diff options
| author | Steve French <sfrench@us.ibm.com> | 2007-10-12 00:11:59 -0400 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2007-10-12 00:11:59 -0400 |
| commit | 297647c21f11dc1449f9bdb1601ae43e951bba0b (patch) | |
| tree | 17cea90be1ab27138b4c6c19bf2b8e45097c3ac6 /fs/cifs/cifsacl.c | |
| parent | a013689ddb2a4ba5f0452c053c0bf00bafb686f1 (diff) | |
[CIFS] CIFS ACL support part 3
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/cifsacl.c')
| -rw-r--r-- | fs/cifs/cifsacl.c | 120 |
1 files changed, 110 insertions, 10 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 52f9cb808fd0..43ab26fff398 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c | |||
| @@ -28,6 +28,20 @@ | |||
| 28 | #include "cifsproto.h" | 28 | #include "cifsproto.h" |
| 29 | #include "cifs_debug.h" | 29 | #include "cifs_debug.h" |
| 30 | 30 | ||
| 31 | |||
| 32 | #ifdef CONFIG_CIFS_EXPERIMENTAL | ||
| 33 | |||
| 34 | struct cifs_wksid wksidarr[NUM_WK_SIDS] = { | ||
| 35 | {{1, 0, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0, 0} }, "null user"}, | ||
| 36 | {{1, 1, {0, 0, 0, 0, 0, 1}, {0, 0, 0, 0, 0} }, "nobody"}, | ||
| 37 | {{1, 1, {0, 0, 0, 0, 0, 5}, {11, 0, 0, 0, 0} }, "net-users"}, | ||
| 38 | {{1, 1, {0, 0, 0, 0, 0, 5}, {18, 0, 0, 0, 0} }, "sys"}, | ||
| 39 | {{1, 2, {0, 0, 0, 0, 0, 5}, {32, 544, 0, 0, 0} }, "root"}, | ||
| 40 | {{1, 2, {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0, 0} }, "users"}, | ||
| 41 | {{1, 2, {0, 0, 0, 0, 0, 5}, {32, 546, 0, 0, 0} }, "guest"} | ||
| 42 | }; | ||
| 43 | |||
| 44 | |||
| 31 | /* security id for everyone */ | 45 | /* security id for everyone */ |
| 32 | static const struct cifs_sid sid_everyone = | 46 | static const struct cifs_sid sid_everyone = |
| 33 | {1, 1, {0, 0, 0, 0, 0, 0}, {} }; | 47 | {1, 1, {0, 0, 0, 0, 0, 0}, {} }; |
| @@ -35,33 +49,113 @@ static const struct cifs_sid sid_everyone = | |||
| 35 | static const struct cifs_sid sid_user = | 49 | static const struct cifs_sid sid_user = |
| 36 | {1, 2 , {0, 0, 0, 0, 0, 5}, {} }; | 50 | {1, 2 , {0, 0, 0, 0, 0, 5}, {} }; |
| 37 | 51 | ||
| 52 | |||
| 53 | int match_sid(struct cifs_sid *ctsid) | ||
| 54 | { | ||
| 55 | int i, j; | ||
| 56 | int num_subauth, num_sat, num_saw; | ||
| 57 | struct cifs_sid *cwsid; | ||
| 58 | |||
| 59 | if (!ctsid) | ||
| 60 | return (-1); | ||
| 61 | |||
| 62 | for (i = 0; i < NUM_WK_SIDS; ++i) { | ||
| 63 | cwsid = &(wksidarr[i].cifssid); | ||
| 64 | |||
| 65 | /* compare the revision */ | ||
| 66 | if (ctsid->revision != cwsid->revision) | ||
| 67 | continue; | ||
| 68 | |||
| 69 | /* compare all of the six auth values */ | ||
| 70 | for (j = 0; j < 6; ++j) { | ||
| 71 | if (ctsid->authority[j] != cwsid->authority[j]) | ||
| 72 | break; | ||
| 73 | } | ||
| 74 | if (j < 6) | ||
| 75 | continue; /* all of the auth values did not match */ | ||
| 76 | |||
| 77 | /* compare all of the subauth values if any */ | ||
| 78 | num_sat = cpu_to_le32(ctsid->num_subauth); | ||
| 79 | num_saw = cpu_to_le32(cwsid->num_subauth); | ||
| 80 | num_subauth = num_sat < num_saw ? num_sat : num_saw; | ||
| 81 | if (num_subauth) { | ||
| 82 | for (j = 0; j < num_subauth; ++j) { | ||
| 83 | if (ctsid->sub_auth[j] != cwsid->sub_auth[j]) | ||
| 84 | break; | ||
| 85 | } | ||
| 86 | if (j < num_subauth) | ||
| 87 | continue; /* all sub_auth values do not match */ | ||
| 88 | } | ||
| 89 | |||
| 90 | cFYI(1, ("matching sid: %s\n", wksidarr[i].sidname)); | ||
| 91 | return (0); /* sids compare/match */ | ||
| 92 | } | ||
| 93 | |||
| 94 | cFYI(1, ("No matching sid")); | ||
| 95 | return (-1); | ||
| 96 | } | ||
| 97 | |||
| 98 | |||
| 99 | int compare_sids(struct cifs_sid *ctsid, struct cifs_sid *cwsid) | ||
| 100 | { | ||
| 101 | int i; | ||
| 102 | int num_subauth, num_sat, num_saw; | ||
| 103 | |||
| 104 | if ((!ctsid) || (!cwsid)) | ||
| 105 | return (-1); | ||
| 106 | |||
| 107 | /* compare the revision */ | ||
| 108 | if (ctsid->revision != cwsid->revision) | ||
| 109 | return (-1); | ||
| 110 | |||
| 111 | /* compare all of the six auth values */ | ||
| 112 | for (i = 0; i < 6; ++i) { | ||
| 113 | if (ctsid->authority[i] != cwsid->authority[i]) | ||
| 114 | return (-1); | ||
| 115 | } | ||
| 116 | |||
| 117 | /* compare all of the subauth values if any */ | ||
| 118 | num_sat = cpu_to_le32(ctsid->num_subauth); | ||
| 119 | num_saw = cpu_to_le32(cwsid->num_subauth); | ||
| 120 | num_subauth = num_sat < num_saw ? num_sat : num_saw; | ||
| 121 | if (num_subauth) { | ||
| 122 | for (i = 0; i < num_subauth; ++i) { | ||
| 123 | if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) | ||
| 124 | return (-1); | ||
| 125 | } | ||
| 126 | } | ||
| 127 | |||
| 128 | return (0); /* sids compare/match */ | ||
| 129 | } | ||
| 130 | |||
| 131 | |||
| 38 | static void parse_ace(struct cifs_ace *pace, char *end_of_acl) | 132 | static void parse_ace(struct cifs_ace *pace, char *end_of_acl) |
| 39 | { | 133 | { |
| 40 | int i; | 134 | int i; |
| 41 | int num_subauth; | 135 | int num_subauth; |
| 42 | __u32 *psub_auth; | ||
| 43 | 136 | ||
| 44 | /* validate that we do not go past end of acl */ | 137 | /* validate that we do not go past end of acl */ |
| 138 | |||
| 139 | /* XXX this if statement can be removed | ||
| 45 | if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) { | 140 | if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) { |
| 46 | cERROR(1, ("ACL too small to parse ACE")); | 141 | cERROR(1, ("ACL too small to parse ACE")); |
| 47 | return; | 142 | return; |
| 48 | } | 143 | } */ |
| 49 | 144 | ||
| 50 | num_subauth = cpu_to_le32(pace->num_subauth); | 145 | num_subauth = cpu_to_le32(pace->num_subauth); |
| 51 | if (num_subauth) { | 146 | if (num_subauth) { |
| 52 | psub_auth = (__u32 *)((char *)pace + sizeof(struct cifs_ace)); | ||
| 53 | #ifdef CONFIG_CIFS_DEBUG2 | 147 | #ifdef CONFIG_CIFS_DEBUG2 |
| 54 | cFYI(1, ("ACE revision %d num_subauth %d", | 148 | cFYI(1, ("ACE revision %d num_subauth %d", |
| 55 | pace->revision, pace->num_subauth)); | 149 | pace->revision, pace->num_subauth)); |
| 56 | for (i = 0; i < num_subauth; ++i) { | 150 | for (i = 0; i < num_subauth; ++i) { |
| 57 | cFYI(1, ("ACE sub_auth[%d]: 0x%x", i, | 151 | cFYI(1, ("ACE sub_auth[%d]: 0x%x", i, |
| 58 | le32_to_cpu(psub_auth[i]))); | 152 | le32_to_cpu(pace->sub_auth[i]))); |
| 59 | } | 153 | } |
| 60 | 154 | ||
| 61 | /* BB add length check to make sure that we do not have huge | 155 | /* BB add length check to make sure that we do not have huge |
| 62 | num auths and therefore go off the end */ | 156 | num auths and therefore go off the end */ |
| 63 | 157 | ||
| 64 | cFYI(1, ("RID %d", le32_to_cpu(psub_auth[num_subauth-1]))); | 158 | cFYI(1, ("RID %d", le32_to_cpu(pace->sub_auth[num_subauth-1]))); |
| 65 | #endif | 159 | #endif |
| 66 | } | 160 | } |
| 67 | 161 | ||
| @@ -132,7 +226,13 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl) | |||
| 132 | sizeof(struct cifs_ntace)); | 226 | sizeof(struct cifs_ntace)); |
| 133 | 227 | ||
| 134 | parse_ntace(ppntace[i], end_of_acl); | 228 | parse_ntace(ppntace[i], end_of_acl); |
| 135 | parse_ace(ppace[i], end_of_acl); | 229 | if (end_of_acl < ((char *)ppace[i] + |
| 230 | (ppntace[i]->size - | ||
| 231 | sizeof(struct cifs_ntace)))) { | ||
| 232 | cERROR(1, ("ACL too small to parse ACE")); | ||
| 233 | break; | ||
| 234 | } else | ||
| 235 | parse_ace(ppace[i], end_of_acl); | ||
| 136 | 236 | ||
| 137 | /* memcpy((void *)(&(cifscred->ntaces[i])), | 237 | /* memcpy((void *)(&(cifscred->ntaces[i])), |
| 138 | (void *)ppntace[i], | 238 | (void *)ppntace[i], |
| @@ -157,7 +257,6 @@ static int parse_sid(struct cifs_sid *psid, char *end_of_acl) | |||
| 157 | { | 257 | { |
| 158 | int i; | 258 | int i; |
| 159 | int num_subauth; | 259 | int num_subauth; |
| 160 | __u32 *psub_auth; | ||
| 161 | 260 | ||
| 162 | /* BB need to add parm so we can store the SID BB */ | 261 | /* BB need to add parm so we can store the SID BB */ |
| 163 | 262 | ||
| @@ -169,20 +268,19 @@ static int parse_sid(struct cifs_sid *psid, char *end_of_acl) | |||
| 169 | 268 | ||
| 170 | num_subauth = cpu_to_le32(psid->num_subauth); | 269 | num_subauth = cpu_to_le32(psid->num_subauth); |
| 171 | if (num_subauth) { | 270 | if (num_subauth) { |
| 172 | psub_auth = (__u32 *)((char *)psid + sizeof(struct cifs_sid)); | ||
| 173 | #ifdef CONFIG_CIFS_DEBUG2 | 271 | #ifdef CONFIG_CIFS_DEBUG2 |
| 174 | cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x", | 272 | cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x", |
| 175 | psid->revision, psid->num_subauth, psid->sub_auth[0])); | 273 | psid->revision, psid->num_subauth, psid->sub_auth[0])); |
| 176 | 274 | ||
| 177 | for (i = 0; i < num_subauth; ++i) { | 275 | for (i = 0; i < num_subauth; ++i) { |
| 178 | cFYI(1, ("SID sub_auth[%d]: 0x%x ", i, | 276 | cFYI(1, ("SID sub_auth[%d]: 0x%x ", i, |
| 179 | le32_to_cpu(psub_auth[i]))); | 277 | le32_to_cpu(psid->sub_auth[i]))); |
| 180 | } | 278 | } |
| 181 | 279 | ||
| 182 | /* BB add length check to make sure that we do not have huge | 280 | /* BB add length check to make sure that we do not have huge |
| 183 | num auths and therefore go off the end */ | 281 | num auths and therefore go off the end */ |
| 184 | cFYI(1, ("RID 0x%x", | 282 | cFYI(1, ("RID 0x%x", |
| 185 | le32_to_cpu(psid->sub_auth[psid->num_subauth]))); | 283 | le32_to_cpu(psid->sub_auth[num_subauth-1]))); |
| 186 | #endif | 284 | #endif |
| 187 | } | 285 | } |
| 188 | 286 | ||
| @@ -228,5 +326,7 @@ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len) | |||
| 228 | memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr, | 326 | memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr, |
| 229 | sizeof (struct cifs_sid)); */ | 327 | sizeof (struct cifs_sid)); */ |
| 230 | 328 | ||
| 329 | |||
| 231 | return (0); | 330 | return (0); |
| 232 | } | 331 | } |
| 332 | #endif /* CONFIG_CIFS_EXPERIMENTAL */ | ||