Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
phyus
/
linux-vybrid_public
8
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Pārlūkot izejas kodu

[CIFS] CIFS ACL support (part 2)

Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Shirish Pargaonkar 17 gadi atpakaļ
vecāks
a8a11d399f
revīzija
d0d66c443a
4 mainītis faili ar 151 papildinājumiem un 60 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 147 56
      fs/cifs/cifsacl.c
  2. 2 2
      fs/cifs/cifsacl.h
  3. 1 1
      fs/cifs/cifsproto.h
  4. 1 1
      fs/cifs/cifssmb.c

+ 147 - 56
fs/cifs/cifsacl.c
Parādīt failu 

@@ -24,48 +24,178 @@
 
 #include <linux/fs.h>
 
 #include "cifspdu.h"
 
 #include "cifsglob.h"
 
+#include "cifsacl.h"
 
 #include "cifsproto.h"
 
 #include "cifs_debug.h"
 
-#include "cifsacl.h"
 
 
 /* security id for everyone */
 
 static const struct cifs_sid sid_everyone =
 
-		{1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}};
 
+		{1, 1, {0, 0, 0, 0, 0, 0}, {}};
 
 /* group users */
 
 static const struct cifs_sid sid_user =
 
-		{1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};
 
+		{1, 2 , {0, 0, 0, 0, 0, 5}, {}};
 
+
 
+static void parse_ace(struct cifs_ace * pace, char * end_of_acl)
 
+{
 
+	int i;
 
+	int num_subauth;
 
+	 __u32 *psub_auth;
 
+
 
+	/* validate that we do not go past end of acl */
 
+	if (end_of_acl < (char *)pace + sizeof(struct cifs_ace)) {
 
+		cERROR(1, ("ACL too small to parse ACE"));
 
+		return;
 
+	}
 
+
 
+	num_subauth = cpu_to_le32(pace->num_subauth);
 
+	if (num_subauth) {
 
+		psub_auth = (__u32 *)((char *)pace + sizeof(struct cifs_ace));
 
+#ifdef CONFIG_CIFS_DEBUG2 
+		cFYI(1, ("ACE revision %d num_subauth %d", 
+			pace->revision, pace->num_subauth)); 
+		for (i = 0; i < num_subauth; ++i) { 
+			cFYI(1, ("ACE sub_auth[%d]: 0x%x", i, 
+				le32_to_cpu(psub_auth[i]))); 
+		} 
+
 
+		/* BB add length check to make sure that we do not have huge 
+			num auths and therefore go off the end */ 
+
 
+		cFYI(1, ("RID %d", le32_to_cpu(psub_auth[num_subauth-1]))); 
+#endif 
+	} 
+
 
+	return; 
+} 
+
 
+static void parse_ntace(struct cifs_ntace * pntace, char * end_of_acl) 
+{ 
+	/* validate that we do not go past end of acl */ 
+	if (end_of_acl < (char *)pntace + sizeof(struct cifs_ntace)) {
 
+		cERROR(1, ("ACL too small to parse NT ACE"));
 
+		return;
 
+	}
 
+
 
+#ifdef CONFIG_CIFS_DEBUG2
 
+	cFYI(1, ("NTACE type %d flags 0x%x size %d, access Req 0x%x",
 
+		pntace->type, pntace->flags, pntace->size,
 
+		pntace->access_req));
 
+#endif
 
+	return;
 
+}
 
+
 
+
 
+
 
+static void parse_dacl(struct cifs_acl * pdacl, char * end_of_acl)
 
+{
 
+	int i;
 
+	int num_aces = 0;
 
+	int acl_size;
 
+	char *acl_base;
 
+	struct cifs_ntace **ppntace;
 
+	struct cifs_ace **ppace;
 
+
 
+	/* BB need to add parm so we can store the SID BB */
 
+
 
+	/* validate that we do not go past end of acl */
 
+	if (end_of_acl < (char *)pdacl + pdacl->size) {
 
+		cERROR(1, ("ACL too small to parse DACL"));
 
+		return;
 
+	}
 
+
 
+#ifdef CONFIG_CIFS_DEBUG2
 
+	cFYI(1, ("DACL revision %d size %d num aces %d",
 
+		pdacl->revision, pdacl->size, pdacl->num_aces));
 
+#endif
 
+
 
+	acl_base = (char *)pdacl;
 
+	acl_size = sizeof(struct cifs_acl);
 
+
 
+	num_aces = cpu_to_le32(pdacl->num_aces);
 
+	if (num_aces  > 0) {
 
+		ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
 
+				GFP_KERNEL);
 
+		ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
 
+				GFP_KERNEL);
 
+
 
+/*              cifscred->cecount = pdacl->num_aces;
 
+                cifscred->ntaces = kmalloc(num_aces *
 
+                        sizeof(struct cifs_ntace *), GFP_KERNEL);
 
+                cifscred->aces = kmalloc(num_aces *
 
+                        sizeof(struct cifs_ace *), GFP_KERNEL);*/
 
+
 
+
 
+		for (i = 0; i < num_aces; ++i) {
 
+			ppntace[i] = (struct cifs_ntace *)
 
+					(acl_base + acl_size);
 
+			ppace[i] = (struct cifs_ace *) ((char *)ppntace[i] +
 
+					sizeof(struct cifs_ntace));
 
+
 
+			parse_ntace(ppntace[i], end_of_acl);
 
+			parse_ace(ppace[i], end_of_acl);
 
+
 
+/*                      memcpy((void *)(&(cifscred->ntaces[i])),
 
+                                (void *)ppntace[i],
 
+                                sizeof(struct cifs_ntace));
 
+                        memcpy((void *)(&(cifscred->aces[i])),
 
+                                (void *)ppace[i],
 
+                                sizeof(struct cifs_ace)); */
 
+
 
+			acl_base = (char *)ppntace[i];
 
+			acl_size = cpu_to_le32(ppntace[i]->size);
 
+		}
 
+
 
+		kfree(ppace);
 
+		kfree(ppntace);
 
+	}
 
+
 
+	return;
 
+}
 
+
 
 
 static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
 
 {
 
+	int i;
 
+	int num_subauth;
 
+	__u32 *psub_auth;
 
+
 
 	/* BB need to add parm so we can store the SID BB */
 
 
 	/* validate that we do not go past end of acl */
 
 	if (end_of_acl < (char *)psid + sizeof(struct cifs_sid)) {
 
-		cERROR(1, ("ACL to small to parse SID"));
 
+		cERROR(1, ("ACL too small to parse SID"));
 
 		return -EINVAL;
 
 	}
 
+
 
+	num_subauth = cpu_to_le32(psid->num_subauth);
 
+	if (num_subauth) {
 
+		psub_auth = (__u32 *)((char *)psid + sizeof(struct cifs_sid));
 
 #ifdef CONFIG_CIFS_DEBUG2
 
-	cFYI(1, ("revision %d num_auth %d First subauth 0x%x",
 
-		psid->revision, psid->num_subauth, psid->sub_auth[0]));
 
+		cFYI(1, ("SID revision %d num_auth %d First subauth 0x%x",
 
+			psid->revision, psid->num_subauth, psid->sub_auth[0]));
 
 
-	/* BB add length check to make sure that we do not have huge num auths
 
-	      and therefore go off the end */
 
-	cFYI(1, ("RID 0x%x", le32_to_cpu(psid->sub_auth[psid->num_subauth])));
 
+		for (i = 0; i < num_subauth; ++i) {
 
+			cFYI(1, ("SID sub_auth[%d]: 0x%x ", i,
 
+			le32_to_cpu(psub_auth[i])));
 
+		}
 
+
 
+		/* BB add length check to make sure that we do not have huge 
+			num auths and therefore go off the end */
 
+		cFYI(1, ("RID 0x%x", 
+			le32_to_cpu(psid->sub_auth[psid->num_subauth])));
 
 #endif
 
+	}
 
+
 
 	return 0;
 
 }
 
 
+
 
 /* Convert CIFS ACL to POSIX form */
 
 int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
 
 {
 
-	int i, rc;
 
-	int num_aces = 0;
 
-	int acl_size;
 
+	int rc;
 
 	struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
 
 	struct cifs_acl *dacl_ptr; /* no need for SACL ptr */
 
-	struct cifs_ntace **ppntace;
 
-	struct cifs_ace **ppace;
 
-	char *acl_base;
 
 	char *end_of_acl = ((char *)pntsd) + acl_len;
 
 
 	owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
 
@@ -89,6 +219,8 @@ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
 
 	if (rc)
 
 		return rc;
 
 
+	parse_dacl(dacl_ptr, end_of_acl);
 
+
 
 /*	cifscred->uid = owner_sid_ptr->rid;
 
 	cifscred->gid = group_sid_ptr->rid;
 
 	memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,
 
@@ -96,46 +228,5 @@ int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len)
 
 	memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,
 
 			sizeof (struct cifs_sid)); */
 
 
-	num_aces = cpu_to_le32(dacl_ptr->num_aces);
 
-	cFYI(1, ("num aces %d", num_aces));
 
-	if (num_aces  > 0) {
 
-		ppntace = kmalloc(num_aces * sizeof(struct cifs_ntace *),
 
-				GFP_KERNEL);
 
-		ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
 
-				GFP_KERNEL);
 
-
 
-/*		cifscred->cecount = dacl_ptr->num_aces;
 
-		cifscred->ntaces = kmalloc(num_aces *
 
-				sizeof(struct cifs_ntace *), GFP_KERNEL);
 
-		cifscred->aces = kmalloc(num_aces *
 
-				sizeof(struct cifs_ace *), GFP_KERNEL);*/
 
-
 
-		acl_base = (char *)dacl_ptr;
 
-		acl_size = sizeof(struct cifs_acl);
 
-
 
-		for (i = 0; i < num_aces; ++i) {
 
-			ppntace[i] = (struct cifs_ntace *)
 
-						(acl_base + acl_size);
 
-			ppace[i] = (struct cifs_ace *)
 
-					((char *)ppntace[i] +
 
-					sizeof(struct cifs_ntace));
 
-
 
-/*			memcpy((void *)(&(cifscred->ntaces[i])),
 
-				(void *)ntace_ptrptr[i],
 
-				sizeof(struct cifs_ntace));
 
-			memcpy((void *)(&(cifscred->aces[i])),
 
-				(void *)ace_ptrptr[i],
 
-				sizeof(struct cifs_ace)); */
 
-
 
-			acl_base = (char *)ppntace[i];
 
-			acl_size = cpu_to_le32(ppntace[i]->size);
 
-#ifdef CONFIG_CIFS_DEBUG2
 
-			cFYI(1, ("ACE revision:%d", ppace[i]->revision));
 
-#endif
 
-		}
 
-		kfree(ppace);
 
-		kfree(ppntace);
 
-	}
 
-
 
 	return (0);
 
 }

+ 2 - 2
fs/cifs/cifsacl.h
Parādīt failu 

@@ -44,14 +44,14 @@ struct cifs_acl {
 
 	__u32 num_aces;
 
 } __attribute__((packed));
 
 
-struct cifs_ntace {
 
+struct cifs_ntace { /* first part of ACE which contains perms */
 
 	__u8 type;
 
 	__u8 flags;
 
 	__u16 size;
 
 	__u32 access_req;
 
 } __attribute__((packed));
 
 
-struct cifs_ace {
 
+struct cifs_ace { /* last part of ACE which includes user info */
 
 	__u8 revision; /* revision level */
 
 	__u8 num_subauth;
 
 	__u8 authority[6];

+ 1 - 1
fs/cifs/cifsproto.h
Parādīt failu 

@@ -310,7 +310,7 @@ extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
 
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
 
 extern void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key);
 
 #endif /* CIFS_WEAK_PW_HASH */
 
-extern int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len);
 
+extern int parse_sec_desc(struct cifs_ntsd *, int);
 
 extern int CIFSSMBCopy(int xid,
 
 			struct cifsTconInfo *source_tcon,
 
 			const char *fromName,

+ 1 - 1
fs/cifs/cifssmb.c
Parādīt failu 

@@ -34,10 +34,10 @@
 
 #include <asm/uaccess.h>
 
 #include "cifspdu.h"
 
 #include "cifsglob.h"
 
+#include "cifsacl.h"
 
 #include "cifsproto.h"
 
 #include "cifs_unicode.h"
 
 #include "cifs_debug.h"
 
-#include "cifsacl.h"
 
 
 #ifdef CONFIG_CIFS_POSIX
 
 static struct {