cifsacl.c 29.9 KB
Newer Older
1 2 3
/*
 *   fs/cifs/cifsacl.c
 *
4
 *   Copyright (C) International Business Machines  Corp., 2007,2008
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
 *   Author(s): Steve French (sfrench@us.ibm.com)
 *
 *   Contains the routines for mapping CIFS/NTFS ACLs
 *
 *   This library is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU Lesser General Public License as published
 *   by the Free Software Foundation; either version 2.1 of the License, or
 *   (at your option) any later version.
 *
 *   This library is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 *   the GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public License
 *   along with this library; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

24
#include <linux/fs.h>
25
#include <linux/slab.h>
26 27 28 29
#include <linux/string.h>
#include <linux/keyctl.h>
#include <linux/key-type.h>
#include <keys/user-type.h>
30 31
#include "cifspdu.h"
#include "cifsglob.h"
32
#include "cifsacl.h"
33 34 35
#include "cifsproto.h"
#include "cifs_debug.h"

36
/* security id for everyone/world system group */
37 38
static const struct cifs_sid sid_everyone = {
	1, 1, {0, 0, 0, 0, 0, 1}, {0} };
39 40 41
/* security id for Authenticated Users system group */
static const struct cifs_sid sid_authusers = {
	1, 1, {0, 0, 0, 0, 0, 5}, {11} };
42
/* group users */
S
Steve French 已提交
43
static const struct cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {} };
44

45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
const struct cred *root_cred;

static void
shrink_idmap_tree(struct rb_root *root, int nr_to_scan, int *nr_rem,
			int *nr_del)
{
	struct rb_node *node;
	struct rb_node *tmp;
	struct cifs_sid_id *psidid;

	node = rb_first(root);
	while (node) {
		tmp = node;
		node = rb_next(tmp);
		psidid = rb_entry(tmp, struct cifs_sid_id, rbnode);
		if (nr_to_scan == 0 || *nr_del == nr_to_scan)
			++(*nr_rem);
		else {
			if (time_after(jiffies, psidid->time + SID_MAP_EXPIRE)
						&& psidid->refcount == 0) {
				rb_erase(tmp, root);
				++(*nr_del);
			} else
				++(*nr_rem);
		}
	}
}
72 73 74 75 76 77 78

/*
 * Run idmap cache shrinker.
 */
static int
cifs_idmap_shrinker(struct shrinker *shrink, int nr_to_scan, gfp_t gfp_mask)
{
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
	int nr_del = 0;
	int nr_rem = 0;
	struct rb_root *root;

	root = &uidtree;
	spin_lock(&siduidlock);
	shrink_idmap_tree(root, nr_to_scan, &nr_rem, &nr_del);
	spin_unlock(&siduidlock);

	root = &gidtree;
	spin_lock(&sidgidlock);
	shrink_idmap_tree(root, nr_to_scan, &nr_rem, &nr_del);
	spin_unlock(&sidgidlock);

	return nr_rem;
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121
}

static struct shrinker cifs_shrinker = {
	.shrink = cifs_idmap_shrinker,
	.seeks = DEFAULT_SEEKS,
};

static int
cifs_idmap_key_instantiate(struct key *key, const void *data, size_t datalen)
{
	char *payload;

	payload = kmalloc(datalen, GFP_KERNEL);
	if (!payload)
		return -ENOMEM;

	memcpy(payload, data, datalen);
	key->payload.data = payload;
	return 0;
}

static inline void
cifs_idmap_key_destroy(struct key *key)
{
	kfree(key->payload.data);
}

struct key_type cifs_idmap_key_type = {
122
	.name        = "cifs.idmap",
123 124 125 126 127 128
	.instantiate = cifs_idmap_key_instantiate,
	.destroy     = cifs_idmap_key_destroy,
	.describe    = user_describe,
	.match       = user_match,
};

129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337
static void
sid_to_str(struct cifs_sid *sidptr, char *sidstr)
{
	int i;
	unsigned long saval;
	char *strptr;

	strptr = sidstr;

	sprintf(strptr, "%s", "S");
	strptr = sidstr + strlen(sidstr);

	sprintf(strptr, "-%d", sidptr->revision);
	strptr = sidstr + strlen(sidstr);

	for (i = 0; i < 6; ++i) {
		if (sidptr->authority[i]) {
			sprintf(strptr, "-%d", sidptr->authority[i]);
			strptr = sidstr + strlen(sidstr);
		}
	}

	for (i = 0; i < sidptr->num_subauth; ++i) {
		saval = le32_to_cpu(sidptr->sub_auth[i]);
		sprintf(strptr, "-%ld", saval);
		strptr = sidstr + strlen(sidstr);
	}
}

static void
id_rb_insert(struct rb_root *root, struct cifs_sid *sidptr,
		struct cifs_sid_id **psidid, char *typestr)
{
	int rc;
	char *strptr;
	struct rb_node *node = root->rb_node;
	struct rb_node *parent = NULL;
	struct rb_node **linkto = &(root->rb_node);
	struct cifs_sid_id *lsidid;

	while (node) {
		lsidid = rb_entry(node, struct cifs_sid_id, rbnode);
		parent = node;
		rc = compare_sids(sidptr, &((lsidid)->sid));
		if (rc > 0) {
			linkto = &(node->rb_left);
			node = node->rb_left;
		} else if (rc < 0) {
			linkto = &(node->rb_right);
			node = node->rb_right;
		}
	}

	memcpy(&(*psidid)->sid, sidptr, sizeof(struct cifs_sid));
	(*psidid)->time = jiffies - (SID_MAP_RETRY + 1);
	(*psidid)->refcount = 0;

	sprintf((*psidid)->sidstr, "%s", typestr);
	strptr = (*psidid)->sidstr + strlen((*psidid)->sidstr);
	sid_to_str(&(*psidid)->sid, strptr);

	clear_bit(SID_ID_PENDING, &(*psidid)->state);
	clear_bit(SID_ID_MAPPED, &(*psidid)->state);

	rb_link_node(&(*psidid)->rbnode, parent, linkto);
	rb_insert_color(&(*psidid)->rbnode, root);
}

static struct cifs_sid_id *
id_rb_search(struct rb_root *root, struct cifs_sid *sidptr)
{
	int rc;
	struct rb_node *node = root->rb_node;
	struct cifs_sid_id *lsidid;

	while (node) {
		lsidid = rb_entry(node, struct cifs_sid_id, rbnode);
		rc = compare_sids(sidptr, &((lsidid)->sid));
		if (rc > 0) {
			node = node->rb_left;
		} else if (rc < 0) {
			node = node->rb_right;
		} else /* node found */
			return lsidid;
	}

	return NULL;
}

static int
sidid_pending_wait(void *unused)
{
	schedule();
	return signal_pending(current) ? -ERESTARTSYS : 0;
}

static int
sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid,
		struct cifs_fattr *fattr, uint sidtype)
{
	int rc;
	unsigned long cid;
	struct key *idkey;
	const struct cred *saved_cred;
	struct cifs_sid_id *psidid, *npsidid;
	struct rb_root *cidtree;
	spinlock_t *cidlock;

	if (sidtype == SIDOWNER) {
		cid = cifs_sb->mnt_uid; /* default uid, in case upcall fails */
		cidlock = &siduidlock;
		cidtree = &uidtree;
	} else if (sidtype == SIDGROUP) {
		cid = cifs_sb->mnt_gid; /* default gid, in case upcall fails */
		cidlock = &sidgidlock;
		cidtree = &gidtree;
	} else
		return -ENOENT;

	spin_lock(cidlock);
	psidid = id_rb_search(cidtree, psid);

	if (!psidid) { /* node does not exist, allocate one & attempt adding */
		spin_unlock(cidlock);
		npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL);
		if (!npsidid)
			return -ENOMEM;

		npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL);
		if (!npsidid->sidstr) {
			kfree(npsidid);
			return -ENOMEM;
		}

		spin_lock(cidlock);
		psidid = id_rb_search(cidtree, psid);
		if (psidid) { /* node happened to get inserted meanwhile */
			++psidid->refcount;
			spin_unlock(cidlock);
			kfree(npsidid->sidstr);
			kfree(npsidid);
		} else {
			psidid = npsidid;
			id_rb_insert(cidtree, psid, &psidid,
					sidtype == SIDOWNER ? "os:" : "gs:");
			++psidid->refcount;
			spin_unlock(cidlock);
		}
	} else {
		++psidid->refcount;
		spin_unlock(cidlock);
	}

	/*
	 * If we are here, it is safe to access psidid and its fields
	 * since a reference was taken earlier while holding the spinlock.
	 * A reference on the node is put without holding the spinlock
	 * and it is OK to do so in this case, shrinker will not erase
	 * this node until all references are put and we do not access
	 * any fields of the node after a reference is put .
	 */
	if (test_bit(SID_ID_MAPPED, &psidid->state)) {
		cid = psidid->id;
		psidid->time = jiffies; /* update ts for accessing */
		goto sid_to_id_out;
	}

	if (time_after(psidid->time + SID_MAP_RETRY, jiffies))
		goto sid_to_id_out;

	if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) {
		saved_cred = override_creds(root_cred);
		idkey = request_key(&cifs_idmap_key_type, psidid->sidstr, "");
		if (IS_ERR(idkey))
			cFYI(1, "%s: Can't map SID to an id", __func__);
		else {
			cid = *(unsigned long *)idkey->payload.value;
			psidid->id = cid;
			set_bit(SID_ID_MAPPED, &psidid->state);
			key_put(idkey);
			kfree(psidid->sidstr);
		}
		revert_creds(saved_cred);
		psidid->time = jiffies; /* update ts for accessing */
		clear_bit(SID_ID_PENDING, &psidid->state);
		wake_up_bit(&psidid->state, SID_ID_PENDING);
	} else {
		rc = wait_on_bit(&psidid->state, SID_ID_PENDING,
				sidid_pending_wait, TASK_INTERRUPTIBLE);
		if (rc) {
			cFYI(1, "%s: sidid_pending_wait interrupted %d",
					__func__, rc);
			--psidid->refcount; /* decremented without spinlock */
			return rc;
		}
		if (test_bit(SID_ID_MAPPED, &psidid->state))
			cid = psidid->id;
	}

sid_to_id_out:
	--psidid->refcount; /* decremented without spinlock */
	if (sidtype == SIDOWNER)
		fattr->cf_uid = cid;
	else
		fattr->cf_gid = cid;

	return 0;
}

338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424
int
init_cifs_idmap(void)
{
	struct cred *cred;
	struct key *keyring;
	int ret;

	cFYI(1, "Registering the %s key type\n", cifs_idmap_key_type.name);

	/* create an override credential set with a special thread keyring in
	 * which requests are cached
	 *
	 * this is used to prevent malicious redirections from being installed
	 * with add_key().
	 */
	cred = prepare_kernel_cred(NULL);
	if (!cred)
		return -ENOMEM;

	keyring = key_alloc(&key_type_keyring, ".cifs_idmap", 0, 0, cred,
			    (KEY_POS_ALL & ~KEY_POS_SETATTR) |
			    KEY_USR_VIEW | KEY_USR_READ,
			    KEY_ALLOC_NOT_IN_QUOTA);
	if (IS_ERR(keyring)) {
		ret = PTR_ERR(keyring);
		goto failed_put_cred;
	}

	ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
	if (ret < 0)
		goto failed_put_key;

	ret = register_key_type(&cifs_idmap_key_type);
	if (ret < 0)
		goto failed_put_key;

	/* instruct request_key() to use this special keyring as a cache for
	 * the results it looks up */
	cred->thread_keyring = keyring;
	cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
	root_cred = cred;

	spin_lock_init(&siduidlock);
	uidtree = RB_ROOT;
	spin_lock_init(&sidgidlock);
	gidtree = RB_ROOT;

	register_shrinker(&cifs_shrinker);

	cFYI(1, "cifs idmap keyring: %d\n", key_serial(keyring));
	return 0;

failed_put_key:
	key_put(keyring);
failed_put_cred:
	put_cred(cred);
	return ret;
}

void
exit_cifs_idmap(void)
{
	key_revoke(root_cred->thread_keyring);
	unregister_key_type(&cifs_idmap_key_type);
	put_cred(root_cred);
	unregister_shrinker(&cifs_shrinker);
	cFYI(1, "Unregistered %s key type\n", cifs_idmap_key_type.name);
}

void
cifs_destroy_idmaptrees(void)
{
	struct rb_root *root;
	struct rb_node *node;

	root = &uidtree;
	spin_lock(&siduidlock);
	while ((node = rb_first(root)))
		rb_erase(node, root);
	spin_unlock(&siduidlock);

	root = &gidtree;
	spin_lock(&sidgidlock);
	while ((node = rb_first(root)))
		rb_erase(node, root);
	spin_unlock(&sidgidlock);
}
S
Steve French 已提交
425

S
Steve French 已提交
426 427
/* if the two SIDs (roughly equivalent to a UUID for a user or group) are
   the same returns 1, if they do not match returns 0 */
S
Steve French 已提交
428
int compare_sids(const struct cifs_sid *ctsid, const struct cifs_sid *cwsid)
S
Steve French 已提交
429 430 431 432 433
{
	int i;
	int num_subauth, num_sat, num_saw;

	if ((!ctsid) || (!cwsid))
434
		return 1;
S
Steve French 已提交
435 436

	/* compare the revision */
437 438 439 440 441 442
	if (ctsid->revision != cwsid->revision) {
		if (ctsid->revision > cwsid->revision)
			return 1;
		else
			return -1;
	}
S
Steve French 已提交
443 444 445

	/* compare all of the six auth values */
	for (i = 0; i < 6; ++i) {
446 447 448 449 450 451
		if (ctsid->authority[i] != cwsid->authority[i]) {
			if (ctsid->authority[i] > cwsid->authority[i])
				return 1;
			else
				return -1;
		}
S
Steve French 已提交
452 453 454
	}

	/* compare all of the subauth values if any */
S
Steve French 已提交
455
	num_sat = ctsid->num_subauth;
S
Steve French 已提交
456
	num_saw = cwsid->num_subauth;
S
Steve French 已提交
457 458 459
	num_subauth = num_sat < num_saw ? num_sat : num_saw;
	if (num_subauth) {
		for (i = 0; i < num_subauth; ++i) {
460 461 462 463 464 465
			if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) {
				if (ctsid->sub_auth[i] > cwsid->sub_auth[i])
					return 1;
				else
					return -1;
			}
S
Steve French 已提交
466 467 468
		}
	}

469
	return 0; /* sids compare/match */
S
Steve French 已提交
470 471
}

472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512

/* copy ntsd, owner sid, and group sid from a security descriptor to another */
static void copy_sec_desc(const struct cifs_ntsd *pntsd,
				struct cifs_ntsd *pnntsd, __u32 sidsoffset)
{
	int i;

	struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
	struct cifs_sid *nowner_sid_ptr, *ngroup_sid_ptr;

	/* copy security descriptor control portion */
	pnntsd->revision = pntsd->revision;
	pnntsd->type = pntsd->type;
	pnntsd->dacloffset = cpu_to_le32(sizeof(struct cifs_ntsd));
	pnntsd->sacloffset = 0;
	pnntsd->osidoffset = cpu_to_le32(sidsoffset);
	pnntsd->gsidoffset = cpu_to_le32(sidsoffset + sizeof(struct cifs_sid));

	/* copy owner sid */
	owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
				le32_to_cpu(pntsd->osidoffset));
	nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + sidsoffset);

	nowner_sid_ptr->revision = owner_sid_ptr->revision;
	nowner_sid_ptr->num_subauth = owner_sid_ptr->num_subauth;
	for (i = 0; i < 6; i++)
		nowner_sid_ptr->authority[i] = owner_sid_ptr->authority[i];
	for (i = 0; i < 5; i++)
		nowner_sid_ptr->sub_auth[i] = owner_sid_ptr->sub_auth[i];

	/* copy group sid */
	group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
				le32_to_cpu(pntsd->gsidoffset));
	ngroup_sid_ptr = (struct cifs_sid *)((char *)pnntsd + sidsoffset +
					sizeof(struct cifs_sid));

	ngroup_sid_ptr->revision = group_sid_ptr->revision;
	ngroup_sid_ptr->num_subauth = group_sid_ptr->num_subauth;
	for (i = 0; i < 6; i++)
		ngroup_sid_ptr->authority[i] = group_sid_ptr->authority[i];
	for (i = 0; i < 5; i++)
513
		ngroup_sid_ptr->sub_auth[i] = group_sid_ptr->sub_auth[i];
514 515 516 517 518

	return;
}


S
Steve French 已提交
519 520 521 522 523
/*
   change posix mode to reflect permissions
   pmode is the existing mode (we only want to overwrite part of this
   bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
*/
A
Al Viro 已提交
524
static void access_flags_to_mode(__le32 ace_flags, int type, umode_t *pmode,
525
				 umode_t *pbits_to_set)
S
Steve French 已提交
526
{
A
Al Viro 已提交
527
	__u32 flags = le32_to_cpu(ace_flags);
528
	/* the order of ACEs is important.  The canonical order is to begin with
529
	   DENY entries followed by ALLOW, otherwise an allow entry could be
530
	   encountered first, making the subsequent deny entry like "dead code"
531
	   which would be superflous since Windows stops when a match is made
532 533 534 535 536
	   for the operation you are trying to perform for your user */

	/* For deny ACEs we change the mask so that subsequent allow access
	   control entries do not turn on the bits we are denying */
	if (type == ACCESS_DENIED) {
S
Steve French 已提交
537
		if (flags & GENERIC_ALL)
538
			*pbits_to_set &= ~S_IRWXUGO;
S
Steve French 已提交
539

A
Al Viro 已提交
540 541
		if ((flags & GENERIC_WRITE) ||
			((flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
542
			*pbits_to_set &= ~S_IWUGO;
A
Al Viro 已提交
543 544
		if ((flags & GENERIC_READ) ||
			((flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
545
			*pbits_to_set &= ~S_IRUGO;
A
Al Viro 已提交
546 547
		if ((flags & GENERIC_EXECUTE) ||
			((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
548 549 550
			*pbits_to_set &= ~S_IXUGO;
		return;
	} else if (type != ACCESS_ALLOWED) {
551
		cERROR(1, "unknown access control type %d", type);
552 553 554
		return;
	}
	/* else ACCESS_ALLOWED type */
S
Steve French 已提交
555

A
Al Viro 已提交
556
	if (flags & GENERIC_ALL) {
557
		*pmode |= (S_IRWXUGO & (*pbits_to_set));
558
		cFYI(DBG2, "all perms");
S
Steve French 已提交
559 560
		return;
	}
A
Al Viro 已提交
561 562
	if ((flags & GENERIC_WRITE) ||
			((flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
563
		*pmode |= (S_IWUGO & (*pbits_to_set));
A
Al Viro 已提交
564 565
	if ((flags & GENERIC_READ) ||
			((flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
566
		*pmode |= (S_IRUGO & (*pbits_to_set));
A
Al Viro 已提交
567 568
	if ((flags & GENERIC_EXECUTE) ||
			((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
569
		*pmode |= (S_IXUGO & (*pbits_to_set));
S
Steve French 已提交
570

571
	cFYI(DBG2, "access flags 0x%x mode now 0x%x", flags, *pmode);
S
Steve French 已提交
572 573 574
	return;
}

575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599
/*
   Generate access flags to reflect permissions mode is the existing mode.
   This function is called for every ACE in the DACL whose SID matches
   with either owner or group or everyone.
*/

static void mode_to_access_flags(umode_t mode, umode_t bits_to_use,
				__u32 *pace_flags)
{
	/* reset access mask */
	*pace_flags = 0x0;

	/* bits to use are either S_IRWXU or S_IRWXG or S_IRWXO */
	mode &= bits_to_use;

	/* check for R/W/X UGO since we do not know whose flags
	   is this but we have cleared all the bits sans RWX for
	   either user or group or other as per bits_to_use */
	if (mode & S_IRUGO)
		*pace_flags |= SET_FILE_READ_RIGHTS;
	if (mode & S_IWUGO)
		*pace_flags |= SET_FILE_WRITE_RIGHTS;
	if (mode & S_IXUGO)
		*pace_flags |= SET_FILE_EXEC_RIGHTS;

600
	cFYI(DBG2, "mode: 0x%x, access flags now 0x%x", mode, *pace_flags);
601 602 603
	return;
}

A
Al Viro 已提交
604
static __u16 fill_ace_for_sid(struct cifs_ace *pntace,
605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627
			const struct cifs_sid *psid, __u64 nmode, umode_t bits)
{
	int i;
	__u16 size = 0;
	__u32 access_req = 0;

	pntace->type = ACCESS_ALLOWED;
	pntace->flags = 0x0;
	mode_to_access_flags(nmode, bits, &access_req);
	if (!access_req)
		access_req = SET_MINIMUM_RIGHTS;
	pntace->access_req = cpu_to_le32(access_req);

	pntace->sid.revision = psid->revision;
	pntace->sid.num_subauth = psid->num_subauth;
	for (i = 0; i < 6; i++)
		pntace->sid.authority[i] = psid->authority[i];
	for (i = 0; i < psid->num_subauth; i++)
		pntace->sid.sub_auth[i] = psid->sub_auth[i];

	size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4);
	pntace->size = cpu_to_le16(size);

628
	return size;
629 630
}

S
Steve French 已提交
631

632 633
#ifdef CONFIG_CIFS_DEBUG2
static void dump_ace(struct cifs_ace *pace, char *end_of_acl)
634 635 636 637
{
	int num_subauth;

	/* validate that we do not go past end of acl */
S
Steve French 已提交
638

S
Steve French 已提交
639
	if (le16_to_cpu(pace->size) < 16) {
640
		cERROR(1, "ACE too small %d", le16_to_cpu(pace->size));
S
Steve French 已提交
641 642 643 644
		return;
	}

	if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) {
645
		cERROR(1, "ACL too small to parse ACE");
646
		return;
S
Steve French 已提交
647
	}
648

S
Steve French 已提交
649
	num_subauth = pace->sid.num_subauth;
650
	if (num_subauth) {
651
		int i;
652
		cFYI(1, "ACE revision %d num_auth %d type %d flags %d size %d",
S
Steve French 已提交
653
			pace->sid.revision, pace->sid.num_subauth, pace->type,
654
			pace->flags, le16_to_cpu(pace->size));
S
Steve French 已提交
655
		for (i = 0; i < num_subauth; ++i) {
656 657
			cFYI(1, "ACE sub_auth[%d]: 0x%x", i,
				le32_to_cpu(pace->sid.sub_auth[i]));
S
Steve French 已提交
658 659 660 661 662 663 664 665
		}

		/* BB add length check to make sure that we do not have huge
			num auths and therefore go off the end */
	}

	return;
}
666
#endif
S
Steve French 已提交
667

668

S
Steve French 已提交
669
static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
S
Steve French 已提交
670
		       struct cifs_sid *pownersid, struct cifs_sid *pgrpsid,
671
		       struct cifs_fattr *fattr)
672 673 674 675 676 677 678 679 680
{
	int i;
	int num_aces = 0;
	int acl_size;
	char *acl_base;
	struct cifs_ace **ppace;

	/* BB need to add parm so we can store the SID BB */

681 682 683
	if (!pdacl) {
		/* no DACL in the security descriptor, set
		   all the permissions for user/group/other */
684
		fattr->cf_mode |= S_IRWXUGO;
685 686 687
		return;
	}

688
	/* validate that we do not go past end of acl */
689
	if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) {
690
		cERROR(1, "ACL too small to parse DACL");
691 692 693
		return;
	}

694
	cFYI(DBG2, "DACL revision %d size %d num aces %d",
695
		le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
696
		le32_to_cpu(pdacl->num_aces));
697

698 699 700
	/* reset rwx permissions for user/group/other.
	   Also, if num_aces is 0 i.e. DACL has no ACEs,
	   user/group/other have no permissions */
701
	fattr->cf_mode &= ~(S_IRWXUGO);
702

703 704 705
	acl_base = (char *)pdacl;
	acl_size = sizeof(struct cifs_acl);

S
Steve French 已提交
706
	num_aces = le32_to_cpu(pdacl->num_aces);
707
	if (num_aces  > 0) {
708 709
		umode_t user_mask = S_IRWXU;
		umode_t group_mask = S_IRWXG;
710
		umode_t other_mask = S_IRWXU | S_IRWXG | S_IRWXO;
711

712 713
		ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
				GFP_KERNEL);
714 715 716 717
		if (!ppace) {
			cERROR(1, "DACL memory allocation error");
			return;
		}
718 719

		for (i = 0; i < num_aces; ++i) {
S
Steve French 已提交
720
			ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
721 722 723
#ifdef CONFIG_CIFS_DEBUG2
			dump_ace(ppace[i], end_of_acl);
#endif
724
			if (compare_sids(&(ppace[i]->sid), pownersid) == 0)
725
				access_flags_to_mode(ppace[i]->access_req,
726
						     ppace[i]->type,
727
						     &fattr->cf_mode,
728
						     &user_mask);
729
			if (compare_sids(&(ppace[i]->sid), pgrpsid) == 0)
730
				access_flags_to_mode(ppace[i]->access_req,
731
						     ppace[i]->type,
732
						     &fattr->cf_mode,
733
						     &group_mask);
734
			if (compare_sids(&(ppace[i]->sid), &sid_everyone) == 0)
735
				access_flags_to_mode(ppace[i]->access_req,
736
						     ppace[i]->type,
737
						     &fattr->cf_mode,
738
						     &other_mask);
739
			if (compare_sids(&(ppace[i]->sid), &sid_authusers) == 0)
740 741 742 743 744
				access_flags_to_mode(ppace[i]->access_req,
						     ppace[i]->type,
						     &fattr->cf_mode,
						     &other_mask);

745

S
Steve French 已提交
746
/*			memcpy((void *)(&(cifscred->aces[i])),
S
Steve French 已提交
747 748
				(void *)ppace[i],
				sizeof(struct cifs_ace)); */
749

S
Steve French 已提交
750 751
			acl_base = (char *)ppace[i];
			acl_size = le16_to_cpu(ppace[i]->size);
752 753 754 755 756 757 758 759
		}

		kfree(ppace);
	}

	return;
}

760

761 762 763
static int set_chmod_dacl(struct cifs_acl *pndacl, struct cifs_sid *pownersid,
			struct cifs_sid *pgrpsid, __u64 nmode)
{
A
Al Viro 已提交
764
	u16 size = 0;
765 766 767 768 769 770 771 772 773 774 775 776
	struct cifs_acl *pnndacl;

	pnndacl = (struct cifs_acl *)((char *)pndacl + sizeof(struct cifs_acl));

	size += fill_ace_for_sid((struct cifs_ace *) ((char *)pnndacl + size),
					pownersid, nmode, S_IRWXU);
	size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size),
					pgrpsid, nmode, S_IRWXG);
	size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size),
					 &sid_everyone, nmode, S_IRWXO);

	pndacl->size = cpu_to_le16(size + sizeof(struct cifs_acl));
777
	pndacl->num_aces = cpu_to_le32(3);
778

779
	return 0;
780 781 782
}


783 784 785 786
static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
{
	/* BB need to add parm so we can store the SID BB */

S
Steve French 已提交
787 788 789
	/* validate that we do not go past end of ACL - sid must be at least 8
	   bytes long (assuming no sub-auths - e.g. the null SID */
	if (end_of_acl < (char *)psid + 8) {
790
		cERROR(1, "ACL too small to parse SID %p", psid);
791 792
		return -EINVAL;
	}
793

794
	if (psid->num_subauth) {
795
#ifdef CONFIG_CIFS_DEBUG2
796
		int i;
797 798
		cFYI(1, "SID revision %d num_auth %d",
			psid->revision, psid->num_subauth);
799

800
		for (i = 0; i < psid->num_subauth; i++) {
801 802
			cFYI(1, "SID sub_auth[%d]: 0x%x ", i,
				le32_to_cpu(psid->sub_auth[i]));
803 804
		}

S
Steve French 已提交
805
		/* BB add length check to make sure that we do not have huge
806
			num auths and therefore go off the end */
807 808
		cFYI(1, "RID 0x%x",
			le32_to_cpu(psid->sub_auth[psid->num_subauth-1]));
809
#endif
810 811
	}

812 813 814
	return 0;
}

815

816
/* Convert CIFS ACL to POSIX form */
817 818
static int parse_sec_desc(struct cifs_sb_info *cifs_sb,
		struct cifs_ntsd *pntsd, int acl_len, struct cifs_fattr *fattr)
819
{
820
	int rc = 0;
821 822 823
	struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
	struct cifs_acl *dacl_ptr; /* no need for SACL ptr */
	char *end_of_acl = ((char *)pntsd) + acl_len;
824
	__u32 dacloffset;
825

826
	if (pntsd == NULL)
S
Steve French 已提交
827 828
		return -EIO;

829
	owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
830
				le32_to_cpu(pntsd->osidoffset));
831
	group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
832
				le32_to_cpu(pntsd->gsidoffset));
833
	dacloffset = le32_to_cpu(pntsd->dacloffset);
834
	dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
835
	cFYI(DBG2, "revision %d type 0x%x ooffset 0x%x goffset 0x%x "
836
		 "sacloffset 0x%x dacloffset 0x%x",
837 838
		 pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset),
		 le32_to_cpu(pntsd->gsidoffset),
839
		 le32_to_cpu(pntsd->sacloffset), dacloffset);
S
Steve French 已提交
840
/*	cifs_dump_mem("owner_sid: ", owner_sid_ptr, 64); */
841
	rc = parse_sid(owner_sid_ptr, end_of_acl);
842 843 844 845 846 847 848
	if (rc) {
		cFYI(1, "%s: Error %d parsing Owner SID", __func__, rc);
		return rc;
	}
	rc = sid_to_id(cifs_sb, owner_sid_ptr, fattr, SIDOWNER);
	if (rc) {
		cFYI(1, "%s: Error %d mapping Owner SID to uid", __func__, rc);
849
		return rc;
850
	}
851 852

	rc = parse_sid(group_sid_ptr, end_of_acl);
853 854
	if (rc) {
		cFYI(1, "%s: Error %d mapping Owner SID to gid", __func__, rc);
855
		return rc;
856 857 858 859 860 861
	}
	rc = sid_to_id(cifs_sb, group_sid_ptr, fattr, SIDGROUP);
	if (rc) {
		cFYI(1, "%s: Error %d mapping Group SID to gid", __func__, rc);
		return rc;
	}
862

863 864
	if (dacloffset)
		parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr,
865
			   group_sid_ptr, fattr);
866
	else
867
		cFYI(1, "no ACL"); /* BB grant all or default perms? */
868

869 870 871
/*	cifscred->uid = owner_sid_ptr->rid;
	cifscred->gid = group_sid_ptr->rid;
	memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,
S
Steve French 已提交
872
			sizeof(struct cifs_sid));
873
	memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,
S
Steve French 已提交
874
			sizeof(struct cifs_sid)); */
875

876
	return rc;
877
}
S
Steve French 已提交
878 879


880 881
/* Convert permission bits from mode to equivalent CIFS ACL */
static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
882
				struct inode *inode, __u64 nmode)
883 884 885 886 887 888 889 890 891 892
{
	int rc = 0;
	__u32 dacloffset;
	__u32 ndacloffset;
	__u32 sidsoffset;
	struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
	struct cifs_acl *dacl_ptr = NULL;  /* no need for SACL ptr */
	struct cifs_acl *ndacl_ptr = NULL; /* no need for SACL ptr */

	if ((inode == NULL) || (pntsd == NULL) || (pnntsd == NULL))
893
		return -EIO;
894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915

	owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
				le32_to_cpu(pntsd->osidoffset));
	group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
				le32_to_cpu(pntsd->gsidoffset));

	dacloffset = le32_to_cpu(pntsd->dacloffset);
	dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);

	ndacloffset = sizeof(struct cifs_ntsd);
	ndacl_ptr = (struct cifs_acl *)((char *)pnntsd + ndacloffset);
	ndacl_ptr->revision = dacl_ptr->revision;
	ndacl_ptr->size = 0;
	ndacl_ptr->num_aces = 0;

	rc = set_chmod_dacl(ndacl_ptr, owner_sid_ptr, group_sid_ptr, nmode);

	sidsoffset = ndacloffset + le16_to_cpu(ndacl_ptr->size);

	/* copy security descriptor control portion and owner and group sid */
	copy_sec_desc(pntsd, pnntsd, sidsoffset);

916
	return rc;
917 918
}

919 920
static struct cifs_ntsd *get_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb,
		__u16 fid, u32 *pacllen)
S
Steve French 已提交
921 922
{
	struct cifs_ntsd *pntsd = NULL;
923
	int xid, rc;
924 925 926
	struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);

	if (IS_ERR(tlink))
927
		return ERR_CAST(tlink);
S
Steve French 已提交
928

929
	xid = GetXid();
930
	rc = CIFSSMBGetCIFSACL(xid, tlink_tcon(tlink), fid, &pntsd, pacllen);
931
	FreeXid(xid);
S
Steve French 已提交
932

933
	cifs_put_tlink(tlink);
S
Steve French 已提交
934

935 936 937
	cFYI(1, "%s: rc = %d ACL len %d", __func__, rc, *pacllen);
	if (rc)
		return ERR_PTR(rc);
938 939
	return pntsd;
}
940

941 942 943 944 945 946 947
static struct cifs_ntsd *get_cifs_acl_by_path(struct cifs_sb_info *cifs_sb,
		const char *path, u32 *pacllen)
{
	struct cifs_ntsd *pntsd = NULL;
	int oplock = 0;
	int xid, rc;
	__u16 fid;
948
	struct cifs_tcon *tcon;
949 950 951
	struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);

	if (IS_ERR(tlink))
952
		return ERR_CAST(tlink);
S
Steve French 已提交
953

954
	tcon = tlink_tcon(tlink);
955 956
	xid = GetXid();

957
	rc = CIFSSMBOpen(xid, tcon, path, FILE_OPEN, READ_CONTROL, 0,
958 959
			 &fid, &oplock, NULL, cifs_sb->local_nls,
			 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
960 961 962
	if (!rc) {
		rc = CIFSSMBGetCIFSACL(xid, tcon, fid, &pntsd, pacllen);
		CIFSSMBClose(xid, tcon, fid);
S
Steve French 已提交
963 964
	}

965
	cifs_put_tlink(tlink);
966
	FreeXid(xid);
967 968 969 970

	cFYI(1, "%s: rc = %d ACL len %d", __func__, rc, *pacllen);
	if (rc)
		return ERR_PTR(rc);
971 972 973
	return pntsd;
}

974
/* Retrieve an ACL from the server */
975
struct cifs_ntsd *get_cifs_acl(struct cifs_sb_info *cifs_sb,
976 977 978 979 980 981 982
				      struct inode *inode, const char *path,
				      u32 *pacllen)
{
	struct cifs_ntsd *pntsd = NULL;
	struct cifsFileInfo *open_file = NULL;

	if (inode)
983
		open_file = find_readable_file(CIFS_I(inode), true);
984 985 986 987
	if (!open_file)
		return get_cifs_acl_by_path(cifs_sb, path, pacllen);

	pntsd = get_cifs_acl_by_fid(cifs_sb, open_file->netfid, pacllen);
988
	cifsFileInfo_put(open_file);
989 990 991
	return pntsd;
}

992 993
static int set_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb, __u16 fid,
		struct cifs_ntsd *pnntsd, u32 acllen)
994
{
995
	int xid, rc;
996 997 998 999
	struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);

	if (IS_ERR(tlink))
		return PTR_ERR(tlink);
1000

1001
	xid = GetXid();
1002
	rc = CIFSSMBSetCIFSACL(xid, tlink_tcon(tlink), fid, pnntsd, acllen);
1003
	FreeXid(xid);
1004
	cifs_put_tlink(tlink);
1005

1006
	cFYI(DBG2, "SetCIFSACL rc = %d", rc);
1007 1008
	return rc;
}
1009

1010 1011 1012 1013 1014 1015
static int set_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, const char *path,
		struct cifs_ntsd *pnntsd, u32 acllen)
{
	int oplock = 0;
	int xid, rc;
	__u16 fid;
1016
	struct cifs_tcon *tcon;
1017
	struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);
1018

1019 1020 1021 1022
	if (IS_ERR(tlink))
		return PTR_ERR(tlink);

	tcon = tlink_tcon(tlink);
1023 1024
	xid = GetXid();

1025
	rc = CIFSSMBOpen(xid, tcon, path, FILE_OPEN, WRITE_DAC, 0,
1026 1027 1028
			 &fid, &oplock, NULL, cifs_sb->local_nls,
			 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
	if (rc) {
1029
		cERROR(1, "Unable to open file to set ACL");
1030
		goto out;
1031 1032
	}

1033
	rc = CIFSSMBSetCIFSACL(xid, tcon, fid, pnntsd, acllen);
1034
	cFYI(DBG2, "SetCIFSACL rc = %d", rc);
1035

1036 1037
	CIFSSMBClose(xid, tcon, fid);
out:
1038
	FreeXid(xid);
1039
	cifs_put_tlink(tlink);
1040 1041
	return rc;
}
1042

1043
/* Set an ACL on the server */
1044
int set_cifs_acl(struct cifs_ntsd *pnntsd, __u32 acllen,
1045 1046 1047 1048 1049 1050
				struct inode *inode, const char *path)
{
	struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
	struct cifsFileInfo *open_file;
	int rc;

1051
	cFYI(DBG2, "set ACL for %s from mode 0x%x", path, inode->i_mode);
1052

1053
	open_file = find_readable_file(CIFS_I(inode), true);
1054 1055 1056 1057
	if (!open_file)
		return set_cifs_acl_by_path(cifs_sb, path, pnntsd, acllen);

	rc = set_cifs_acl_by_fid(cifs_sb, open_file->netfid, pnntsd, acllen);
1058
	cifsFileInfo_put(open_file);
1059
	return rc;
1060 1061
}

1062
/* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */
1063
int
1064 1065
cifs_acl_to_fattr(struct cifs_sb_info *cifs_sb, struct cifs_fattr *fattr,
		  struct inode *inode, const char *path, const __u16 *pfid)
1066 1067 1068 1069 1070
{
	struct cifs_ntsd *pntsd = NULL;
	u32 acllen = 0;
	int rc = 0;

1071
	cFYI(DBG2, "converting ACL to mode for %s", path);
1072 1073 1074 1075 1076

	if (pfid)
		pntsd = get_cifs_acl_by_fid(cifs_sb, *pfid, &acllen);
	else
		pntsd = get_cifs_acl(cifs_sb, inode, path, &acllen);
1077 1078

	/* if we can retrieve the ACL, now parse Access Control Entries, ACEs */
1079 1080 1081 1082
	if (IS_ERR(pntsd)) {
		rc = PTR_ERR(pntsd);
		cERROR(1, "%s: error %d getting sec desc", __func__, rc);
	} else {
1083
		rc = parse_sec_desc(cifs_sb, pntsd, acllen, fattr);
1084 1085 1086 1087
		kfree(pntsd);
		if (rc)
			cERROR(1, "parse sec desc failed rc = %d", rc);
	}
1088

1089
	return rc;
S
Steve French 已提交
1090
}
1091

1092
/* Convert mode bits to an ACL so we can update the ACL on the server */
1093
int mode_to_cifs_acl(struct inode *inode, const char *path, __u64 nmode)
1094 1095
{
	int rc = 0;
1096
	__u32 secdesclen = 0;
1097 1098
	struct cifs_ntsd *pntsd = NULL; /* acl obtained from server */
	struct cifs_ntsd *pnntsd = NULL; /* modified acl to be sent to server */
1099

1100
	cFYI(DBG2, "set ACL from mode for %s", path);
1101 1102

	/* Get the security descriptor */
1103
	pntsd = get_cifs_acl(CIFS_SB(inode->i_sb), inode, path, &secdesclen);
1104

1105 1106
	/* Add three ACEs for owner, group, everyone getting rid of
	   other ACEs as chmod disables ACEs and set the security descriptor */
1107

1108 1109 1110 1111
	if (IS_ERR(pntsd)) {
		rc = PTR_ERR(pntsd);
		cERROR(1, "%s: error %d getting sec desc", __func__, rc);
	} else {
1112 1113 1114
		/* allocate memory for the smb header,
		   set security descriptor request security descriptor
		   parameters, and secuirty descriptor itself */
1115

1116 1117 1118
		secdesclen = secdesclen < DEFSECDESCLEN ?
					DEFSECDESCLEN : secdesclen;
		pnntsd = kmalloc(secdesclen, GFP_KERNEL);
1119
		if (!pnntsd) {
1120
			cERROR(1, "Unable to allocate security descriptor");
1121
			kfree(pntsd);
1122
			return -ENOMEM;
1123
		}
1124

1125
		rc = build_sec_desc(pntsd, pnntsd, inode, nmode);
1126

1127
		cFYI(DBG2, "build_sec_desc rc: %d", rc);
1128 1129 1130

		if (!rc) {
			/* Set the security descriptor */
1131
			rc = set_cifs_acl(pnntsd, secdesclen, inode, path);
1132
			cFYI(DBG2, "set_cifs_acl rc: %d", rc);
1133 1134 1135 1136 1137 1138
		}

		kfree(pnntsd);
		kfree(pntsd);
	}

1139
	return rc;
1140
}