ksmbd-tools: don't add global default `read only = yes'

Since share parameters are applied in the non-descript hash table iteration order, a share parameter should never undo the effect of an another. For example, `force user' checks `share->force_gid' such that it doesn't undo `force group' applied earlier. However, `read only' does not follow this convention since it may undo `writeable' (and so may its aliases). Since the hash table iteration order is non-descript, this means that a share with `read only = yes' and `writeable = yes' may or may not allow read-write access. With the 3.5.0 release, due to the default global `read only = yes' added in commit 54d2a02, this effect is always in play for shares that give `writeable = yes' (or its aliases) instead of `read only = no'. Fix this by not adding global default `read only = yes'. Note that not setting `KSMBD_SHARE_FLAG_READONLY' for initial shares is fine as it is only used to set `KSMBD_TREE_CONN_FLAG_READ_ONLY' which itself is unused (and was broken until commit 3f88fbe). Note also that the use of the IPC$ share is guarded by checking for `KSMBD_SHARE_FLAG_PIPE'. So if it's given `KSMBD_SHARE_FLAG_WRITEABLE' through the global section or a user-defined section, the code paths for its use should not change. Signed-off-by: Atte Heikkilä <[email protected]> Signed-off-by: Namjae Jeon <[email protected]>
cifsd-team · Nov 9, 2023 · 9b801a3 · 9b801a3
1 parent 5379a0c
commit 9b801a3
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 5 deletions.
diff --git a/ksmbd.conf.5.in b/ksmbd.conf.5.in
@@ -224,7 +224,7 @@ Default: \fBread list = \fR
 Users are allowed read-only access to the share.
 With \fBread only = no\fR, the effect is the same as with \fBwriteable = yes\fR.
 
-Default: \fBread only = yes\fR
+Default: \fBread only = ; yes\fR
 .TP
 \fBrestrict anonymous\fR (G)
 How to restrict connections to any share as the user given with \fBguest account\fR.
@@ -353,7 +353,7 @@ Default: \fBworkgroup = WORKGROUP\fR
 Users are allowed read-write access to the share.
 With \fBwritable = yes\fR, the effect is the same as with \fBread only = no\fR.
 
-Default: \fBwritable = no\fR
+Default: \fBwritable = \fR
 .TP
 \fBwriteable\fR (S)
 Synonym for \fBwritable\fP.

diff --git a/ksmbd.conf.example b/ksmbd.conf.example
@@ -49,7 +49,7 @@
 	oplocks = yes
 	path = 
 	read list = 
-	read only = yes
+	read only = ; yes
 	store dos attributes = yes
 	valid users = 
 	veto files = 

diff --git a/tools/config_parser.c b/tools/config_parser.c
@@ -564,7 +564,6 @@ static void add_group_ipc_share_conf(void)
 {
 	add_group_key_value("comment = IPC share");
 	add_group_key_value("guest ok = yes");
-	add_group_key_value("read only = yes");
 }
 
 static int finalize_smbconf_parser(void)

diff --git a/tools/management/share.c b/tools/management/share.c
@@ -73,7 +73,7 @@ const char *KSMBD_SHARE_DEFCONF[KSMBD_SHARE_CONF_MAX] = {
 	"",
 	"no",
 	"",
-	"yes",
+	"; yes",
 /*5*/	"yes",
 	"",
 	"",
-Original file line number
+Diff line change
@@ Expand Up / @@ -73,7 +73,7 @@ const char *KSMBD_SHARE_DEFCONF[KSMBD_SHARE_CONF_MAX] = { @@
     	"",
     	"no",
     	"",
-    	"yes",
+    	"; yes",
     /*5*/	"yes",
     	"",
     	"",
@@ Expand Down @@