Bug#310982: smbmount does not honor uid and gid options with 2.4 kernel

Horms horms at debian.org
Thu Jul 7 03:27:53 GMT 2005 

On Wed, Jul 06, 2005 at 07:17:20PM +0900, Horms wrote:
> On Tue, Jun 07, 2005 at 07:44:25PM -0700, Steve Langasek wrote:
> > On Tue, Jun 07, 2005 at 06:42:33PM +0900, Horms wrote:
> > > On Mon, Jun 06, 2005 at 04:19:28AM -0700, Steve Langasek wrote:
> > > > reopen 310982
> > > > tags 310982 security
> > > > thanks
> > > > 
> > > > samba 3.0.14a-4 didn't make the cut for sarge, so this bug is still present
> > > > in the release.  That being the case, it would be far better to fix this bug
> > > > in the kernel instead of in smbfs.
> > 
> > > Hi Steve,
> > 
> > > I'm kind of trying to read your mind here, but are you thinking
> > > of just making a kernel that doesn't do SMB_CAP_UNIX at all?
> > 
> > I think the best answer is for the kernel to track whether
> > uid,gid,fmask,dmask options were specified, and if so, to ignore the
> > permission info sent by the CAP_UNIX-enabled server.
> > 
> > That may require changes to the ioctl interface, though; I'd have to check
> > again whether there's any distinction between not setting the option, and
> > setting the option to 0.
> 
> Sorry for being slack about this. I scraped together a few moments to
> look into this. parse_options() in fs/smbfs/inode.c seems to handle
> the options parsed to a mount, and it does indeed seem to differentiate
> betwen an unset option and an option set to 0. I'll poke a bit futher
> to find where to put your suggested hack, but I have to run now.

Hi all,

There has been a lot of disucssion of how to resolve this bug,
which can be found at the following URL.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310982

I am pretty detached from this discussion, though it seems
to me that there is no particularly good solution for Sarge.
But the idea of disabling the use of CAP_UNIX if uid,gid,fmask or dmask
are specified does make sense to me. I have gone ahead and coded this
up in the surprisingly simple patch which is attached.

Samba people, my main question is, can smb_newconn() be called before
server.mnt.flags is set?  If so my patch is invalid.

-- 
Horms
-------------- next part --------------
diff -pru kernel-source-2.4.27.orig/include/linux/smb_mount.h kernel-source-2.4.27/include/linux/smb_mount.h
--- kernel-source-2.4.27.orig/include/linux/smb_mount.h	2004-02-18 22:36:32.000000000 +0900
+++ kernel-source-2.4.27/include/linux/smb_mount.h	2005-07-07 11:27:51.000000000 +0900
@@ -37,7 +37,9 @@ struct smb_mount_data {
 #define SMB_MOUNT_OLDATTR	0x0002	/* Use core getattr (Win 95 speedup) */
 #define SMB_MOUNT_DIRATTR	0x0004	/* Use find_first for getattr */
 #define SMB_MOUNT_CASE		0x0008	/* Be case sensitive */
-
+#define SMB_MOUNT_NO_CAP_UNIX	0x0010	/* Hack for Debian to disable 
+					   SMB_CAP_UNIX if uid, gid, fmask
+					   or dmask are set. See Bug#310982 */
 
 struct smb_mount_data_kernel {
 	int version;
diff -pru kernel-source-2.4.27.orig/fs/smbfs/inode.c kernel-source-2.4.27/fs/smbfs/inode.c
--- kernel-source-2.4.27.orig/fs/smbfs/inode.c	2004-02-18 22:36:31.000000000 +0900
+++ kernel-source-2.4.27/fs/smbfs/inode.c	2005-07-07 10:50:56.000000000 +0900
@@ -286,10 +286,10 @@ static struct option opts[] = {
 	{ "oldattr",	SMB_MOUNT_OLDATTR, 1 },
 	{ "dirattr",	SMB_MOUNT_DIRATTR, 1 },
 	{ "case",	SMB_MOUNT_CASE, 1 },
-	{ "uid",	0, 'u' },
-	{ "gid",	0, 'g' },
-	{ "file_mode",	0, 'f' },
-	{ "dir_mode",	0, 'd' },
+	{ "uid",	SMB_MOUNT_NO_CAP_UNIX, 'u' },
+	{ "gid",	SMB_MOUNT_NO_CAP_UNIX, 'g' },
+	{ "file_mode",	SMB_MOUNT_NO_CAP_UNIX, 'f' },
+	{ "dir_mode",	SMB_MOUNT_NO_CAP_UNIX, 'd' },
 	{ "iocharset",	0, 'i' },
 	{ "codepage",	0, 'c' },
 	{ "ttl",	0, 't' },
diff -pru kernel-source-2.4.27.orig/fs/smbfs/proc.c kernel-source-2.4.27/fs/smbfs/proc.c
--- kernel-source-2.4.27.orig/fs/smbfs/proc.c	2005-05-19 19:29:38.000000000 +0900
+++ kernel-source-2.4.27/fs/smbfs/proc.c	2005-07-07 10:49:35.000000000 +0900
@@ -916,7 +916,8 @@ smb_newconn(struct smb_sb_info *server, 
 		VERBOSE("LFS enabled\n");
 	}
 #ifndef CONFIG_SMB_UNIX
-	server->opt.capabilities &= ~SMB_CAP_UNIX;
+	if (!server->mnt.flags & SMB_MOUNT_NO_CAP_UNIX)
+		server->opt.capabilities &= ~SMB_CAP_UNIX;
 #endif
 	if (server->opt.capabilities & SMB_CAP_UNIX) {
 		struct inode *inode;

More information about the samba-technical mailing list