From d0d66c443aefa51d5dbdd6a1d9b135a2a0e469cc Mon Sep 17 00:00:00 2001 From: Shirish Pargaonkar Date: Wed, 3 Oct 2007 18:22:19 +0000 Subject: [CIFS] CIFS ACL support (part 2) Signed-off-by: Shirish Pargaonkar Signed-off-by: Steve French --- fs/cifs/cifsacl.c | 203 +++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 147 insertions(+), 56 deletions(-) (limited to 'fs/cifs/cifsacl.c') diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 9b84f373af1..23bff0128e2 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -24,48 +24,178 @@ #include #include "cifspdu.h" #include "cifsglob.h" +#include "cifsacl.h" #include "cifsproto.h" #include "cifs_debug.h" -#include "cifsacl.h" /* security id for everyone */ static const struct cifs_sid sid_everyone = - {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}}; + {1, 1, {0, 0, 0, 0, 0, 0}, {}}; /* group users */ static const struct cifs_sid sid_user = - {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}}; + {1, 2 , {0, 0, 0, 0, 0, 5}, {}}; + +static void parse_ace(struct cifs_ace * pace, char * end_of_acl) +{ + int i; + int num_subauth; + __u32 *psub_auth; + + /* validate that we do not go past end of acl */ + if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) { + cERROR(1, ("ACL too small to parse ACE")); + return; + } + + num_subauth = cpu_to_le32(pace->num_subauth); + if (num_subauth) { + psub_auth = (__u32 *)((char *)pace + sizeof(struct cifs_ace)); +#ifdef CONFIG_CIFS_DEBUG2 + cFYI(1, ("ACE revision %d num_subauth %d", + pace->revision, pace->num_subauth)); + for (i = 0; i < num_subauth; ++i) { + cFYI(1, ("ACE sub_auth[%d]: 0x%x", i, + le32_to_cpu(psub_auth[i]))); + } + + /* BB add length check to make sure that we do not have huge + num auths and therefore go off the end */ + + cFYI(1, ("RID %d", le32_to_cpu(psub_auth[num_subauth-1]))); +#endif + } + + return; +} + +static void parse_ntace(struct cifs_ntace * pntace, char * end_of_acl) +{ + /* validate that we do not go past end of acl */ + if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) { + cERROR(1, ("ACL too small to parse NT ACE")); + return; + } + +#ifdef CONFIG_CIFS_DEBUG2 + cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x", + pntace->type, pntace->flags, pntace->size, + pntace->access_req)); +#endif + return; +} + + + +static void parse_dacl(struct cifs_acl * pdacl, char * end_of_acl) +{ + int i; + int num_aces = 0; + int acl_size; + char *acl_base; + struct cifs_ntace **ppntace; + struct cifs_ace **ppace; + + /* BB need to add parm so we can store the SID BB */ + + /* validate that we do not go past end of acl */ + if (end_of_acl < (char *)pdacl + pdacl->size) { + cERROR(1, ("ACL too small to parse DACL")); + return; + } + +#ifdef CONFIG_CIFS_DEBUG2 + cFYI(1, ("DACL revision %d size %d num aces %d", + pdacl->revision, pdacl->size, pdacl->num_aces)); +#endif + + acl_base = (char *)pdacl; + acl_size = sizeof(struct cifs_acl); + + num_aces = cpu_to_le32(pdacl->num_aces); + if (num_aces > 0) { + ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *), + GFP_KERNEL); + ppace = kmalloc(num_aces * sizeof(struct cifs_ace *), + GFP_KERNEL); + +/* cifscred->cecount = pdacl->num_aces; + cifscred->ntaces = kmalloc(num_aces * + sizeof(struct cifs_ntace *), GFP_KERNEL); + cifscred->aces = kmalloc(num_aces * + sizeof(struct cifs_ace *), GFP_KERNEL);*/ + + + for (i = 0; i < num_aces; ++i) { + ppntace[i] = (struct cifs_ntace *) + (acl_base + acl_size); + ppace[i] = (struct cifs_ace *) ((char *)ppntace[i] + + sizeof(struct cifs_ntace)); + + parse_ntace(ppntace[i], end_of_acl); + parse_ace(ppace[i], end_of_acl); + +/* memcpy((void *)(&(cifscred->ntaces[i])), + (void *)ppntace[i], + sizeof(struct cifs_ntace)); + memcpy((void *)(&(cifscred->aces[i])), + (void *)ppace[i], + sizeof(struct cifs_ace)); */ + + acl_base = (char *)ppntace[i]; + acl_size = cpu_to_le32(ppntace[i]->size); + } + + kfree(ppace); + kfree(ppntace); + } + + return; +} + static int parse_sid(struct cifs_sid *psid, char *end_of_acl) { + int i; + int num_subauth; + __u32 *psub_auth; + /* BB need to add parm so we can store the SID BB */ /* validate that we do not go past end of acl */ if (end_of_acl < (char *)psid + sizeof(struct cifs_sid)) { - cERROR(1, ("ACL to small to parse SID")); + cERROR(1, ("ACL too small to parse SID")); return -EINVAL; } + + num_subauth = cpu_to_le32(psid->num_subauth); + if (num_subauth) { + psub_auth = (__u32 *)((char *)psid + sizeof(struct cifs_sid)); #ifdef CONFIG_CIFS_DEBUG2 - cFYI(1, ("revision %d num_auth %d First subauth 0x%x", - psid->revision, psid->num_subauth, psid->sub_auth[0])); + cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x", + psid->revision, psid->num_subauth, psid->sub_auth[0])); - /* BB add length check to make sure that we do not have huge num auths - and therefore go off the end */ - cFYI(1, ("RID 0x%x", le32_to_cpu(psid->sub_auth[psid->num_subauth]))); + for (i = 0; i < num_subauth; ++i) { + cFYI(1, ("SID sub_auth[%d]: 0x%x ", i, + le32_to_cpu(psub_auth[i]))); + } + + /* BB add length check to make sure that we do not have huge + num auths and therefore go off the end */ + cFYI(1, ("RID 0x%x", + le32_to_cpu(psid->sub_auth[psid->num_subauth]))); #endif + } + return 0; } + /* Convert CIFS ACL to POSIX form */ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len) { - int i, rc; - int num_aces = 0; - int acl_size; + int rc; struct cifs_sid *owner_sid_ptr, *group_sid_ptr; struct cifs_acl *dacl_ptr; /* no need for SACL ptr */ - struct cifs_ntace **ppntace; - struct cifs_ace **ppace; - char *acl_base; char *end_of_acl = ((char *)pntsd) + acl_len; owner_sid_ptr = (struct cifs_sid *)((char *)pntsd + @@ -89,6 +219,8 @@ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len) if (rc) return rc; + parse_dacl(dacl_ptr, end_of_acl); + /* cifscred->uid = owner_sid_ptr->rid; cifscred->gid = group_sid_ptr->rid; memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr, @@ -96,46 +228,5 @@ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len) memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr, sizeof (struct cifs_sid)); */ - num_aces = cpu_to_le32(dacl_ptr->num_aces); - cFYI(1, ("num aces %d", num_aces)); - if (num_aces > 0) { - ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *), - GFP_KERNEL); - ppace = kmalloc(num_aces * sizeof(struct cifs_ace *), - GFP_KERNEL); - -/* cifscred->cecount = dacl_ptr->num_aces; - cifscred->ntaces = kmalloc(num_aces * - sizeof(struct cifs_ntace *), GFP_KERNEL); - cifscred->aces = kmalloc(num_aces * - sizeof(struct cifs_ace *), GFP_KERNEL);*/ - - acl_base = (char *)dacl_ptr; - acl_size = sizeof(struct cifs_acl); - - for (i = 0; i < num_aces; ++i) { - ppntace[i] = (struct cifs_ntace *) - (acl_base + acl_size); - ppace[i] = (struct cifs_ace *) - ((char *)ppntace[i] + - sizeof(struct cifs_ntace)); - -/* memcpy((void *)(&(cifscred->ntaces[i])), - (void *)ntace_ptrptr[i], - sizeof(struct cifs_ntace)); - memcpy((void *)(&(cifscred->aces[i])), - (void *)ace_ptrptr[i], - sizeof(struct cifs_ace)); */ - - acl_base = (char *)ppntace[i]; - acl_size = cpu_to_le32(ppntace[i]->size); -#ifdef CONFIG_CIFS_DEBUG2 - cFYI(1, ("ACE revision:%d", ppace[i]->revision)); -#endif - } - kfree(ppace); - kfree(ppntace); - } - return (0); } -- cgit v1.2.3-70-g09d2