[CIFS] acl support part 6

CC: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Steve French <sfrench@us.ibm.com> 2007-10-23 17:22:55 -0400
committer: Steve French <sfrench@us.ibm.com> 2007-10-23 17:22:55 -0400
commit: 44093ca2fef3c52dc7d186116862d74f9a676e0f (patch)
tree: 18e03ae747d936b9d9de34abfea38aecb020956c /fs
parent: c94897790e7c67dcfe3a0b6f035996398c268313 (diff)
3 files changed, 28 insertions, 65 deletions
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index e8083043a26c..154cb8449b9b 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -38,8 +38,8 @@ static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
        {{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
        {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},
        {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},
-        {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"}
+        {{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"} }
-};
+;
 /* security id for everyone */
@@ -131,6 +131,8 @@ int compare_sids(struct cifs_sid *ctsid, struct cifs_sid *cwsid)
 void get_mode_from_acl(struct inode * inode, const char * path)
 {
+        cFYI(1, ("get mode from ACL for %s", path));
        
        if (inode == NULL)
                return;
@@ -159,50 +161,36 @@ static void parse_ace(struct cifs_ace *pace, char *end_of_acl)
        /* validate that we do not go past end of acl */
-        /* XXX this if statement can be removed
+        if (le16_to_cpu(pace->size) < 16) {
-        if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) {
+                cERROR(1, ("ACE too small, %d", le16_to_cpu(pace->size)));
+                return;
+        }
+        if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) {
                cERROR(1, ("ACL too small to parse ACE"));
                return;
-        } */
+        }
-        num_subauth = pace->num_subauth;
+        num_subauth = pace->sid.num_subauth;
        if (num_subauth) {
 #ifdef CONFIG_CIFS_DEBUG2
                int i;
-                cFYI(1, ("ACE revision %d num_subauth %d",
+                cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",
-                        pace->revision, pace->num_subauth));
+                        pace->sid.revision, pace->sid.num_subauth, pace->type,
+                        pace->flags, pace->size));
                for (i = 0; i < num_subauth; ++i) {
                        cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,
-                                le32_to_cpu(pace->sub_auth[i])));
+                                le32_to_cpu(pace->sid.sub_auth[i])));
                }
                /* BB add length check to make sure that we do not have huge
                        num auths and therefore go off the end */
-                cFYI(1, ("RID %d", le32_to_cpu(pace->sub_auth[num_subauth-1])));
 #endif
        }
        return;
 }
-static void parse_ntace(struct cifs_ntace *pntace, char *end_of_acl)
-{
-        /* validate that we do not go past end of acl */
-        if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) {
-                cERROR(1, ("ACL too small to parse NT ACE"));
-                return;
-        }
-#ifdef CONFIG_CIFS_DEBUG2
-        cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x",
-                pntace->type, pntace->flags, pntace->size,
-                pntace->access_req));
-#endif
-        return;
-}
 static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
                       struct cifs_sid *pownersid, struct cifs_sid *pgrpsid)
@@ -211,7 +199,6 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
        int num_aces = 0;
        int acl_size;
        char *acl_base;
-        struct cifs_ntace **ppntace;
        struct cifs_ace **ppace;
        /* BB need to add parm so we can store the SID BB */
@@ -233,45 +220,27 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
        num_aces = le32_to_cpu(pdacl->num_aces);
        if (num_aces  > 0) {
-                ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
-                                GFP_KERNEL);
                ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
                                GFP_KERNEL);
 /*              cifscred->cecount = pdacl->num_aces;
-                cifscred->ntaces = kmalloc(num_aces *
-                        sizeof(struct cifs_ntace *), GFP_KERNEL);
                cifscred->aces = kmalloc(num_aces *
                        sizeof(struct cifs_ace *), GFP_KERNEL);*/
                for (i = 0; i < num_aces; ++i) {
-                        ppntace[i] = (struct cifs_ntace *)
+                        ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
-                                        (acl_base + acl_size);
-                        ppace[i] = (struct cifs_ace *) ((char *)ppntace[i] +
+                        parse_ace(ppace[i], end_of_acl);
-                                        sizeof(struct cifs_ntace));
-                        parse_ntace(ppntace[i], end_of_acl);
-                        if (end_of_acl < ((char *)ppace[i] +
-                                        (le16_to_cpu(ppntace[i]->size) -
-                                        sizeof(struct cifs_ntace)))) {
-                                cERROR(1, ("ACL too small to parse ACE"));
-                                break;
-                        } else
-                                parse_ace(ppace[i], end_of_acl);
-/*                      memcpy((void *)(&(cifscred->ntaces[i])),
+/*                      memcpy((void *)(&(cifscred->aces[i])),
-                                (void *)ppntace[i],
-                                sizeof(struct cifs_ntace));
-                        memcpy((void *)(&(cifscred->aces[i])),
                                (void *)ppace[i],
                                sizeof(struct cifs_ace)); */
-                        acl_base = (char *)ppntace[i];
+                        acl_base = (char *)ppace[i];
-                        acl_size = le16_to_cpu(ppntace[i]->size);
+                        acl_size = le16_to_cpu(ppace[i]->size);
                }
                kfree(ppace);
-                kfree(ppntace);
        }
        return;
@@ -292,8 +261,8 @@ static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
        if (psid->num_subauth) {
 #ifdef CONFIG_CIFS_DEBUG2
                int i;
-                cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x",
+                cFYI(1, ("SID revision %d num_auth %d",
-                        psid->revision, psid->num_subauth, psid->sub_auth[0]));
+                        psid->revision, psid->num_subauth));
                for (i = 0; i < psid->num_subauth; i++) {
                        cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h
index 420f87813647..06d52006bf26 100644
--- a/fs/cifs/cifsacl.h
+++ b/fs/cifs/cifsacl.h
@@ -48,7 +48,7 @@ struct cifs_sid {
        __u8 revision; /* revision level */
        __u8 num_subauth;
        __u8 authority[6];
-        __le32 sub_auth[5]; /* sub_auth[num_subauth] */ /* BB FIXME endianness BB */
+        __le32 sub_auth[5]; /* sub_auth[num_subauth] */
 } __attribute__((packed));
 struct cifs_acl {
@@ -57,18 +57,12 @@ struct cifs_acl {
        __le32 num_aces;
 } __attribute__((packed));
-struct cifs_ntace { /* first part of ACE which contains perms */
+struct cifs_ace {
        __u8 type;
        __u8 flags;
        __le16 size;
        __le32 access_req;
-} __attribute__((packed));
+        struct cifs_sid sid; /* ie UUID of user or group who gets these perms */
-struct cifs_ace { /* last part of ACE which includes user info */
-        __u8 revision; /* revision level */
-        __u8 num_subauth;
-        __u8 authority[6];
-        __le32 sub_auth[5];
 } __attribute__((packed));
 struct cifs_wksid {
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index 793404b10925..37dc97af1487 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -593,7 +593,7 @@ static int cifs_ci_compare(struct dentry *dentry, struct qstr *a,
                 * case take precedence.  If a is not a negative dentry, this
                 * should have no side effects
                 */
-                memcpy((unsigned char *)a->name, b->name, a->len);
+                memcpy(a->name, b->name, a->len);
                return 0;
        }
        return 1;
author	Steve French <sfrench@us.ibm.com>	2007-10-23 17:22:55 -0400
committer	Steve French <sfrench@us.ibm.com>	2007-10-23 17:22:55 -0400
commit	44093ca2fef3c52dc7d186116862d74f9a676e0f (patch)
tree	18e03ae747d936b9d9de34abfea38aecb020956c /fs
parent	c94897790e7c67dcfe3a0b6f035996398c268313 (diff)

diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index e8083043a26c..154cb8449b9b 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c
@@ -38,8 +38,8 @@ static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
38	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},	38	{{1, 1, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
39	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},	39	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(544), 0, 0, 0} }, "root"},
40	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},	40	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(545), 0, 0, 0} }, "users"},
41	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"}	41	{{1, 2, {0, 0, 0, 0, 0, 5}, {cpu_to_le32(32), cpu_to_le32(546), 0, 0, 0} }, "guest"} }
42	};	42	;
43		43
44		44
45	/* security id for everyone */	45	/* security id for everyone */
@@ -131,6 +131,8 @@ int compare_sids(struct cifs_sid ctsid, struct cifs_sid cwsid)
131		131
132	void get_mode_from_acl(struct inode * inode, const char * path)	132	void get_mode_from_acl(struct inode * inode, const char * path)
133	{	133	{
		134
		135	cFYI(1, ("get mode from ACL for %s", path));
134		136
135	if (inode == NULL)	137	if (inode == NULL)
136	return;	138	return;
@@ -159,50 +161,36 @@ static void parse_ace(struct cifs_ace pace, char end_of_acl)
159		161
160	/* validate that we do not go past end of acl */	162	/* validate that we do not go past end of acl */
161		163
162	/* XXX this if statement can be removed	164	if (le16_to_cpu(pace->size) < 16) {
163	if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) {	165	cERROR(1, ("ACE too small, %d", le16_to_cpu(pace->size)));
		166	return;
		167	}
		168
		169	if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) {
164	cERROR(1, ("ACL too small to parse ACE"));	170	cERROR(1, ("ACL too small to parse ACE"));
165	return;	171	return;
166	} */	172	}
167		173
168	num_subauth = pace->num_subauth;	174	num_subauth = pace->sid.num_subauth;
169	if (num_subauth) {	175	if (num_subauth) {
170	#ifdef CONFIG_CIFS_DEBUG2	176	#ifdef CONFIG_CIFS_DEBUG2
171	int i;	177	int i;
172	cFYI(1, ("ACE revision %d num_subauth %d",	178	cFYI(1, ("ACE revision %d num_auth %d type %d flags %d size %d",
173	pace->revision, pace->num_subauth));	179	pace->sid.revision, pace->sid.num_subauth, pace->type,
		180	pace->flags, pace->size));
174	for (i = 0; i < num_subauth; ++i) {	181	for (i = 0; i < num_subauth; ++i) {
175	cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,	182	cFYI(1, ("ACE sub_auth[%d]: 0x%x", i,
176	le32_to_cpu(pace->sub_auth[i])));	183	le32_to_cpu(pace->sid.sub_auth[i])));
177	}	184	}
178		185
179	/* BB add length check to make sure that we do not have huge	186	/* BB add length check to make sure that we do not have huge
180	num auths and therefore go off the end */	187	num auths and therefore go off the end */
181
182	cFYI(1, ("RID %d", le32_to_cpu(pace->sub_auth[num_subauth-1])));
183	#endif	188	#endif
184	}	189	}
185		190
186	return;	191	return;
187	}	192	}
188		193
189	static void parse_ntace(struct cifs_ntace pntace, char end_of_acl)
190	{
191	/* validate that we do not go past end of acl */
192	if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) {
193	cERROR(1, ("ACL too small to parse NT ACE"));
194	return;
195	}
196
197	#ifdef CONFIG_CIFS_DEBUG2
198	cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x",
199	pntace->type, pntace->flags, pntace->size,
200	pntace->access_req));
201	#endif
202	return;
203	}
204
205
206		194
207	static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,	195	static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,
208	struct cifs_sid pownersid, struct cifs_sid pgrpsid)	196	struct cifs_sid pownersid, struct cifs_sid pgrpsid)
@@ -211,7 +199,6 @@ static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,
211	int num_aces = 0;	199	int num_aces = 0;
212	int acl_size;	200	int acl_size;
213	char *acl_base;	201	char *acl_base;
214	struct cifs_ntace **ppntace;
215	struct cifs_ace **ppace;	202	struct cifs_ace **ppace;
216		203
217	/* BB need to add parm so we can store the SID BB */	204	/* BB need to add parm so we can store the SID BB */
@@ -233,45 +220,27 @@ static void parse_dacl(struct cifs_acl pdacl, char end_of_acl,
233		220
234	num_aces = le32_to_cpu(pdacl->num_aces);	221	num_aces = le32_to_cpu(pdacl->num_aces);
235	if (num_aces > 0) {	222	if (num_aces > 0) {
236	ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
237	GFP_KERNEL);
238	ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),	223	ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
239	GFP_KERNEL);	224	GFP_KERNEL);
240		225
241	/* cifscred->cecount = pdacl->num_aces;	226	/* cifscred->cecount = pdacl->num_aces;
242	cifscred->ntaces = kmalloc(num_aces *
243	sizeof(struct cifs_ntace *), GFP_KERNEL);
244	cifscred->aces = kmalloc(num_aces *	227	cifscred->aces = kmalloc(num_aces *
245	sizeof(struct cifs_ace ), GFP_KERNEL);/	228	sizeof(struct cifs_ace ), GFP_KERNEL);/
246		229
247	for (i = 0; i < num_aces; ++i) {	230	for (i = 0; i < num_aces; ++i) {
248	ppntace[i] = (struct cifs_ntace *)	231	ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
249	(acl_base + acl_size);	232
250	ppace[i] = (struct cifs_ace ) ((char )ppntace[i] +	233	parse_ace(ppace[i], end_of_acl);
251	sizeof(struct cifs_ntace));
252
253	parse_ntace(ppntace[i], end_of_acl);
254	if (end_of_acl < ((char *)ppace[i] +
255	(le16_to_cpu(ppntace[i]->size) -
256	sizeof(struct cifs_ntace)))) {
257	cERROR(1, ("ACL too small to parse ACE"));
258	break;
259	} else
260	parse_ace(ppace[i], end_of_acl);
261		234
262	/* memcpy((void *)(&(cifscred->ntaces[i])),	235	/* memcpy((void *)(&(cifscred->aces[i])),
263	(void *)ppntace[i],
264	sizeof(struct cifs_ntace));
265	memcpy((void *)(&(cifscred->aces[i])),
266	(void *)ppace[i],	236	(void *)ppace[i],
267	sizeof(struct cifs_ace)); */	237	sizeof(struct cifs_ace)); */
268		238
269	acl_base = (char *)ppntace[i];	239	acl_base = (char *)ppace[i];
270	acl_size = le16_to_cpu(ppntace[i]->size);	240	acl_size = le16_to_cpu(ppace[i]->size);
271	}	241	}
272		242
273	kfree(ppace);	243	kfree(ppace);
274	kfree(ppntace);
275	}	244	}
276		245
277	return;	246	return;
@@ -292,8 +261,8 @@ static int parse_sid(struct cifs_sid psid, char end_of_acl)
292	if (psid->num_subauth) {	261	if (psid->num_subauth) {
293	#ifdef CONFIG_CIFS_DEBUG2	262	#ifdef CONFIG_CIFS_DEBUG2
294	int i;	263	int i;
295	cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x",	264	cFYI(1, ("SID revision %d num_auth %d",
296	psid->revision, psid->num_subauth, psid->sub_auth[0]));	265	psid->revision, psid->num_subauth));
297		266
298	for (i = 0; i < psid->num_subauth; i++) {	267	for (i = 0; i < psid->num_subauth; i++) {
299	cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,	268	cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,


diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h index 420f87813647..06d52006bf26 100644 --- a/fs/cifs/cifsacl.h +++ b/fs/cifs/cifsacl.h
@@ -48,7 +48,7 @@ struct cifs_sid {
48	__u8 revision; /* revision level */	48	__u8 revision; /* revision level */
49	__u8 num_subauth;	49	__u8 num_subauth;
50	__u8 authority[6];	50	__u8 authority[6];
51	__le32 sub_auth[5]; /* sub_auth[num_subauth] / / BB FIXME endianness BB */	51	__le32 sub_auth[5]; /* sub_auth[num_subauth] */
52	} __attribute__((packed));	52	} __attribute__((packed));
53		53
54	struct cifs_acl {	54	struct cifs_acl {
@@ -57,18 +57,12 @@ struct cifs_acl {
57	__le32 num_aces;	57	__le32 num_aces;
58	} __attribute__((packed));	58	} __attribute__((packed));
59		59
60	struct cifs_ntace { /* first part of ACE which contains perms */	60	struct cifs_ace {
61	__u8 type;	61	__u8 type;
62	__u8 flags;	62	__u8 flags;
63	__le16 size;	63	__le16 size;
64	__le32 access_req;	64	__le32 access_req;
65	} __attribute__((packed));	65	struct cifs_sid sid; /* ie UUID of user or group who gets these perms */
66
67	struct cifs_ace { /* last part of ACE which includes user info */
68	__u8 revision; /* revision level */
69	__u8 num_subauth;
70	__u8 authority[6];
71	__le32 sub_auth[5];
72	} __attribute__((packed));	66	} __attribute__((packed));
73		67
74	struct cifs_wksid {	68	struct cifs_wksid {


diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c index 793404b10925..37dc97af1487 100644 --- a/fs/cifs/dir.c +++ b/fs/cifs/dir.c
@@ -593,7 +593,7 @@ static int cifs_ci_compare(struct dentry dentry, struct qstr a,
593	* case take precedence. If a is not a negative dentry, this	593	* case take precedence. If a is not a negative dentry, this
594	* should have no side effects	594	* should have no side effects
595	*/	595	*/
596	memcpy((unsigned char *)a->name, b->name, a->len);	596	memcpy(a->name, b->name, a->len);
597	return 0;	597	return 0;
598	}	598	}
599	return 1;	599	return 1;