/* * fs/cifs/cifsacl.c * * Copyright (C) International Business Machines Corp., 2007 * Author(s): Steve French (sfrench@us.ibm.com) * * Contains the routines for mapping CIFS/NTFS ACLs * * This library is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published * by the Free Software Foundation; either version 2.1 of the License, or * (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See * the GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include "cifspdu.h" #include "cifsglob.h" #include "cifsacl.h" #include "cifsproto.h" #include "cifs_debug.h" /* security id for everyone */ static const struct cifs_sid sid_everyone = {1, 1, {0, 0, 0, 0, 0, 0}, {} }; /* group users */ static const struct cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {} }; static void parse_ace(struct cifs_ace *pace, char *end_of_acl) { int i; int num_subauth; __u32 *psub_auth; /* validate that we do not go past end of acl */ if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) { cERROR(1, ("ACL too small to parse ACE")); return; } num_subauth = cpu_to_le32(pace->num_subauth); if (num_subauth) { psub_auth = (__u32 *)((char *)pace + sizeof(struct cifs_ace)); #ifdef CONFIG_CIFS_DEBUG2 cFYI(1, ("ACE revision %d num_subauth %d", pace->revision, pace->num_subauth)); for (i = 0; i < num_subauth; ++i) { cFYI(1, ("ACE sub_auth[%d]: 0x%x", i, le32_to_cpu(psub_auth[i]))); } /* BB add length check to make sure that we do not have huge num auths and therefore go off the end */ cFYI(1, ("RID %d", le32_to_cpu(psub_auth[num_subauth-1]))); #endif } return; } static void parse_ntace(struct cifs_ntace *pntace, char *end_of_acl) { /* validate that we do not go past end of acl */ if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) { cERROR(1, ("ACL too small to parse NT ACE")); return; } #ifdef CONFIG_CIFS_DEBUG2 cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x", pntace->type, pntace->flags, pntace->size, pntace->access_req)); #endif return; } static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl) { int i; int num_aces = 0; int acl_size; char *acl_base; struct cifs_ntace **ppntace; struct cifs_ace **ppace; /* BB need to add parm so we can store the SID BB */ /* validate that we do not go past end of acl */ if (end_of_acl < (char *)pdacl + pdacl->size) { cERROR(1, ("ACL too small to parse DACL")); return; } #ifdef CONFIG_CIFS_DEBUG2 cFYI(1, ("DACL revision %d size %d num aces %d", pdacl->revision, pdacl->size, pdacl->num_aces)); #endif acl_base = (char *)pdacl; acl_size = sizeof(struct cifs_acl); num_aces = cpu_to_le32(pdacl->num_aces); if (num_aces > 0) { ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *), GFP_KERNEL); ppace = kmalloc(num_aces * sizeof(struct cifs_ace *), GFP_KERNEL); /* cifscred->cecount = pdacl->num_aces; cifscred->ntaces = kmalloc(num_aces * sizeof(struct cifs_ntace *), GFP_KERNEL); cifscred->aces = kmalloc(num_aces * sizeof(struct cifs_ace *), GFP_KERNEL);*/ for (i = 0; i < num_aces; ++i) { ppntace[i] = (struct cifs_ntace *) (acl_base + acl_size); ppace[i] = (struct cifs_ace *) ((char *)ppntace[i] + sizeof(struct cifs_ntace)); parse_ntace(ppntace[i], end_of_acl); parse_ace(ppace[i], end_of_acl); /* memcpy((void *)(&(cifscred->ntaces[i])), (void *)ppntace[i], sizeof(struct cifs_ntace)); memcpy((void *)(&(cifscred->aces[i])), (void *)ppace[i], sizeof(struct cifs_ace)); */ acl_base = (char *)ppntace[i]; acl_size = cpu_to_le32(ppntace[i]->size); } kfree(ppace); kfree(ppntace); } return; } static int parse_sid(struct cifs_sid *psid, char *end_of_acl) { int i; int num_subauth; __u32 *psub_auth; /* BB need to add parm so we can store the SID BB */ /* validate that we do not go past end of acl */ if (end_of_acl < (char *)psid + sizeof(struct cifs_sid)) { cERROR(1, ("ACL too small to parse SID")); return -EINVAL; } num_subauth = cpu_to_le32(psid->num_subauth); if (num_subauth) { psub_auth = (__u32 *)((char *)psid + sizeof(struct cifs_sid)); #ifdef CONFIG_CIFS_DEBUG2 cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x", psid->revision, psid->num_subauth, psid->sub_auth[0])); for (i = 0; i < num_subauth; ++i) { cFYI(1, ("SID sub_auth[%d]: 0x%x ", i, le32_to_cpu(psub_auth[i]))); } /* BB add length check to make sure that we do not have huge num auths and therefore go off the end */ cFYI(1, ("RID 0x%x", le32_to_cpu(psid->sub_auth[psid->num_subauth]))); #endif } return 0; } /* Convert CIFS ACL to POSIX form */ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len) { int rc; struct cifs_sid *owner_sid_ptr, *group_sid_ptr; struct cifs_acl *dacl_ptr; /* no need for SACL ptr */ char *end_of_acl = ((char *)pntsd) + acl_len; owner_sid_ptr = (struct cifs_sid *)((char *)pntsd + cpu_to_le32(pntsd->osidoffset)); group_sid_ptr = (struct cifs_sid *)((char *)pntsd + cpu_to_le32(pntsd->gsidoffset)); dacl_ptr = (struct cifs_acl *)((char *)pntsd + cpu_to_le32(pntsd->dacloffset)); #ifdef CONFIG_CIFS_DEBUG2 cFYI(1, ("revision %d type 0x%x ooffset 0x%x goffset 0x%x " "sacloffset 0x%x dacloffset 0x%x", pntsd->revision, pntsd->type, pntsd->osidoffset, pntsd->gsidoffset, pntsd->sacloffset, pntsd->dacloffset)); #endif rc = parse_sid(owner_sid_ptr, end_of_acl); if (rc) return rc; rc = parse_sid(group_sid_ptr, end_of_acl); if (rc) return rc; parse_dacl(dacl_ptr, end_of_acl); /* cifscred->uid = owner_sid_ptr->rid; cifscred->gid = group_sid_ptr->rid; memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr, sizeof (struct cifs_sid)); memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr, sizeof (struct cifs_sid)); */ return (0); }