smb3: missing ACL related flags

Various SMB3 ACL related flags (for security descriptor and ACEs for example) were missing and some fields are different in SMB3 and CIFS. Update cifsacl.h definitions based on current MS-DTYP specification. Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
author: Steve French <stfrench@microsoft.com> 2019-09-26 05:37:18 -0400
committer: Steve French <stfrench@microsoft.com> 2019-09-26 17:37:43 -0400
commit: ff3ee62a55869b1a64266b5c15af16f2eb37c8a7 (patch)
tree: 5b0f0ab43f83fe139f89db7c7bbf40708610e3a5
parent: c3ca78e2174413c136d62ebdf8039580fe72b504 (diff)
1 files changed, 80 insertions, 1 deletions
diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h
index eb428349f29a..439b99cefeb0 100644
--- a/fs/cifs/cifsacl.h
+++ b/fs/cifs/cifsacl.h
@@ -90,8 +90,39 @@ struct cifs_acl {
        __le32 num_aces;
 } __attribute__((packed));
+/* ACE types - see MS-DTYP 2.4.4.1 */
+#define ACCESS_ALLOWED_ACE_TYPE 0x00
+#define ACCESS_DENIED_ACE_TYPE  0x01
+#define SYSTEM_AUDIT_ACE_TYPE   0x02
+#define SYSTEM_ALARM_ACE_TYPE   0x03
+#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04
+#define ACCESS_ALLOWED_OBJECT_ACE_TYPE  0x05
+#define ACCESS_DENIED_OBJECT_ACE_TYPE   0x06
+#define SYSTEM_AUDIT_OBJECT_ACE_TYPE    0x07
+#define SYSTEM_ALARM_OBJECT_ACE_TYPE    0x08
+#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x09
+#define ACCESS_DENIED_CALLBACK_ACE_TYPE 0x0A
+#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0x0B
+#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE  0x0C
+#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE  0x0D
+#define SYSTEM_ALARM_CALLBACK_ACE_TYPE  0x0E /* Reserved */
+#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0x0F
+#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10 /* reserved */
+#define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11
+#define SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE 0x12
+#define SYSTEM_SCOPED_POLICY_ID_ACE_TYPE 0x13
+/* ACE flags */
+#define OBJECT_INHERIT_ACE      0x01
+#define CONTAINER_INHERIT_ACE   0x02
+#define NO_PROPAGATE_INHERIT_ACE 0x04
+#define INHERIT_ONLY_ACE        0x08
+#define INHERITED_ACE           0x10
+#define SUCCESSFUL_ACCESS_ACE_FLAG 0x40
+#define FAILED_ACCESS_ACE_FLAG  0x80
 struct cifs_ace {
-        __u8 type;
+        __u8 type; /* see above and MS-DTYP 2.4.4.1 */
        __u8 flags;
        __le16 size;
        __le32 access_req;
@@ -99,6 +130,54 @@ struct cifs_ace {
 } __attribute__((packed));
 /*
+ * The current SMB3 form of security descriptor is similar to what was used for
+ * cifs (see above) but some fields are split, and fields in the struct below
+ * matches names of fields to the the spec, MS-DTYP (see sections 2.4.5 and
+ * 2.4.6). Note that "CamelCase" fields are used in this struct in order to
+ * match the MS-DTYP and MS-SMB2 specs which define the wire format.
+ */
+struct smb3_sd {
+        __u8 Revision; /* revision level, MUST be one */
+        __u8 Sbz1; /* only meaningful if 'RM' flag set below */
+        __le16 Control;
+        __le32 OffsetOwner;
+        __le32 OffsetGroup;
+        __le32 OffsetSacl;
+        __le32 OffsetDacl;
+} __packed;
+/* Meaning of 'Control' field flags */
+#define ACL_CONTROL_SR  0x0001  /* Self relative */
+#define ACL_CONTROL_RM  0x0002  /* Resource manager control bits */
+#define ACL_CONTROL_PS  0x0004  /* SACL protected from inherits */
+#define ACL_CONTROL_PD  0x0008  /* DACL protected from inherits */
+#define ACL_CONTROL_SI  0x0010  /* SACL Auto-Inherited */
+#define ACL_CONTROL_DI  0x0020  /* DACL Auto-Inherited */
+#define ACL_CONTROL_SC  0x0040  /* SACL computed through inheritance */
+#define ACL_CONTROL_DC  0x0080  /* DACL computed through inheritence */
+#define ACL_CONTROL_SS  0x0100  /* Create server ACL */
+#define ACL_CONTROL_DT  0x0200  /* DACL provided by trusteed source */
+#define ACL_CONTROL_SD  0x0400  /* SACL defaulted */
+#define ACL_CONTROL_SP  0x0800  /* SACL is present on object */
+#define ACL_CONTROL_DD  0x1000  /* DACL defaulted */
+#define ACL_CONTROL_DP  0x2000  /* DACL is present on object */
+#define ACL_CONTROL_GD  0x4000  /* Group was defaulted */
+#define ACL_CONTROL_OD  0x8000  /* User was defaulted */
+/* Meaning of AclRevision flags */
+#define ACL_REVISION    0x02 /* See section 2.4.4.1 of MS-DTYP */
+#define ACL_REVISION_DS 0x04 /* Additional AceTypes allowed */
+struct smb3_acl {
+        u8 AclRevision; /* revision level */
+        u8 Sbz1; /* MBZ */
+        __le16 AclSize;
+        __le16 AceCount;
+        __le16 Sbz2; /* MBZ */
+} __packed;
+/*
 * Minimum security identifier can be one for system defined Users
 * and Groups such as NULL SID and World or Built-in accounts such
 * as Administrator and Guest and consists of
author	Steve French <stfrench@microsoft.com>	2019-09-26 05:37:18 -0400
committer	Steve French <stfrench@microsoft.com>	2019-09-26 17:37:43 -0400
commit	ff3ee62a55869b1a64266b5c15af16f2eb37c8a7 (patch)
tree	5b0f0ab43f83fe139f89db7c7bbf40708610e3a5
parent	c3ca78e2174413c136d62ebdf8039580fe72b504 (diff)

diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h index eb428349f29a..439b99cefeb0 100644 --- a/fs/cifs/cifsacl.h +++ b/fs/cifs/cifsacl.h
@@ -90,8 +90,39 @@ struct cifs_acl {
90	__le32 num_aces;	90	__le32 num_aces;
91	} __attribute__((packed));	91	} __attribute__((packed));
92		92
		93	/* ACE types - see MS-DTYP 2.4.4.1 */
		94	#define ACCESS_ALLOWED_ACE_TYPE 0x00
		95	#define ACCESS_DENIED_ACE_TYPE 0x01
		96	#define SYSTEM_AUDIT_ACE_TYPE 0x02
		97	#define SYSTEM_ALARM_ACE_TYPE 0x03
		98	#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04
		99	#define ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x05
		100	#define ACCESS_DENIED_OBJECT_ACE_TYPE 0x06
		101	#define SYSTEM_AUDIT_OBJECT_ACE_TYPE 0x07
		102	#define SYSTEM_ALARM_OBJECT_ACE_TYPE 0x08
		103	#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x09
		104	#define ACCESS_DENIED_CALLBACK_ACE_TYPE 0x0A
		105	#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0x0B
		106	#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE 0x0C
		107	#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE 0x0D
		108	#define SYSTEM_ALARM_CALLBACK_ACE_TYPE 0x0E /* Reserved */
		109	#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0x0F
		110	#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10 /* reserved */
		111	#define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11
		112	#define SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE 0x12
		113	#define SYSTEM_SCOPED_POLICY_ID_ACE_TYPE 0x13
		114
		115	/* ACE flags */
		116	#define OBJECT_INHERIT_ACE 0x01
		117	#define CONTAINER_INHERIT_ACE 0x02
		118	#define NO_PROPAGATE_INHERIT_ACE 0x04
		119	#define INHERIT_ONLY_ACE 0x08
		120	#define INHERITED_ACE 0x10
		121	#define SUCCESSFUL_ACCESS_ACE_FLAG 0x40
		122	#define FAILED_ACCESS_ACE_FLAG 0x80
		123
93	struct cifs_ace {	124	struct cifs_ace {
94	__u8 type;	125	__u8 type; /* see above and MS-DTYP 2.4.4.1 */
95	__u8 flags;	126	__u8 flags;
96	__le16 size;	127	__le16 size;
97	__le32 access_req;	128	__le32 access_req;
@@ -99,6 +130,54 @@ struct cifs_ace {
99	} __attribute__((packed));	130	} __attribute__((packed));
100		131
101	/*	132	/*
		133	* The current SMB3 form of security descriptor is similar to what was used for
		134	* cifs (see above) but some fields are split, and fields in the struct below
		135	* matches names of fields to the the spec, MS-DTYP (see sections 2.4.5 and
		136	* 2.4.6). Note that "CamelCase" fields are used in this struct in order to
		137	* match the MS-DTYP and MS-SMB2 specs which define the wire format.
		138	*/
		139	struct smb3_sd {
		140	__u8 Revision; /* revision level, MUST be one */
		141	__u8 Sbz1; /* only meaningful if 'RM' flag set below */
		142	__le16 Control;
		143	__le32 OffsetOwner;
		144	__le32 OffsetGroup;
		145	__le32 OffsetSacl;
		146	__le32 OffsetDacl;
		147	} __packed;
		148
		149	/* Meaning of 'Control' field flags */
		150	#define ACL_CONTROL_SR 0x0001 /* Self relative */
		151	#define ACL_CONTROL_RM 0x0002 /* Resource manager control bits */
		152	#define ACL_CONTROL_PS 0x0004 /* SACL protected from inherits */
		153	#define ACL_CONTROL_PD 0x0008 /* DACL protected from inherits */
		154	#define ACL_CONTROL_SI 0x0010 /* SACL Auto-Inherited */
		155	#define ACL_CONTROL_DI 0x0020 /* DACL Auto-Inherited */
		156	#define ACL_CONTROL_SC 0x0040 /* SACL computed through inheritance */
		157	#define ACL_CONTROL_DC 0x0080 /* DACL computed through inheritence */
		158	#define ACL_CONTROL_SS 0x0100 /* Create server ACL */
		159	#define ACL_CONTROL_DT 0x0200 /* DACL provided by trusteed source */
		160	#define ACL_CONTROL_SD 0x0400 /* SACL defaulted */
		161	#define ACL_CONTROL_SP 0x0800 /* SACL is present on object */
		162	#define ACL_CONTROL_DD 0x1000 /* DACL defaulted */
		163	#define ACL_CONTROL_DP 0x2000 /* DACL is present on object */
		164	#define ACL_CONTROL_GD 0x4000 /* Group was defaulted */
		165	#define ACL_CONTROL_OD 0x8000 /* User was defaulted */
		166
		167	/* Meaning of AclRevision flags */
		168	#define ACL_REVISION 0x02 /* See section 2.4.4.1 of MS-DTYP */
		169	#define ACL_REVISION_DS 0x04 /* Additional AceTypes allowed */
		170
		171	struct smb3_acl {
		172	u8 AclRevision; /* revision level */
		173	u8 Sbz1; /* MBZ */
		174	__le16 AclSize;
		175	__le16 AceCount;
		176	__le16 Sbz2; /* MBZ */
		177	} __packed;
		178
		179
		180	/*
102	* Minimum security identifier can be one for system defined Users	181	* Minimum security identifier can be one for system defined Users
103	* and Groups such as NULL SID and World or Built-in accounts such	182	* and Groups such as NULL SID and World or Built-in accounts such
104	* as Administrator and Guest and consists of	183	* as Administrator and Guest and consists of