWNER | SYNCHRONIZE)
> > > +#define CLIENT_SET_FILE_WRITE_RIGHTS (FILE_WRITE_DATA |
> > FILE_APPEND_DATA \
> > > + | FILE_READ_EA |
> FILE_WRITE_EA \
> > > + | FILE_READ_ATTRIBUTES \
> > > + | FILE_WRITE_ATTRIBUTES \
> > > + | DELETE | READ_CONTROL |
> WRITE_DAC \
> > > + | WRITE_OWNER | SYNCHRONIZE)
> > > +#define SERVER_SET_FILE_WRITE_RIGHTS (FILE_WRITE_DATA |
> > FILE_APPEND_DATA \
> > > + | FILE_WRITE_EA \
> > > + | FILE_DELETE_CHILD \
> > > + | FILE_WRITE_ATTRIBUTES \
> > > + | DELETE | READ_CONTROL |
> WRITE_DAC \
> > > + | WRITE_OWNER | SYNCHRONIZE)
> > > +#define SET_FILE_EXEC_RIGHTS (FILE_READ_EA | FILE_WRITE_EA |
> > FILE_EXECUTE \
> > > + | FILE_READ_ATTRIBUTES \
> > > + | FILE_WRITE_ATTRIBUTES \
> > > + | DELETE | READ_CONTROL |
> WRITE_DAC \
> > > + | WRITE_OWNER | SYNCHRONIZE)
> > > +#define SET_MINIMUM_RIGHTS (FILE_READ_EA |
> FILE_READ_ATTRIBUTES \
> > > + | READ_CONTROL | SYNCHRONIZE)
> > > +
> > > +/*
> > > + * File Attribute flags - see MS-SMB 2.2.1.4.1
> > > */
> > > #define ATTR_READONLY 0x0001
> > > #define ATTR_HIDDEN 0x0002
> > > diff --git a/fs/smb/common/smb2pdu.h b/fs/smb/common/smb2pdu.h
> > > index f79a5165a7cc..f2fbd651ab8f 100644
> > > --- a/fs/smb/common/smb2pdu.h
> > > +++ b/fs/smb/common/smb2pdu.h
> > > @@ -1149,12 +1149,6 @@ struct
> smb2_server_client_notification {
> > > #define FILE_OVERWRITE_IF_LE
> cpu_to_le32(0x00000005)
> > > #define FILE_CREATE_MASK_LE
> cpu_to_le32(0x00000007)
> > >
> > > -#define FILE_READ_RIGHTS (FILE_READ_DATA | FILE_READ_EA \
> > > - | FILE_READ_ATTRIBUTES)
> > > -#define FILE_WRITE_RIGHTS (FILE_WRITE_DATA |
> FILE_APPEND_DATA \
> > > - | FILE_WRITE_EA |
> FILE_WRITE_ATTRIBUTES)
> > > -#define FILE_EXEC_RIGHTS (FILE_EXECUTE)
> > > -
> > > /* CreateOptions Flags */
> > > #define FILE_DIRECTORY_FILE_LE
> cpu_to_le32(0x00000001)
> > > /* same as #define CREATE_NOT_FILE_LE
> cpu_to_le32(0x00000001) */
> > > diff --git a/fs/smb/server/smb_common.h b/fs/smb/server/
> smb_common.h
> > > index 810fad0303d7..df67b370025d 100644
> > > --- a/fs/smb/server/smb_common.h
> > > +++ b/fs/smb/server/smb_common.h
> > > @@ -38,61 +38,6 @@
> > > #define F_CREATED 2
> > > #define F_OVERWRITTEN 3
> > >
> > > -#define FILE_READ_DATA 0x00000001 /* Data can be read
> > from the file */
> > > -#define FILE_WRITE_DATA 0x00000002 /* Data can be
> written
> > to the file */
> > > -#define FILE_APPEND_DATA 0x00000004 /* Data can be
> > appended to the file */
> > > -#define FILE_READ_EA 0x00000008 /* Extended
> attributes
> > associated */
> > > -/* with the file can be read */
> > > -#define FILE_WRITE_EA 0x00000010 /* Extended
> attributes
> > associated */
> > > -/* with the file can be written */
> > > -#define FILE_EXECUTE 0x00000020 /*Data can be read
> > into memory from */
> > > -/* the file using system paging I/O */
> > > -#define FILE_DELETE_CHILD 0x00000040
> > > -#define FILE_READ_ATTRIBUTES 0x00000080 /* Attributes
> > associated with the */
> > > -/* file can be read */
> > > -#define FILE_WRITE_ATTRIBUTES 0x00000100 /* Attributes
> > associated with the */
> > > -/* file can be written */
> > > -#define DELETE 0x00010000 /* The file can be
> > deleted */
> > > -#define READ_CONTROL 0x00020000 /* The access
> control
> > list and */
> > > -/* ownership associated with the */
> > > -/* file can be read */
> > > -#define WRITE_DAC 0x00040000 /* The access
> control
> > list and */
> > > -/* ownership associated with the */
> > > -/* file can be written. */
> > > -#define WRITE_OWNER 0x00080000 /* Ownership
> > information associated */
> > > -/* with the file can be written */
> > > -#define SYNCHRONIZE 0x00100000 /* The file
> handle can
> > waited on to */
> > > -/* synchronize with the completion */
> > > -/* of an input/output request */
> > > -#define GENERIC_ALL 0x10000000
> > > -#define GENERIC_EXECUTE 0x20000000
> > > -#define GENERIC_WRITE 0x40000000
> > > -#define GENERIC_READ 0x80000000
> > > -/* In summary - Relevant file */
> > > -/* access flags from CIFS are */
> > > -/* file_read_data, file_write_data */
> > > -/* file_execute, file_read_attributes*/
> > > -/* write_dac, and delete. */
> > > -
> > > -#define SET_FILE_READ_RIGHTS (FILE_READ_DATA | FILE_READ_EA \
> > > - | FILE_READ_ATTRIBUTES \
> > > - | DELETE | READ_CONTROL | WRITE_DAC \
> > > - | WRITE_OWNER | SYNCHRONIZE)
> > > -#define SET_FILE_WRITE_RIGHTS (FILE_WRITE_DATA |
> FILE_APPEND_DATA \
> > > - | FILE_WRITE_EA \
> > > - | FILE_DELETE_CHILD \
> > > - | FILE_WRITE_ATTRIBUTES \
> > > - | DELETE | READ_CONTROL | WRITE_DAC \
> > > - | WRITE_OWNER | SYNCHRONIZE)
> > > -#define SET_FILE_EXEC_RIGHTS (FILE_READ_EA | FILE_WRITE_EA |
> > FILE_EXECUTE \
> > > - | FILE_READ_ATTRIBUTES \
> > > - | FILE_WRITE_ATTRIBUTES \
> > > - | DELETE | READ_CONTROL | WRITE_DAC \
> > > - | WRITE_OWNER | SYNCHRONIZE)
> > > -
> > > -#define SET_MINIMUM_RIGHTS (FILE_READ_EA |
> FILE_READ_ATTRIBUTES \
> > > - | READ_CONTROL | SYNCHRONIZE)
> > > -
> > > /* generic flags for file open */
> > > #define GENERIC_READ_FLAGS (READ_CONTROL |
> FILE_READ_DATA | \
> > > FILE_READ_ATTRIBUTES | \
> > > diff --git a/fs/smb/server/smbacl.c b/fs/smb/server/smbacl.c
> > > index 5aa7a66334d9..b70ba50f1f10 100644
> > > --- a/fs/smb/server/smbacl.c
> > > +++ b/fs/smb/server/smbacl.c
> > > @@ -180,7 +180,7 @@ static void mode_to_access_flags(umode_t
> > mode, umode_t bits_to_use,
> > > * either user or group or other as per bits_to_use
> > > */
> > > if (mode & 0444)
> > > - *pace_flags |= SET_FILE_READ_RIGHTS;
> > > + *pace_flags |= SERVER_SET_FILE_READ_RIGHTS;
> > > if (mode & 0222)
> > > *pace_flags |= FILE_WRITE_RIGHTS;
> > > if (mode & 0111)
> > > --
> > > 2.43.0
> > >
> >
>
> --
> Thanks,
> ChenXiaoSong.
>
--
Thanks,
ChenXiaoSong.
Powered by blists - more mailing lists