From d0d66c443aefa51d5dbdd6a1d9b135a2a0e469cc Mon Sep 17 00:00:00 2001
From: Shirish Pargaonkar <shirishp@us.ibm.com>
Date: Wed, 3 Oct 2007 18:22:19 +0000
Subject: [CIFS] CIFS ACL support (part 2)

Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
---
 fs/cifs/cifsacl.c   | 203 +++++++++++++++++++++++++++++++++++++---------------
 fs/cifs/cifsacl.h   |   4 +-
 fs/cifs/cifsproto.h |   2 +-
 fs/cifs/cifssmb.c   |   2 +-
 4 files changed, 151 insertions(+), 60 deletions(-)

(limited to 'fs/cifs')

diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 9b84f373af19..23bff0128e2a 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -24,48 +24,178 @@
 #include <linux/fs.h>
 #include "cifspdu.h"
 #include "cifsglob.h"
+#include "cifsacl.h"
 #include "cifsproto.h"
 #include "cifs_debug.h"
-#include "cifsacl.h"
 
 /* security id for everyone */
 static const struct cifs_sid sid_everyone =
-		{1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}};
+		{1, 1, {0, 0, 0, 0, 0, 0}, {}};
 /* group users */
 static const struct cifs_sid sid_user =
-		{1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};
+		{1, 2 , {0, 0, 0, 0, 0, 5}, {}};
+
+static void parse_ace(struct cifs_ace * pace, char * end_of_acl)
+{
+	int i;
+	int num_subauth;
+	 __u32 *psub_auth;
+
+	/* validate that we do not go past end of acl */
+	if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) {
+		cERROR(1, ("ACL too small to parse ACE"));
+		return;
+	}
+
+	num_subauth = cpu_to_le32(pace->num_subauth);
+	if (num_subauth) {
+		psub_auth = (__u32 *)((char *)pace + sizeof(struct cifs_ace));
+#ifdef CONFIG_CIFS_DEBUG2 
+		cFYI(1, ("ACE revision %d num_subauth %d", 
+			pace->revision, pace->num_subauth)); 
+		for (i = 0; i < num_subauth; ++i) { 
+			cFYI(1, ("ACE sub_auth[%d]: 0x%x", i, 
+				le32_to_cpu(psub_auth[i]))); 
+		} 
+
+		/* BB add length check to make sure that we do not have huge 
+			num auths and therefore go off the end */ 
+
+		cFYI(1, ("RID %d", le32_to_cpu(psub_auth[num_subauth-1]))); 
+#endif 
+	} 
+
+	return; 
+} 
+
+static void parse_ntace(struct cifs_ntace * pntace, char * end_of_acl) 
+{ 
+	/* validate that we do not go past end of acl */ 
+	if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) {
+		cERROR(1, ("ACL too small to parse NT ACE"));
+		return;
+	}
+
+#ifdef CONFIG_CIFS_DEBUG2
+	cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x",
+		pntace->type, pntace->flags, pntace->size,
+		pntace->access_req));
+#endif
+	return;
+}
+
+
+
+static void parse_dacl(struct cifs_acl * pdacl, char * end_of_acl)
+{
+	int i;
+	int num_aces = 0;
+	int acl_size;
+	char *acl_base;
+	struct cifs_ntace **ppntace;
+	struct cifs_ace **ppace;
+
+	/* BB need to add parm so we can store the SID BB */
+
+	/* validate that we do not go past end of acl */
+	if (end_of_acl < (char *)pdacl + pdacl->size) {
+		cERROR(1, ("ACL too small to parse DACL"));
+		return;
+	}
+
+#ifdef CONFIG_CIFS_DEBUG2
+	cFYI(1, ("DACL revision %d size %d num aces %d",
+		pdacl->revision, pdacl->size, pdacl->num_aces));
+#endif
+
+	acl_base = (char *)pdacl;
+	acl_size = sizeof(struct cifs_acl);
+
+	num_aces = cpu_to_le32(pdacl->num_aces);
+	if (num_aces  > 0) {
+		ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
+				GFP_KERNEL);
+		ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
+				GFP_KERNEL);
+
+/*              cifscred->cecount = pdacl->num_aces;
+                cifscred->ntaces = kmalloc(num_aces *
+                        sizeof(struct cifs_ntace *), GFP_KERNEL);
+                cifscred->aces = kmalloc(num_aces *
+                        sizeof(struct cifs_ace *), GFP_KERNEL);*/
+
+
+		for (i = 0; i < num_aces; ++i) {
+			ppntace[i] = (struct cifs_ntace *)
+					(acl_base + acl_size);
+			ppace[i] = (struct cifs_ace *) ((char *)ppntace[i] +
+					sizeof(struct cifs_ntace));
+
+			parse_ntace(ppntace[i], end_of_acl);
+			parse_ace(ppace[i], end_of_acl);
+
+/*                      memcpy((void *)(&(cifscred->ntaces[i])),
+                                (void *)ppntace[i],
+                                sizeof(struct cifs_ntace));
+                        memcpy((void *)(&(cifscred->aces[i])),
+                                (void *)ppace[i],
+                                sizeof(struct cifs_ace)); */
+
+			acl_base = (char *)ppntace[i];
+			acl_size = cpu_to_le32(ppntace[i]->size);
+		}
+
+		kfree(ppace);
+		kfree(ppntace);
+	}
+
+	return;
+}
+
 
 static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
 {
+	int i;
+	int num_subauth;
+	__u32 *psub_auth;
+
 	/* BB need to add parm so we can store the SID BB */
 
 	/* validate that we do not go past end of acl */
 	if (end_of_acl < (char *)psid + sizeof(struct cifs_sid)) {
-		cERROR(1, ("ACL to small to parse SID"));
+		cERROR(1, ("ACL too small to parse SID"));
 		return -EINVAL;
 	}
+
+	num_subauth = cpu_to_le32(psid->num_subauth);
+	if (num_subauth) {
+		psub_auth = (__u32 *)((char *)psid + sizeof(struct cifs_sid));
 #ifdef CONFIG_CIFS_DEBUG2
-	cFYI(1, ("revision %d num_auth %d First subauth 0x%x",
-		psid->revision, psid->num_subauth, psid->sub_auth[0]));
+		cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x",
+			psid->revision, psid->num_subauth, psid->sub_auth[0]));
 
-	/* BB add length check to make sure that we do not have huge num auths
-	      and therefore go off the end */
-	cFYI(1, ("RID 0x%x", le32_to_cpu(psid->sub_auth[psid->num_subauth])));
+		for (i = 0; i < num_subauth; ++i) {
+			cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
+			le32_to_cpu(psub_auth[i])));
+		}
+
+		/* BB add length check to make sure that we do not have huge 
+			num auths and therefore go off the end */
+		cFYI(1, ("RID 0x%x", 
+			le32_to_cpu(psid->sub_auth[psid->num_subauth])));
 #endif
+	}
+
 	return 0;
 }
 
+
 /* Convert CIFS ACL to POSIX form */
 int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
 {
-	int i, rc;
-	int num_aces = 0;
-	int acl_size;
+	int rc;
 	struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
 	struct cifs_acl *dacl_ptr; /* no need for SACL ptr */
-	struct cifs_ntace **ppntace;
-	struct cifs_ace **ppace;
-	char *acl_base;
 	char *end_of_acl = ((char *)pntsd) + acl_len;
 
 	owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
@@ -89,6 +219,8 @@ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
 	if (rc)
 		return rc;
 
+	parse_dacl(dacl_ptr, end_of_acl);
+
 /*	cifscred->uid = owner_sid_ptr->rid;
 	cifscred->gid = group_sid_ptr->rid;
 	memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,
@@ -96,46 +228,5 @@ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
 	memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,
 			sizeof (struct cifs_sid)); */
 
-	num_aces = cpu_to_le32(dacl_ptr->num_aces);
-	cFYI(1, ("num aces %d", num_aces));
-	if (num_aces  > 0) {
-		ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
-				GFP_KERNEL);
-		ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
-				GFP_KERNEL);
-
-/*		cifscred->cecount = dacl_ptr->num_aces;
-		cifscred->ntaces = kmalloc(num_aces *
-				sizeof(struct cifs_ntace *), GFP_KERNEL);
-		cifscred->aces = kmalloc(num_aces *
-				sizeof(struct cifs_ace *), GFP_KERNEL);*/
-
-		acl_base = (char *)dacl_ptr;
-		acl_size = sizeof(struct cifs_acl);
-
-		for (i = 0; i < num_aces; ++i) {
-			ppntace[i] = (struct cifs_ntace *)
-						(acl_base + acl_size);
-			ppace[i] = (struct cifs_ace *)
-					((char *)ppntace[i] +
-					sizeof(struct cifs_ntace));
-
-/*			memcpy((void *)(&(cifscred->ntaces[i])),
-				(void *)ntace_ptrptr[i],
-				sizeof(struct cifs_ntace));
-			memcpy((void *)(&(cifscred->aces[i])),
-				(void *)ace_ptrptr[i],
-				sizeof(struct cifs_ace)); */
-
-			acl_base = (char *)ppntace[i];
-			acl_size = cpu_to_le32(ppntace[i]->size);
-#ifdef CONFIG_CIFS_DEBUG2
-			cFYI(1, ("ACE revision:%d", ppace[i]->revision));
-#endif
-		}
-		kfree(ppace);
-		kfree(ppntace);
-	}
-
 	return (0);
 }
diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h
index 5e7b56738cc5..bf297ea1905a 100644
--- a/fs/cifs/cifsacl.h
+++ b/fs/cifs/cifsacl.h
@@ -44,14 +44,14 @@ struct cifs_acl {
 	__u32 num_aces;
 } __attribute__((packed));
 
-struct cifs_ntace {
+struct cifs_ntace { /* first part of ACE which contains perms */
 	__u8 type;
 	__u8 flags;
 	__u16 size;
 	__u32 access_req;
 } __attribute__((packed));
 
-struct cifs_ace {
+struct cifs_ace { /* last part of ACE which includes user info */
 	__u8 revision; /* revision level */
 	__u8 num_subauth;
 	__u8 authority[6];
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 7dbb79b8dd50..001f0dc7e60d 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -310,7 +310,7 @@ extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
 extern void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key);
 #endif /* CIFS_WEAK_PW_HASH */
-extern int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len);
+extern int parse_sec_desc(struct cifs_ntsd *, int);
 extern int CIFSSMBCopy(int xid,
 			struct cifsTconInfo *source_tcon,
 			const char *fromName,
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index a6ff324bc135..90b8f8d64d6e 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -34,10 +34,10 @@
 #include <asm/uaccess.h>
 #include "cifspdu.h"
 #include "cifsglob.h"
+#include "cifsacl.h"
 #include "cifsproto.h"
 #include "cifs_unicode.h"
 #include "cifs_debug.h"
-#include "cifsacl.h"
 
 #ifdef CONFIG_CIFS_POSIX
 static struct {
-- 
cgit v1.2.3-59-g8ed1b