aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2007-10-23 17:22:55 -0400
committerSteve French <sfrench@us.ibm.com>2007-10-23 17:22:55 -0400
commit44093ca2fef3c52dc7d186116862d74f9a676e0f (patch)
tree18e03ae747d936b9d9de34abfea38aecb020956c /fs/cifs
parentc94897790e7c67dcfe3a0b6f035996398c268313 (diff)
[CIFS] acl support part 6
CC: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/cifsacl.c79
-rw-r--r--fs/cifs/cifsacl.h12
-rw-r--r--fs/cifs/dir.c2
3 files changed, 28 insertions, 65 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index e8083043a26c..154cb8449b9b 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -38,8 +38,8 @@ static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
38 {{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"}, 38 {{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
39 {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"}, 39 {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},
40 {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"}, 40 {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},
41 {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"} 41 {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"} }
42}; 42;
43 43
44 44
45/* security id for everyone */ 45/* security id for everyone */
@@ -131,6 +131,8 @@ int compare_sids(struct cifs_sid *ctsid, struct cifs_sid *cwsid)
131 131
132void get_mode_from_acl(struct inode * inode, const char * path) 132void get_mode_from_acl(struct inode * inode, const char * path)
133{ 133{
134
135 cFYI(1, ("get mode from ACL for %s", path));
134 136
135 if (inode == NULL) 137 if (inode == NULL)
136 return; 138 return;
@@ -159,50 +161,36 @@ static void parse_ace(struct cifs_ace *pace, char *end_of_acl)
159 161
160 /* validate that we do not go past end of acl */ 162 /* validate that we do not go past end of acl */
161 163
162 /* XXX this if statement can be removed 164 if (le16_to_cpu(pace->size) < 16) {
163 if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) { 165 cERROR(1, ("ACE too small, %d", le16_to_cpu(pace->size)));
166 return;
167 }
168
169 if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) {
164 cERROR(1, ("ACL too small to parse ACE")); 170 cERROR(1, ("ACL too small to parse ACE"));
165 return; 171 return;
166 } */ 172 }
167 173
168 num_subauth = pace->num_subauth; 174 num_subauth = pace->sid.num_subauth;
169 if (num_subauth) { 175 if (num_subauth) {
170#ifdef CONFIG_CIFS_DEBUG2 176#ifdef CONFIG_CIFS_DEBUG2
171 int i; 177 int i;
172 cFYI(1, ("ACE revision %d num_subauth %d", 178 cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",
173 pace->revision, pace->num_subauth)); 179 pace->sid.revision, pace->sid.num_subauth, pace->type,
180 pace->flags, pace->size));
174 for (i = 0; i < num_subauth; ++i) { 181 for (i = 0; i < num_subauth; ++i) {
175 cFYI(1, ("ACE sub_auth[%d]: 0x%x", i, 182 cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,
176 le32_to_cpu(pace->sub_auth[i]))); 183 le32_to_cpu(pace->sid.sub_auth[i])));
177 } 184 }
178 185
179 /* BB add length check to make sure that we do not have huge 186 /* BB add length check to make sure that we do not have huge
180 num auths and therefore go off the end */ 187 num auths and therefore go off the end */
181
182 cFYI(1, ("RID %d", le32_to_cpu(pace->sub_auth[num_subauth-1])));
183#endif 188#endif
184 } 189 }
185 190
186 return; 191 return;
187} 192}
188 193
189static void parse_ntace(struct cifs_ntace *pntace, char *end_of_acl)
190{
191 /* validate that we do not go past end of acl */
192 if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) {
193 cERROR(1, ("ACL too small to parse NT ACE"));
194 return;
195 }
196
197#ifdef CONFIG_CIFS_DEBUG2
198 cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x",
199 pntace->type, pntace->flags, pntace->size,
200 pntace->access_req));
201#endif
202 return;
203}
204
205
206 194
207static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl, 195static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
208 struct cifs_sid *pownersid, struct cifs_sid *pgrpsid) 196 struct cifs_sid *pownersid, struct cifs_sid *pgrpsid)
@@ -211,7 +199,6 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
211 int num_aces = 0; 199 int num_aces = 0;
212 int acl_size; 200 int acl_size;
213 char *acl_base; 201 char *acl_base;
214 struct cifs_ntace **ppntace;
215 struct cifs_ace **ppace; 202 struct cifs_ace **ppace;
216 203
217 /* BB need to add parm so we can store the SID BB */ 204 /* BB need to add parm so we can store the SID BB */
@@ -233,45 +220,27 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
233 220
234 num_aces = le32_to_cpu(pdacl->num_aces); 221 num_aces = le32_to_cpu(pdacl->num_aces);
235 if (num_aces > 0) { 222 if (num_aces > 0) {
236 ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
237 GFP_KERNEL);
238 ppace = kmalloc(num_aces * sizeof(struct cifs_ace *), 223 ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
239 GFP_KERNEL); 224 GFP_KERNEL);
240 225
241/* cifscred->cecount = pdacl->num_aces; 226/* cifscred->cecount = pdacl->num_aces;
242 cifscred->ntaces = kmalloc(num_aces *
243 sizeof(struct cifs_ntace *), GFP_KERNEL);
244 cifscred->aces = kmalloc(num_aces * 227 cifscred->aces = kmalloc(num_aces *
245 sizeof(struct cifs_ace *), GFP_KERNEL);*/ 228 sizeof(struct cifs_ace *), GFP_KERNEL);*/
246 229
247 for (i = 0; i < num_aces; ++i) { 230 for (i = 0; i < num_aces; ++i) {
248 ppntace[i] = (struct cifs_ntace *) 231 ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
249 (acl_base + acl_size); 232
250 ppace[i] = (struct cifs_ace *) ((char *)ppntace[i] + 233 parse_ace(ppace[i], end_of_acl);
251 sizeof(struct cifs_ntace));
252
253 parse_ntace(ppntace[i], end_of_acl);
254 if (end_of_acl < ((char *)ppace[i] +
255 (le16_to_cpu(ppntace[i]->size) -
256 sizeof(struct cifs_ntace)))) {
257 cERROR(1, ("ACL too small to parse ACE"));
258 break;
259 } else
260 parse_ace(ppace[i], end_of_acl);
261 234
262/* memcpy((void *)(&(cifscred->ntaces[i])), 235/* memcpy((void *)(&(cifscred->aces[i])),
263 (void *)ppntace[i],
264 sizeof(struct cifs_ntace));
265 memcpy((void *)(&(cifscred->aces[i])),
266 (void *)ppace[i], 236 (void *)ppace[i],
267 sizeof(struct cifs_ace)); */ 237 sizeof(struct cifs_ace)); */
268 238
269 acl_base = (char *)ppntace[i]; 239 acl_base = (char *)ppace[i];
270 acl_size = le16_to_cpu(ppntace[i]->size); 240 acl_size = le16_to_cpu(ppace[i]->size);
271 } 241 }
272 242
273 kfree(ppace); 243 kfree(ppace);
274 kfree(ppntace);
275 } 244 }
276 245
277 return; 246 return;
@@ -292,8 +261,8 @@ static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
292 if (psid->num_subauth) { 261 if (psid->num_subauth) {
293#ifdef CONFIG_CIFS_DEBUG2 262#ifdef CONFIG_CIFS_DEBUG2
294 int i; 263 int i;
295 cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x", 264 cFYI(1, ("SID revision %d num_auth %d",
296 psid->revision, psid->num_subauth, psid->sub_auth[0])); 265 psid->revision, psid->num_subauth));
297 266
298 for (i = 0; i < psid->num_subauth; i++) { 267 for (i = 0; i < psid->num_subauth; i++) {
299 cFYI(1, ("SID sub_auth[%d]: 0x%x ", i, 268 cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h
index 420f87813647..06d52006bf26 100644
--- a/fs/cifs/cifsacl.h
+++ b/fs/cifs/cifsacl.h
@@ -48,7 +48,7 @@ struct cifs_sid {
48 __u8 revision; /* revision level */ 48 __u8 revision; /* revision level */
49 __u8 num_subauth; 49 __u8 num_subauth;
50 __u8 authority[6]; 50 __u8 authority[6];
51 __le32 sub_auth[5]; /* sub_auth[num_subauth] */ /* BB FIXME endianness BB */ 51 __le32 sub_auth[5]; /* sub_auth[num_subauth] */
52} __attribute__((packed)); 52} __attribute__((packed));
53 53
54struct cifs_acl { 54struct cifs_acl {
@@ -57,18 +57,12 @@ struct cifs_acl {
57 __le32 num_aces; 57 __le32 num_aces;
58} __attribute__((packed)); 58} __attribute__((packed));
59 59
60struct cifs_ntace { /* first part of ACE which contains perms */ 60struct cifs_ace {
61 __u8 type; 61 __u8 type;
62 __u8 flags; 62 __u8 flags;
63 __le16 size; 63 __le16 size;
64 __le32 access_req; 64 __le32 access_req;
65} __attribute__((packed)); 65 struct cifs_sid sid; /* ie UUID of user or group who gets these perms */
66
67struct cifs_ace { /* last part of ACE which includes user info */
68 __u8 revision; /* revision level */
69 __u8 num_subauth;
70 __u8 authority[6];
71 __le32 sub_auth[5];
72} __attribute__((packed)); 66} __attribute__((packed));
73 67
74struct cifs_wksid { 68struct cifs_wksid {
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index 793404b10925..37dc97af1487 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -593,7 +593,7 @@ static int cifs_ci_compare(struct dentry *dentry, struct qstr *a,
593 * case take precedence. If a is not a negative dentry, this 593 * case take precedence. If a is not a negative dentry, this
594 * should have no side effects 594 * should have no side effects
595 */ 595 */
596 memcpy((unsigned char *)a->name, b->name, a->len); 596 memcpy(a->name, b->name, a->len);
597 return 0; 597 return 0;
598 } 598 }
599 return 1; 599 return 1;