blob: f02fdef463a7f24c940d69e0067a49b947927efb [file] [log] [blame]
Steve Frenchbcb02032007-09-25 16:17:24 +00001/*
2 * fs/cifs/cifsacl.c
3 *
4 * Copyright (C) International Business Machines Corp., 2007
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * Contains the routines for mapping CIFS/NTFS ACLs
8 *
9 * This library is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published
11 * by the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
17 * the GNU Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23
Steve French65874002007-09-25 19:53:44 +000024#include <linux/fs.h>
25#include "cifspdu.h"
26#include "cifsglob.h"
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +000027#include "cifsacl.h"
Steve French65874002007-09-25 19:53:44 +000028#include "cifsproto.h"
29#include "cifs_debug.h"
Steve French65874002007-09-25 19:53:44 +000030
Steve French297647c2007-10-12 04:11:59 +000031
32#ifdef CONFIG_CIFS_EXPERIMENTAL
33
Steve Frenchaf6f4612007-10-16 18:40:37 +000034static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
Steve French297647c2007-10-12 04:11:59 +000035 {{1, 0, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0, 0} }, "null user"},
36 {{1, 1, {0, 0, 0, 0, 0, 1}, {0, 0, 0, 0, 0} }, "nobody"},
Dave Kleikampce51ae12007-10-16 21:35:39 +000037 {{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(11), 0, 0, 0, 0} }, "net-users"},
38 {{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
39 {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},
40 {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},
Steve French44093ca2007-10-23 21:22:55 +000041 {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"} }
42;
Steve French297647c2007-10-12 04:11:59 +000043
44
Steve Frenchbcb02032007-09-25 16:17:24 +000045/* security id for everyone */
Shirish Pargaonkare01b6402007-10-30 04:45:14 +000046static const struct cifs_sid sid_everyone = {
47 1, 1, {0, 0, 0, 0, 0, 1}, {0} };
Steve Frenchbcb02032007-09-25 16:17:24 +000048/* group users */
49static const struct cifs_sid sid_user =
Steve Frenchd12fd122007-10-03 19:43:19 +000050 {1, 2 , {0, 0, 0, 0, 0, 5}, {} };
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +000051
Steve French297647c2007-10-12 04:11:59 +000052
53int match_sid(struct cifs_sid *ctsid)
54{
55 int i, j;
56 int num_subauth, num_sat, num_saw;
57 struct cifs_sid *cwsid;
58
59 if (!ctsid)
60 return (-1);
61
62 for (i = 0; i < NUM_WK_SIDS; ++i) {
63 cwsid = &(wksidarr[i].cifssid);
64
65 /* compare the revision */
66 if (ctsid->revision != cwsid->revision)
67 continue;
68
69 /* compare all of the six auth values */
70 for (j = 0; j < 6; ++j) {
71 if (ctsid->authority[j] != cwsid->authority[j])
72 break;
73 }
74 if (j < 6)
75 continue; /* all of the auth values did not match */
76
77 /* compare all of the subauth values if any */
Dave Kleikampce51ae12007-10-16 21:35:39 +000078 num_sat = ctsid->num_subauth;
79 num_saw = cwsid->num_subauth;
Steve French297647c2007-10-12 04:11:59 +000080 num_subauth = num_sat < num_saw ? num_sat : num_saw;
81 if (num_subauth) {
82 for (j = 0; j < num_subauth; ++j) {
83 if (ctsid->sub_auth[j] != cwsid->sub_auth[j])
84 break;
85 }
86 if (j < num_subauth)
87 continue; /* all sub_auth values do not match */
88 }
89
90 cFYI(1, ("matching sid: %s\n", wksidarr[i].sidname));
91 return (0); /* sids compare/match */
92 }
93
94 cFYI(1, ("No matching sid"));
95 return (-1);
96}
97
Steve Frencha750e772007-10-17 22:50:39 +000098/* if the two SIDs (roughly equivalent to a UUID for a user or group) are
99 the same returns 1, if they do not match returns 0 */
Steve French630f3f02007-10-25 21:17:17 +0000100int compare_sids(const struct cifs_sid *ctsid, const struct cifs_sid *cwsid)
Steve French297647c2007-10-12 04:11:59 +0000101{
102 int i;
103 int num_subauth, num_sat, num_saw;
104
105 if ((!ctsid) || (!cwsid))
Steve Frencha750e772007-10-17 22:50:39 +0000106 return (0);
Steve French297647c2007-10-12 04:11:59 +0000107
108 /* compare the revision */
109 if (ctsid->revision != cwsid->revision)
Steve Frencha750e772007-10-17 22:50:39 +0000110 return (0);
Steve French297647c2007-10-12 04:11:59 +0000111
112 /* compare all of the six auth values */
113 for (i = 0; i < 6; ++i) {
114 if (ctsid->authority[i] != cwsid->authority[i])
Steve Frencha750e772007-10-17 22:50:39 +0000115 return (0);
Steve French297647c2007-10-12 04:11:59 +0000116 }
117
118 /* compare all of the subauth values if any */
Steve Frenchadbc0352007-10-17 02:12:46 +0000119 num_sat = ctsid->num_subauth;
Steve Frenchadddd492007-10-17 02:48:17 +0000120 num_saw = cwsid->num_subauth;
Steve French297647c2007-10-12 04:11:59 +0000121 num_subauth = num_sat < num_saw ? num_sat : num_saw;
122 if (num_subauth) {
123 for (i = 0; i < num_subauth; ++i) {
124 if (ctsid->sub_auth[i] != cwsid->sub_auth[i])
Steve Frencha750e772007-10-17 22:50:39 +0000125 return (0);
Steve French297647c2007-10-12 04:11:59 +0000126 }
127 }
128
Steve Frencha750e772007-10-17 22:50:39 +0000129 return (1); /* sids compare/match */
Steve French297647c2007-10-12 04:11:59 +0000130}
131
Steve French630f3f02007-10-25 21:17:17 +0000132/*
133 change posix mode to reflect permissions
134 pmode is the existing mode (we only want to overwrite part of this
135 bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
136*/
Steve French15b03952007-11-08 17:57:40 +0000137static void access_flags_to_mode(__u32 ace_flags, int type, umode_t *pmode,
138 umode_t *pbits_to_set)
Steve French4879b442007-10-19 21:57:39 +0000139{
Steve French15b03952007-11-08 17:57:40 +0000140 /* the order of ACEs is important. The canonical order is to begin with
Steve Frenchce06c9f2007-11-08 21:12:01 +0000141 DENY entries followed by ALLOW, otherwise an allow entry could be
Steve French15b03952007-11-08 17:57:40 +0000142 encountered first, making the subsequent deny entry like "dead code"
Steve Frenchce06c9f2007-11-08 21:12:01 +0000143 which would be superflous since Windows stops when a match is made
Steve French15b03952007-11-08 17:57:40 +0000144 for the operation you are trying to perform for your user */
145
146 /* For deny ACEs we change the mask so that subsequent allow access
147 control entries do not turn on the bits we are denying */
148 if (type == ACCESS_DENIED) {
149 if (ace_flags & GENERIC_ALL) {
150 *pbits_to_set &= ~S_IRWXUGO;
151 }
152 if ((ace_flags & GENERIC_WRITE) ||
153 ((ace_flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
154 *pbits_to_set &= ~S_IWUGO;
155 if ((ace_flags & GENERIC_READ) ||
156 ((ace_flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
157 *pbits_to_set &= ~S_IRUGO;
158 if ((ace_flags & GENERIC_EXECUTE) ||
159 ((ace_flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
160 *pbits_to_set &= ~S_IXUGO;
161 return;
162 } else if (type != ACCESS_ALLOWED) {
163 cERROR(1, ("unknown access control type %d", type));
164 return;
165 }
166 /* else ACCESS_ALLOWED type */
Steve French44093ca2007-10-23 21:22:55 +0000167
Steve Frenchd61e5802007-10-26 04:32:43 +0000168 if (ace_flags & GENERIC_ALL) {
Steve French15b03952007-11-08 17:57:40 +0000169 *pmode |= (S_IRWXUGO & (*pbits_to_set));
Steve Frenchd61e5802007-10-26 04:32:43 +0000170#ifdef CONFIG_CIFS_DEBUG2
171 cFYI(1, ("all perms"));
172#endif
173 return;
174 }
Shirish Pargaonkare01b6402007-10-30 04:45:14 +0000175 if ((ace_flags & GENERIC_WRITE) ||
176 ((ace_flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
Steve French15b03952007-11-08 17:57:40 +0000177 *pmode |= (S_IWUGO & (*pbits_to_set));
Shirish Pargaonkare01b6402007-10-30 04:45:14 +0000178 if ((ace_flags & GENERIC_READ) ||
179 ((ace_flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
Steve French15b03952007-11-08 17:57:40 +0000180 *pmode |= (S_IRUGO & (*pbits_to_set));
Shirish Pargaonkare01b6402007-10-30 04:45:14 +0000181 if ((ace_flags & GENERIC_EXECUTE) ||
182 ((ace_flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
Steve French15b03952007-11-08 17:57:40 +0000183 *pmode |= (S_IXUGO & (*pbits_to_set));
Steve Frenchd61e5802007-10-26 04:32:43 +0000184
185#ifdef CONFIG_CIFS_DEBUG2
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000186 cFYI(1, ("access flags 0x%x mode now 0x%x", ace_flags, *pmode));
Steve Frenchd61e5802007-10-26 04:32:43 +0000187#endif
Steve French630f3f02007-10-25 21:17:17 +0000188 return;
189}
190
Steve Frenchce06c9f2007-11-08 21:12:01 +0000191/*
192 Generate access flags to reflect permissions mode is the existing mode.
193 This function is called for every ACE in the DACL whose SID matches
194 with either owner or group or everyone.
195*/
196
197static void mode_to_access_flags(umode_t mode, umode_t bits_to_use,
198 __u32 *pace_flags)
199{
200 /* reset access mask */
201 *pace_flags = 0x0;
202
203 /* bits to use are either S_IRWXU or S_IRWXG or S_IRWXO */
204 mode &= bits_to_use;
205
206 /* check for R/W/X UGO since we do not know whose flags
207 is this but we have cleared all the bits sans RWX for
208 either user or group or other as per bits_to_use */
209 if (mode & S_IRUGO)
210 *pace_flags |= SET_FILE_READ_RIGHTS;
211 if (mode & S_IWUGO)
212 *pace_flags |= SET_FILE_WRITE_RIGHTS;
213 if (mode & S_IXUGO)
214 *pace_flags |= SET_FILE_EXEC_RIGHTS;
215
216#ifdef CONFIG_CIFS_DEBUG2
217 cFYI(1, ("mode: 0x%x, access flags now 0x%x", mode, *pace_flags));
218#endif
219 return;
220}
221
Steve French297647c2007-10-12 04:11:59 +0000222
Steve French953f8682007-10-31 04:54:42 +0000223#ifdef CONFIG_CIFS_DEBUG2
224static void dump_ace(struct cifs_ace *pace, char *end_of_acl)
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000225{
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000226 int num_subauth;
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000227
228 /* validate that we do not go past end of acl */
Steve French297647c2007-10-12 04:11:59 +0000229
Steve French44093ca2007-10-23 21:22:55 +0000230 if (le16_to_cpu(pace->size) < 16) {
231 cERROR(1, ("ACE too small, %d", le16_to_cpu(pace->size)));
232 return;
233 }
234
235 if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) {
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000236 cERROR(1, ("ACL too small to parse ACE"));
237 return;
Steve French44093ca2007-10-23 21:22:55 +0000238 }
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000239
Steve French44093ca2007-10-23 21:22:55 +0000240 num_subauth = pace->sid.num_subauth;
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000241 if (num_subauth) {
Steve French8f18c132007-10-12 18:54:12 +0000242 int i;
Steve French44093ca2007-10-23 21:22:55 +0000243 cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",
244 pace->sid.revision, pace->sid.num_subauth, pace->type,
245 pace->flags, pace->size));
Steve Frenchd12fd122007-10-03 19:43:19 +0000246 for (i = 0; i < num_subauth; ++i) {
247 cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,
Steve French44093ca2007-10-23 21:22:55 +0000248 le32_to_cpu(pace->sid.sub_auth[i])));
Steve Frenchd12fd122007-10-03 19:43:19 +0000249 }
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000250
Steve Frenchd12fd122007-10-03 19:43:19 +0000251 /* BB add length check to make sure that we do not have huge
252 num auths and therefore go off the end */
Steve Frenchd12fd122007-10-03 19:43:19 +0000253 }
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000254
Steve Frenchd12fd122007-10-03 19:43:19 +0000255 return;
256}
Steve French953f8682007-10-31 04:54:42 +0000257#endif
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000258
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000259
Steve Frencha750e772007-10-17 22:50:39 +0000260static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
Steve Frenchd61e5802007-10-26 04:32:43 +0000261 struct cifs_sid *pownersid, struct cifs_sid *pgrpsid,
Steve French630f3f02007-10-25 21:17:17 +0000262 struct inode *inode)
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000263{
264 int i;
265 int num_aces = 0;
266 int acl_size;
267 char *acl_base;
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000268 struct cifs_ace **ppace;
269
270 /* BB need to add parm so we can store the SID BB */
271
Steve French2b834572007-11-25 10:01:00 +0000272 if (!pdacl) {
273 /* no DACL in the security descriptor, set
274 all the permissions for user/group/other */
275 inode->i_mode |= S_IRWXUGO;
276 return;
277 }
278
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000279 /* validate that we do not go past end of acl */
Steve Frenchaf6f4612007-10-16 18:40:37 +0000280 if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) {
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000281 cERROR(1, ("ACL too small to parse DACL"));
282 return;
283 }
284
285#ifdef CONFIG_CIFS_DEBUG2
286 cFYI(1, ("DACL revision %d size %d num aces %d",
Steve Frenchaf6f4612007-10-16 18:40:37 +0000287 le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
288 le32_to_cpu(pdacl->num_aces)));
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000289#endif
290
Steve French7505e052007-11-01 18:03:01 +0000291 /* reset rwx permissions for user/group/other.
292 Also, if num_aces is 0 i.e. DACL has no ACEs,
293 user/group/other have no permissions */
294 inode->i_mode &= ~(S_IRWXUGO);
295
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000296 acl_base = (char *)pdacl;
297 acl_size = sizeof(struct cifs_acl);
298
Steve Frenchadbc0352007-10-17 02:12:46 +0000299 num_aces = le32_to_cpu(pdacl->num_aces);
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000300 if (num_aces > 0) {
Steve French15b03952007-11-08 17:57:40 +0000301 umode_t user_mask = S_IRWXU;
302 umode_t group_mask = S_IRWXG;
303 umode_t other_mask = S_IRWXO;
304
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000305 ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
306 GFP_KERNEL);
307
Steve Frenchd12fd122007-10-03 19:43:19 +0000308/* cifscred->cecount = pdacl->num_aces;
Steve Frenchd12fd122007-10-03 19:43:19 +0000309 cifscred->aces = kmalloc(num_aces *
310 sizeof(struct cifs_ace *), GFP_KERNEL);*/
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000311
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000312 for (i = 0; i < num_aces; ++i) {
Steve French44093ca2007-10-23 21:22:55 +0000313 ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
Steve French953f8682007-10-31 04:54:42 +0000314#ifdef CONFIG_CIFS_DEBUG2
315 dump_ace(ppace[i], end_of_acl);
316#endif
Shirish Pargaonkare01b6402007-10-30 04:45:14 +0000317 if (compare_sids(&(ppace[i]->sid), pownersid))
318 access_flags_to_mode(ppace[i]->access_req,
Steve French15b03952007-11-08 17:57:40 +0000319 ppace[i]->type,
320 &(inode->i_mode),
321 &user_mask);
Shirish Pargaonkare01b6402007-10-30 04:45:14 +0000322 if (compare_sids(&(ppace[i]->sid), pgrpsid))
323 access_flags_to_mode(ppace[i]->access_req,
Steve French15b03952007-11-08 17:57:40 +0000324 ppace[i]->type,
325 &(inode->i_mode),
326 &group_mask);
Shirish Pargaonkare01b6402007-10-30 04:45:14 +0000327 if (compare_sids(&(ppace[i]->sid), &sid_everyone))
328 access_flags_to_mode(ppace[i]->access_req,
Steve French15b03952007-11-08 17:57:40 +0000329 ppace[i]->type,
330 &(inode->i_mode),
331 &other_mask);
Shirish Pargaonkare01b6402007-10-30 04:45:14 +0000332
Steve French44093ca2007-10-23 21:22:55 +0000333/* memcpy((void *)(&(cifscred->aces[i])),
Steve Frenchd12fd122007-10-03 19:43:19 +0000334 (void *)ppace[i],
335 sizeof(struct cifs_ace)); */
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000336
Steve French44093ca2007-10-23 21:22:55 +0000337 acl_base = (char *)ppace[i];
338 acl_size = le16_to_cpu(ppace[i]->size);
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000339 }
340
341 kfree(ppace);
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000342 }
343
344 return;
345}
346
Steve Frenchbcb02032007-09-25 16:17:24 +0000347
348static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
349{
350 /* BB need to add parm so we can store the SID BB */
351
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000352 /* validate that we do not go past end of ACL - sid must be at least 8
353 bytes long (assuming no sub-auths - e.g. the null SID */
354 if (end_of_acl < (char *)psid + 8) {
355 cERROR(1, ("ACL too small to parse SID %p", psid));
Steve Frenchbcb02032007-09-25 16:17:24 +0000356 return -EINVAL;
357 }
Steve Frenchbcb02032007-09-25 16:17:24 +0000358
Steve Frenchaf6f4612007-10-16 18:40:37 +0000359 if (psid->num_subauth) {
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000360#ifdef CONFIG_CIFS_DEBUG2
Steve French8f18c132007-10-12 18:54:12 +0000361 int i;
Steve French44093ca2007-10-23 21:22:55 +0000362 cFYI(1, ("SID revision %d num_auth %d",
363 psid->revision, psid->num_subauth));
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000364
Steve Frenchaf6f4612007-10-16 18:40:37 +0000365 for (i = 0; i < psid->num_subauth; i++) {
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000366 cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
Steve French297647c2007-10-12 04:11:59 +0000367 le32_to_cpu(psid->sub_auth[i])));
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000368 }
369
Steve Frenchd12fd122007-10-03 19:43:19 +0000370 /* BB add length check to make sure that we do not have huge
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000371 num auths and therefore go off the end */
Steve Frenchd12fd122007-10-03 19:43:19 +0000372 cFYI(1, ("RID 0x%x",
Steve Frenchaf6f4612007-10-16 18:40:37 +0000373 le32_to_cpu(psid->sub_auth[psid->num_subauth-1])));
Steve Frenchbcb02032007-09-25 16:17:24 +0000374#endif
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000375 }
376
Steve Frenchbcb02032007-09-25 16:17:24 +0000377 return 0;
378}
379
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000380
Steve Frenchbcb02032007-09-25 16:17:24 +0000381/* Convert CIFS ACL to POSIX form */
Steve French630f3f02007-10-25 21:17:17 +0000382static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
383 struct inode *inode)
Steve Frenchbcb02032007-09-25 16:17:24 +0000384{
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000385 int rc;
Steve Frenchbcb02032007-09-25 16:17:24 +0000386 struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
387 struct cifs_acl *dacl_ptr; /* no need for SACL ptr */
Steve Frenchbcb02032007-09-25 16:17:24 +0000388 char *end_of_acl = ((char *)pntsd) + acl_len;
Steve French7505e052007-11-01 18:03:01 +0000389 __u32 dacloffset;
Steve Frenchbcb02032007-09-25 16:17:24 +0000390
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000391 if ((inode == NULL) || (pntsd == NULL))
392 return -EIO;
393
Steve Frenchbcb02032007-09-25 16:17:24 +0000394 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
Steve Frenchaf6f4612007-10-16 18:40:37 +0000395 le32_to_cpu(pntsd->osidoffset));
Steve Frenchbcb02032007-09-25 16:17:24 +0000396 group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
Steve Frenchaf6f4612007-10-16 18:40:37 +0000397 le32_to_cpu(pntsd->gsidoffset));
Steve French7505e052007-11-01 18:03:01 +0000398 dacloffset = le32_to_cpu(pntsd->dacloffset);
Steve French63d25832007-11-05 21:46:10 +0000399 dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
Steve Frenchbcb02032007-09-25 16:17:24 +0000400#ifdef CONFIG_CIFS_DEBUG2
401 cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
402 "sacloffset 0x%x dacloffset 0x%x",
Steve Frenchaf6f4612007-10-16 18:40:37 +0000403 pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset),
404 le32_to_cpu(pntsd->gsidoffset),
Steve French7505e052007-11-01 18:03:01 +0000405 le32_to_cpu(pntsd->sacloffset), dacloffset));
Steve Frenchbcb02032007-09-25 16:17:24 +0000406#endif
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000407/* cifs_dump_mem("owner_sid: ", owner_sid_ptr, 64); */
Steve Frenchbcb02032007-09-25 16:17:24 +0000408 rc = parse_sid(owner_sid_ptr, end_of_acl);
409 if (rc)
410 return rc;
411
412 rc = parse_sid(group_sid_ptr, end_of_acl);
413 if (rc)
414 return rc;
415
Steve French7505e052007-11-01 18:03:01 +0000416 if (dacloffset)
417 parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr,
Steve French63d25832007-11-05 21:46:10 +0000418 group_sid_ptr, inode);
Steve French7505e052007-11-01 18:03:01 +0000419 else
420 cFYI(1, ("no ACL")); /* BB grant all or default perms? */
Shirish Pargaonkard0d66c42007-10-03 18:22:19 +0000421
Steve Frenchbcb02032007-09-25 16:17:24 +0000422/* cifscred->uid = owner_sid_ptr->rid;
423 cifscred->gid = group_sid_ptr->rid;
424 memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,
Steve French630f3f02007-10-25 21:17:17 +0000425 sizeof(struct cifs_sid));
Steve Frenchbcb02032007-09-25 16:17:24 +0000426 memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,
Steve French630f3f02007-10-25 21:17:17 +0000427 sizeof(struct cifs_sid)); */
Steve Frenchbcb02032007-09-25 16:17:24 +0000428
Steve French297647c2007-10-12 04:11:59 +0000429
Steve Frenchbcb02032007-09-25 16:17:24 +0000430 return (0);
431}
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000432
433
Steve French7505e052007-11-01 18:03:01 +0000434/* Retrieve an ACL from the server */
435static struct cifs_ntsd *get_cifs_acl(u32 *pacllen, struct inode *inode,
436 const char *path)
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000437{
438 struct cifsFileInfo *open_file;
439 int unlock_file = FALSE;
440 int xid;
441 int rc = -EIO;
442 __u16 fid;
443 struct super_block *sb;
444 struct cifs_sb_info *cifs_sb;
445 struct cifs_ntsd *pntsd = NULL;
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000446
447 cFYI(1, ("get mode from ACL for %s", path));
448
449 if (inode == NULL)
Steve French7505e052007-11-01 18:03:01 +0000450 return NULL;
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000451
452 xid = GetXid();
453 open_file = find_readable_file(CIFS_I(inode));
454 sb = inode->i_sb;
455 if (sb == NULL) {
456 FreeXid(xid);
Steve French7505e052007-11-01 18:03:01 +0000457 return NULL;
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000458 }
459 cifs_sb = CIFS_SB(sb);
460
461 if (open_file) {
462 unlock_file = TRUE;
463 fid = open_file->netfid;
464 } else {
465 int oplock = FALSE;
466 /* open file */
467 rc = CIFSSMBOpen(xid, cifs_sb->tcon, path, FILE_OPEN,
Steve French953f8682007-10-31 04:54:42 +0000468 READ_CONTROL, 0, &fid, &oplock, NULL,
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000469 cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
470 CIFS_MOUNT_MAP_SPECIAL_CHR);
471 if (rc != 0) {
472 cERROR(1, ("Unable to open file to get ACL"));
473 FreeXid(xid);
Steve French7505e052007-11-01 18:03:01 +0000474 return NULL;
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000475 }
476 }
477
Steve French7505e052007-11-01 18:03:01 +0000478 rc = CIFSSMBGetCIFSACL(xid, cifs_sb->tcon, fid, &pntsd, pacllen);
479 cFYI(1, ("GetCIFSACL rc = %d ACL len %d", rc, *pacllen));
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000480 if (unlock_file == TRUE)
481 atomic_dec(&open_file->wrtPending);
482 else
483 CIFSSMBClose(xid, cifs_sb->tcon, fid);
484
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000485 FreeXid(xid);
Steve French7505e052007-11-01 18:03:01 +0000486 return pntsd;
487}
488
489/* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */
490void acl_to_uid_mode(struct inode *inode, const char *path)
491{
492 struct cifs_ntsd *pntsd = NULL;
493 u32 acllen = 0;
494 int rc = 0;
495
496#ifdef CONFIG_CIFS_DEBUG2
497 cFYI(1, ("converting ACL to mode for %s", path));
498#endif
499 pntsd = get_cifs_acl(&acllen, inode, path);
500
501 /* if we can retrieve the ACL, now parse Access Control Entries, ACEs */
502 if (pntsd)
503 rc = parse_sec_desc(pntsd, acllen, inode);
504 if (rc)
505 cFYI(1, ("parse sec desc failed rc = %d", rc));
506
507 kfree(pntsd);
Steve Frenchb9c7a2b2007-10-26 23:40:20 +0000508 return;
509}
Steve French953f8682007-10-31 04:54:42 +0000510
Steve French7505e052007-11-01 18:03:01 +0000511/* Convert mode bits to an ACL so we can update the ACL on the server */
Steve French953f8682007-10-31 04:54:42 +0000512int mode_to_acl(struct inode *inode, const char *path)
513{
514 int rc = 0;
515 __u32 acllen = 0;
516 struct cifs_ntsd *pntsd = NULL;
517
518 cFYI(1, ("set ACL from mode for %s", path));
519
520 /* Get the security descriptor */
Steve French7505e052007-11-01 18:03:01 +0000521 pntsd = get_cifs_acl(&acllen, inode, path);
Steve French953f8682007-10-31 04:54:42 +0000522
Steve French7505e052007-11-01 18:03:01 +0000523 /* Add/Modify the three ACEs for owner, group, everyone
524 while retaining the other ACEs */
Steve French953f8682007-10-31 04:54:42 +0000525
526 /* Set the security descriptor */
Steve French953f8682007-10-31 04:54:42 +0000527
Steve French7505e052007-11-01 18:03:01 +0000528
529 kfree(pntsd);
Steve French953f8682007-10-31 04:54:42 +0000530 return rc;
531}
Steve French297647c2007-10-12 04:11:59 +0000532#endif /* CONFIG_CIFS_EXPERIMENTAL */