View Issue Details

IDProjectCategoryView StatusLast Update
0016824CentOS-7kernelpublic2019-12-15 22:52
Reportermanmin.yan 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version7.7-1908 
Target VersionFixed in Version 
Summary0016824: Backup Intent flag not set for directory access in the cifs module
DescriptionThis issue has been reported at kernel.org (https://bugzilla.kernel.org/show_bug.cgi?id=200953) and has been fixed upstream. Here's the description from there:
---
I am using "backupuid=<uid>" option for SMB mount, but I noticed that the "backup intent" flag is only set when client is accessing files, but not directories, resulting permission error during directory access.
---
Steps To ReproduceSet up a network share on a Windows server, and give access to it to a test account. Also assign the test account as a member of the Backup Operators group.

On the linux side, mount the share using, eg:
mount -t cifs -o'domain=...,username=...,password=...,backupuid=<uid_of_user>' //server/share /mnt/

You'll find that accessing directories under the share will result in a permission denied error.
Additional InformationThis issue has been resolved upstream, but the solution hasn't been backported to the kernel in CentOS as of 7.7.1908. I'm attaching a patch based on the solution from the bug report mentioned above, and also from https://patchwork.kernel.org/patch/10577609/, that I've been using on my system.
TagsNo tags attached.
abrt_hash
URL

Activities

manmin.yan

manmin.yan

2019-12-13 06:08

reporter  

patch (2,843 bytes)
diff -uNr linux-3.10.0-1062.9.1.el7.x86_64.vanilla/fs/cifs/smb2file.c linux-3.10.0-1062.9.1.el7.x86_64.modified/fs/cifs/smb2file.c
--- linux-3.10.0-1062.9.1.el7.x86_64.vanilla/fs/cifs/smb2file.c	2019-12-13 16:02:36.554483353 +1100
+++ linux-3.10.0-1062.9.1.el7.x86_64.modified/fs/cifs/smb2file.c	2019-12-13 16:04:43.955718087 +1100
@@ -61,6 +61,9 @@
 	oparms->desired_access |= FILE_READ_ATTRIBUTES;
 	smb2_oplock = SMB2_OPLOCK_LEVEL_BATCH;
 
+	if (backup_cred(oparms->cifs_sb))
+		oparms->create_options |= CREATE_OPEN_BACKUP_INTENT;
+
 	rc = SMB2_open(xid, oparms, smb2_path, &smb2_oplock, smb2_data, NULL);
 	if (rc)
 		goto out;
diff -uNr linux-3.10.0-1062.9.1.el7.x86_64.vanilla/fs/cifs/smb2inode.c linux-3.10.0-1062.9.1.el7.x86_64.modified/fs/cifs/smb2inode.c
--- linux-3.10.0-1062.9.1.el7.x86_64.vanilla/fs/cifs/smb2inode.c	2019-12-13 16:02:41.945747190 +1100
+++ linux-3.10.0-1062.9.1.el7.x86_64.modified/fs/cifs/smb2inode.c	2019-12-13 16:04:48.929961516 +1100
@@ -60,6 +60,9 @@
 	oparms.fid = &fid;
 	oparms.reconnect = false;
 
+	if (backup_cred(cifs_sb))
+		oparms.create_options |= CREATE_OPEN_BACKUP_INTENT;
+
 	rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL);
 	if (rc) {
 		kfree(utf16_path);
diff -uNr linux-3.10.0-1062.9.1.el7.x86_64.vanilla/fs/cifs/smb2ops.c linux-3.10.0-1062.9.1.el7.x86_64.modified/fs/cifs/smb2ops.c
--- linux-3.10.0-1062.9.1.el7.x86_64.vanilla/fs/cifs/smb2ops.c	2019-12-13 16:02:53.280301878 +1100
+++ linux-3.10.0-1062.9.1.el7.x86_64.modified/fs/cifs/smb2ops.c	2019-12-13 16:05:00.987551588 +1100
@@ -385,6 +385,9 @@
 	oparms.fid = &fid;
 	oparms.reconnect = false;
 
+        if (backup_cred(cifs_sb))
+		oparms.create_options |= CREATE_OPEN_BACKUP_INTENT;
+
 	rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL);
 	if (rc) {
 		kfree(utf16_path);
@@ -535,6 +538,9 @@
 	oparms.fid = &fid;
 	oparms.reconnect = false;
 
+	if (backup_cred(cifs_sb))
+		oparms.create_options |= CREATE_OPEN_BACKUP_INTENT;
+
 	rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL);
 	kfree(utf16_path);
 	if (rc) {
@@ -614,6 +620,9 @@
 	oparms.fid = &fid;
 	oparms.reconnect = false;
 
+	if (backup_cred(cifs_sb))
+		oparms.create_options |= CREATE_OPEN_BACKUP_INTENT;
+
 	rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL);
 	kfree(utf16_path);
 	if (rc) {
@@ -1192,6 +1201,9 @@
 	oparms.fid = fid;
 	oparms.reconnect = false;
 
+        if (backup_cred(cifs_sb))
+		oparms.create_options |= CREATE_OPEN_BACKUP_INTENT;
+
 	rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL);
 	kfree(utf16_path);
 	if (rc) {
@@ -1465,6 +1477,9 @@
 	oparms.fid = &fid;
 	oparms.reconnect = false;
 
+        if (backup_cred(cifs_sb))
+		oparms.create_options |= CREATE_OPEN_BACKUP_INTENT;
+
 	rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, &err_buf);
 
 	if (!rc || !err_buf) {
patch (2,843 bytes)
toracat

toracat

2019-12-14 00:02

manager   ~0035836

What we can do is to apply the patch to the centosplus kernel. To get the patch into the distro kernel, you need to open a bug report at http://bugzilla.redhat.com . Once fixed in RHEL, CentOS will inherit it.
manmin.yan

manmin.yan

2019-12-15 22:52

reporter   ~0035841

Thanks for the advice. I've now opened a new bug report at bugzilla.redhat.com (no. 1783804).

Issue History

Date Modified Username Field Change
2019-12-13 06:08 manmin.yan New Issue
2019-12-13 06:08 manmin.yan File Added: patch
2019-12-13 20:11 toracat Status new => acknowledged
2019-12-14 00:02 toracat Note Added: 0035836
2019-12-15 22:52 manmin.yan Note Added: 0035841