[linux-2.6-block.git] / fs / cifs / cifsacl.c

/*
 *   fs/cifs/cifsacl.c
 *
 *   Copyright (C) International Business Machines  Corp., 2007
 *   Author(s): Steve French (sfrench@us.ibm.com)
 *
 *   Contains the routines for mapping CIFS/NTFS ACLs
 *
 *   This library is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU Lesser General Public License as published
 *   by the Free Software Foundation; either version 2.1 of the License, or
 *   (at your option) any later version.
 *
 *   This library is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 *   the GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public License
 *   along with this library; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

#include <linux/fs.h>
#include "cifspdu.h"
#include "cifsglob.h"
#include "cifsacl.h"
#include "cifsproto.h"
#include "cifs_debug.h"


#ifdef CONFIG_CIFS_EXPERIMENTAL

static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
	{{1, 0, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0, 0} }, "null user"},
	{{1, 1, {0, 0, 0, 0, 0, 1}, {0, 0, 0, 0, 0} }, "nobody"},
	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(11), 0, 0, 0, 0} }, "net-users"},
	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},
	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},
	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"}
};


/* security id for everyone */
static const struct cifs_sid sid_everyone =
		{1, 1, {0, 0, 0, 0, 0, 0}, {} };
/* group users */
static const struct cifs_sid sid_user =
		{1, 2 , {0, 0, 0, 0, 0, 5}, {} };


int match_sid(struct cifs_sid *ctsid)
{
	int i, j;
	int num_subauth, num_sat, num_saw;
	struct cifs_sid *cwsid;

	if (!ctsid)
		return (-1);

	for (i = 0; i < NUM_WK_SIDS; ++i) {
		cwsid = &(wksidarr[i].cifssid);

		/* compare the revision */
		if (ctsid->revision != cwsid->revision)
			continue;

		/* compare all of the six auth values */
		for (j = 0; j < 6; ++j) {
			if (ctsid->authority[j] != cwsid->authority[j])
				break;
		}
		if (j < 6)
			continue; /* all of the auth values did not match */

		/* compare all of the subauth values if any */
		num_sat = ctsid->num_subauth;
		num_saw = cwsid->num_subauth;
		num_subauth = num_sat < num_saw ? num_sat : num_saw;
		if (num_subauth) {
			for (j = 0; j < num_subauth; ++j) {
				if (ctsid->sub_auth[j] != cwsid->sub_auth[j])
					break;
			}
			if (j < num_subauth)
				continue; /* all sub_auth values do not match */
		}

		cFYI(1, ("matching sid: %s\n", wksidarr[i].sidname));
		return (0); /* sids compare/match */
	}

	cFYI(1, ("No matching sid"));
	return (-1);
}

/* if the two SIDs (roughly equivalent to a UUID for a user or group) are
   the same returns 1, if they do not match returns 0 */
int compare_sids(struct cifs_sid *ctsid, struct cifs_sid *cwsid)
{
	int i;
	int num_subauth, num_sat, num_saw;

	if ((!ctsid) || (!cwsid))
		return (0);

	/* compare the revision */
	if (ctsid->revision != cwsid->revision)
		return (0);

	/* compare all of the six auth values */
	for (i = 0; i < 6; ++i) {
		if (ctsid->authority[i] != cwsid->authority[i])
			return (0);
	}

	/* compare all of the subauth values if any */
	num_sat = ctsid->num_subauth;
	num_saw = cwsid->num_subauth;
	num_subauth = num_sat < num_saw ? num_sat : num_saw;
	if (num_subauth) {
		for (i = 0; i < num_subauth; ++i) {
			if (ctsid->sub_auth[i] != cwsid->sub_auth[i])
				return (0);
		}
	}

	return (1); /* sids compare/match */
}

void get_mode_from_acl(struct inode * inode, const char * path)
{
	
	if (inode == NULL)
		return;

	/* find an open readable handle
	   if handle found
		 lock handle 
	   else open file
	      if no open file can not hurt to check if path is null
	   GetCIFSACL
	   for all ACEs in ACL {
		   if U or G or O
			   inode->i_mode = parse_ace(file_type, UG or O, ace->perms, inode->i_mode)
		   else continue
	   }
	   if handle open close it
	   else unlock handle */

	return;
}


static void parse_ace(struct cifs_ace *pace, char *end_of_acl)
{
	int num_subauth;

	/* validate that we do not go past end of acl */

	/* XXX this if statement can be removed
	if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) {
		cERROR(1, ("ACL too small to parse ACE"));
		return;
	} */

	num_subauth = pace->num_subauth;
	if (num_subauth) {
#ifdef CONFIG_CIFS_DEBUG2
		int i;
		cFYI(1, ("ACE revision %d num_subauth %d",
			pace->revision, pace->num_subauth));
		for (i = 0; i < num_subauth; ++i) {
			cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,
				le32_to_cpu(pace->sub_auth[i])));
		}

		/* BB add length check to make sure that we do not have huge
			num auths and therefore go off the end */

		cFYI(1, ("RID %d", le32_to_cpu(pace->sub_auth[num_subauth-1])));
#endif
	}

	return;
}

static void parse_ntace(struct cifs_ntace *pntace, char *end_of_acl)
{
	/* validate that we do not go past end of acl */
	if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) {
		cERROR(1, ("ACL too small to parse NT ACE"));
		return;
	}

#ifdef CONFIG_CIFS_DEBUG2
	cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x",
		pntace->type, pntace->flags, pntace->size,
		pntace->access_req));
#endif
	return;
}


static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
		       struct cifs_sid *pownersid, struct cifs_sid *pgrpsid)
{
	int i;
	int num_aces = 0;
	int acl_size;
	char *acl_base;
	struct cifs_ntace **ppntace;
	struct cifs_ace **ppace;

	/* BB need to add parm so we can store the SID BB */

	/* validate that we do not go past end of acl */
	if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) {
		cERROR(1, ("ACL too small to parse DACL"));
		return;
	}

#ifdef CONFIG_CIFS_DEBUG2
	cFYI(1, ("DACL revision %d size %d num aces %d",
		le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
		le32_to_cpu(pdacl->num_aces)));
#endif

	acl_base = (char *)pdacl;
	acl_size = sizeof(struct cifs_acl);

	num_aces = le32_to_cpu(pdacl->num_aces);
	if (num_aces  > 0) {
		ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
				GFP_KERNEL);
		ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
				GFP_KERNEL);

/*		cifscred->cecount = pdacl->num_aces;
		cifscred->ntaces = kmalloc(num_aces *
			sizeof(struct cifs_ntace *), GFP_KERNEL);
		cifscred->aces = kmalloc(num_aces *
			sizeof(struct cifs_ace *), GFP_KERNEL);*/

		for (i = 0; i < num_aces; ++i) {
			ppntace[i] = (struct cifs_ntace *)
					(acl_base + acl_size);
			ppace[i] = (struct cifs_ace *) ((char *)ppntace[i] +
					sizeof(struct cifs_ntace));

			parse_ntace(ppntace[i], end_of_acl);
			if (end_of_acl < ((char *)ppace[i] +
					(le16_to_cpu(ppntace[i]->size) -
					sizeof(struct cifs_ntace)))) {
				cERROR(1, ("ACL too small to parse ACE"));
				break;
			} else
				parse_ace(ppace[i], end_of_acl);

/*			memcpy((void *)(&(cifscred->ntaces[i])),
				(void *)ppntace[i],
				sizeof(struct cifs_ntace));
			memcpy((void *)(&(cifscred->aces[i])),
				(void *)ppace[i],
				sizeof(struct cifs_ace)); */

			acl_base = (char *)ppntace[i];
			acl_size = le16_to_cpu(ppntace[i]->size);
		}

		kfree(ppace);
		kfree(ppntace);
	}

	return;
}


static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
{

	/* BB need to add parm so we can store the SID BB */

	/* validate that we do not go past end of acl */
	if (end_of_acl < (char *)psid + sizeof(struct cifs_sid)) {
		cERROR(1, ("ACL too small to parse SID"));
		return -EINVAL;
	}

	if (psid->num_subauth) {
#ifdef CONFIG_CIFS_DEBUG2
		int i;
		cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x",
			psid->revision, psid->num_subauth, psid->sub_auth[0]));

		for (i = 0; i < psid->num_subauth; i++) {
			cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
				le32_to_cpu(psid->sub_auth[i])));
		}

		/* BB add length check to make sure that we do not have huge
			num auths and therefore go off the end */
		cFYI(1, ("RID 0x%x",
			le32_to_cpu(psid->sub_auth[psid->num_subauth-1])));
#endif
	}

	return 0;
}


/* Convert CIFS ACL to POSIX form */
int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
{
	int rc;
	struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
	struct cifs_acl *dacl_ptr; /* no need for SACL ptr */
	char *end_of_acl = ((char *)pntsd) + acl_len;

	owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
				le32_to_cpu(pntsd->osidoffset));
	group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
				le32_to_cpu(pntsd->gsidoffset));
	dacl_ptr = (struct cifs_acl *)((char *)pntsd +
				le32_to_cpu(pntsd->dacloffset));
#ifdef CONFIG_CIFS_DEBUG2
	cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
		 "sacloffset 0x%x dacloffset 0x%x",
		 pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset),
		 le32_to_cpu(pntsd->gsidoffset),
		 le32_to_cpu(pntsd->sacloffset),
		 le32_to_cpu(pntsd->dacloffset)));
#endif
	rc = parse_sid(owner_sid_ptr, end_of_acl);
	if (rc)
		return rc;

	rc = parse_sid(group_sid_ptr, end_of_acl);
	if (rc)
		return rc;

	parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr, group_sid_ptr);

/*	cifscred->uid = owner_sid_ptr->rid;
	cifscred->gid = group_sid_ptr->rid;
	memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,
			sizeof (struct cifs_sid));
	memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,
			sizeof (struct cifs_sid)); */


	return (0);
}
#endif /* CONFIG_CIFS_EXPERIMENTAL */
Commit	Line	Data
bcb02034 SF	1	/*
	2	* fs/cifs/cifsacl.c
	3	*
	4	* Copyright (C) International Business Machines Corp., 2007
	5	* Author(s): Steve French (sfrench@us.ibm.com)
	6	*
	7	* Contains the routines for mapping CIFS/NTFS ACLs
	8	*
	9	* This library is free software; you can redistribute it and/or modify
	10	* it under the terms of the GNU Lesser General Public License as published
	11	* by the Free Software Foundation; either version 2.1 of the License, or
	12	* (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	17	* the GNU Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public License
	20	* along with this library; if not, write to the Free Software
	21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	22	*/
	23
65874007 SF	24	#include <linux/fs.h>
	25	#include "cifspdu.h"
	26	#include "cifsglob.h"
d0d66c44	27	#include "cifsacl.h"
65874007 SF	28	#include "cifsproto.h"
65874007 SF	29	#include "cifs_debug.h"
65874007	30
297647c2 SF	31
	32	#ifdef CONFIG_CIFS_EXPERIMENTAL
	33
af6f4612	34	static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
297647c2 SF	35	{{1, 0, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0, 0} }, "null user"},
297647c2 SF	36	{{1, 1, {0, 0, 0, 0, 0, 1}, {0, 0, 0, 0, 0} }, "nobody"},
ce51ae14 DK	37	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(11), 0, 0, 0, 0} }, "net-users"},
	38	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
	39	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},
	40	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},
	41	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"}
297647c2 SF	42	};
	43
	44
bcb02034 SF	45	/* security id for everyone */
bcb02034 SF	46	static const struct cifs_sid sid_everyone =
d12fd121	47	{1, 1, {0, 0, 0, 0, 0, 0}, {} };
bcb02034 SF	48	/* group users */
bcb02034 SF	49	static const struct cifs_sid sid_user =
d12fd121	50	{1, 2 , {0, 0, 0, 0, 0, 5}, {} };
d0d66c44	51
297647c2 SF	52
	53	int match_sid(struct cifs_sid *ctsid)
	54	{
	55	int i, j;
	56	int num_subauth, num_sat, num_saw;
	57	struct cifs_sid *cwsid;
	58
	59	if (!ctsid)
	60	return (-1);
	61
	62	for (i = 0; i < NUM_WK_SIDS; ++i) {
	63	cwsid = &(wksidarr[i].cifssid);
	64
	65	/* compare the revision */
	66	if (ctsid->revision != cwsid->revision)
	67	continue;
	68
	69	/* compare all of the six auth values */
	70	for (j = 0; j < 6; ++j) {
	71	if (ctsid->authority[j] != cwsid->authority[j])
	72	break;
	73	}
	74	if (j < 6)
	75	continue; /* all of the auth values did not match */
	76
	77	/* compare all of the subauth values if any */
ce51ae14 DK	78	num_sat = ctsid->num_subauth;
ce51ae14 DK	79	num_saw = cwsid->num_subauth;
297647c2 SF	80	num_subauth = num_sat < num_saw ? num_sat : num_saw;
	81	if (num_subauth) {
	82	for (j = 0; j < num_subauth; ++j) {
	83	if (ctsid->sub_auth[j] != cwsid->sub_auth[j])
	84	break;
	85	}
	86	if (j < num_subauth)
	87	continue; /* all sub_auth values do not match */
	88	}
	89
	90	cFYI(1, ("matching sid: %s\n", wksidarr[i].sidname));
	91	return (0); /* sids compare/match */
	92	}
	93
	94	cFYI(1, ("No matching sid"));
	95	return (-1);
	96	}
	97
a750e77c SF	98	/* if the two SIDs (roughly equivalent to a UUID for a user or group) are
a750e77c SF	99	the same returns 1, if they do not match returns 0 */
297647c2 SF	100	int compare_sids(struct cifs_sid ctsid, struct cifs_sid cwsid)
	101	{
	102	int i;
	103	int num_subauth, num_sat, num_saw;
	104
	105	if ((!ctsid) \|\| (!cwsid))
a750e77c	106	return (0);
297647c2 SF	107
	108	/* compare the revision */
	109	if (ctsid->revision != cwsid->revision)
a750e77c	110	return (0);
297647c2 SF	111
	112	/* compare all of the six auth values */
	113	for (i = 0; i < 6; ++i) {
	114	if (ctsid->authority[i] != cwsid->authority[i])
a750e77c	115	return (0);
297647c2 SF	116	}
	117
	118	/* compare all of the subauth values if any */
adbc0358	119	num_sat = ctsid->num_subauth;
adddd49d	120	num_saw = cwsid->num_subauth;
297647c2 SF	121	num_subauth = num_sat < num_saw ? num_sat : num_saw;
	122	if (num_subauth) {
	123	for (i = 0; i < num_subauth; ++i) {
	124	if (ctsid->sub_auth[i] != cwsid->sub_auth[i])
a750e77c	125	return (0);
297647c2 SF	126	}
	127	}
	128
a750e77c	129	return (1); /* sids compare/match */
297647c2 SF	130	}
297647c2 SF	131
4879b448 SF	132	void get_mode_from_acl(struct inode * inode, const char * path)
	133	{
	134
	135	if (inode == NULL)
	136	return;
	137
	138	/* find an open readable handle
	139	if handle found
	140	lock handle
	141	else open file
	142	if no open file can not hurt to check if path is null
	143	GetCIFSACL
	144	for all ACEs in ACL {
	145	if U or G or O
	146	inode->i_mode = parse_ace(file_type, UG or O, ace->perms, inode->i_mode)
	147	else continue
	148	}
	149	if handle open close it
	150	else unlock handle */
	151
	152	return;
	153	}
	154
297647c2	155
d12fd121	156	static void parse_ace(struct cifs_ace pace, char end_of_acl)
d0d66c44	157	{
d0d66c44	158	int num_subauth;
d0d66c44 SP	159
d0d66c44 SP	160	/* validate that we do not go past end of acl */
297647c2 SF	161
297647c2 SF	162	/* XXX this if statement can be removed
d0d66c44 SP	163	if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) {
	164	cERROR(1, ("ACL too small to parse ACE"));
	165	return;
297647c2	166	} */
d0d66c44	167
ce51ae14	168	num_subauth = pace->num_subauth;
d0d66c44	169	if (num_subauth) {
d12fd121	170	#ifdef CONFIG_CIFS_DEBUG2
8f18c131	171	int i;
d12fd121 SF	172	cFYI(1, ("ACE revision %d num_subauth %d",
	173	pace->revision, pace->num_subauth));
	174	for (i = 0; i < num_subauth; ++i) {
	175	cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,
297647c2	176	le32_to_cpu(pace->sub_auth[i])));
d12fd121 SF	177	}
	178
	179	/* BB add length check to make sure that we do not have huge
	180	num auths and therefore go off the end */
	181
297647c2	182	cFYI(1, ("RID %d", le32_to_cpu(pace->sub_auth[num_subauth-1])));
d12fd121 SF	183	#endif
	184	}
	185
	186	return;
	187	}
	188
	189	static void parse_ntace(struct cifs_ntace pntace, char end_of_acl)
	190	{
	191	/* validate that we do not go past end of acl */
d0d66c44 SP	192	if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) {
	193	cERROR(1, ("ACL too small to parse NT ACE"));
	194	return;
	195	}
	196
	197	#ifdef CONFIG_CIFS_DEBUG2
	198	cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x",
	199	pntace->type, pntace->flags, pntace->size,
	200	pntace->access_req));
	201	#endif
	202	return;
	203	}
	204
	205
	206
a750e77c	207	static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,
d628ddb6	208	struct cifs_sid pownersid, struct cifs_sid pgrpsid)
d0d66c44 SP	209	{
	210	int i;
	211	int num_aces = 0;
	212	int acl_size;
	213	char *acl_base;
	214	struct cifs_ntace **ppntace;
	215	struct cifs_ace **ppace;
	216
	217	/* BB need to add parm so we can store the SID BB */
	218
	219	/* validate that we do not go past end of acl */
af6f4612	220	if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) {
d0d66c44 SP	221	cERROR(1, ("ACL too small to parse DACL"));
	222	return;
	223	}
	224
	225	#ifdef CONFIG_CIFS_DEBUG2
	226	cFYI(1, ("DACL revision %d size %d num aces %d",
af6f4612 SF	227	le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
af6f4612 SF	228	le32_to_cpu(pdacl->num_aces)));
d0d66c44 SP	229	#endif
	230
	231	acl_base = (char *)pdacl;
	232	acl_size = sizeof(struct cifs_acl);
	233
adbc0358	234	num_aces = le32_to_cpu(pdacl->num_aces);
d0d66c44 SP	235	if (num_aces > 0) {
	236	ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
	237	GFP_KERNEL);
	238	ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
	239	GFP_KERNEL);
	240
d12fd121 SF	241	/* cifscred->cecount = pdacl->num_aces;
	242	cifscred->ntaces = kmalloc(num_aces *
	243	sizeof(struct cifs_ntace *), GFP_KERNEL);
	244	cifscred->aces = kmalloc(num_aces *
	245	sizeof(struct cifs_ace ), GFP_KERNEL);/
d0d66c44	246
d0d66c44 SP	247	for (i = 0; i < num_aces; ++i) {
	248	ppntace[i] = (struct cifs_ntace *)
	249	(acl_base + acl_size);
	250	ppace[i] = (struct cifs_ace ) ((char )ppntace[i] +
	251	sizeof(struct cifs_ntace));
	252
	253	parse_ntace(ppntace[i], end_of_acl);
297647c2	254	if (end_of_acl < ((char *)ppace[i] +
ce51ae14	255	(le16_to_cpu(ppntace[i]->size) -
297647c2 SF	256	sizeof(struct cifs_ntace)))) {
	257	cERROR(1, ("ACL too small to parse ACE"));
	258	break;
	259	} else
	260	parse_ace(ppace[i], end_of_acl);
d0d66c44	261
d12fd121 SF	262	/* memcpy((void *)(&(cifscred->ntaces[i])),
	263	(void *)ppntace[i],
	264	sizeof(struct cifs_ntace));
	265	memcpy((void *)(&(cifscred->aces[i])),
	266	(void *)ppace[i],
	267	sizeof(struct cifs_ace)); */
d0d66c44 SP	268
d0d66c44 SP	269	acl_base = (char *)ppntace[i];
ce51ae14	270	acl_size = le16_to_cpu(ppntace[i]->size);
d0d66c44 SP	271	}
	272
	273	kfree(ppace);
	274	kfree(ppntace);
	275	}
	276
	277	return;
	278	}
	279
bcb02034 SF	280
	281	static int parse_sid(struct cifs_sid psid, char end_of_acl)
	282	{
d0d66c44	283
bcb02034 SF	284	/* BB need to add parm so we can store the SID BB */
	285
	286	/* validate that we do not go past end of acl */
	287	if (end_of_acl < (char *)psid + sizeof(struct cifs_sid)) {
d0d66c44	288	cERROR(1, ("ACL too small to parse SID"));
bcb02034 SF	289	return -EINVAL;
bcb02034 SF	290	}
d0d66c44	291
af6f4612	292	if (psid->num_subauth) {
bcb02034	293	#ifdef CONFIG_CIFS_DEBUG2
8f18c131	294	int i;
d0d66c44 SP	295	cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x",
d0d66c44 SP	296	psid->revision, psid->num_subauth, psid->sub_auth[0]));
bcb02034	297
af6f4612	298	for (i = 0; i < psid->num_subauth; i++) {
d0d66c44	299	cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
297647c2	300	le32_to_cpu(psid->sub_auth[i])));
d0d66c44 SP	301	}
d0d66c44 SP	302
d12fd121	303	/* BB add length check to make sure that we do not have huge
d0d66c44	304	num auths and therefore go off the end */
d12fd121	305	cFYI(1, ("RID 0x%x",
af6f4612	306	le32_to_cpu(psid->sub_auth[psid->num_subauth-1])));
bcb02034	307	#endif
d0d66c44 SP	308	}
d0d66c44 SP	309
bcb02034 SF	310	return 0;
	311	}
	312
d0d66c44	313
bcb02034 SF	314	/* Convert CIFS ACL to POSIX form */
	315	int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
	316	{
d0d66c44	317	int rc;
bcb02034 SF	318	struct cifs_sid owner_sid_ptr, group_sid_ptr;
bcb02034 SF	319	struct cifs_acl dacl_ptr; / no need for SACL ptr */
bcb02034 SF	320	char end_of_acl = ((char )pntsd) + acl_len;
	321
	322	owner_sid_ptr = (struct cifs_sid )((char )pntsd +
af6f4612	323	le32_to_cpu(pntsd->osidoffset));
bcb02034	324	group_sid_ptr = (struct cifs_sid )((char )pntsd +
af6f4612	325	le32_to_cpu(pntsd->gsidoffset));
bcb02034	326	dacl_ptr = (struct cifs_acl )((char )pntsd +
af6f4612	327	le32_to_cpu(pntsd->dacloffset));
bcb02034 SF	328	#ifdef CONFIG_CIFS_DEBUG2
	329	cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x "
	330	"sacloffset 0x%x dacloffset 0x%x",
af6f4612 SF	331	pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset),
	332	le32_to_cpu(pntsd->gsidoffset),
	333	le32_to_cpu(pntsd->sacloffset),
ce51ae14	334	le32_to_cpu(pntsd->dacloffset)));
bcb02034 SF	335	#endif
	336	rc = parse_sid(owner_sid_ptr, end_of_acl);
	337	if (rc)
	338	return rc;
	339
	340	rc = parse_sid(group_sid_ptr, end_of_acl);
	341	if (rc)
	342	return rc;
	343
a750e77c	344	parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr, group_sid_ptr);
d0d66c44	345
bcb02034 SF	346	/* cifscred->uid = owner_sid_ptr->rid;
	347	cifscred->gid = group_sid_ptr->rid;
	348	memcpy((void )(&(cifscred->osid)), (void )owner_sid_ptr,
	349	sizeof (struct cifs_sid));
	350	memcpy((void )(&(cifscred->gsid)), (void )group_sid_ptr,
	351	sizeof (struct cifs_sid)); */
	352
297647c2	353
bcb02034 SF	354	return (0);
bcb02034 SF	355	}
297647c2	356	#endif /* CONFIG_CIFS_EXPERIMENTAL */