Lines Matching +full:set +full:- +full:aces
1 // SPDX-License-Identifier: LGPL-2.1+
38 /* S-1-22-1 Unmapped Unix users */
42 /* S-1-22-2 Unmapped Unix groups */
47 * See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
50 /* S-1-5-88 MS NFS and Apple style UID/GID/mode */
52 /* S-1-5-88-1 Unix uid */
57 /* S-1-5-88-2 Unix gid */
62 /* S-1-5-88-3 Unix mode */
69 * the same returns zero, if they do not match returns non-zero.
80 if (ctsid->revision != cwsid->revision) { in compare_sids()
81 if (ctsid->revision > cwsid->revision) in compare_sids()
84 return -1; in compare_sids()
89 if (ctsid->authority[i] != cwsid->authority[i]) { in compare_sids()
90 if (ctsid->authority[i] > cwsid->authority[i]) in compare_sids()
93 return -1; in compare_sids()
98 num_sat = ctsid->num_subauth; in compare_sids()
99 num_saw = cwsid->num_subauth; in compare_sids()
103 if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) { in compare_sids()
104 if (le32_to_cpu(ctsid->sub_auth[i]) > in compare_sids()
105 le32_to_cpu(cwsid->sub_auth[i])) in compare_sids()
108 return -1; in compare_sids()
120 dst->revision = src->revision; in smb_copy_sid()
121 dst->num_subauth = min_t(u8, src->num_subauth, SID_MAX_SUB_AUTHORITIES); in smb_copy_sid()
123 dst->authority[i] = src->authority[i]; in smb_copy_sid()
124 for (i = 0; i < dst->num_subauth; ++i) in smb_copy_sid()
125 dst->sub_auth[i] = src->sub_auth[i]; in smb_copy_sid()
131 * bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
149 if (S_ISDIR(fattr->cf_mode)) in access_flags_to_mode()
201 pntace->type = type; in fill_ace_for_sid()
202 pntace->flags = flags; in fill_ace_for_sid()
206 pntace->access_req = cpu_to_le32(access_req); in fill_ace_for_sid()
208 pntace->sid.revision = psid->revision; in fill_ace_for_sid()
209 pntace->sid.num_subauth = psid->num_subauth; in fill_ace_for_sid()
211 pntace->sid.authority[i] = psid->authority[i]; in fill_ace_for_sid()
212 for (i = 0; i < psid->num_subauth; i++) in fill_ace_for_sid()
213 pntace->sid.sub_auth[i] = psid->sub_auth[i]; in fill_ace_for_sid()
215 size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4); in fill_ace_for_sid()
216 pntace->size = cpu_to_le16(size); in fill_ace_for_sid()
253 ssid->sub_auth[ssid->num_subauth] = cpu_to_le32(cid); in id_to_sid()
254 ssid->num_subauth++; in id_to_sid()
261 int rc = -EINVAL; in sid_to_id()
267 if (unlikely(psid->num_subauth > SID_MAX_SUB_AUTHORITIES)) { in sid_to_id()
269 __func__, psid->num_subauth); in sid_to_id()
270 return -EIO; in sid_to_id()
277 id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); in sid_to_id()
281 fattr->cf_uid = uid; in sid_to_id()
288 id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); in sid_to_id()
292 fattr->cf_gid = gid; in sid_to_id()
305 pace->e_tag = ACL_USER_OBJ; in posix_state_to_acl()
306 pace->e_perm = state->owner.allow; in posix_state_to_acl()
307 for (i = 0; i < state->users->n; i++) { in posix_state_to_acl()
309 pace->e_tag = ACL_USER; in posix_state_to_acl()
310 pace->e_uid = state->users->aces[i].uid; in posix_state_to_acl()
311 pace->e_perm = state->users->aces[i].perms.allow; in posix_state_to_acl()
315 pace->e_tag = ACL_GROUP_OBJ; in posix_state_to_acl()
316 pace->e_perm = state->group.allow; in posix_state_to_acl()
318 for (i = 0; i < state->groups->n; i++) { in posix_state_to_acl()
320 pace->e_tag = ACL_GROUP; in posix_state_to_acl()
321 pace->e_gid = state->groups->aces[i].gid; in posix_state_to_acl()
322 pace->e_perm = state->groups->aces[i].perms.allow; in posix_state_to_acl()
325 if (state->users->n || state->groups->n) { in posix_state_to_acl()
327 pace->e_tag = ACL_MASK; in posix_state_to_acl()
328 pace->e_perm = state->mask.allow; in posix_state_to_acl()
332 pace->e_tag = ACL_OTHER; in posix_state_to_acl()
333 pace->e_perm = state->other.allow; in posix_state_to_acl()
348 state->users = kzalloc(alloc, GFP_KERNEL); in init_acl_state()
349 if (!state->users) in init_acl_state()
350 return -ENOMEM; in init_acl_state()
351 state->groups = kzalloc(alloc, GFP_KERNEL); in init_acl_state()
352 if (!state->groups) { in init_acl_state()
353 kfree(state->users); in init_acl_state()
354 return -ENOMEM; in init_acl_state()
361 kfree(state->users); in free_acl_state()
362 kfree(state->groups); in free_acl_state()
385 end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { in parse_dacl()
390 ksmbd_debug(SMB, "DACL revision %d size %d num aces %d\n", in parse_dacl()
391 le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size), in parse_dacl()
392 le32_to_cpu(pdacl->num_aces)); in parse_dacl()
397 num_aces = le32_to_cpu(pdacl->num_aces); in parse_dacl()
401 if (num_aces > (le16_to_cpu(pdacl->size) - sizeof(struct smb_acl)) / in parse_dacl()
424 * Also, if num_aces is 0 i.e. DACL has no ACEs, in parse_dacl()
428 if (end_of_acl - acl_base < acl_size) in parse_dacl()
436 if (end_of_acl - acl_base < acl_size || in parse_dacl()
437 ppace[i]->sid.num_subauth == 0 || in parse_dacl()
438 ppace[i]->sid.num_subauth > SID_MAX_SUB_AUTHORITIES || in parse_dacl()
439 (end_of_acl - acl_base < in parse_dacl()
440 acl_size + sizeof(__le32) * ppace[i]->sid.num_subauth) || in parse_dacl()
441 (le16_to_cpu(ppace[i]->size) < in parse_dacl()
442 acl_size + sizeof(__le32) * ppace[i]->sid.num_subauth)) in parse_dacl()
445 acl_size = le16_to_cpu(ppace[i]->size); in parse_dacl()
446 ppace[i]->access_req = in parse_dacl()
447 smb_map_generic_desired_access(ppace[i]->access_req); in parse_dacl()
449 if (!(compare_sids(&ppace[i]->sid, &sid_unix_NFS_mode))) { in parse_dacl()
450 fattr->cf_mode = in parse_dacl()
451 le32_to_cpu(ppace[i]->sid.sub_auth[2]); in parse_dacl()
453 } else if (!compare_sids(&ppace[i]->sid, pownersid)) { in parse_dacl()
455 ppace[i]->access_req, in parse_dacl()
456 ppace[i]->type); in parse_dacl()
464 } else if (!compare_sids(&ppace[i]->sid, pgrpsid) || in parse_dacl()
465 ppace[i]->sid.sub_auth[ppace[i]->sid.num_subauth - 1] == in parse_dacl()
468 ppace[i]->access_req, in parse_dacl()
469 ppace[i]->type); in parse_dacl()
476 } else if (!compare_sids(&ppace[i]->sid, &sid_everyone)) { in parse_dacl()
478 ppace[i]->access_req, in parse_dacl()
479 ppace[i]->type); in parse_dacl()
486 } else if (!compare_sids(&ppace[i]->sid, &creator_owner)) { in parse_dacl()
488 } else if (!compare_sids(&ppace[i]->sid, &creator_group)) { in parse_dacl()
490 } else if (!compare_sids(&ppace[i]->sid, &sid_authusers)) { in parse_dacl()
495 acl_mode = access_flags_to_mode(fattr, ppace[i]->access_req, in parse_dacl()
496 ppace[i]->type); in parse_dacl()
498 ret = sid_to_id(idmap, &ppace[i]->sid, SIDOWNER, &temp_fattr); in parse_dacl()
506 acl_state.users->aces[acl_state.users->n].uid = in parse_dacl()
508 acl_state.users->aces[acl_state.users->n++].perms.allow = in parse_dacl()
511 default_acl_state.users->aces[default_acl_state.users->n].uid = in parse_dacl()
513 default_acl_state.users->aces[default_acl_state.users->n++].perms.allow = in parse_dacl()
520 /* The owner must be set to at least read-only. */ in parse_dacl()
522 acl_state.users->aces[acl_state.users->n].uid = fattr->cf_uid; in parse_dacl()
523 acl_state.users->aces[acl_state.users->n++].perms.allow = in parse_dacl()
526 default_acl_state.users->aces[default_acl_state.users->n].uid = in parse_dacl()
527 fattr->cf_uid; in parse_dacl()
528 default_acl_state.users->aces[default_acl_state.users->n++].perms.allow = in parse_dacl()
534 acl_state.groups->aces[acl_state.groups->n].gid = in parse_dacl()
535 fattr->cf_gid; in parse_dacl()
536 acl_state.groups->aces[acl_state.groups->n++].perms.allow = in parse_dacl()
539 default_acl_state.groups->aces[default_acl_state.groups->n].gid = in parse_dacl()
540 fattr->cf_gid; in parse_dacl()
541 default_acl_state.groups->aces[default_acl_state.groups->n++].perms.allow = in parse_dacl()
546 fattr->cf_mode &= ~(0007); in parse_dacl()
547 fattr->cf_mode |= mode & 0007; in parse_dacl()
553 if (acl_state.users->n || acl_state.groups->n) { in parse_dacl()
557 fattr->cf_acls = in parse_dacl()
558 posix_acl_alloc(acl_state.users->n + in parse_dacl()
559 acl_state.groups->n + 4, GFP_KERNEL); in parse_dacl()
560 if (fattr->cf_acls) { in parse_dacl()
561 cf_pace = fattr->cf_acls->a_entries; in parse_dacl()
567 if (default_acl_state.users->n || default_acl_state.groups->n) { in parse_dacl()
571 fattr->cf_dacls = in parse_dacl()
572 posix_acl_alloc(default_acl_state.users->n + in parse_dacl()
573 default_acl_state.groups->n + 4, GFP_KERNEL); in parse_dacl()
574 if (fattr->cf_dacls) { in parse_dacl()
575 cf_pdace = fattr->cf_dacls->a_entries; in parse_dacl()
594 if (!fattr->cf_acls) in set_posix_acl_entries_dacl()
597 pace = fattr->cf_acls->a_entries; in set_posix_acl_entries_dacl()
598 for (i = 0; i < fattr->cf_acls->a_count; i++, pace++) { in set_posix_acl_entries_dacl()
605 if (pace->e_tag == ACL_USER) { in set_posix_acl_entries_dacl()
613 } else if (pace->e_tag == ACL_GROUP) { in set_posix_acl_entries_dacl()
618 } else if (pace->e_tag == ACL_OTHER && !nt_aces_num) { in set_posix_acl_entries_dacl()
626 if (ntace->sid.sub_auth[ntace->sid.num_subauth - 1] == in set_posix_acl_entries_dacl()
627 sid->sub_auth[sid->num_subauth - 1]) in set_posix_acl_entries_dacl()
630 le16_to_cpu(ntace->size)); in set_posix_acl_entries_dacl()
633 if (S_ISDIR(fattr->cf_mode) && pace->e_tag == ACL_OTHER) in set_posix_acl_entries_dacl()
638 pace->e_perm, 0777); in set_posix_acl_entries_dacl()
640 if (pace->e_tag == ACL_USER) in set_posix_acl_entries_dacl()
641 ntace->access_req |= in set_posix_acl_entries_dacl()
644 if (S_ISDIR(fattr->cf_mode) && in set_posix_acl_entries_dacl()
645 (pace->e_tag == ACL_USER || pace->e_tag == ACL_GROUP)) { in set_posix_acl_entries_dacl()
648 0x03, pace->e_perm, 0777); in set_posix_acl_entries_dacl()
650 if (pace->e_tag == ACL_USER) in set_posix_acl_entries_dacl()
651 ntace->access_req |= in set_posix_acl_entries_dacl()
663 if (!fattr->cf_dacls) in set_posix_acl_entries_dacl()
666 pace = fattr->cf_dacls->a_entries; in set_posix_acl_entries_dacl()
667 for (i = 0; i < fattr->cf_dacls->a_count; i++, pace++) { in set_posix_acl_entries_dacl()
672 if (pace->e_tag == ACL_USER) { in set_posix_acl_entries_dacl()
677 } else if (pace->e_tag == ACL_GROUP) { in set_posix_acl_entries_dacl()
689 pace->e_perm, 0777); in set_posix_acl_entries_dacl()
691 if (pace->e_tag == ACL_USER) in set_posix_acl_entries_dacl()
692 ntace->access_req |= in set_posix_acl_entries_dacl()
707 int nt_num_aces = le32_to_cpu(nt_dacl->num_aces), num_aces = 0; in set_ntacl_dacl()
720 nt_ace_size = le16_to_cpu(ntace->size); in set_ntacl_dacl()
726 aces_size -= nt_ace_size; in set_ntacl_dacl()
734 pndacl->num_aces = cpu_to_le32(num_aces); in set_ntacl_dacl()
735 pndacl->size = cpu_to_le16(le16_to_cpu(pndacl->size) + size); in set_ntacl_dacl()
749 if (fattr->cf_acls) { in set_mode_dacl()
756 uid = from_kuid(&init_user_ns, fattr->cf_uid); in set_mode_dacl()
762 fattr->cf_mode, 0700); in set_mode_dacl()
763 pace->sid.sub_auth[pace->sid.num_subauth++] = cpu_to_le32(uid); in set_mode_dacl()
764 pace->size = cpu_to_le16(ace_size + 4); in set_mode_dacl()
765 size += le16_to_cpu(pace->size); in set_mode_dacl()
770 ACCESS_ALLOWED, 0, fattr->cf_mode, 0070); in set_mode_dacl()
771 pace->sid.sub_auth[pace->sid.num_subauth++] = in set_mode_dacl()
772 cpu_to_le32(from_kgid(&init_user_ns, fattr->cf_gid)); in set_mode_dacl()
773 pace->size = cpu_to_le16(ace_size + 4); in set_mode_dacl()
774 size += le16_to_cpu(pace->size); in set_mode_dacl()
778 if (S_ISDIR(fattr->cf_mode)) { in set_mode_dacl()
783 0x0b, fattr->cf_mode, 0700); in set_mode_dacl()
788 0x0b, fattr->cf_mode, 0070); in set_mode_dacl()
795 fattr->cf_mode, 0007); in set_mode_dacl()
798 pndacl->num_aces = cpu_to_le32(num_aces); in set_mode_dacl()
799 pndacl->size = cpu_to_le16(le16_to_cpu(pndacl->size) + size); in set_mode_dacl()
805 * validate that we do not go past end of ACL - sid must be at least 8 in parse_sid()
806 * bytes long (assuming no sub-auths - e.g. the null SID in parse_sid()
810 return -EINVAL; in parse_sid()
813 if (!psid->num_subauth) in parse_sid()
816 if (psid->num_subauth > SID_MAX_SUB_AUTHORITIES || in parse_sid()
817 end_of_acl < (char *)psid + 8 + sizeof(__le32) * psid->num_subauth) in parse_sid()
818 return -EINVAL; in parse_sid()
835 return -EIO; in parse_sec_desc()
838 return -EINVAL; in parse_sec_desc()
841 le32_to_cpu(pntsd->osidoffset)); in parse_sec_desc()
843 le32_to_cpu(pntsd->gsidoffset)); in parse_sec_desc()
844 dacloffset = le32_to_cpu(pntsd->dacloffset); in parse_sec_desc()
848 pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset), in parse_sec_desc()
849 le32_to_cpu(pntsd->gsidoffset), in parse_sec_desc()
850 le32_to_cpu(pntsd->sacloffset), dacloffset); in parse_sec_desc()
852 pntsd_type = le16_to_cpu(pntsd->type); in parse_sec_desc()
854 ksmbd_debug(SMB, "DACL_PRESENT in DACL type is not set\n"); in parse_sec_desc()
858 pntsd->type = cpu_to_le16(DACL_PRESENT); in parse_sec_desc()
860 if (pntsd->osidoffset) { in parse_sec_desc()
861 if (le32_to_cpu(pntsd->osidoffset) < sizeof(struct smb_ntsd)) in parse_sec_desc()
862 return -EINVAL; in parse_sec_desc()
878 if (pntsd->gsidoffset) { in parse_sec_desc()
879 if (le32_to_cpu(pntsd->gsidoffset) < sizeof(struct smb_ntsd)) in parse_sec_desc()
880 return -EINVAL; in parse_sec_desc()
898 pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); in parse_sec_desc()
900 pntsd->type |= cpu_to_le16(DACL_PROTECTED); in parse_sec_desc()
904 return -EINVAL; in parse_sec_desc()
930 return -ENOMEM; in build_sec_desc()
932 uid = from_kuid(&init_user_ns, fattr->cf_uid); in build_sec_desc()
940 return -ENOMEM; in build_sec_desc()
943 gid = from_kgid(&init_user_ns, fattr->cf_gid); in build_sec_desc()
947 pntsd->sacloffset = 0; in build_sec_desc()
948 pntsd->revision = cpu_to_le16(1); in build_sec_desc()
949 pntsd->type = cpu_to_le16(SELF_RELATIVE); in build_sec_desc()
951 pntsd->type |= ppntsd->type; in build_sec_desc()
954 pntsd->osidoffset = cpu_to_le32(offset); in build_sec_desc()
957 offset += 1 + 1 + 6 + (nowner_sid_ptr->num_subauth * 4); in build_sec_desc()
961 pntsd->gsidoffset = cpu_to_le32(offset); in build_sec_desc()
964 offset += 1 + 1 + 6 + (ngroup_sid_ptr->num_subauth * 4); in build_sec_desc()
968 pntsd->type |= cpu_to_le16(DACL_PRESENT); in build_sec_desc()
970 dacl_ptr->revision = cpu_to_le16(2); in build_sec_desc()
971 dacl_ptr->size = cpu_to_le16(sizeof(struct smb_acl)); in build_sec_desc()
972 dacl_ptr->num_aces = 0; in build_sec_desc()
978 unsigned int dacl_offset = le32_to_cpu(ppntsd->dacloffset); in build_sec_desc()
979 int ppdacl_size, ntacl_size = ppntsd_size - dacl_offset; in build_sec_desc()
986 ppdacl_size = le16_to_cpu(ppdacl_ptr->size); in build_sec_desc()
992 ntacl_size - sizeof(struct smb_acl), in build_sec_desc()
996 pntsd->dacloffset = cpu_to_le32(offset); in build_sec_desc()
997 offset += le16_to_cpu(dacl_ptr->size); in build_sec_desc()
1010 ace->type = type; in smb_set_ace()
1011 ace->flags = flags; in smb_set_ace()
1012 ace->access_req = access_req; in smb_set_ace()
1013 smb_copy_sid(&ace->sid, sid); in smb_set_ace()
1014 ace->size = cpu_to_le16(1 + 1 + 2 + 4 + 1 + 1 + 6 + (sid->num_subauth * 4)); in smb_set_ace()
1022 struct smb_ace *parent_aces, *aces; in smb_inherit_dacl() local
1026 struct dentry *parent = path->dentry->d_parent; in smb_inherit_dacl()
1027 struct mnt_idmap *idmap = mnt_idmap(path->mnt); in smb_inherit_dacl()
1031 bool is_dir = S_ISDIR(d_inode(path->dentry)->i_mode); in smb_inherit_dacl()
1036 return -ENOENT; in smb_inherit_dacl()
1037 dacloffset = le32_to_cpu(parent_pntsd->dacloffset); in smb_inherit_dacl()
1039 rc = -EINVAL; in smb_inherit_dacl()
1044 acl_len = pntsd_size - dacloffset; in smb_inherit_dacl()
1045 num_aces = le32_to_cpu(parent_pdacl->num_aces); in smb_inherit_dacl()
1046 pntsd_type = le16_to_cpu(parent_pntsd->type); in smb_inherit_dacl()
1047 pdacl_size = le16_to_cpu(parent_pdacl->size); in smb_inherit_dacl()
1050 rc = -EINVAL; in smb_inherit_dacl()
1056 rc = -ENOMEM; in smb_inherit_dacl()
1060 aces = (struct smb_ace *)aces_base; in smb_inherit_dacl()
1063 aces_size = acl_len - sizeof(struct smb_acl); in smb_inherit_dacl()
1074 pace_size = le16_to_cpu(parent_aces->size); in smb_inherit_dacl()
1078 aces_size -= pace_size; in smb_inherit_dacl()
1080 flags = parent_aces->flags; in smb_inherit_dacl()
1093 if (!compare_sids(&creator_owner, &parent_aces->sid)) { in smb_inherit_dacl()
1097 } else if (!compare_sids(&creator_group, &parent_aces->sid)) { in smb_inherit_dacl()
1103 psid = &parent_aces->sid; in smb_inherit_dacl()
1107 smb_set_ace(aces, psid, parent_aces->type, inherited_flags, in smb_inherit_dacl()
1108 parent_aces->access_req); in smb_inherit_dacl()
1109 nt_size += le16_to_cpu(aces->size); in smb_inherit_dacl()
1111 aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); in smb_inherit_dacl()
1114 } else if (is_dir && !(parent_aces->flags & NO_PROPAGATE_INHERIT_ACE)) { in smb_inherit_dacl()
1115 psid = &parent_aces->sid; in smb_inherit_dacl()
1118 smb_set_ace(aces, psid, parent_aces->type, flags | inherited_flags, in smb_inherit_dacl()
1119 parent_aces->access_req); in smb_inherit_dacl()
1120 nt_size += le16_to_cpu(aces->size); in smb_inherit_dacl()
1121 aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); in smb_inherit_dacl()
1134 if (parent_pntsd->osidoffset) { in smb_inherit_dacl()
1136 le32_to_cpu(parent_pntsd->osidoffset)); in smb_inherit_dacl()
1137 powner_sid_size = 1 + 1 + 6 + (powner_sid->num_subauth * 4); in smb_inherit_dacl()
1139 if (parent_pntsd->gsidoffset) { in smb_inherit_dacl()
1141 le32_to_cpu(parent_pntsd->gsidoffset)); in smb_inherit_dacl()
1142 pgroup_sid_size = 1 + 1 + 6 + (pgroup_sid->num_subauth * 4); in smb_inherit_dacl()
1150 rc = -ENOMEM; in smb_inherit_dacl()
1154 pntsd->revision = cpu_to_le16(1); in smb_inherit_dacl()
1155 pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PRESENT); in smb_inherit_dacl()
1156 if (le16_to_cpu(parent_pntsd->type) & DACL_AUTO_INHERITED) in smb_inherit_dacl()
1157 pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); in smb_inherit_dacl()
1159 pntsd->osidoffset = parent_pntsd->osidoffset; in smb_inherit_dacl()
1160 pntsd->gsidoffset = parent_pntsd->gsidoffset; in smb_inherit_dacl()
1161 pntsd->dacloffset = parent_pntsd->dacloffset; in smb_inherit_dacl()
1163 if ((u64)le32_to_cpu(pntsd->osidoffset) + powner_sid_size > in smb_inherit_dacl()
1165 rc = -EINVAL; in smb_inherit_dacl()
1170 if ((u64)le32_to_cpu(pntsd->gsidoffset) + pgroup_sid_size > in smb_inherit_dacl()
1172 rc = -EINVAL; in smb_inherit_dacl()
1177 if ((u64)le32_to_cpu(pntsd->dacloffset) + sizeof(struct smb_acl) + nt_size > in smb_inherit_dacl()
1179 rc = -EINVAL; in smb_inherit_dacl()
1184 if (pntsd->osidoffset) { in smb_inherit_dacl()
1186 le32_to_cpu(pntsd->osidoffset)); in smb_inherit_dacl()
1191 if (pntsd->gsidoffset) { in smb_inherit_dacl()
1193 le32_to_cpu(pntsd->gsidoffset)); in smb_inherit_dacl()
1198 if (pntsd->dacloffset) { in smb_inherit_dacl()
1201 pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); in smb_inherit_dacl()
1202 pdacl->revision = cpu_to_le16(2); in smb_inherit_dacl()
1203 pdacl->size = cpu_to_le16(sizeof(struct smb_acl) + nt_size); in smb_inherit_dacl()
1204 pdacl->num_aces = cpu_to_le32(ace_cnt); in smb_inherit_dacl()
1237 struct mnt_idmap *idmap = mnt_idmap(path->mnt); in smb_check_perm_dacl()
1254 path->dentry, &pntsd); in smb_check_perm_dacl()
1258 dacl_offset = le32_to_cpu(pntsd->dacloffset); in smb_check_perm_dacl()
1263 pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); in smb_check_perm_dacl()
1264 acl_size = pntsd_size - dacl_offset; in smb_check_perm_dacl()
1265 pdacl_size = le16_to_cpu(pdacl->size); in smb_check_perm_dacl()
1270 if (!pdacl->num_aces) { in smb_check_perm_dacl()
1271 if (!(pdacl_size - sizeof(struct smb_acl)) && in smb_check_perm_dacl()
1273 rc = -EACCES; in smb_check_perm_dacl()
1284 aces_size = acl_size - sizeof(struct smb_acl); in smb_check_perm_dacl()
1285 for (i = 0; i < le32_to_cpu(pdacl->num_aces); i++) { in smb_check_perm_dacl()
1288 ace_size = le16_to_cpu(ace->size); in smb_check_perm_dacl()
1291 aces_size -= ace_size; in smb_check_perm_dacl()
1292 granted |= le32_to_cpu(ace->access_req); in smb_check_perm_dacl()
1293 ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size)); in smb_check_perm_dacl()
1296 if (!pdacl->num_aces) in smb_check_perm_dacl()
1305 aces_size = acl_size - sizeof(struct smb_acl); in smb_check_perm_dacl()
1306 for (i = 0; i < le32_to_cpu(pdacl->num_aces); i++) { in smb_check_perm_dacl()
1309 ace_size = le16_to_cpu(ace->size); in smb_check_perm_dacl()
1312 aces_size -= ace_size; in smb_check_perm_dacl()
1314 if (!compare_sids(&sid, &ace->sid) || in smb_check_perm_dacl()
1315 !compare_sids(&sid_unix_NFS_mode, &ace->sid)) { in smb_check_perm_dacl()
1319 if (!compare_sids(&sid_everyone, &ace->sid)) in smb_check_perm_dacl()
1322 ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size)); in smb_check_perm_dacl()
1329 granted |= le32_to_cpu(ace->access_req); in smb_check_perm_dacl()
1331 if (!pdacl->num_aces) in smb_check_perm_dacl()
1336 posix_acls = get_inode_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); in smb_check_perm_dacl()
1338 unsigned int id = -1; in smb_check_perm_dacl()
1340 pa_entry = posix_acls->a_entries; in smb_check_perm_dacl()
1341 for (i = 0; i < posix_acls->a_count; i++, pa_entry++) { in smb_check_perm_dacl()
1342 if (pa_entry->e_tag == ACL_USER) in smb_check_perm_dacl()
1344 else if (pa_entry->e_tag == ACL_GROUP) in smb_check_perm_dacl()
1350 mode_to_access_flags(pa_entry->e_perm, in smb_check_perm_dacl()
1370 rc = -EACCES; in smb_check_perm_dacl()
1375 switch (ace->type) { in smb_check_perm_dacl()
1377 access_bits = le32_to_cpu(ace->access_req); in smb_check_perm_dacl()
1381 access_bits = le32_to_cpu(~ace->access_req); in smb_check_perm_dacl()
1389 granted, le32_to_cpu(ace->access_req)); in smb_check_perm_dacl()
1390 rc = -EACCES; in smb_check_perm_dacl()
1406 struct inode *inode = d_inode(path->dentry); in set_info_sec()
1407 struct mnt_idmap *idmap = mnt_idmap(path->mnt); in set_info_sec()
1412 fattr.cf_mode = inode->i_mode; in set_info_sec()
1428 newattrs.ia_mode = (inode->i_mode & ~0777) | (fattr.cf_mode & 0777); in set_info_sec()
1433 rc = set_posix_acl(idmap, path->dentry, in set_info_sec()
1437 "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", in set_info_sec()
1439 if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) { in set_info_sec()
1440 rc = set_posix_acl(idmap, path->dentry, in set_info_sec()
1444 "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", in set_info_sec()
1450 rc = notify_change(idmap, path->dentry, &newattrs, NULL); in set_info_sec()
1456 if (type_check && !(le16_to_cpu(pntsd->type) & DACL_PRESENT)) in set_info_sec()
1459 if (test_share_config_flag(tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) { in set_info_sec()