Lines Matching +full:revision +full:- +full:id
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 #include <linux/key-type.h>
29 #include <keys/user-type.h>
36 /* security id for everyone/world system group */
39 /* security id for Authenticated Users system group */
43 /* S-1-22-1 Unmapped Unix users */
47 /* S-1-22-2 Unmapped Unix groups */
52 * See https://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
55 /* S-1-5-88 MS NFS and Apple style UID/GID/mode */
57 /* S-1-5-88-1 Unix uid */
62 /* S-1-5-88-2 Unix gid */
67 /* S-1-5-88-3 Unix mode */
87 if (prep->datalen <= sizeof(key->payload)) { in cifs_idmap_key_instantiate()
88 key->payload.data[0] = NULL; in cifs_idmap_key_instantiate()
89 memcpy(&key->payload, prep->data, prep->datalen); in cifs_idmap_key_instantiate()
91 payload = kmemdup(prep->data, prep->datalen, GFP_KERNEL); in cifs_idmap_key_instantiate()
93 return -ENOMEM; in cifs_idmap_key_instantiate()
94 key->payload.data[0] = payload; in cifs_idmap_key_instantiate()
97 key->datalen = prep->datalen; in cifs_idmap_key_instantiate()
104 if (key->datalen > sizeof(key->payload)) in cifs_idmap_key_destroy()
105 kfree(key->payload.data[0]); in cifs_idmap_key_destroy()
125 (SID_STRING_SUBAUTH_SIZE * sidptr->num_subauth), in sid_to_key_str()
131 len = sprintf(strptr, "%cs:S-%hhu", type == SIDOWNER ? 'o' : 'g', in sid_to_key_str()
132 sidptr->revision); in sid_to_key_str()
135 /* The authority field is a single 48-bit number */ in sid_to_key_str()
136 id_auth_val = (unsigned long long)sidptr->authority[5]; in sid_to_key_str()
137 id_auth_val |= (unsigned long long)sidptr->authority[4] << 8; in sid_to_key_str()
138 id_auth_val |= (unsigned long long)sidptr->authority[3] << 16; in sid_to_key_str()
139 id_auth_val |= (unsigned long long)sidptr->authority[2] << 24; in sid_to_key_str()
140 id_auth_val |= (unsigned long long)sidptr->authority[1] << 32; in sid_to_key_str()
141 id_auth_val |= (unsigned long long)sidptr->authority[0] << 48; in sid_to_key_str()
144 * MS-DTYP states that if the authority is >= 2^32, then it should be in sid_to_key_str()
148 len = sprintf(strptr, "-%llu", id_auth_val); in sid_to_key_str()
150 len = sprintf(strptr, "-0x%llx", id_auth_val); in sid_to_key_str()
154 for (i = 0; i < sidptr->num_subauth; ++i) { in sid_to_key_str()
155 saval = le32_to_cpu(sidptr->sub_auth[i]); in sid_to_key_str()
156 len = sprintf(strptr, "-%u", saval); in sid_to_key_str()
165 * the same returns zero, if they do not match returns non-zero.
176 /* compare the revision */ in compare_sids()
177 if (ctsid->revision != cwsid->revision) { in compare_sids()
178 if (ctsid->revision > cwsid->revision) in compare_sids()
181 return -1; in compare_sids()
186 if (ctsid->authority[i] != cwsid->authority[i]) { in compare_sids()
187 if (ctsid->authority[i] > cwsid->authority[i]) in compare_sids()
190 return -1; in compare_sids()
195 num_sat = ctsid->num_subauth; in compare_sids()
196 num_saw = cwsid->num_subauth; in compare_sids()
200 if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) { in compare_sids()
201 if (le32_to_cpu(ctsid->sub_auth[i]) > in compare_sids()
202 le32_to_cpu(cwsid->sub_auth[i])) in compare_sids()
205 return -1; in compare_sids()
223 num_subauth = psid->num_subauth; in is_well_known_sid()
239 /* compare the revision */ in is_well_known_sid()
240 if (psid->revision != pwell_known_sid->revision) in is_well_known_sid()
245 if (psid->authority[i] != pwell_known_sid->authority[i]) { in is_well_known_sid()
252 if (psid->sub_auth[0] != pwell_known_sid->sub_auth[0]) in is_well_known_sid()
255 *puid = le32_to_cpu(psid->sub_auth[1]); in is_well_known_sid()
257 *puid = le32_to_cpu(psid->sub_auth[0]); in is_well_known_sid()
258 if ((psid->sub_auth[0] != pwell_known_sid->sub_auth[0]) || in is_well_known_sid()
259 (psid->sub_auth[1] != pwell_known_sid->sub_auth[1])) in is_well_known_sid()
262 *puid = le32_to_cpu(psid->sub_auth[2]); in is_well_known_sid()
274 dst->revision = src->revision; in cifs_copy_sid()
275 dst->num_subauth = min_t(u8, src->num_subauth, SID_MAX_SUB_AUTHORITIES); in cifs_copy_sid()
277 dst->authority[i] = src->authority[i]; in cifs_copy_sid()
278 for (i = 0; i < dst->num_subauth; ++i) in cifs_copy_sid()
279 dst->sub_auth[i] = src->sub_auth[i]; in cifs_copy_sid()
295 return -EINVAL; in id_to_sid()
301 rc = -EINVAL; in id_to_sid()
305 } else if (sidkey->datalen < CIFS_SID_BASE_SIZE) { in id_to_sid()
306 rc = -EIO; in id_to_sid()
308 __func__, sidkey->datalen); in id_to_sid()
314 * there are no subauthorities and the host has 8-byte pointers, then in id_to_sid()
317 ksid = sidkey->datalen <= sizeof(sidkey->payload) ? in id_to_sid()
318 (struct cifs_sid *)&sidkey->payload : in id_to_sid()
319 (struct cifs_sid *)sidkey->payload.data[0]; in id_to_sid()
321 ksid_size = CIFS_SID_BASE_SIZE + (ksid->num_subauth * sizeof(__le32)); in id_to_sid()
322 if (ksid_size > sidkey->datalen) { in id_to_sid()
323 rc = -EIO; in id_to_sid()
325 __func__, sidkey->datalen, ksid_size); in id_to_sid()
349 kuid_t fuid = cifs_sb->mnt_uid; in sid_to_id()
350 kgid_t fgid = cifs_sb->mnt_gid; in sid_to_id()
356 if (unlikely(psid->num_subauth > SID_MAX_SUB_AUTHORITIES)) { in sid_to_id()
358 __func__, psid->num_subauth); in sid_to_id()
359 return -EIO; in sid_to_id()
362 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL) || in sid_to_id()
363 (cifs_sb_master_tcon(cifs_sb)->posix_extensions)) { in sid_to_id()
377 gid_t id; in sid_to_id() local
379 id = (gid_t)unix_id; in sid_to_id()
380 gid = make_kgid(&init_user_ns, id); in sid_to_id()
387 uid_t id; in sid_to_id() local
389 id = (uid_t)unix_id; in sid_to_id()
390 uid = make_kuid(&init_user_ns, id); in sid_to_id()
402 return -ENOMEM; in sid_to_id()
407 rc = -EINVAL; in sid_to_id()
419 if (sidkey->datalen != sizeof(uid_t)) { in sid_to_id()
420 rc = -EIO; in sid_to_id()
422 __func__, sidkey->datalen); in sid_to_id()
429 uid_t id; in sid_to_id() local
430 memcpy(&id, &sidkey->payload.data[0], sizeof(uid_t)); in sid_to_id()
431 uid = make_kuid(&init_user_ns, id); in sid_to_id()
436 gid_t id; in sid_to_id() local
437 memcpy(&id, &sidkey->payload.data[0], sizeof(gid_t)); in sid_to_id()
438 gid = make_kgid(&init_user_ns, id); in sid_to_id()
456 fattr->cf_uid = fuid; in sid_to_id()
458 fattr->cf_gid = fgid; in sid_to_id()
480 return -ENOMEM; in init_cifs_idmap()
498 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); in init_cifs_idmap()
499 cred->thread_keyring = keyring; in init_cifs_idmap()
500 cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; in init_cifs_idmap()
516 key_revoke(root_cred->thread_keyring); in exit_cifs_idmap()
530 pnntsd->revision = pntsd->revision; in copy_sec_desc()
531 pnntsd->type = pntsd->type; in copy_sec_desc()
532 pnntsd->dacloffset = cpu_to_le32(sizeof(struct cifs_ntsd)); in copy_sec_desc()
533 pnntsd->sacloffset = 0; in copy_sec_desc()
534 pnntsd->osidoffset = cpu_to_le32(sidsoffset); in copy_sec_desc()
535 pnntsd->gsidoffset = cpu_to_le32(sidsoffset + sizeof(struct cifs_sid)); in copy_sec_desc()
539 le32_to_cpu(pntsd->osidoffset)); in copy_sec_desc()
545 le32_to_cpu(pntsd->gsidoffset)); in copy_sec_desc()
647 pntace->type = ACCESS_ALLOWED; in fill_ace_for_sid()
648 pntace->flags = 0x0; in fill_ace_for_sid()
652 pntace->access_req = cpu_to_le32(access_req); in fill_ace_for_sid()
654 pntace->sid.revision = psid->revision; in fill_ace_for_sid()
655 pntace->sid.num_subauth = psid->num_subauth; in fill_ace_for_sid()
657 pntace->sid.authority[i] = psid->authority[i]; in fill_ace_for_sid()
658 for (i = 0; i < psid->num_subauth; i++) in fill_ace_for_sid()
659 pntace->sid.sub_auth[i] = psid->sub_auth[i]; in fill_ace_for_sid()
661 size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4); in fill_ace_for_sid()
662 pntace->size = cpu_to_le16(size); in fill_ace_for_sid()
675 if (le16_to_cpu(pace->size) < 16) { in dump_ace()
676 cifs_dbg(VFS, "ACE too small %d\n", le16_to_cpu(pace->size)); in dump_ace()
680 if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) { in dump_ace()
685 num_subauth = pace->sid.num_subauth; in dump_ace()
688 cifs_dbg(FYI, "ACE revision %d num_auth %d type %d flags %d size %d\n", in dump_ace()
689 pace->sid.revision, pace->sid.num_subauth, pace->type, in dump_ace()
690 pace->flags, le16_to_cpu(pace->size)); in dump_ace()
693 i, le32_to_cpu(pace->sid.sub_auth[i])); in dump_ace()
719 fattr->cf_mode |= S_IRWXUGO; in parse_dacl()
724 if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { in parse_dacl()
729 cifs_dbg(NOISY, "DACL revision %d size %d num aces %d\n", in parse_dacl()
730 le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size), in parse_dacl()
731 le32_to_cpu(pdacl->num_aces)); in parse_dacl()
736 fattr->cf_mode &= ~(S_IRWXUGO); in parse_dacl()
741 num_aces = le32_to_cpu(pdacl->num_aces); in parse_dacl()
760 (compare_sids(&(ppace[i]->sid), in parse_dacl()
767 fattr->cf_mode &= ~07777; in parse_dacl()
768 fattr->cf_mode |= in parse_dacl()
769 le32_to_cpu(ppace[i]->sid.sub_auth[2]); in parse_dacl()
771 } else if (compare_sids(&(ppace[i]->sid), pownersid) == 0) in parse_dacl()
772 access_flags_to_mode(ppace[i]->access_req, in parse_dacl()
773 ppace[i]->type, in parse_dacl()
774 &fattr->cf_mode, in parse_dacl()
776 else if (compare_sids(&(ppace[i]->sid), pgrpsid) == 0) in parse_dacl()
777 access_flags_to_mode(ppace[i]->access_req, in parse_dacl()
778 ppace[i]->type, in parse_dacl()
779 &fattr->cf_mode, in parse_dacl()
781 else if (compare_sids(&(ppace[i]->sid), &sid_everyone) == 0) in parse_dacl()
782 access_flags_to_mode(ppace[i]->access_req, in parse_dacl()
783 ppace[i]->type, in parse_dacl()
784 &fattr->cf_mode, in parse_dacl()
786 else if (compare_sids(&(ppace[i]->sid), &sid_authusers) == 0) in parse_dacl()
787 access_flags_to_mode(ppace[i]->access_req, in parse_dacl()
788 ppace[i]->type, in parse_dacl()
789 &fattr->cf_mode, in parse_dacl()
793 /* memcpy((void *)(&(cifscred->aces[i])), in parse_dacl()
798 acl_size = le16_to_cpu(ppace[i]->size); in parse_dacl()
812 pntace->type = ACCESS_ALLOWED_ACE_TYPE; in setup_authusers_ACE()
813 pntace->flags = 0x0; in setup_authusers_ACE()
814 pntace->access_req = cpu_to_le32(GENERIC_ALL); in setup_authusers_ACE()
815 pntace->sid.num_subauth = 1; in setup_authusers_ACE()
816 pntace->sid.revision = 1; in setup_authusers_ACE()
818 pntace->sid.authority[i] = sid_authusers.authority[i]; in setup_authusers_ACE()
820 pntace->sid.sub_auth[0] = sid_authusers.sub_auth[0]; in setup_authusers_ACE()
822 /* size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth*4) */ in setup_authusers_ACE()
823 pntace->size = cpu_to_le16(ace_size); in setup_authusers_ACE()
829 * https://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
836 pntace->type = ACCESS_DENIED_ACE_TYPE; in setup_special_mode_ACE()
837 pntace->flags = 0x0; in setup_special_mode_ACE()
838 pntace->access_req = 0; in setup_special_mode_ACE()
839 pntace->sid.num_subauth = 3; in setup_special_mode_ACE()
840 pntace->sid.revision = 1; in setup_special_mode_ACE()
842 pntace->sid.authority[i] = sid_unix_NFS_mode.authority[i]; in setup_special_mode_ACE()
844 pntace->sid.sub_auth[0] = sid_unix_NFS_mode.sub_auth[0]; in setup_special_mode_ACE()
845 pntace->sid.sub_auth[1] = sid_unix_NFS_mode.sub_auth[1]; in setup_special_mode_ACE()
846 pntace->sid.sub_auth[2] = cpu_to_le32(nmode & 07777); in setup_special_mode_ACE()
848 /* size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth*4) */ in setup_special_mode_ACE()
849 pntace->size = cpu_to_le16(ace_size); in setup_special_mode_ACE()
858 pntace->type = ACCESS_ALLOWED_ACE_TYPE; in setup_special_user_owner_ACE()
859 pntace->flags = 0x0; in setup_special_user_owner_ACE()
860 pntace->access_req = cpu_to_le32(GENERIC_ALL); in setup_special_user_owner_ACE()
861 pntace->sid.num_subauth = 3; in setup_special_user_owner_ACE()
862 pntace->sid.revision = 1; in setup_special_user_owner_ACE()
864 pntace->sid.authority[i] = sid_unix_NFS_users.authority[i]; in setup_special_user_owner_ACE()
866 pntace->sid.sub_auth[0] = sid_unix_NFS_users.sub_auth[0]; in setup_special_user_owner_ACE()
867 pntace->sid.sub_auth[1] = sid_unix_NFS_users.sub_auth[1]; in setup_special_user_owner_ACE()
868 pntace->sid.sub_auth[2] = cpu_to_le32(current_fsgid().val); in setup_special_user_owner_ACE()
870 /* size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth*4) */ in setup_special_user_owner_ACE()
871 pntace->size = cpu_to_le16(ace_size); in setup_special_user_owner_ACE()
902 pndacl->num_aces = cpu_to_le32(num_aces); in set_chmod_dacl()
903 pndacl->size = cpu_to_le16(size + sizeof(struct cifs_acl)); in set_chmod_dacl()
913 /* validate that we do not go past end of ACL - sid must be at least 8 in parse_sid()
914 bytes long (assuming no sub-auths - e.g. the null SID */ in parse_sid()
917 return -EINVAL; in parse_sid()
921 if (psid->num_subauth) { in parse_sid()
923 cifs_dbg(FYI, "SID revision %d num_auth %d\n", in parse_sid()
924 psid->revision, psid->num_subauth); in parse_sid()
926 for (i = 0; i < psid->num_subauth; i++) { in parse_sid()
928 i, le32_to_cpu(psid->sub_auth[i])); in parse_sid()
934 le32_to_cpu(psid->sub_auth[psid->num_subauth-1])); in parse_sid()
954 return -EIO; in parse_sec_desc()
957 le32_to_cpu(pntsd->osidoffset)); in parse_sec_desc()
959 le32_to_cpu(pntsd->gsidoffset)); in parse_sec_desc()
960 dacloffset = le32_to_cpu(pntsd->dacloffset); in parse_sec_desc()
962 …cifs_dbg(NOISY, "revision %d type 0x%x ooffset 0x%x goffset 0x%x sacloffset 0x%x dacloffset 0x%x\n… in parse_sec_desc()
963 pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset), in parse_sec_desc()
964 le32_to_cpu(pntsd->gsidoffset), in parse_sec_desc()
965 le32_to_cpu(pntsd->sacloffset), dacloffset); in parse_sec_desc()
1017 le32_to_cpu(pntsd->osidoffset)); in build_sec_desc()
1019 le32_to_cpu(pntsd->gsidoffset)); in build_sec_desc()
1020 dacloffset = le32_to_cpu(pntsd->dacloffset); in build_sec_desc()
1024 ndacl_ptr->revision = dacl_ptr->revision; in build_sec_desc()
1025 ndacl_ptr->size = 0; in build_sec_desc()
1026 ndacl_ptr->num_aces = 0; in build_sec_desc()
1030 sidsoffset = ndacloffset + le16_to_cpu(ndacl_ptr->size); in build_sec_desc()
1037 uid_t id; in build_sec_desc() local
1039 le32_to_cpu(pnntsd->osidoffset)); in build_sec_desc()
1043 return -ENOMEM; in build_sec_desc()
1044 id = from_kuid(&init_user_ns, uid); in build_sec_desc()
1047 /* Populate the user ownership fields S-1-5-88-1 */ in build_sec_desc()
1048 osid->Revision = 1; in build_sec_desc()
1049 osid->NumAuth = 3; in build_sec_desc()
1050 osid->Authority[5] = 5; in build_sec_desc()
1051 osid->SubAuthorities[0] = cpu_to_le32(88); in build_sec_desc()
1052 osid->SubAuthorities[1] = cpu_to_le32(1); in build_sec_desc()
1053 osid->SubAuthorities[2] = cpu_to_le32(id); in build_sec_desc()
1055 rc = id_to_sid(id, SIDOWNER, nowner_sid_ptr); in build_sec_desc()
1057 cifs_dbg(FYI, "%s: Mapping error %d for owner id %d\n", in build_sec_desc()
1058 __func__, rc, id); in build_sec_desc()
1068 gid_t id; in build_sec_desc() local
1070 le32_to_cpu(pnntsd->gsidoffset)); in build_sec_desc()
1074 return -ENOMEM; in build_sec_desc()
1075 id = from_kgid(&init_user_ns, gid); in build_sec_desc()
1078 /* Populate the group ownership fields S-1-5-88-2 */ in build_sec_desc()
1079 gsid->Revision = 1; in build_sec_desc()
1080 gsid->NumAuth = 3; in build_sec_desc()
1081 gsid->Authority[5] = 5; in build_sec_desc()
1082 gsid->SubAuthorities[0] = cpu_to_le32(88); in build_sec_desc()
1083 gsid->SubAuthorities[1] = cpu_to_le32(2); in build_sec_desc()
1084 gsid->SubAuthorities[2] = cpu_to_le32(id); in build_sec_desc()
1086 rc = id_to_sid(id, SIDGROUP, ngroup_sid_ptr); in build_sec_desc()
1088 cifs_dbg(FYI, "%s: Mapping error %d for group id %d\n", in build_sec_desc()
1089 __func__, rc, id); in build_sec_desc()
1115 rc = CIFSSMBGetCIFSACL(xid, tlink_tcon(tlink), cifsfid->netfid, &pntsd, in get_cifs_acl_by_fid()
1182 pntsd = get_cifs_acl_by_fid(cifs_sb, &open_file->fid, pacllen); in get_cifs_acl()
1195 struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); in set_cifs_acl()
1253 ops = tlink_tcon(tlink)->ses->server->ops; in cifs_acl_to_fattr()
1255 if (pfid && (ops->get_acl_by_fid)) in cifs_acl_to_fattr()
1256 pntsd = ops->get_acl_by_fid(cifs_sb, pfid, &acllen); in cifs_acl_to_fattr()
1257 else if (ops->get_acl) in cifs_acl_to_fattr()
1258 pntsd = ops->get_acl(cifs_sb, inode, path, &acllen); in cifs_acl_to_fattr()
1261 return -EOPNOTSUPP; in cifs_acl_to_fattr()
1293 struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); in id_mode_to_cifs_acl()
1301 ops = tlink_tcon(tlink)->ses->server->ops; in id_mode_to_cifs_acl()
1307 if (ops->get_acl == NULL) { in id_mode_to_cifs_acl()
1309 return -EOPNOTSUPP; in id_mode_to_cifs_acl()
1312 pntsd = ops->get_acl(cifs_sb, inode, path, &secdesclen); in id_mode_to_cifs_acl()
1331 return -ENOMEM; in id_mode_to_cifs_acl()
1334 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID) in id_mode_to_cifs_acl()
1339 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL) in id_mode_to_cifs_acl()
1349 if (ops->set_acl == NULL) in id_mode_to_cifs_acl()
1350 rc = -EOPNOTSUPP; in id_mode_to_cifs_acl()
1354 rc = ops->set_acl(pnntsd, secdesclen, inode, path, aclflag); in id_mode_to_cifs_acl()