[PATCH 0/3] Add O_DENY* flags to fcntl and cifs
J. Bruce Fields
bfields at fieldses.org
Fri Dec 7 08:52:06 CST 2012
On Fri, Dec 07, 2012 at 01:08:46PM +0400, Pavel Shilovsky wrote:
> 2012/12/6 Pavel Shilovsky <piastry at etersoft.ru>:
> > Network filesystems CIFS, SMB2.0, SMB3.0 and NFSv4 have such flags - this change can benefit cifs and nfs modules. While this change is ok for network filesystems, itsn't not targeted for local filesystems due security problems (e.g. when a user process can deny root to delete a file).
> > Share flags are used by Windows applications and WINE have to deal with them too. While WINE can process open share flags itself on local filesystems, it can't do it if a file stored on a network share and is used by several clients. This patchset makes it possible for CIFS/SMB2.0/SMB3.0.
> > Pavel Shilovsky (3):
> > fcntl: Introduce new O_DENY* open flags for network filesystems
> > CIFS: Add O_DENY* open flags support
> > CIFS: Use NT_CREATE_ANDX command for forcemand mounts
> > fs/cifs/cifsacl.c | 10 ++++----
> > fs/cifs/cifsglob.h | 11 ++++++++-
> > fs/cifs/cifsproto.h | 9 ++++----
> > fs/cifs/cifssmb.c | 47 ++++++++++++++++++++------------------
> > fs/cifs/dir.c | 14 ++++++++----
> > fs/cifs/file.c | 18 ++++++++++-----
> > fs/cifs/inode.c | 11 +++++----
> > fs/cifs/link.c | 10 ++++----
> > fs/cifs/readdir.c | 2 +-
> > fs/cifs/smb1ops.c | 15 ++++++------
> > fs/cifs/smb2file.c | 10 ++++----
> > fs/cifs/smb2inode.c | 4 ++--
> > fs/cifs/smb2ops.c | 10 ++++----
> > fs/cifs/smb2pdu.c | 6 ++---
> > fs/cifs/smb2proto.h | 14 +++++++-----
> > fs/fcntl.c | 5 ++--
> > include/uapi/asm-generic/fcntl.h | 11 +++++++++
> > 17 files changed, 125 insertions(+), 82 deletions(-)
> > --
> > 22.214.171.124
> First of all, sorry for being unclear at this proposal.
> I am not from Wine team but I am working on things related to
> We (at Etersoft) need to organize the work of Wine applications
> through cifs-client share mounted to Samba (or Windows server). They
> are related to accounting (mostly Russian ones - e.g.
> http://www.1c.ru/eng/title.htm). So, the problem is that such
> applications use share flags to control the parallel access to the
> same files of several clients on a remote share. Also, there can be a
> situation where Windows (native) clients and Wine clients are working
> together in the same time.
> That's why we need such flags in the kernel (patch #1). With these
> flags Wine can pass them to every open and they will be used by CIFS
> (and probably NFS) file systems to pass to the Samba server. In the
> same time if the file is on local filesystem - these flags will be
> simply ignored (not implemented).
NFS supports the deny-read and deny-write bits but not deny-delete.
If we could do such opens in-kernel on local and clustered filesystems,
that could also be useful for multi-protocol (Samba and NFS) and
Currently knfsd tries to enforce deny bits in the nfsd code, which is a
And knfsd currently requires write permissions for deny-read. My
understanding is that Windows considers that wrong, but I'd be curious
to know whether that breaks Windows applications in practice.
More information about the wine-devel