[CIFS] Support for CIFS ACLs (part 1)
Add code to be able to dump CIFS ACL information
when Query Posix ACL with cifsacl mount parm enabled.
Signed-off-by: Shirish Pargoankar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h
index 5eff35d..97d03dc 100644
--- a/fs/cifs/cifsacl.h
+++ b/fs/cifs/cifsacl.h
@@ -22,12 +22,42 @@
#ifndef _CIFSACL_H
#define _CIFSACL_H
+struct cifs_ntsd {
+ __u16 revision; /* revision level */
+ __u16 type;
+ __u32 osidoffset;
+ __u32 gsidoffset;
+ __u32 sacloffset;
+ __u32 dacloffset;
+} __attribute__((packed));
+
struct cifs_sid {
__u8 revision; /* revision level */
- __u8 num_subauths;
+ __u8 num_auth;
__u8 authority[6];
__u32 sub_auth[4];
- /* next sub_auth if any ... */
+ __u32 rid;
+} __attribute__((packed));
+
+struct cifs_acl {
+ __u16 revision; /* revision level */
+ __u16 size;
+ __u32 num_aces;
+} __attribute__((packed));
+
+struct cifs_ntace {
+ __u8 type;
+ __u8 flags;
+ __u16 size;
+ __u32 access_req;
+} __attribute__((packed));
+
+struct cifs_ace {
+ __u8 revision; /* revision level */
+ __u8 num_auth;
+ __u8 authority[6];
+ __u32 sub_auth[4];
+ __u32 rid;
} __attribute__((packed));
/* everyone */
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index b98742f..bb468de 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -19,6 +19,7 @@
#include <linux/in.h>
#include <linux/in6.h>
#include "cifs_fs_sb.h"
+#include "cifsacl.h"
/*
* The sizes of various internal tables and strings
*/
@@ -115,6 +116,17 @@
} data;
};
+struct cifs_cred {
+ int uid;
+ int gid;
+ int mode;
+ int cecount;
+ struct cifs_sid osid;
+ struct cifs_sid gsid;
+ struct cifs_ntace *ntaces;
+ struct cifs_ace *aces;
+};
+
/*
*****************************************************************
* Except the CIFS PDUs themselves all the
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index f33c89c..46c2bb4 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -3048,17 +3048,110 @@
static const struct cifs_sid sid_user =
{1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};
-/* Convert CIFS ACL to POSIX form */
-static int parse_sec_desc(struct cifs_sid *psec_desc, int acl_len)
+static void parse_sid(struct cifs_sid * psid, char * end_of_acl)
{
- return 0;
+ /* BB need to add parm so we can store the SID BB */
+
+ /* validate that we do not go past end of acl */
+ if (end_of_acl < (char *)psid + sizeof(struct cifs_sid)) {
+ cERROR(1, ("ACL to small to parse SID"));
+ return;
+ }
+#ifdef CONFIG_CIFS_DEBUG2
+ cFYI(1, ("revision %d num_auth %d First subauth 0x%x",
+ psid->revision, psid->num_auth, psid->sub_auth[0]));
+
+ /* BB add length check to make sure that we do not have huge num auths
+ and therefore go off the end */
+ cFYI(1, ("RID 0x%x", le32_to_cpu(psid->sub_auth[psid->num_auth])));
+#endif
+ return;
+}
+
+/* Convert CIFS ACL to POSIX form */
+static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
+{
+ int i;
+ int num_aces = 0;
+ int acl_size;
+ struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
+ struct cifs_acl *dacl_ptr; /* no need for SACL ptr */
+ struct cifs_ntace **ppntace;
+ struct cifs_ace **ppace;
+ char *acl_base;
+ char *end_of_acl = ((char *)pntsd) + acl_len;
+
+ owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
+ cpu_to_le32(pntsd->osidoffset));
+ group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
+ cpu_to_le32(pntsd->gsidoffset));
+ dacl_ptr = (struct cifs_acl *)((char *)pntsd +
+ cpu_to_le32(pntsd->dacloffset));
+#ifdef CONFIG_CIFS_DEBUG2
+ cFYI(1,("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
+ "sacloffset 0x%x dacloffset 0x%x", pntsd->revision, pntsd->type,
+ pntsd->osidoffset, pntsd->gsidoffset, pntsd->sacloffset,
+ pntsd->dacloffset));
+#endif
+ parse_sid(owner_sid_ptr, end_of_acl);
+ parse_sid(group_sid_ptr, end_of_acl);
+
+/* cifscred->uid = owner_sid_ptr->rid;
+ cifscred->gid = group_sid_ptr->rid;
+ memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,
+ sizeof (struct cifs_sid));
+ memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,
+ sizeof (struct cifs_sid)); */
+
+ num_aces = cpu_to_le32(dacl_ptr->num_aces);
+ cFYI(1, ("num aces %d", num_aces));
+ if (num_aces > 0) {
+ ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
+ GFP_KERNEL);
+ ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
+ GFP_KERNEL);
+
+/* cifscred->cecount = dacl_ptr->num_aces;
+ cifscred->ntaces = kmalloc(num_aces *
+ sizeof(struct cifs_ntace *), GFP_KERNEL);
+ cifscred->aces = kmalloc(num_aces *
+ sizeof(struct cifs_ace *), GFP_KERNEL);*/
+
+ acl_base = (char *)dacl_ptr;
+ acl_size = sizeof(struct cifs_acl);
+
+ for (i = 0; i < num_aces; ++i) {
+ ppntace[i] = (struct cifs_ntace *)
+ (acl_base + acl_size);
+ ppace[i] = (struct cifs_ace *)
+ ((char *)ppntace[i] +
+ sizeof(struct cifs_ntace));
+
+/* memcpy((void *)(&(cifscred->ntaces[i])),
+ (void *)ntace_ptrptr[i],
+ sizeof(struct cifs_ntace));
+ memcpy((void *)(&(cifscred->aces[i])),
+ (void *)ace_ptrptr[i],
+ sizeof(struct cifs_ace)); */
+
+ acl_base = (char *)ppntace[i];
+ acl_size = cpu_to_le32(ppntace[i]->size);
+#ifdef CONFIG_CIFS_DEBUG2
+ cFYI(1, ("ACE revision:%d", ppace[i]->revision));
+ }
+#endif
+ kfree(ppace);
+ kfree(ppntace);
+ }
+
+ return (0);
}
/* Get Security Descriptor (by handle) from remote server for a file or dir */
int
CIFSSMBGetCIFSACL(const int xid, struct cifsTconInfo *tcon, __u16 fid,
/* BB fix up return info */ char *acl_inf, const int buflen,
- const int acl_type /* ACCESS/DEFAULT not sure implication */)
+ const int acl_type)
{
int rc = 0;
int buf_type = 0;
@@ -3088,7 +3181,7 @@
if (rc) {
cFYI(1, ("Send error in QuerySecDesc = %d", rc));
} else { /* decode response */
- struct cifs_sid *psec_desc;
+ struct cifs_ntsd *psec_desc;
__le32 * parm;
int parm_len;
int data_len;
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 5c3cc64..e43cb88 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1742,9 +1742,9 @@
cFYI(1, ("very large write cap"));
#endif /* CIFS_DEBUG2 */
if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
- if (vol_info == NULL)
+ if (vol_info == NULL) {
cFYI(1, ("resetting capabilities failed"));
- else
+ } else
cERROR(1, ("Negotiating Unix capabilities "
"with the server failed. Consider "
"mounting with the Unix Extensions\n"