Blame - fs/cifs/cifsacl.c - kernel/msm-4.9

blob: 1f5a4289b848e3bd0f4eb779a37b322e2a3a305f [file] [log] [blame]

Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	1	/*
				2	* fs/cifs/cifsacl.c
				3	*
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	4	* Copyright (C) International Business Machines Corp., 2007,2008
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	5	* Author(s): Steve French (sfrench@us.ibm.com)
				6	*
				7	* Contains the routines for mapping CIFS/NTFS ACLs
				8	*
				9	* This library is free software; you can redistribute it and/or modify
				10	* it under the terms of the GNU Lesser General Public License as published
				11	* by the Free Software Foundation; either version 2.1 of the License, or
				12	* (at your option) any later version.
				13	*
				14	* This library is distributed in the hope that it will be useful,
				15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
				17	* the GNU Lesser General Public License for more details.
				18	*
				19	* You should have received a copy of the GNU Lesser General Public License
				20	* along with this library; if not, write to the Free Software
				21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
				22	*/
				23
Steve French	6587400	2007-09-25 19:53:44 +0000	[diff] [blame]	24	#include <linux/fs.h>
				25	#include "cifspdu.h"
				26	#include "cifsglob.h"
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	27	#include "cifsacl.h"
Steve French	6587400	2007-09-25 19:53:44 +0000	[diff] [blame]	28	#include "cifsproto.h"
				29	#include "cifs_debug.h"
Steve French	6587400	2007-09-25 19:53:44 +0000	[diff] [blame]	30
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	31
				32	#ifdef CONFIG_CIFS_EXPERIMENTAL
				33
Steve French	af6f461	2007-10-16 18:40:37 +0000	[diff] [blame]	34	static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	35	{{1, 0, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0, 0} }, "null user"},
				36	{{1, 1, {0, 0, 0, 0, 0, 1}, {0, 0, 0, 0, 0} }, "nobody"},
Dave Kleikamp	ce51ae1	2007-10-16 21:35:39 +0000	[diff] [blame]	37	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(11), 0, 0, 0, 0} }, "net-users"},
				38	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
				39	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},
				40	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	41	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"} }
				42	;
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	43
				44
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	45	/* security id for everyone */
Shirish Pargaonkar	e01b640	2007-10-30 04:45:14 +0000	[diff] [blame]	46	static const struct cifs_sid sid_everyone = {
				47	1, 1, {0, 0, 0, 0, 0, 1}, {0} };
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	48	/* group users */
Steve French	ad7a292	2008-02-07 23:25:02 +0000	[diff] [blame]	49	static const struct cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {} };
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	50
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	51
				52	int match_sid(struct cifs_sid *ctsid)
				53	{
				54	int i, j;
				55	int num_subauth, num_sat, num_saw;
				56	struct cifs_sid *cwsid;
				57
				58	if (!ctsid)
				59	return (-1);
				60
				61	for (i = 0; i < NUM_WK_SIDS; ++i) {
				62	cwsid = &(wksidarr[i].cifssid);
				63
				64	/* compare the revision */
				65	if (ctsid->revision != cwsid->revision)
				66	continue;
				67
				68	/* compare all of the six auth values */
				69	for (j = 0; j < 6; ++j) {
				70	if (ctsid->authority[j] != cwsid->authority[j])
				71	break;
				72	}
				73	if (j < 6)
				74	continue; /* all of the auth values did not match */
				75
				76	/* compare all of the subauth values if any */
Dave Kleikamp	ce51ae1	2007-10-16 21:35:39 +0000	[diff] [blame]	77	num_sat = ctsid->num_subauth;
				78	num_saw = cwsid->num_subauth;
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	79	num_subauth = num_sat < num_saw ? num_sat : num_saw;
				80	if (num_subauth) {
				81	for (j = 0; j < num_subauth; ++j) {
				82	if (ctsid->sub_auth[j] != cwsid->sub_auth[j])
				83	break;
				84	}
				85	if (j < num_subauth)
				86	continue; /* all sub_auth values do not match */
				87	}
				88
				89	cFYI(1, ("matching sid: %s\n", wksidarr[i].sidname));
				90	return (0); /* sids compare/match */
				91	}
				92
				93	cFYI(1, ("No matching sid"));
				94	return (-1);
				95	}
				96
Steve French	a750e77	2007-10-17 22:50:39 +0000	[diff] [blame]	97	/* if the two SIDs (roughly equivalent to a UUID for a user or group) are
				98	the same returns 1, if they do not match returns 0 */
Steve French	630f3f0c	2007-10-25 21:17:17 +0000	[diff] [blame]	99	int compare_sids(const struct cifs_sid ctsid, const struct cifs_sid cwsid)
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	100	{
				101	int i;
				102	int num_subauth, num_sat, num_saw;
				103
				104	if ((!ctsid) \|\| (!cwsid))
Steve French	a750e77	2007-10-17 22:50:39 +0000	[diff] [blame]	105	return (0);
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	106
				107	/* compare the revision */
				108	if (ctsid->revision != cwsid->revision)
Steve French	a750e77	2007-10-17 22:50:39 +0000	[diff] [blame]	109	return (0);
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	110
				111	/* compare all of the six auth values */
				112	for (i = 0; i < 6; ++i) {
				113	if (ctsid->authority[i] != cwsid->authority[i])
Steve French	a750e77	2007-10-17 22:50:39 +0000	[diff] [blame]	114	return (0);
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	115	}
				116
				117	/* compare all of the subauth values if any */
Steve French	adbc035	2007-10-17 02:12:46 +0000	[diff] [blame]	118	num_sat = ctsid->num_subauth;
Steve French	adddd49	2007-10-17 02:48:17 +0000	[diff] [blame]	119	num_saw = cwsid->num_subauth;
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	120	num_subauth = num_sat < num_saw ? num_sat : num_saw;
				121	if (num_subauth) {
				122	for (i = 0; i < num_subauth; ++i) {
				123	if (ctsid->sub_auth[i] != cwsid->sub_auth[i])
Steve French	a750e77	2007-10-17 22:50:39 +0000	[diff] [blame]	124	return (0);
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	125	}
				126	}
				127
Steve French	a750e77	2007-10-17 22:50:39 +0000	[diff] [blame]	128	return (1); /* sids compare/match */
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	129	}
				130
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	131
				132	/* copy ntsd, owner sid, and group sid from a security descriptor to another */
				133	static void copy_sec_desc(const struct cifs_ntsd *pntsd,
				134	struct cifs_ntsd *pnntsd, __u32 sidsoffset)
				135	{
				136	int i;
				137
				138	struct cifs_sid owner_sid_ptr, group_sid_ptr;
				139	struct cifs_sid nowner_sid_ptr, ngroup_sid_ptr;
				140
				141	/* copy security descriptor control portion */
				142	pnntsd->revision = pntsd->revision;
				143	pnntsd->type = pntsd->type;
				144	pnntsd->dacloffset = cpu_to_le32(sizeof(struct cifs_ntsd));
				145	pnntsd->sacloffset = 0;
				146	pnntsd->osidoffset = cpu_to_le32(sidsoffset);
				147	pnntsd->gsidoffset = cpu_to_le32(sidsoffset + sizeof(struct cifs_sid));
				148
				149	/* copy owner sid */
				150	owner_sid_ptr = (struct cifs_sid )((char )pntsd +
				151	le32_to_cpu(pntsd->osidoffset));
				152	nowner_sid_ptr = (struct cifs_sid )((char )pnntsd + sidsoffset);
				153
				154	nowner_sid_ptr->revision = owner_sid_ptr->revision;
				155	nowner_sid_ptr->num_subauth = owner_sid_ptr->num_subauth;
				156	for (i = 0; i < 6; i++)
				157	nowner_sid_ptr->authority[i] = owner_sid_ptr->authority[i];
				158	for (i = 0; i < 5; i++)
				159	nowner_sid_ptr->sub_auth[i] = owner_sid_ptr->sub_auth[i];
				160
				161	/* copy group sid */
				162	group_sid_ptr = (struct cifs_sid )((char )pntsd +
				163	le32_to_cpu(pntsd->gsidoffset));
				164	ngroup_sid_ptr = (struct cifs_sid )((char )pnntsd + sidsoffset +
				165	sizeof(struct cifs_sid));
				166
				167	ngroup_sid_ptr->revision = group_sid_ptr->revision;
				168	ngroup_sid_ptr->num_subauth = group_sid_ptr->num_subauth;
				169	for (i = 0; i < 6; i++)
				170	ngroup_sid_ptr->authority[i] = group_sid_ptr->authority[i];
				171	for (i = 0; i < 5; i++)
				172	ngroup_sid_ptr->sub_auth[i] =
				173	cpu_to_le32(group_sid_ptr->sub_auth[i]);
				174
				175	return;
				176	}
				177
				178
Steve French	630f3f0c	2007-10-25 21:17:17 +0000	[diff] [blame]	179	/*
				180	change posix mode to reflect permissions
				181	pmode is the existing mode (we only want to overwrite part of this
				182	bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
				183	*/
Al Viro	9b5e685	2007-12-05 08:24:38 +0000	[diff] [blame]	184	static void access_flags_to_mode(__le32 ace_flags, int type, umode_t *pmode,
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	185	umode_t *pbits_to_set)
Steve French	4879b44	2007-10-19 21:57:39 +0000	[diff] [blame]	186	{
Al Viro	9b5e685	2007-12-05 08:24:38 +0000	[diff] [blame]	187	__u32 flags = le32_to_cpu(ace_flags);
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	188	/* the order of ACEs is important. The canonical order is to begin with
Steve French	ce06c9f	2007-11-08 21:12:01 +0000	[diff] [blame]	189	DENY entries followed by ALLOW, otherwise an allow entry could be
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	190	encountered first, making the subsequent deny entry like "dead code"
Steve French	ce06c9f	2007-11-08 21:12:01 +0000	[diff] [blame]	191	which would be superflous since Windows stops when a match is made
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	192	for the operation you are trying to perform for your user */
				193
				194	/* For deny ACEs we change the mask so that subsequent allow access
				195	control entries do not turn on the bits we are denying */
				196	if (type == ACCESS_DENIED) {
Steve French	ad7a292	2008-02-07 23:25:02 +0000	[diff] [blame]	197	if (flags & GENERIC_ALL)
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	198	*pbits_to_set &= ~S_IRWXUGO;
Steve French	ad7a292	2008-02-07 23:25:02 +0000	[diff] [blame]	199
Al Viro	9b5e685	2007-12-05 08:24:38 +0000	[diff] [blame]	200	if ((flags & GENERIC_WRITE) \|\|
				201	((flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	202	*pbits_to_set &= ~S_IWUGO;
Al Viro	9b5e685	2007-12-05 08:24:38 +0000	[diff] [blame]	203	if ((flags & GENERIC_READ) \|\|
				204	((flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	205	*pbits_to_set &= ~S_IRUGO;
Al Viro	9b5e685	2007-12-05 08:24:38 +0000	[diff] [blame]	206	if ((flags & GENERIC_EXECUTE) \|\|
				207	((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	208	*pbits_to_set &= ~S_IXUGO;
				209	return;
				210	} else if (type != ACCESS_ALLOWED) {
				211	cERROR(1, ("unknown access control type %d", type));
				212	return;
				213	}
				214	/* else ACCESS_ALLOWED type */
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	215
Al Viro	9b5e685	2007-12-05 08:24:38 +0000	[diff] [blame]	216	if (flags & GENERIC_ALL) {
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	217	pmode \|= (S_IRWXUGO & (pbits_to_set));
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	218	cFYI(DBG2, ("all perms"));
Steve French	d61e580	2007-10-26 04:32:43 +0000	[diff] [blame]	219	return;
				220	}
Al Viro	9b5e685	2007-12-05 08:24:38 +0000	[diff] [blame]	221	if ((flags & GENERIC_WRITE) \|\|
				222	((flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	223	pmode \|= (S_IWUGO & (pbits_to_set));
Al Viro	9b5e685	2007-12-05 08:24:38 +0000	[diff] [blame]	224	if ((flags & GENERIC_READ) \|\|
				225	((flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	226	pmode \|= (S_IRUGO & (pbits_to_set));
Al Viro	9b5e685	2007-12-05 08:24:38 +0000	[diff] [blame]	227	if ((flags & GENERIC_EXECUTE) \|\|
				228	((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	229	pmode \|= (S_IXUGO & (pbits_to_set));
Steve French	d61e580	2007-10-26 04:32:43 +0000	[diff] [blame]	230
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	231	cFYI(DBG2, ("access flags 0x%x mode now 0x%x", flags, *pmode));
Steve French	630f3f0c	2007-10-25 21:17:17 +0000	[diff] [blame]	232	return;
				233	}
				234
Steve French	ce06c9f	2007-11-08 21:12:01 +0000	[diff] [blame]	235	/*
				236	Generate access flags to reflect permissions mode is the existing mode.
				237	This function is called for every ACE in the DACL whose SID matches
				238	with either owner or group or everyone.
				239	*/
				240
				241	static void mode_to_access_flags(umode_t mode, umode_t bits_to_use,
				242	__u32 *pace_flags)
				243	{
				244	/* reset access mask */
				245	*pace_flags = 0x0;
				246
				247	/* bits to use are either S_IRWXU or S_IRWXG or S_IRWXO */
				248	mode &= bits_to_use;
				249
				250	/* check for R/W/X UGO since we do not know whose flags
				251	is this but we have cleared all the bits sans RWX for
				252	either user or group or other as per bits_to_use */
				253	if (mode & S_IRUGO)
				254	*pace_flags \|= SET_FILE_READ_RIGHTS;
				255	if (mode & S_IWUGO)
				256	*pace_flags \|= SET_FILE_WRITE_RIGHTS;
				257	if (mode & S_IXUGO)
				258	*pace_flags \|= SET_FILE_EXEC_RIGHTS;
				259
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	260	cFYI(DBG2, ("mode: 0x%x, access flags now 0x%x", mode, *pace_flags));
Steve French	ce06c9f	2007-11-08 21:12:01 +0000	[diff] [blame]	261	return;
				262	}
				263
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	264	static __le16 fill_ace_for_sid(struct cifs_ace *pntace,
				265	const struct cifs_sid *psid, __u64 nmode, umode_t bits)
				266	{
				267	int i;
				268	__u16 size = 0;
				269	__u32 access_req = 0;
				270
				271	pntace->type = ACCESS_ALLOWED;
				272	pntace->flags = 0x0;
				273	mode_to_access_flags(nmode, bits, &access_req);
				274	if (!access_req)
				275	access_req = SET_MINIMUM_RIGHTS;
				276	pntace->access_req = cpu_to_le32(access_req);
				277
				278	pntace->sid.revision = psid->revision;
				279	pntace->sid.num_subauth = psid->num_subauth;
				280	for (i = 0; i < 6; i++)
				281	pntace->sid.authority[i] = psid->authority[i];
				282	for (i = 0; i < psid->num_subauth; i++)
				283	pntace->sid.sub_auth[i] = psid->sub_auth[i];
				284
				285	size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4);
				286	pntace->size = cpu_to_le16(size);
				287
				288	return (size);
				289	}
				290
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	291
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	292	#ifdef CONFIG_CIFS_DEBUG2
				293	static void dump_ace(struct cifs_ace pace, char end_of_acl)
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	294	{
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	295	int num_subauth;
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	296
				297	/* validate that we do not go past end of acl */
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	298
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	299	if (le16_to_cpu(pace->size) < 16) {
				300	cERROR(1, ("ACE too small, %d", le16_to_cpu(pace->size)));
				301	return;
				302	}
				303
				304	if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) {
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	305	cERROR(1, ("ACL too small to parse ACE"));
				306	return;
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	307	}
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	308
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	309	num_subauth = pace->sid.num_subauth;
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	310	if (num_subauth) {
Steve French	8f18c13	2007-10-12 18:54:12 +0000	[diff] [blame]	311	int i;
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	312	cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",
				313	pace->sid.revision, pace->sid.num_subauth, pace->type,
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	314	pace->flags, le16_to_cpu(pace->size)));
Steve French	d12fd12	2007-10-03 19:43:19 +0000	[diff] [blame]	315	for (i = 0; i < num_subauth; ++i) {
				316	cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	317	le32_to_cpu(pace->sid.sub_auth[i])));
Steve French	d12fd12	2007-10-03 19:43:19 +0000	[diff] [blame]	318	}
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	319
Steve French	d12fd12	2007-10-03 19:43:19 +0000	[diff] [blame]	320	/* BB add length check to make sure that we do not have huge
				321	num auths and therefore go off the end */
Steve French	d12fd12	2007-10-03 19:43:19 +0000	[diff] [blame]	322	}
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	323
Steve French	d12fd12	2007-10-03 19:43:19 +0000	[diff] [blame]	324	return;
				325	}
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	326	#endif
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	327
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	328
Steve French	a750e77	2007-10-17 22:50:39 +0000	[diff] [blame]	329	static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,
Steve French	d61e580	2007-10-26 04:32:43 +0000	[diff] [blame]	330	struct cifs_sid pownersid, struct cifs_sid pgrpsid,
Steve French	630f3f0c	2007-10-25 21:17:17 +0000	[diff] [blame]	331	struct inode *inode)
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	332	{
				333	int i;
				334	int num_aces = 0;
				335	int acl_size;
				336	char *acl_base;
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	337	struct cifs_ace **ppace;
				338
				339	/* BB need to add parm so we can store the SID BB */
				340
Steve French	2b83457	2007-11-25 10:01:00 +0000	[diff] [blame]	341	if (!pdacl) {
				342	/* no DACL in the security descriptor, set
				343	all the permissions for user/group/other */
				344	inode->i_mode \|= S_IRWXUGO;
				345	return;
				346	}
				347
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	348	/* validate that we do not go past end of acl */
Steve French	af6f461	2007-10-16 18:40:37 +0000	[diff] [blame]	349	if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) {
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	350	cERROR(1, ("ACL too small to parse DACL"));
				351	return;
				352	}
				353
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	354	cFYI(DBG2, ("DACL revision %d size %d num aces %d",
Steve French	af6f461	2007-10-16 18:40:37 +0000	[diff] [blame]	355	le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
				356	le32_to_cpu(pdacl->num_aces)));
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	357
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	358	/* reset rwx permissions for user/group/other.
				359	Also, if num_aces is 0 i.e. DACL has no ACEs,
				360	user/group/other have no permissions */
				361	inode->i_mode &= ~(S_IRWXUGO);
				362
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	363	acl_base = (char *)pdacl;
				364	acl_size = sizeof(struct cifs_acl);
				365
Steve French	adbc035	2007-10-17 02:12:46 +0000	[diff] [blame]	366	num_aces = le32_to_cpu(pdacl->num_aces);
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	367	if (num_aces > 0) {
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	368	umode_t user_mask = S_IRWXU;
				369	umode_t group_mask = S_IRWXG;
				370	umode_t other_mask = S_IRWXO;
				371
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	372	ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
				373	GFP_KERNEL);
				374
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	375	for (i = 0; i < num_aces; ++i) {
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	376	ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	377	#ifdef CONFIG_CIFS_DEBUG2
				378	dump_ace(ppace[i], end_of_acl);
				379	#endif
Shirish Pargaonkar	e01b640	2007-10-30 04:45:14 +0000	[diff] [blame]	380	if (compare_sids(&(ppace[i]->sid), pownersid))
				381	access_flags_to_mode(ppace[i]->access_req,
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	382	ppace[i]->type,
				383	&(inode->i_mode),
				384	&user_mask);
Shirish Pargaonkar	e01b640	2007-10-30 04:45:14 +0000	[diff] [blame]	385	if (compare_sids(&(ppace[i]->sid), pgrpsid))
				386	access_flags_to_mode(ppace[i]->access_req,
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	387	ppace[i]->type,
				388	&(inode->i_mode),
				389	&group_mask);
Shirish Pargaonkar	e01b640	2007-10-30 04:45:14 +0000	[diff] [blame]	390	if (compare_sids(&(ppace[i]->sid), &sid_everyone))
				391	access_flags_to_mode(ppace[i]->access_req,
Steve French	15b0395	2007-11-08 17:57:40 +0000	[diff] [blame]	392	ppace[i]->type,
				393	&(inode->i_mode),
				394	&other_mask);
Shirish Pargaonkar	e01b640	2007-10-30 04:45:14 +0000	[diff] [blame]	395
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	396	/* memcpy((void *)(&(cifscred->aces[i])),
Steve French	d12fd12	2007-10-03 19:43:19 +0000	[diff] [blame]	397	(void *)ppace[i],
				398	sizeof(struct cifs_ace)); */
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	399
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	400	acl_base = (char *)ppace[i];
				401	acl_size = le16_to_cpu(ppace[i]->size);
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	402	}
				403
				404	kfree(ppace);
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	405	}
				406
				407	return;
				408	}
				409
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	410
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	411	static int set_chmod_dacl(struct cifs_acl pndacl, struct cifs_sid pownersid,
				412	struct cifs_sid *pgrpsid, __u64 nmode)
				413	{
				414	__le16 size = 0;
				415	struct cifs_acl *pnndacl;
				416
				417	pnndacl = (struct cifs_acl )((char )pndacl + sizeof(struct cifs_acl));
				418
				419	size += fill_ace_for_sid((struct cifs_ace ) ((char )pnndacl + size),
				420	pownersid, nmode, S_IRWXU);
				421	size += fill_ace_for_sid((struct cifs_ace )((char )pnndacl + size),
				422	pgrpsid, nmode, S_IRWXG);
				423	size += fill_ace_for_sid((struct cifs_ace )((char )pnndacl + size),
				424	&sid_everyone, nmode, S_IRWXO);
				425
				426	pndacl->size = cpu_to_le16(size + sizeof(struct cifs_acl));
Shirish Pargaonkar	d9f382e	2008-02-12 20:46:26 +0000	[diff] [blame]	427	pndacl->num_aces = cpu_to_le32(3);
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	428
				429	return (0);
				430	}
				431
				432
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	433	static int parse_sid(struct cifs_sid psid, char end_of_acl)
				434	{
				435	/* BB need to add parm so we can store the SID BB */
				436
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	437	/* validate that we do not go past end of ACL - sid must be at least 8
				438	bytes long (assuming no sub-auths - e.g. the null SID */
				439	if (end_of_acl < (char *)psid + 8) {
				440	cERROR(1, ("ACL too small to parse SID %p", psid));
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	441	return -EINVAL;
				442	}
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	443
Steve French	af6f461	2007-10-16 18:40:37 +0000	[diff] [blame]	444	if (psid->num_subauth) {
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	445	#ifdef CONFIG_CIFS_DEBUG2
Steve French	8f18c13	2007-10-12 18:54:12 +0000	[diff] [blame]	446	int i;
Steve French	44093ca	2007-10-23 21:22:55 +0000	[diff] [blame]	447	cFYI(1, ("SID revision %d num_auth %d",
				448	psid->revision, psid->num_subauth));
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	449
Steve French	af6f461	2007-10-16 18:40:37 +0000	[diff] [blame]	450	for (i = 0; i < psid->num_subauth; i++) {
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	451	cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	452	le32_to_cpu(psid->sub_auth[i])));
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	453	}
				454
Steve French	d12fd12	2007-10-03 19:43:19 +0000	[diff] [blame]	455	/* BB add length check to make sure that we do not have huge
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	456	num auths and therefore go off the end */
Steve French	d12fd12	2007-10-03 19:43:19 +0000	[diff] [blame]	457	cFYI(1, ("RID 0x%x",
Steve French	af6f461	2007-10-16 18:40:37 +0000	[diff] [blame]	458	le32_to_cpu(psid->sub_auth[psid->num_subauth-1])));
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	459	#endif
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	460	}
				461
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	462	return 0;
				463	}
				464
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	465
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	466	/* Convert CIFS ACL to POSIX form */
Steve French	630f3f0c	2007-10-25 21:17:17 +0000	[diff] [blame]	467	static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
				468	struct inode *inode)
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	469	{
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	470	int rc;
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	471	struct cifs_sid owner_sid_ptr, group_sid_ptr;
				472	struct cifs_acl dacl_ptr; / no need for SACL ptr */
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	473	char end_of_acl = ((char )pntsd) + acl_len;
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	474	__u32 dacloffset;
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	475
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	476	if ((inode == NULL) \|\| (pntsd == NULL))
				477	return -EIO;
				478
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	479	owner_sid_ptr = (struct cifs_sid )((char )pntsd +
Steve French	af6f461	2007-10-16 18:40:37 +0000	[diff] [blame]	480	le32_to_cpu(pntsd->osidoffset));
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	481	group_sid_ptr = (struct cifs_sid )((char )pntsd +
Steve French	af6f461	2007-10-16 18:40:37 +0000	[diff] [blame]	482	le32_to_cpu(pntsd->gsidoffset));
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	483	dacloffset = le32_to_cpu(pntsd->dacloffset);
Steve French	63d2583	2007-11-05 21:46:10 +0000	[diff] [blame]	484	dacl_ptr = (struct cifs_acl )((char )pntsd + dacloffset);
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	485	cFYI(DBG2, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	486	"sacloffset 0x%x dacloffset 0x%x",
Steve French	af6f461	2007-10-16 18:40:37 +0000	[diff] [blame]	487	pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset),
				488	le32_to_cpu(pntsd->gsidoffset),
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	489	le32_to_cpu(pntsd->sacloffset), dacloffset));
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	490	/* cifs_dump_mem("owner_sid: ", owner_sid_ptr, 64); */
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	491	rc = parse_sid(owner_sid_ptr, end_of_acl);
				492	if (rc)
				493	return rc;
				494
				495	rc = parse_sid(group_sid_ptr, end_of_acl);
				496	if (rc)
				497	return rc;
				498
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	499	if (dacloffset)
				500	parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr,
Steve French	63d2583	2007-11-05 21:46:10 +0000	[diff] [blame]	501	group_sid_ptr, inode);
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	502	else
				503	cFYI(1, ("no ACL")); /* BB grant all or default perms? */
Shirish Pargaonkar	d0d66c4	2007-10-03 18:22:19 +0000	[diff] [blame]	504
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	505	/* cifscred->uid = owner_sid_ptr->rid;
				506	cifscred->gid = group_sid_ptr->rid;
				507	memcpy((void )(&(cifscred->osid)), (void )owner_sid_ptr,
Steve French	630f3f0c	2007-10-25 21:17:17 +0000	[diff] [blame]	508	sizeof(struct cifs_sid));
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	509	memcpy((void )(&(cifscred->gsid)), (void )group_sid_ptr,
Steve French	630f3f0c	2007-10-25 21:17:17 +0000	[diff] [blame]	510	sizeof(struct cifs_sid)); */
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	511
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	512
Steve French	bcb0203	2007-09-25 16:17:24 +0000	[diff] [blame]	513	return (0);
				514	}
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	515
				516
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	517	/* Convert permission bits from mode to equivalent CIFS ACL */
				518	static int build_sec_desc(struct cifs_ntsd pntsd, struct cifs_ntsd pnntsd,
				519	int acl_len, struct inode *inode, __u64 nmode)
				520	{
				521	int rc = 0;
				522	__u32 dacloffset;
				523	__u32 ndacloffset;
				524	__u32 sidsoffset;
				525	struct cifs_sid owner_sid_ptr, group_sid_ptr;
				526	struct cifs_acl dacl_ptr = NULL; / no need for SACL ptr */
				527	struct cifs_acl ndacl_ptr = NULL; / no need for SACL ptr */
				528
				529	if ((inode == NULL) \|\| (pntsd == NULL) \|\| (pnntsd == NULL))
				530	return (-EIO);
				531
				532	owner_sid_ptr = (struct cifs_sid )((char )pntsd +
				533	le32_to_cpu(pntsd->osidoffset));
				534	group_sid_ptr = (struct cifs_sid )((char )pntsd +
				535	le32_to_cpu(pntsd->gsidoffset));
				536
				537	dacloffset = le32_to_cpu(pntsd->dacloffset);
				538	dacl_ptr = (struct cifs_acl )((char )pntsd + dacloffset);
				539
				540	ndacloffset = sizeof(struct cifs_ntsd);
				541	ndacl_ptr = (struct cifs_acl )((char )pnntsd + ndacloffset);
				542	ndacl_ptr->revision = dacl_ptr->revision;
				543	ndacl_ptr->size = 0;
				544	ndacl_ptr->num_aces = 0;
				545
				546	rc = set_chmod_dacl(ndacl_ptr, owner_sid_ptr, group_sid_ptr, nmode);
				547
				548	sidsoffset = ndacloffset + le16_to_cpu(ndacl_ptr->size);
				549
				550	/* copy security descriptor control portion and owner and group sid */
				551	copy_sec_desc(pntsd, pnntsd, sidsoffset);
				552
				553	return (rc);
				554	}
				555
				556
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	557	/* Retrieve an ACL from the server */
				558	static struct cifs_ntsd get_cifs_acl(u32 pacllen, struct inode *inode,
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	559	const char path, const __u16 pfid)
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	560	{
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	561	struct cifsFileInfo *open_file = NULL;
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	562	int unlock_file = FALSE;
				563	int xid;
				564	int rc = -EIO;
				565	__u16 fid;
				566	struct super_block *sb;
				567	struct cifs_sb_info *cifs_sb;
				568	struct cifs_ntsd *pntsd = NULL;
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	569
				570	cFYI(1, ("get mode from ACL for %s", path));
				571
				572	if (inode == NULL)
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	573	return NULL;
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	574
				575	xid = GetXid();
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	576	if (pfid == NULL)
				577	open_file = find_readable_file(CIFS_I(inode));
				578	else
				579	fid = *pfid;
				580
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	581	sb = inode->i_sb;
				582	if (sb == NULL) {
				583	FreeXid(xid);
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	584	return NULL;
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	585	}
				586	cifs_sb = CIFS_SB(sb);
				587
				588	if (open_file) {
				589	unlock_file = TRUE;
				590	fid = open_file->netfid;
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	591	} else if (pfid == NULL) {
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	592	int oplock = FALSE;
				593	/* open file */
				594	rc = CIFSSMBOpen(xid, cifs_sb->tcon, path, FILE_OPEN,
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	595	READ_CONTROL, 0, &fid, &oplock, NULL,
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	596	cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
				597	CIFS_MOUNT_MAP_SPECIAL_CHR);
				598	if (rc != 0) {
				599	cERROR(1, ("Unable to open file to get ACL"));
				600	FreeXid(xid);
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	601	return NULL;
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	602	}
				603	}
				604
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	605	rc = CIFSSMBGetCIFSACL(xid, cifs_sb->tcon, fid, &pntsd, pacllen);
				606	cFYI(1, ("GetCIFSACL rc = %d ACL len %d", rc, *pacllen));
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	607	if (unlock_file == TRUE) /* find_readable_file increments ref count */
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	608	atomic_dec(&open_file->wrtPending);
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	609	else if (pfid == NULL) /* if opened above we have to close the handle */
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	610	CIFSSMBClose(xid, cifs_sb->tcon, fid);
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	611	/* else handle was passed in by caller */
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	612
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	613	FreeXid(xid);
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	614	return pntsd;
				615	}
				616
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	617	/* Set an ACL on the server */
				618	static int set_cifs_acl(struct cifs_ntsd *pnntsd, __u32 acllen,
				619	struct inode inode, const char path)
				620	{
				621	struct cifsFileInfo *open_file;
				622	int unlock_file = FALSE;
				623	int xid;
				624	int rc = -EIO;
				625	__u16 fid;
				626	struct super_block *sb;
				627	struct cifs_sb_info *cifs_sb;
				628
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	629	cFYI(DBG2, ("set ACL for %s from mode 0x%x", path, inode->i_mode));
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	630
				631	if (!inode)
				632	return (rc);
				633
				634	sb = inode->i_sb;
				635	if (sb == NULL)
				636	return (rc);
				637
				638	cifs_sb = CIFS_SB(sb);
				639	xid = GetXid();
				640
				641	open_file = find_readable_file(CIFS_I(inode));
				642	if (open_file) {
				643	unlock_file = TRUE;
				644	fid = open_file->netfid;
				645	} else {
				646	int oplock = FALSE;
				647	/* open file */
				648	rc = CIFSSMBOpen(xid, cifs_sb->tcon, path, FILE_OPEN,
				649	WRITE_DAC, 0, &fid, &oplock, NULL,
				650	cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
				651	CIFS_MOUNT_MAP_SPECIAL_CHR);
				652	if (rc != 0) {
				653	cERROR(1, ("Unable to open file to set ACL"));
				654	FreeXid(xid);
				655	return (rc);
				656	}
				657	}
				658
				659	rc = CIFSSMBSetCIFSACL(xid, cifs_sb->tcon, fid, pnntsd, acllen);
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	660	cFYI(DBG2, ("SetCIFSACL rc = %d", rc));
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	661	if (unlock_file == TRUE)
				662	atomic_dec(&open_file->wrtPending);
				663	else
				664	CIFSSMBClose(xid, cifs_sb->tcon, fid);
				665
				666	FreeXid(xid);
				667
				668	return (rc);
				669	}
				670
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	671	/* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	672	void acl_to_uid_mode(struct inode inode, const char path, const __u16 *pfid)
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	673	{
				674	struct cifs_ntsd *pntsd = NULL;
				675	u32 acllen = 0;
				676	int rc = 0;
				677
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	678	cFYI(DBG2, ("converting ACL to mode for %s", path));
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	679	pntsd = get_cifs_acl(&acllen, inode, path, pfid);
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	680
				681	/* if we can retrieve the ACL, now parse Access Control Entries, ACEs */
				682	if (pntsd)
				683	rc = parse_sec_desc(pntsd, acllen, inode);
				684	if (rc)
				685	cFYI(1, ("parse sec desc failed rc = %d", rc));
				686
				687	kfree(pntsd);
Steve French	b9c7a2b	2007-10-26 23:40:20 +0000	[diff] [blame]	688	return;
				689	}
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	690
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	691	/* Convert mode bits to an ACL so we can update the ACL on the server */
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	692	int mode_to_acl(struct inode inode, const char path, __u64 nmode)
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	693	{
				694	int rc = 0;
				695	__u32 acllen = 0;
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	696	struct cifs_ntsd pntsd = NULL; / acl obtained from server */
				697	struct cifs_ntsd pnntsd = NULL; / modified acl to be sent to server */
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	698
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	699	cFYI(DBG2, ("set ACL from mode for %s", path));
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	700
				701	/* Get the security descriptor */
Steve French	8b1327f	2008-03-14 22:37:16 +0000	[diff] [blame^]	702	pntsd = get_cifs_acl(&acllen, inode, path, NULL);
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	703
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	704	/* Add three ACEs for owner, group, everyone getting rid of
				705	other ACEs as chmod disables ACEs and set the security descriptor */
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	706
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	707	if (pntsd) {
				708	/* allocate memory for the smb header,
				709	set security descriptor request security descriptor
				710	parameters, and secuirty descriptor itself */
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	711
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	712	pnntsd = kmalloc(acllen, GFP_KERNEL);
				713	if (!pnntsd) {
				714	cERROR(1, ("Unable to allocate security descriptor"));
				715	kfree(pntsd);
				716	return (-ENOMEM);
				717	}
Steve French	7505e05	2007-11-01 18:03:01 +0000	[diff] [blame]	718
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	719	rc = build_sec_desc(pntsd, pnntsd, acllen, inode, nmode);
				720
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	721	cFYI(DBG2, ("build_sec_desc rc: %d", rc));
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	722
				723	if (!rc) {
				724	/* Set the security descriptor */
				725	rc = set_cifs_acl(pnntsd, acllen, inode, path);
Steve French	90c81e0	2008-02-12 20:32:36 +0000	[diff] [blame]	726	cFYI(DBG2, ("set_cifs_acl rc: %d", rc));
Steve French	9783758	2007-12-31 07:47:21 +0000	[diff] [blame]	727	}
				728
				729	kfree(pnntsd);
				730	kfree(pntsd);
				731	}
				732
				733	return (rc);
Steve French	953f868	2007-10-31 04:54:42 +0000	[diff] [blame]	734	}
Steve French	297647c	2007-10-12 04:11:59 +0000	[diff] [blame]	735	#endif /* CONFIG_CIFS_EXPERIMENTAL */