]> err.no Git - linux-2.6/commitdiff
[CIFS] CIFS ACL support (part 2)
authorShirish Pargaonkar <shirishp@us.ibm.com>
Wed, 3 Oct 2007 18:22:19 +0000 (18:22 +0000)
committerSteve French <sfrench@us.ibm.com>
Wed, 3 Oct 2007 18:22:19 +0000 (18:22 +0000)
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/cifsacl.c
fs/cifs/cifsacl.h
fs/cifs/cifsproto.h
fs/cifs/cifssmb.c

index 9b84f373af19ba63e5525d3987fbafc2f5cbec8f..23bff0128e2a7171c70206ec9e8edde07aca5450 100644 (file)
 #include <linux/fs.h>
 #include "cifspdu.h"
 #include "cifsglob.h"
+#include "cifsacl.h"
 #include "cifsproto.h"
 #include "cifs_debug.h"
-#include "cifsacl.h"
 
 /* security id for everyone */
 static const struct cifs_sid sid_everyone =
-               {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}};
+               {1, 1, {0, 0, 0, 0, 0, 0}, {}};
 /* group users */
 static const struct cifs_sid sid_user =
-               {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};
+               {1, 2 , {0, 0, 0, 0, 0, 5}, {}};
+
+static void parse_ace(struct cifs_ace * pace, char * end_of_acl)
+{
+       int i;
+       int num_subauth;
+        __u32 *psub_auth;
+
+       /* validate that we do not go past end of acl */
+       if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) {
+               cERROR(1, ("ACL too small to parse ACE"));
+               return;
+       }
+
+       num_subauth = cpu_to_le32(pace->num_subauth);
+       if (num_subauth) {
+               psub_auth = (__u32 *)((char *)pace + sizeof(struct cifs_ace));
+#ifdef CONFIG_CIFS_DEBUG2 
+               cFYI(1, ("ACE revision %d num_subauth %d", 
+                       pace->revision, pace->num_subauth)); 
+               for (i = 0; i < num_subauth; ++i) { 
+                       cFYI(1, ("ACE sub_auth[%d]: 0x%x", i, 
+                               le32_to_cpu(psub_auth[i]))); 
+               } 
+
+               /* BB add length check to make sure that we do not have huge 
+                       num auths and therefore go off the end */ 
+
+               cFYI(1, ("RID %d", le32_to_cpu(psub_auth[num_subauth-1]))); 
+#endif 
+       } 
+
+       return; 
+} 
+
+static void parse_ntace(struct cifs_ntace * pntace, char * end_of_acl) 
+{ 
+       /* validate that we do not go past end of acl */ 
+       if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) {
+               cERROR(1, ("ACL too small to parse NT ACE"));
+               return;
+       }
+
+#ifdef CONFIG_CIFS_DEBUG2
+       cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x",
+               pntace->type, pntace->flags, pntace->size,
+               pntace->access_req));
+#endif
+       return;
+}
+
+
+
+static void parse_dacl(struct cifs_acl * pdacl, char * end_of_acl)
+{
+       int i;
+       int num_aces = 0;
+       int acl_size;
+       char *acl_base;
+       struct cifs_ntace **ppntace;
+       struct cifs_ace **ppace;
+
+       /* BB need to add parm so we can store the SID BB */
+
+       /* validate that we do not go past end of acl */
+       if (end_of_acl < (char *)pdacl + pdacl->size) {
+               cERROR(1, ("ACL too small to parse DACL"));
+               return;
+       }
+
+#ifdef CONFIG_CIFS_DEBUG2
+       cFYI(1, ("DACL revision %d size %d num aces %d",
+               pdacl->revision, pdacl->size, pdacl->num_aces));
+#endif
+
+       acl_base = (char *)pdacl;
+       acl_size = sizeof(struct cifs_acl);
+
+       num_aces = cpu_to_le32(pdacl->num_aces);
+       if (num_aces  > 0) {
+               ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
+                               GFP_KERNEL);
+               ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
+                               GFP_KERNEL);
+
+/*              cifscred->cecount = pdacl->num_aces;
+                cifscred->ntaces = kmalloc(num_aces *
+                        sizeof(struct cifs_ntace *), GFP_KERNEL);
+                cifscred->aces = kmalloc(num_aces *
+                        sizeof(struct cifs_ace *), GFP_KERNEL);*/
+
+
+               for (i = 0; i < num_aces; ++i) {
+                       ppntace[i] = (struct cifs_ntace *)
+                                       (acl_base + acl_size);
+                       ppace[i] = (struct cifs_ace *) ((char *)ppntace[i] +
+                                       sizeof(struct cifs_ntace));
+
+                       parse_ntace(ppntace[i], end_of_acl);
+                       parse_ace(ppace[i], end_of_acl);
+
+/*                      memcpy((void *)(&(cifscred->ntaces[i])),
+                                (void *)ppntace[i],
+                                sizeof(struct cifs_ntace));
+                        memcpy((void *)(&(cifscred->aces[i])),
+                                (void *)ppace[i],
+                                sizeof(struct cifs_ace)); */
+
+                       acl_base = (char *)ppntace[i];
+                       acl_size = cpu_to_le32(ppntace[i]->size);
+               }
+
+               kfree(ppace);
+               kfree(ppntace);
+       }
+
+       return;
+}
+
 
 static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
 {
+       int i;
+       int num_subauth;
+       __u32 *psub_auth;
+
        /* BB need to add parm so we can store the SID BB */
 
        /* validate that we do not go past end of acl */
        if (end_of_acl < (char *)psid + sizeof(struct cifs_sid)) {
-               cERROR(1, ("ACL to small to parse SID"));
+               cERROR(1, ("ACL too small to parse SID"));
                return -EINVAL;
        }
+
+       num_subauth = cpu_to_le32(psid->num_subauth);
+       if (num_subauth) {
+               psub_auth = (__u32 *)((char *)psid + sizeof(struct cifs_sid));
 #ifdef CONFIG_CIFS_DEBUG2
-       cFYI(1, ("revision %d num_auth %d First subauth 0x%x",
-               psid->revision, psid->num_subauth, psid->sub_auth[0]));
+               cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x",
+                       psid->revision, psid->num_subauth, psid->sub_auth[0]));
 
-       /* BB add length check to make sure that we do not have huge num auths
-             and therefore go off the end */
-       cFYI(1, ("RID 0x%x", le32_to_cpu(psid->sub_auth[psid->num_subauth])));
+               for (i = 0; i < num_subauth; ++i) {
+                       cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
+                       le32_to_cpu(psub_auth[i])));
+               }
+
+               /* BB add length check to make sure that we do not have huge 
+                       num auths and therefore go off the end */
+               cFYI(1, ("RID 0x%x", 
+                       le32_to_cpu(psid->sub_auth[psid->num_subauth])));
 #endif
+       }
+
        return 0;
 }
 
+
 /* Convert CIFS ACL to POSIX form */
 int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
 {
-       int i, rc;
-       int num_aces = 0;
-       int acl_size;
+       int rc;
        struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
        struct cifs_acl *dacl_ptr; /* no need for SACL ptr */
-       struct cifs_ntace **ppntace;
-       struct cifs_ace **ppace;
-       char *acl_base;
        char *end_of_acl = ((char *)pntsd) + acl_len;
 
        owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
@@ -89,6 +219,8 @@ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
        if (rc)
                return rc;
 
+       parse_dacl(dacl_ptr, end_of_acl);
+
 /*     cifscred->uid = owner_sid_ptr->rid;
        cifscred->gid = group_sid_ptr->rid;
        memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,
@@ -96,46 +228,5 @@ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
        memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,
                        sizeof (struct cifs_sid)); */
 
-       num_aces = cpu_to_le32(dacl_ptr->num_aces);
-       cFYI(1, ("num aces %d", num_aces));
-       if (num_aces  > 0) {
-               ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
-                               GFP_KERNEL);
-               ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
-                               GFP_KERNEL);
-
-/*             cifscred->cecount = dacl_ptr->num_aces;
-               cifscred->ntaces = kmalloc(num_aces *
-                               sizeof(struct cifs_ntace *), GFP_KERNEL);
-               cifscred->aces = kmalloc(num_aces *
-                               sizeof(struct cifs_ace *), GFP_KERNEL);*/
-
-               acl_base = (char *)dacl_ptr;
-               acl_size = sizeof(struct cifs_acl);
-
-               for (i = 0; i < num_aces; ++i) {
-                       ppntace[i] = (struct cifs_ntace *)
-                                               (acl_base + acl_size);
-                       ppace[i] = (struct cifs_ace *)
-                                       ((char *)ppntace[i] +
-                                       sizeof(struct cifs_ntace));
-
-/*                     memcpy((void *)(&(cifscred->ntaces[i])),
-                               (void *)ntace_ptrptr[i],
-                               sizeof(struct cifs_ntace));
-                       memcpy((void *)(&(cifscred->aces[i])),
-                               (void *)ace_ptrptr[i],
-                               sizeof(struct cifs_ace)); */
-
-                       acl_base = (char *)ppntace[i];
-                       acl_size = cpu_to_le32(ppntace[i]->size);
-#ifdef CONFIG_CIFS_DEBUG2
-                       cFYI(1, ("ACE revision:%d", ppace[i]->revision));
-#endif
-               }
-               kfree(ppace);
-               kfree(ppntace);
-       }
-
        return (0);
 }
index 5e7b56738cc5b72d0d54e4facaddebfe860fc7c5..bf297ea1905a349653923ab944e1ba68496c2ccd 100644 (file)
@@ -44,14 +44,14 @@ struct cifs_acl {
        __u32 num_aces;
 } __attribute__((packed));
 
-struct cifs_ntace {
+struct cifs_ntace { /* first part of ACE which contains perms */
        __u8 type;
        __u8 flags;
        __u16 size;
        __u32 access_req;
 } __attribute__((packed));
 
-struct cifs_ace {
+struct cifs_ace { /* last part of ACE which includes user info */
        __u8 revision; /* revision level */
        __u8 num_subauth;
        __u8 authority[6];
index 7dbb79b8dd50e375eeac0d46f781a418f8681c73..001f0dc7e60d9bd3673ae54b83fcc9139ccd2a99 100644 (file)
@@ -310,7 +310,7 @@ extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
 extern void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key);
 #endif /* CIFS_WEAK_PW_HASH */
-extern int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len);
+extern int parse_sec_desc(struct cifs_ntsd *, int);
 extern int CIFSSMBCopy(int xid,
                        struct cifsTconInfo *source_tcon,
                        const char *fromName,
index a6ff324bc135dd9ad1aeb7fc38c3ac2eb3141ef0..90b8f8d64d6ee666d2f03c15db8b653cfdd745de 100644 (file)
 #include <asm/uaccess.h>
 #include "cifspdu.h"
 #include "cifsglob.h"
+#include "cifsacl.h"
 #include "cifsproto.h"
 #include "cifs_unicode.h"
 #include "cifs_debug.h"
-#include "cifsacl.h"
 
 #ifdef CONFIG_CIFS_POSIX
 static struct {