[linux-2.6-block.git] / fs / cifs / cifsacl.c

/*
 *   fs/cifs/cifsacl.c
 *
 *   Copyright (C) International Business Machines  Corp., 2007
 *   Author(s): Steve French (sfrench@us.ibm.com)
 *
 *   Contains the routines for mapping CIFS/NTFS ACLs
 *
 *   This library is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU Lesser General Public License as published
 *   by the Free Software Foundation; either version 2.1 of the License, or
 *   (at your option) any later version.
 *
 *   This library is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 *   the GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public License
 *   along with this library; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

#include <linux/fs.h>
#include "cifspdu.h"
#include "cifsglob.h"
#include "cifsacl.h"
#include "cifsproto.h"
#include "cifs_debug.h"


#ifdef CONFIG_CIFS_EXPERIMENTAL

static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
	{{1, 0, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0, 0} }, "null user"},
	{{1, 1, {0, 0, 0, 0, 0, 1}, {0, 0, 0, 0, 0} }, "nobody"},
	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(11), 0, 0, 0, 0} }, "net-users"},
	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},
	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},
	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"} }
;


/* security id for everyone */
static const struct cifs_sid sid_everyone =
		{1, 1, {0, 0, 0, 0, 0, 0}, {} };
/* group users */
static const struct cifs_sid sid_user =
		{1, 2 , {0, 0, 0, 0, 0, 5}, {} };


int match_sid(struct cifs_sid *ctsid)
{
	int i, j;
	int num_subauth, num_sat, num_saw;
	struct cifs_sid *cwsid;

	if (!ctsid)
		return (-1);

	for (i = 0; i < NUM_WK_SIDS; ++i) {
		cwsid = &(wksidarr[i].cifssid);

		/* compare the revision */
		if (ctsid->revision != cwsid->revision)
			continue;

		/* compare all of the six auth values */
		for (j = 0; j < 6; ++j) {
			if (ctsid->authority[j] != cwsid->authority[j])
				break;
		}
		if (j < 6)
			continue; /* all of the auth values did not match */

		/* compare all of the subauth values if any */
		num_sat = ctsid->num_subauth;
		num_saw = cwsid->num_subauth;
		num_subauth = num_sat < num_saw ? num_sat : num_saw;
		if (num_subauth) {
			for (j = 0; j < num_subauth; ++j) {
				if (ctsid->sub_auth[j] != cwsid->sub_auth[j])
					break;
			}
			if (j < num_subauth)
				continue; /* all sub_auth values do not match */
		}

		cFYI(1, ("matching sid: %s\n", wksidarr[i].sidname));
		return (0); /* sids compare/match */
	}

	cFYI(1, ("No matching sid"));
	return (-1);
}

/* if the two SIDs (roughly equivalent to a UUID for a user or group) are
   the same returns 1, if they do not match returns 0 */
int compare_sids(const struct cifs_sid *ctsid, const struct cifs_sid *cwsid)
{
	int i;
	int num_subauth, num_sat, num_saw;

	if ((!ctsid) || (!cwsid))
		return (0);

	/* compare the revision */
	if (ctsid->revision != cwsid->revision)
		return (0);

	/* compare all of the six auth values */
	for (i = 0; i < 6; ++i) {
		if (ctsid->authority[i] != cwsid->authority[i])
			return (0);
	}

	/* compare all of the subauth values if any */
	num_sat = ctsid->num_subauth;
	num_saw = cwsid->num_subauth;
	num_subauth = num_sat < num_saw ? num_sat : num_saw;
	if (num_subauth) {
		for (i = 0; i < num_subauth; ++i) {
			if (ctsid->sub_auth[i] != cwsid->sub_auth[i])
				return (0);
		}
	}

	return (1); /* sids compare/match */
}

/*
   change posix mode to reflect permissions
   pmode is the existing mode (we only want to overwrite part of this
   bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
*/
static void access_flags_to_mode(__u32 ace_flags, umode_t *pmode,
				 umode_t bits_to_set)
{

	*pmode &= ~bits_to_set;

	if (ace_flags & GENERIC_ALL) {
		*pmode |= (S_IRWXUGO & bits_to_set);
#ifdef CONFIG_CIFS_DEBUG2
		cFYI(1, ("all perms"));
#endif
		return;
	}
	if ((ace_flags & GENERIC_WRITE) || (ace_flags & FILE_WRITE_RIGHTS))
		*pmode |= (S_IWUGO & bits_to_set);
	if ((ace_flags & GENERIC_READ) || (ace_flags & FILE_READ_RIGHTS))
		*pmode |= (S_IRUGO & bits_to_set);
	if ((ace_flags & GENERIC_EXECUTE) || (ace_flags & FILE_EXEC_RIGHTS))
		*pmode |= (S_IXUGO & bits_to_set);

#ifdef CONFIG_CIFS_DEBUG2
	cFYI(1, ("access flags 0x%x mode now 0x%x", ace_flags, *pmode));
#endif
	return;
}


static void parse_ace(struct cifs_ace *pace, char *end_of_acl)
{
	int num_subauth;

	/* validate that we do not go past end of acl */

	if (le16_to_cpu(pace->size) < 16) {
		cERROR(1, ("ACE too small, %d", le16_to_cpu(pace->size)));
		return;
	}

	if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) {
		cERROR(1, ("ACL too small to parse ACE"));
		return;
	}

	num_subauth = pace->sid.num_subauth;
	if (num_subauth) {
#ifdef CONFIG_CIFS_DEBUG2
		int i;
		cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",
			pace->sid.revision, pace->sid.num_subauth, pace->type,
			pace->flags, pace->size));
		for (i = 0; i < num_subauth; ++i) {
			cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,
				le32_to_cpu(pace->sid.sub_auth[i])));
		}

		/* BB add length check to make sure that we do not have huge
			num auths and therefore go off the end */
#endif
	}

	return;
}


static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
		       struct cifs_sid *pownersid, struct cifs_sid *pgrpsid,
		       struct inode *inode)
{
	int i;
	int num_aces = 0;
	int acl_size;
	char *acl_base;
	struct cifs_ace **ppace;

	/* BB need to add parm so we can store the SID BB */

	/* validate that we do not go past end of acl */
	if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) {
		cERROR(1, ("ACL too small to parse DACL"));
		return;
	}

#ifdef CONFIG_CIFS_DEBUG2
	cFYI(1, ("DACL revision %d size %d num aces %d",
		le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
		le32_to_cpu(pdacl->num_aces)));
#endif

	acl_base = (char *)pdacl;
	acl_size = sizeof(struct cifs_acl);

	num_aces = le32_to_cpu(pdacl->num_aces);
	if (num_aces  > 0) {
		ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
				GFP_KERNEL);

/*		cifscred->cecount = pdacl->num_aces;
		cifscred->aces = kmalloc(num_aces *
			sizeof(struct cifs_ace *), GFP_KERNEL);*/

		for (i = 0; i < num_aces; ++i) {
			ppace[i] = (struct cifs_ace *) (acl_base + acl_size);

			parse_ace(ppace[i], end_of_acl);

/*			memcpy((void *)(&(cifscred->aces[i])),
				(void *)ppace[i],
				sizeof(struct cifs_ace)); */

			acl_base = (char *)ppace[i];
			acl_size = le16_to_cpu(ppace[i]->size);
		}

		kfree(ppace);
	}

	return;
}


static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
{
	/* BB need to add parm so we can store the SID BB */

	/* validate that we do not go past end of ACL - sid must be at least 8
	   bytes long (assuming no sub-auths - e.g. the null SID */
	if (end_of_acl < (char *)psid + 8) {
		cERROR(1, ("ACL too small to parse SID %p", psid));
		return -EINVAL;
	}

	if (psid->num_subauth) {
#ifdef CONFIG_CIFS_DEBUG2
		int i;
		cFYI(1, ("SID revision %d num_auth %d",
			psid->revision, psid->num_subauth));

		for (i = 0; i < psid->num_subauth; i++) {
			cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
				le32_to_cpu(psid->sub_auth[i])));
		}

		/* BB add length check to make sure that we do not have huge
			num auths and therefore go off the end */
		cFYI(1, ("RID 0x%x",
			le32_to_cpu(psid->sub_auth[psid->num_subauth-1])));
#endif
	}

	return 0;
}


/* Convert CIFS ACL to POSIX form */
static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
			  struct inode *inode)
{
	int rc;
	struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
	struct cifs_acl *dacl_ptr; /* no need for SACL ptr */
	char *end_of_acl = ((char *)pntsd) + acl_len;

	if ((inode == NULL) || (pntsd == NULL))
		return -EIO;

	owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
				le32_to_cpu(pntsd->osidoffset));
	group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
				le32_to_cpu(pntsd->gsidoffset));
	dacl_ptr = (struct cifs_acl *)((char *)pntsd +
				le32_to_cpu(pntsd->dacloffset));
#ifdef CONFIG_CIFS_DEBUG2
	cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
		 "sacloffset 0x%x dacloffset 0x%x",
		 pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset),
		 le32_to_cpu(pntsd->gsidoffset),
		 le32_to_cpu(pntsd->sacloffset),
		 le32_to_cpu(pntsd->dacloffset)));
#endif
/*	cifs_dump_mem("owner_sid: ", owner_sid_ptr, 64); */
	rc = parse_sid(owner_sid_ptr, end_of_acl);
	if (rc)
		return rc;

	rc = parse_sid(group_sid_ptr, end_of_acl);
	if (rc)
		return rc;

	parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr, group_sid_ptr, inode);

/*	cifscred->uid = owner_sid_ptr->rid;
	cifscred->gid = group_sid_ptr->rid;
	memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,
			sizeof(struct cifs_sid));
	memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,
			sizeof(struct cifs_sid)); */


	return (0);
}


/* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */

void acl_to_uid_mode(struct inode *inode, const char *path)
{
	struct cifsFileInfo *open_file;
	int unlock_file = FALSE;
	int xid;
	int rc = -EIO;
	__u16 fid;
	struct super_block *sb;
	struct cifs_sb_info *cifs_sb;
	struct cifs_ntsd *pntsd = NULL;
	__u32 acllen;

	cFYI(1, ("get mode from ACL for %s", path));

	if (inode == NULL)
		return;

	xid = GetXid();
	open_file = find_readable_file(CIFS_I(inode));
	sb = inode->i_sb;
	if (sb == NULL) {
		FreeXid(xid);
		return;
	}
	cifs_sb = CIFS_SB(sb);

	if (open_file) {
		unlock_file = TRUE;
		fid = open_file->netfid;
	} else {
		int oplock = FALSE;
		/* open file */
		rc = CIFSSMBOpen(xid, cifs_sb->tcon, path, FILE_OPEN,
				GENERIC_READ, 0, &fid, &oplock, NULL,
				cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
					CIFS_MOUNT_MAP_SPECIAL_CHR);
		if (rc != 0) {
			cERROR(1, ("Unable to open file to get ACL"));
			FreeXid(xid);
			return;
		}
	}

	rc = CIFSSMBGetCIFSACL(xid, cifs_sb->tcon, fid, &pntsd, &acllen);
	cFYI(1, ("GetCIFSACL rc = %d ACL len %d", rc, acllen));
	if (unlock_file == TRUE)
		atomic_dec(&open_file->wrtPending);
	else
		CIFSSMBClose(xid, cifs_sb->tcon, fid);

	/* parse ACEs */
	if (!rc)
		rc = parse_sec_desc(pntsd, acllen, inode);
	kfree(pntsd);
	FreeXid(xid);
	return;
}
#endif /* CONFIG_CIFS_EXPERIMENTAL */
Commit	Line	Data
bcb02034 SF	1	/*
	2	* fs/cifs/cifsacl.c
	3	*
	4	* Copyright (C) International Business Machines Corp., 2007
	5	* Author(s): Steve French (sfrench@us.ibm.com)
	6	*
	7	* Contains the routines for mapping CIFS/NTFS ACLs
	8	*
	9	* This library is free software; you can redistribute it and/or modify
	10	* it under the terms of the GNU Lesser General Public License as published
	11	* by the Free Software Foundation; either version 2.1 of the License, or
	12	* (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	17	* the GNU Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public License
	20	* along with this library; if not, write to the Free Software
	21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	22	*/
	23
65874007 SF	24	#include <linux/fs.h>
	25	#include "cifspdu.h"
	26	#include "cifsglob.h"
d0d66c44	27	#include "cifsacl.h"
65874007 SF	28	#include "cifsproto.h"
65874007 SF	29	#include "cifs_debug.h"
65874007	30
297647c2 SF	31
	32	#ifdef CONFIG_CIFS_EXPERIMENTAL
	33
af6f4612	34	static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
297647c2 SF	35	{{1, 0, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0, 0} }, "null user"},
297647c2 SF	36	{{1, 1, {0, 0, 0, 0, 0, 1}, {0, 0, 0, 0, 0} }, "nobody"},
ce51ae14 DK	37	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(11), 0, 0, 0, 0} }, "net-users"},
	38	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
	39	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},
	40	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},
44093ca2 SF	41	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"} }
44093ca2 SF	42	;
297647c2 SF	43
297647c2 SF	44
bcb02034 SF	45	/* security id for everyone */
bcb02034 SF	46	static const struct cifs_sid sid_everyone =
d12fd121	47	{1, 1, {0, 0, 0, 0, 0, 0}, {} };
bcb02034 SF	48	/* group users */
bcb02034 SF	49	static const struct cifs_sid sid_user =
d12fd121	50	{1, 2 , {0, 0, 0, 0, 0, 5}, {} };
d0d66c44	51
297647c2 SF	52
	53	int match_sid(struct cifs_sid *ctsid)
	54	{
	55	int i, j;
	56	int num_subauth, num_sat, num_saw;
	57	struct cifs_sid *cwsid;
	58
	59	if (!ctsid)
	60	return (-1);
	61
	62	for (i = 0; i < NUM_WK_SIDS; ++i) {
	63	cwsid = &(wksidarr[i].cifssid);
	64
	65	/* compare the revision */
	66	if (ctsid->revision != cwsid->revision)
	67	continue;
	68
	69	/* compare all of the six auth values */
	70	for (j = 0; j < 6; ++j) {
	71	if (ctsid->authority[j] != cwsid->authority[j])
	72	break;
	73	}
	74	if (j < 6)
	75	continue; /* all of the auth values did not match */
	76
	77	/* compare all of the subauth values if any */
ce51ae14 DK	78	num_sat = ctsid->num_subauth;
ce51ae14 DK	79	num_saw = cwsid->num_subauth;
297647c2 SF	80	num_subauth = num_sat < num_saw ? num_sat : num_saw;
	81	if (num_subauth) {
	82	for (j = 0; j < num_subauth; ++j) {
	83	if (ctsid->sub_auth[j] != cwsid->sub_auth[j])
	84	break;
	85	}
	86	if (j < num_subauth)
	87	continue; /* all sub_auth values do not match */
	88	}
	89
	90	cFYI(1, ("matching sid: %s\n", wksidarr[i].sidname));
	91	return (0); /* sids compare/match */
	92	}
	93
	94	cFYI(1, ("No matching sid"));
	95	return (-1);
	96	}
	97
a750e77c SF	98	/* if the two SIDs (roughly equivalent to a UUID for a user or group) are
a750e77c SF	99	the same returns 1, if they do not match returns 0 */
630f3f0c	100	int compare_sids(const struct cifs_sid ctsid, const struct cifs_sid cwsid)
297647c2 SF	101	{
	102	int i;
	103	int num_subauth, num_sat, num_saw;
	104
	105	if ((!ctsid) \|\| (!cwsid))
a750e77c	106	return (0);
297647c2 SF	107
	108	/* compare the revision */
	109	if (ctsid->revision != cwsid->revision)
a750e77c	110	return (0);
297647c2 SF	111
	112	/* compare all of the six auth values */
	113	for (i = 0; i < 6; ++i) {
	114	if (ctsid->authority[i] != cwsid->authority[i])
a750e77c	115	return (0);
297647c2 SF	116	}
	117
	118	/* compare all of the subauth values if any */
adbc0358	119	num_sat = ctsid->num_subauth;
adddd49d	120	num_saw = cwsid->num_subauth;
297647c2 SF	121	num_subauth = num_sat < num_saw ? num_sat : num_saw;
	122	if (num_subauth) {
	123	for (i = 0; i < num_subauth; ++i) {
	124	if (ctsid->sub_auth[i] != cwsid->sub_auth[i])
a750e77c	125	return (0);
297647c2 SF	126	}
	127	}
	128
a750e77c	129	return (1); /* sids compare/match */
297647c2 SF	130	}
297647c2 SF	131
630f3f0c SF	132	/*
	133	change posix mode to reflect permissions
	134	pmode is the existing mode (we only want to overwrite part of this
	135	bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
	136	*/
d61e5808	137	static void access_flags_to_mode(__u32 ace_flags, umode_t *pmode,
630f3f0c SF	138	umode_t bits_to_set)
	139	{
	140
d61e5808 SF	141	*pmode &= ~bits_to_set;
	142
	143	if (ace_flags & GENERIC_ALL) {
	144	*pmode \|= (S_IRWXUGO & bits_to_set);
630f3f0c	145	#ifdef CONFIG_CIFS_DEBUG2
d61e5808	146	cFYI(1, ("all perms"));
630f3f0c	147	#endif
d61e5808 SF	148	return;
	149	}
	150	if ((ace_flags & GENERIC_WRITE) \|\| (ace_flags & FILE_WRITE_RIGHTS))
	151	*pmode \|= (S_IWUGO & bits_to_set);
	152	if ((ace_flags & GENERIC_READ) \|\| (ace_flags & FILE_READ_RIGHTS))
	153	*pmode \|= (S_IRUGO & bits_to_set);
	154	if ((ace_flags & GENERIC_EXECUTE) \|\| (ace_flags & FILE_EXEC_RIGHTS))
	155	*pmode \|= (S_IXUGO & bits_to_set);
630f3f0c	156
d61e5808	157	#ifdef CONFIG_CIFS_DEBUG2
b9c7a2bb	158	cFYI(1, ("access flags 0x%x mode now 0x%x", ace_flags, *pmode));
d61e5808	159	#endif
630f3f0c SF	160	return;
	161	}
	162
297647c2	163
d12fd121	164	static void parse_ace(struct cifs_ace pace, char end_of_acl)
d0d66c44	165	{
d0d66c44	166	int num_subauth;
d0d66c44 SP	167
d0d66c44 SP	168	/* validate that we do not go past end of acl */
297647c2	169
44093ca2 SF	170	if (le16_to_cpu(pace->size) < 16) {
	171	cERROR(1, ("ACE too small, %d", le16_to_cpu(pace->size)));
	172	return;
	173	}
	174
	175	if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) {
d0d66c44 SP	176	cERROR(1, ("ACL too small to parse ACE"));
d0d66c44 SP	177	return;
44093ca2	178	}
d0d66c44	179
44093ca2	180	num_subauth = pace->sid.num_subauth;
d0d66c44	181	if (num_subauth) {
d12fd121	182	#ifdef CONFIG_CIFS_DEBUG2
8f18c131	183	int i;
44093ca2 SF	184	cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",
	185	pace->sid.revision, pace->sid.num_subauth, pace->type,
	186	pace->flags, pace->size));
d12fd121 SF	187	for (i = 0; i < num_subauth; ++i) {
d12fd121 SF	188	cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,
44093ca2	189	le32_to_cpu(pace->sid.sub_auth[i])));
d12fd121 SF	190	}
	191
	192	/* BB add length check to make sure that we do not have huge
	193	num auths and therefore go off the end */
d12fd121 SF	194	#endif
	195	}
	196
	197	return;
	198	}
	199
d0d66c44	200
a750e77c	201	static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,
d61e5808	202	struct cifs_sid pownersid, struct cifs_sid pgrpsid,
630f3f0c	203	struct inode *inode)
d0d66c44 SP	204	{
	205	int i;
	206	int num_aces = 0;
	207	int acl_size;
	208	char *acl_base;
d0d66c44 SP	209	struct cifs_ace **ppace;
	210
	211	/* BB need to add parm so we can store the SID BB */
	212
	213	/* validate that we do not go past end of acl */
af6f4612	214	if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) {
d0d66c44 SP	215	cERROR(1, ("ACL too small to parse DACL"));
	216	return;
	217	}
	218
	219	#ifdef CONFIG_CIFS_DEBUG2
	220	cFYI(1, ("DACL revision %d size %d num aces %d",
af6f4612 SF	221	le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
af6f4612 SF	222	le32_to_cpu(pdacl->num_aces)));
d0d66c44 SP	223	#endif
	224
	225	acl_base = (char *)pdacl;
	226	acl_size = sizeof(struct cifs_acl);
	227
adbc0358	228	num_aces = le32_to_cpu(pdacl->num_aces);
d0d66c44	229	if (num_aces > 0) {
d0d66c44 SP	230	ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
	231	GFP_KERNEL);
	232
d12fd121	233	/* cifscred->cecount = pdacl->num_aces;
d12fd121 SF	234	cifscred->aces = kmalloc(num_aces *
d12fd121 SF	235	sizeof(struct cifs_ace ), GFP_KERNEL);/
d0d66c44	236
d0d66c44	237	for (i = 0; i < num_aces; ++i) {
44093ca2 SF	238	ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
	239
	240	parse_ace(ppace[i], end_of_acl);
d0d66c44	241
44093ca2	242	/* memcpy((void *)(&(cifscred->aces[i])),
d12fd121 SF	243	(void *)ppace[i],
d12fd121 SF	244	sizeof(struct cifs_ace)); */
d0d66c44	245
44093ca2 SF	246	acl_base = (char *)ppace[i];
44093ca2 SF	247	acl_size = le16_to_cpu(ppace[i]->size);
d0d66c44 SP	248	}
	249
	250	kfree(ppace);
d0d66c44 SP	251	}
	252
	253	return;
	254	}
	255
bcb02034 SF	256
	257	static int parse_sid(struct cifs_sid psid, char end_of_acl)
	258	{
	259	/* BB need to add parm so we can store the SID BB */
	260
b9c7a2bb SF	261	/* validate that we do not go past end of ACL - sid must be at least 8
	262	bytes long (assuming no sub-auths - e.g. the null SID */
	263	if (end_of_acl < (char *)psid + 8) {
	264	cERROR(1, ("ACL too small to parse SID %p", psid));
bcb02034 SF	265	return -EINVAL;
bcb02034 SF	266	}
d0d66c44	267
af6f4612	268	if (psid->num_subauth) {
bcb02034	269	#ifdef CONFIG_CIFS_DEBUG2
8f18c131	270	int i;
44093ca2 SF	271	cFYI(1, ("SID revision %d num_auth %d",
44093ca2 SF	272	psid->revision, psid->num_subauth));
bcb02034	273
af6f4612	274	for (i = 0; i < psid->num_subauth; i++) {
d0d66c44	275	cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
297647c2	276	le32_to_cpu(psid->sub_auth[i])));
d0d66c44 SP	277	}
d0d66c44 SP	278
d12fd121	279	/* BB add length check to make sure that we do not have huge
d0d66c44	280	num auths and therefore go off the end */
d12fd121	281	cFYI(1, ("RID 0x%x",
af6f4612	282	le32_to_cpu(psid->sub_auth[psid->num_subauth-1])));
bcb02034	283	#endif
d0d66c44 SP	284	}
d0d66c44 SP	285
bcb02034 SF	286	return 0;
	287	}
	288
d0d66c44	289
bcb02034	290	/* Convert CIFS ACL to POSIX form */
630f3f0c SF	291	static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
630f3f0c SF	292	struct inode *inode)
bcb02034	293	{
d0d66c44	294	int rc;
bcb02034 SF	295	struct cifs_sid owner_sid_ptr, group_sid_ptr;
bcb02034 SF	296	struct cifs_acl dacl_ptr; / no need for SACL ptr */
bcb02034 SF	297	char end_of_acl = ((char )pntsd) + acl_len;
bcb02034 SF	298
b9c7a2bb SF	299	if ((inode == NULL) \|\| (pntsd == NULL))
	300	return -EIO;
	301
bcb02034	302	owner_sid_ptr = (struct cifs_sid )((char )pntsd +
af6f4612	303	le32_to_cpu(pntsd->osidoffset));
bcb02034	304	group_sid_ptr = (struct cifs_sid )((char )pntsd +
af6f4612	305	le32_to_cpu(pntsd->gsidoffset));
bcb02034	306	dacl_ptr = (struct cifs_acl )((char )pntsd +
af6f4612	307	le32_to_cpu(pntsd->dacloffset));
bcb02034 SF	308	#ifdef CONFIG_CIFS_DEBUG2
	309	cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
	310	"sacloffset 0x%x dacloffset 0x%x",
af6f4612 SF	311	pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset),
	312	le32_to_cpu(pntsd->gsidoffset),
	313	le32_to_cpu(pntsd->sacloffset),
ce51ae14	314	le32_to_cpu(pntsd->dacloffset)));
bcb02034	315	#endif
b9c7a2bb	316	/* cifs_dump_mem("owner_sid: ", owner_sid_ptr, 64); */
bcb02034 SF	317	rc = parse_sid(owner_sid_ptr, end_of_acl);
	318	if (rc)
	319	return rc;
	320
	321	rc = parse_sid(group_sid_ptr, end_of_acl);
	322	if (rc)
	323	return rc;
	324
630f3f0c	325	parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr, group_sid_ptr, inode);
d0d66c44	326
bcb02034 SF	327	/* cifscred->uid = owner_sid_ptr->rid;
	328	cifscred->gid = group_sid_ptr->rid;
	329	memcpy((void )(&(cifscred->osid)), (void )owner_sid_ptr,
630f3f0c	330	sizeof(struct cifs_sid));
bcb02034	331	memcpy((void )(&(cifscred->gsid)), (void )group_sid_ptr,
630f3f0c	332	sizeof(struct cifs_sid)); */
bcb02034	333
297647c2	334
bcb02034 SF	335	return (0);
bcb02034 SF	336	}
b9c7a2bb SF	337
	338
	339	/* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */
	340
	341	void acl_to_uid_mode(struct inode inode, const char path)
	342	{
	343	struct cifsFileInfo *open_file;
	344	int unlock_file = FALSE;
	345	int xid;
	346	int rc = -EIO;
	347	__u16 fid;
	348	struct super_block *sb;
	349	struct cifs_sb_info *cifs_sb;
	350	struct cifs_ntsd *pntsd = NULL;
	351	__u32 acllen;
	352
	353	cFYI(1, ("get mode from ACL for %s", path));
	354
	355	if (inode == NULL)
	356	return;
	357
	358	xid = GetXid();
	359	open_file = find_readable_file(CIFS_I(inode));
	360	sb = inode->i_sb;
	361	if (sb == NULL) {
	362	FreeXid(xid);
	363	return;
	364	}
	365	cifs_sb = CIFS_SB(sb);
	366
	367	if (open_file) {
	368	unlock_file = TRUE;
	369	fid = open_file->netfid;
	370	} else {
	371	int oplock = FALSE;
	372	/* open file */
	373	rc = CIFSSMBOpen(xid, cifs_sb->tcon, path, FILE_OPEN,
	374	GENERIC_READ, 0, &fid, &oplock, NULL,
	375	cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
	376	CIFS_MOUNT_MAP_SPECIAL_CHR);
	377	if (rc != 0) {
	378	cERROR(1, ("Unable to open file to get ACL"));
	379	FreeXid(xid);
	380	return;
	381	}
	382	}
	383
	384	rc = CIFSSMBGetCIFSACL(xid, cifs_sb->tcon, fid, &pntsd, &acllen);
	385	cFYI(1, ("GetCIFSACL rc = %d ACL len %d", rc, acllen));
	386	if (unlock_file == TRUE)
	387	atomic_dec(&open_file->wrtPending);
	388	else
	389	CIFSSMBClose(xid, cifs_sb->tcon, fid);
	390
	391	/* parse ACEs */
	392	if (!rc)
	393	rc = parse_sec_desc(pntsd, acllen, inode);
	394	kfree(pntsd);
	395	FreeXid(xid);
	396	return;
	397	}
297647c2	398	#endif /* CONFIG_CIFS_EXPERIMENTAL */