1 /* 2 * ioctl.c 3 * 4 * Copyright (C) 1995, 1996 by Volker Lendecke 5 * Modified 1997 Peter Waltenberg, Bill Hawes, David Woodhouse for 2.1 dcache 6 * Modified 1998, 1999 Wolfram Pienkoss for NLS 7 * 8 */ 9 10 #include <linux/capability.h> 11 #include <linux/compat.h> 12 #include <linux/errno.h> 13 #include <linux/fs.h> 14 #include <linux/ioctl.h> 15 #include <linux/time.h> 16 #include <linux/mm.h> 17 #include <linux/mount.h> 18 #include <linux/slab.h> 19 #include <linux/highuid.h> 20 #include <linux/vmalloc.h> 21 #include <linux/sched.h> 22 23 #include <asm/uaccess.h> 24 25 #include "ncp_fs.h" 26 27 /* maximum limit for ncp_objectname_ioctl */ 28 #define NCP_OBJECT_NAME_MAX_LEN 4096 29 /* maximum limit for ncp_privatedata_ioctl */ 30 #define NCP_PRIVATE_DATA_MAX_LEN 8192 31 /* maximum negotiable packet size */ 32 #define NCP_PACKET_SIZE_INTERNAL 65536 33 34 static int ncp_get_fs_info(struct ncp_server * server,struct inode * inode,struct ncp_fs_info __user * arg)35 ncp_get_fs_info(struct ncp_server * server, struct inode *inode, 36 struct ncp_fs_info __user *arg) 37 { 38 struct ncp_fs_info info; 39 40 if (copy_from_user(&info, arg, sizeof(info))) 41 return -EFAULT; 42 43 if (info.version != NCP_GET_FS_INFO_VERSION) { 44 ncp_dbg(1, "info.version invalid: %d\n", info.version); 45 return -EINVAL; 46 } 47 /* TODO: info.addr = server->m.serv_addr; */ 48 SET_UID(info.mounted_uid, from_kuid_munged(current_user_ns(), server->m.mounted_uid)); 49 info.connection = server->connection; 50 info.buffer_size = server->buffer_size; 51 info.volume_number = NCP_FINFO(inode)->volNumber; 52 info.directory_id = NCP_FINFO(inode)->DosDirNum; 53 54 if (copy_to_user(arg, &info, sizeof(info))) 55 return -EFAULT; 56 return 0; 57 } 58 59 static int ncp_get_fs_info_v2(struct ncp_server * server,struct inode * inode,struct ncp_fs_info_v2 __user * arg)60 ncp_get_fs_info_v2(struct ncp_server * server, struct inode *inode, 61 struct ncp_fs_info_v2 __user * arg) 62 { 63 struct ncp_fs_info_v2 info2; 64 65 if (copy_from_user(&info2, arg, sizeof(info2))) 66 return -EFAULT; 67 68 if (info2.version != NCP_GET_FS_INFO_VERSION_V2) { 69 ncp_dbg(1, "info.version invalid: %d\n", info2.version); 70 return -EINVAL; 71 } 72 info2.mounted_uid = from_kuid_munged(current_user_ns(), server->m.mounted_uid); 73 info2.connection = server->connection; 74 info2.buffer_size = server->buffer_size; 75 info2.volume_number = NCP_FINFO(inode)->volNumber; 76 info2.directory_id = NCP_FINFO(inode)->DosDirNum; 77 info2.dummy1 = info2.dummy2 = info2.dummy3 = 0; 78 79 if (copy_to_user(arg, &info2, sizeof(info2))) 80 return -EFAULT; 81 return 0; 82 } 83 84 #ifdef CONFIG_COMPAT 85 struct compat_ncp_objectname_ioctl 86 { 87 s32 auth_type; 88 u32 object_name_len; 89 compat_caddr_t object_name; /* a userspace data, in most cases user name */ 90 }; 91 92 struct compat_ncp_fs_info_v2 { 93 s32 version; 94 u32 mounted_uid; 95 u32 connection; 96 u32 buffer_size; 97 98 u32 volume_number; 99 u32 directory_id; 100 101 u32 dummy1; 102 u32 dummy2; 103 u32 dummy3; 104 }; 105 106 struct compat_ncp_ioctl_request { 107 u32 function; 108 u32 size; 109 compat_caddr_t data; 110 }; 111 112 struct compat_ncp_privatedata_ioctl 113 { 114 u32 len; 115 compat_caddr_t data; /* ~1000 for NDS */ 116 }; 117 118 #define NCP_IOC_GET_FS_INFO_V2_32 _IOWR('n', 4, struct compat_ncp_fs_info_v2) 119 #define NCP_IOC_NCPREQUEST_32 _IOR('n', 1, struct compat_ncp_ioctl_request) 120 #define NCP_IOC_GETOBJECTNAME_32 _IOWR('n', 9, struct compat_ncp_objectname_ioctl) 121 #define NCP_IOC_SETOBJECTNAME_32 _IOR('n', 9, struct compat_ncp_objectname_ioctl) 122 #define NCP_IOC_GETPRIVATEDATA_32 _IOWR('n', 10, struct compat_ncp_privatedata_ioctl) 123 #define NCP_IOC_SETPRIVATEDATA_32 _IOR('n', 10, struct compat_ncp_privatedata_ioctl) 124 125 static int ncp_get_compat_fs_info_v2(struct ncp_server * server,struct inode * inode,struct compat_ncp_fs_info_v2 __user * arg)126 ncp_get_compat_fs_info_v2(struct ncp_server * server, struct inode *inode, 127 struct compat_ncp_fs_info_v2 __user * arg) 128 { 129 struct compat_ncp_fs_info_v2 info2; 130 131 if (copy_from_user(&info2, arg, sizeof(info2))) 132 return -EFAULT; 133 134 if (info2.version != NCP_GET_FS_INFO_VERSION_V2) { 135 ncp_dbg(1, "info.version invalid: %d\n", info2.version); 136 return -EINVAL; 137 } 138 info2.mounted_uid = from_kuid_munged(current_user_ns(), server->m.mounted_uid); 139 info2.connection = server->connection; 140 info2.buffer_size = server->buffer_size; 141 info2.volume_number = NCP_FINFO(inode)->volNumber; 142 info2.directory_id = NCP_FINFO(inode)->DosDirNum; 143 info2.dummy1 = info2.dummy2 = info2.dummy3 = 0; 144 145 if (copy_to_user(arg, &info2, sizeof(info2))) 146 return -EFAULT; 147 return 0; 148 } 149 #endif 150 151 #define NCP_IOC_GETMOUNTUID16 _IOW('n', 2, u16) 152 #define NCP_IOC_GETMOUNTUID32 _IOW('n', 2, u32) 153 #define NCP_IOC_GETMOUNTUID64 _IOW('n', 2, u64) 154 155 #ifdef CONFIG_NCPFS_NLS 156 /* Here we are select the iocharset and the codepage for NLS. 157 * Thanks Petr Vandrovec for idea and many hints. 158 */ 159 static int ncp_set_charsets(struct ncp_server * server,struct ncp_nls_ioctl __user * arg)160 ncp_set_charsets(struct ncp_server* server, struct ncp_nls_ioctl __user *arg) 161 { 162 struct ncp_nls_ioctl user; 163 struct nls_table *codepage; 164 struct nls_table *iocharset; 165 struct nls_table *oldset_io; 166 struct nls_table *oldset_cp; 167 int utf8; 168 int err; 169 170 if (copy_from_user(&user, arg, sizeof(user))) 171 return -EFAULT; 172 173 codepage = NULL; 174 user.codepage[NCP_IOCSNAME_LEN] = 0; 175 if (!user.codepage[0] || !strcmp(user.codepage, "default")) 176 codepage = load_nls_default(); 177 else { 178 codepage = load_nls(user.codepage); 179 if (!codepage) { 180 return -EBADRQC; 181 } 182 } 183 184 iocharset = NULL; 185 user.iocharset[NCP_IOCSNAME_LEN] = 0; 186 if (!user.iocharset[0] || !strcmp(user.iocharset, "default")) { 187 iocharset = load_nls_default(); 188 utf8 = 0; 189 } else if (!strcmp(user.iocharset, "utf8")) { 190 iocharset = load_nls_default(); 191 utf8 = 1; 192 } else { 193 iocharset = load_nls(user.iocharset); 194 if (!iocharset) { 195 unload_nls(codepage); 196 return -EBADRQC; 197 } 198 utf8 = 0; 199 } 200 201 mutex_lock(&server->root_setup_lock); 202 if (server->root_setuped) { 203 oldset_cp = codepage; 204 oldset_io = iocharset; 205 err = -EBUSY; 206 } else { 207 if (utf8) 208 NCP_SET_FLAG(server, NCP_FLAG_UTF8); 209 else 210 NCP_CLR_FLAG(server, NCP_FLAG_UTF8); 211 oldset_cp = server->nls_vol; 212 server->nls_vol = codepage; 213 oldset_io = server->nls_io; 214 server->nls_io = iocharset; 215 err = 0; 216 } 217 mutex_unlock(&server->root_setup_lock); 218 unload_nls(oldset_cp); 219 unload_nls(oldset_io); 220 221 return err; 222 } 223 224 static int ncp_get_charsets(struct ncp_server * server,struct ncp_nls_ioctl __user * arg)225 ncp_get_charsets(struct ncp_server* server, struct ncp_nls_ioctl __user *arg) 226 { 227 struct ncp_nls_ioctl user; 228 int len; 229 230 memset(&user, 0, sizeof(user)); 231 mutex_lock(&server->root_setup_lock); 232 if (server->nls_vol && server->nls_vol->charset) { 233 len = strlen(server->nls_vol->charset); 234 if (len > NCP_IOCSNAME_LEN) 235 len = NCP_IOCSNAME_LEN; 236 strscpy(user.codepage, server->nls_vol->charset, NCP_IOCSNAME_LEN); 237 user.codepage[len] = 0; 238 } 239 240 if (NCP_IS_FLAG(server, NCP_FLAG_UTF8)) 241 strcpy(user.iocharset, "utf8"); 242 else if (server->nls_io && server->nls_io->charset) { 243 len = strlen(server->nls_io->charset); 244 if (len > NCP_IOCSNAME_LEN) 245 len = NCP_IOCSNAME_LEN; 246 strscpy(user.iocharset, server->nls_io->charset, NCP_IOCSNAME_LEN); 247 user.iocharset[len] = 0; 248 } 249 mutex_unlock(&server->root_setup_lock); 250 251 if (copy_to_user(arg, &user, sizeof(user))) 252 return -EFAULT; 253 return 0; 254 } 255 #endif /* CONFIG_NCPFS_NLS */ 256 __ncp_ioctl(struct inode * inode,unsigned int cmd,unsigned long arg)257 static long __ncp_ioctl(struct inode *inode, unsigned int cmd, unsigned long arg) 258 { 259 struct ncp_server *server = NCP_SERVER(inode); 260 int result; 261 struct ncp_ioctl_request request; 262 char* bouncebuffer; 263 void __user *argp = (void __user *)arg; 264 265 switch (cmd) { 266 #ifdef CONFIG_COMPAT 267 case NCP_IOC_NCPREQUEST_32: 268 #endif 269 case NCP_IOC_NCPREQUEST: 270 #ifdef CONFIG_COMPAT 271 if (cmd == NCP_IOC_NCPREQUEST_32) { 272 struct compat_ncp_ioctl_request request32; 273 if (copy_from_user(&request32, argp, sizeof(request32))) 274 return -EFAULT; 275 request.function = request32.function; 276 request.size = request32.size; 277 request.data = compat_ptr(request32.data); 278 } else 279 #endif 280 if (copy_from_user(&request, argp, sizeof(request))) 281 return -EFAULT; 282 283 if ((request.function > 255) 284 || (request.size > 285 NCP_PACKET_SIZE - sizeof(struct ncp_request_header))) { 286 return -EINVAL; 287 } 288 bouncebuffer = vmalloc(NCP_PACKET_SIZE_INTERNAL); 289 if (!bouncebuffer) 290 return -ENOMEM; 291 if (copy_from_user(bouncebuffer, request.data, request.size)) { 292 vfree(bouncebuffer); 293 return -EFAULT; 294 } 295 ncp_lock_server(server); 296 297 /* FIXME: We hack around in the server's structures 298 here to be able to use ncp_request */ 299 300 server->has_subfunction = 0; 301 server->current_size = request.size; 302 memcpy(server->packet, bouncebuffer, request.size); 303 304 result = ncp_request2(server, request.function, 305 bouncebuffer, NCP_PACKET_SIZE_INTERNAL); 306 if (result < 0) 307 result = -EIO; 308 else 309 result = server->reply_size; 310 ncp_unlock_server(server); 311 ncp_dbg(1, "copy %d bytes\n", result); 312 if (result >= 0) 313 if (copy_to_user(request.data, bouncebuffer, result)) 314 result = -EFAULT; 315 vfree(bouncebuffer); 316 return result; 317 318 case NCP_IOC_CONN_LOGGED_IN: 319 320 if (!(server->m.int_flags & NCP_IMOUNT_LOGGEDIN_POSSIBLE)) 321 return -EINVAL; 322 mutex_lock(&server->root_setup_lock); 323 if (server->root_setuped) 324 result = -EBUSY; 325 else { 326 result = ncp_conn_logged_in(inode->i_sb); 327 if (result == 0) 328 server->root_setuped = 1; 329 } 330 mutex_unlock(&server->root_setup_lock); 331 return result; 332 333 case NCP_IOC_GET_FS_INFO: 334 return ncp_get_fs_info(server, inode, argp); 335 336 case NCP_IOC_GET_FS_INFO_V2: 337 return ncp_get_fs_info_v2(server, inode, argp); 338 339 #ifdef CONFIG_COMPAT 340 case NCP_IOC_GET_FS_INFO_V2_32: 341 return ncp_get_compat_fs_info_v2(server, inode, argp); 342 #endif 343 /* we have too many combinations of CONFIG_COMPAT, 344 * CONFIG_64BIT and CONFIG_UID16, so just handle 345 * any of the possible ioctls */ 346 case NCP_IOC_GETMOUNTUID16: 347 { 348 u16 uid; 349 350 SET_UID(uid, from_kuid_munged(current_user_ns(), server->m.mounted_uid)); 351 if (put_user(uid, (u16 __user *)argp)) 352 return -EFAULT; 353 return 0; 354 } 355 case NCP_IOC_GETMOUNTUID32: 356 { 357 uid_t uid = from_kuid_munged(current_user_ns(), server->m.mounted_uid); 358 if (put_user(uid, (u32 __user *)argp)) 359 return -EFAULT; 360 return 0; 361 } 362 case NCP_IOC_GETMOUNTUID64: 363 { 364 uid_t uid = from_kuid_munged(current_user_ns(), server->m.mounted_uid); 365 if (put_user(uid, (u64 __user *)argp)) 366 return -EFAULT; 367 return 0; 368 } 369 case NCP_IOC_GETROOT: 370 { 371 struct ncp_setroot_ioctl sr; 372 373 result = -EACCES; 374 mutex_lock(&server->root_setup_lock); 375 if (server->m.mounted_vol[0]) { 376 struct dentry* dentry = inode->i_sb->s_root; 377 378 if (dentry) { 379 struct inode* s_inode = d_inode(dentry); 380 381 if (s_inode) { 382 sr.volNumber = NCP_FINFO(s_inode)->volNumber; 383 sr.dirEntNum = NCP_FINFO(s_inode)->dirEntNum; 384 sr.namespace = server->name_space[sr.volNumber]; 385 result = 0; 386 } else 387 ncp_dbg(1, "d_inode(s_root)==NULL\n"); 388 } else 389 ncp_dbg(1, "s_root==NULL\n"); 390 } else { 391 sr.volNumber = -1; 392 sr.namespace = 0; 393 sr.dirEntNum = 0; 394 result = 0; 395 } 396 mutex_unlock(&server->root_setup_lock); 397 if (!result && copy_to_user(argp, &sr, sizeof(sr))) 398 result = -EFAULT; 399 return result; 400 } 401 402 case NCP_IOC_SETROOT: 403 { 404 struct ncp_setroot_ioctl sr; 405 __u32 vnum; 406 __le32 de; 407 __le32 dosde; 408 struct dentry* dentry; 409 410 if (copy_from_user(&sr, argp, sizeof(sr))) 411 return -EFAULT; 412 mutex_lock(&server->root_setup_lock); 413 if (server->root_setuped) 414 result = -EBUSY; 415 else { 416 if (sr.volNumber < 0) { 417 server->m.mounted_vol[0] = 0; 418 vnum = NCP_NUMBER_OF_VOLUMES; 419 de = 0; 420 dosde = 0; 421 result = 0; 422 } else if (sr.volNumber >= NCP_NUMBER_OF_VOLUMES) { 423 result = -EINVAL; 424 } else if (ncp_mount_subdir(server, sr.volNumber, 425 sr.namespace, sr.dirEntNum, 426 &vnum, &de, &dosde)) { 427 result = -ENOENT; 428 } else 429 result = 0; 430 431 if (result == 0) { 432 dentry = inode->i_sb->s_root; 433 if (dentry) { 434 struct inode* s_inode = d_inode(dentry); 435 436 if (s_inode) { 437 NCP_FINFO(s_inode)->volNumber = vnum; 438 NCP_FINFO(s_inode)->dirEntNum = de; 439 NCP_FINFO(s_inode)->DosDirNum = dosde; 440 server->root_setuped = 1; 441 } else { 442 ncp_dbg(1, "d_inode(s_root)==NULL\n"); 443 result = -EIO; 444 } 445 } else { 446 ncp_dbg(1, "s_root==NULL\n"); 447 result = -EIO; 448 } 449 } 450 } 451 mutex_unlock(&server->root_setup_lock); 452 453 return result; 454 } 455 456 #ifdef CONFIG_NCPFS_PACKET_SIGNING 457 case NCP_IOC_SIGN_INIT: 458 { 459 struct ncp_sign_init sign; 460 461 if (argp) 462 if (copy_from_user(&sign, argp, sizeof(sign))) 463 return -EFAULT; 464 ncp_lock_server(server); 465 mutex_lock(&server->rcv.creq_mutex); 466 if (argp) { 467 if (server->sign_wanted) { 468 memcpy(server->sign_root,sign.sign_root,8); 469 memcpy(server->sign_last,sign.sign_last,16); 470 server->sign_active = 1; 471 } 472 /* ignore when signatures not wanted */ 473 } else { 474 server->sign_active = 0; 475 } 476 mutex_unlock(&server->rcv.creq_mutex); 477 ncp_unlock_server(server); 478 return 0; 479 } 480 481 case NCP_IOC_SIGN_WANTED: 482 { 483 int state; 484 485 ncp_lock_server(server); 486 state = server->sign_wanted; 487 ncp_unlock_server(server); 488 if (put_user(state, (int __user *)argp)) 489 return -EFAULT; 490 return 0; 491 } 492 493 case NCP_IOC_SET_SIGN_WANTED: 494 { 495 int newstate; 496 497 /* get only low 8 bits... */ 498 if (get_user(newstate, (unsigned char __user *)argp)) 499 return -EFAULT; 500 result = 0; 501 ncp_lock_server(server); 502 if (server->sign_active) { 503 /* cannot turn signatures OFF when active */ 504 if (!newstate) 505 result = -EINVAL; 506 } else { 507 server->sign_wanted = newstate != 0; 508 } 509 ncp_unlock_server(server); 510 return result; 511 } 512 513 #endif /* CONFIG_NCPFS_PACKET_SIGNING */ 514 515 #ifdef CONFIG_NCPFS_IOCTL_LOCKING 516 case NCP_IOC_LOCKUNLOCK: 517 { 518 struct ncp_lock_ioctl rqdata; 519 520 if (copy_from_user(&rqdata, argp, sizeof(rqdata))) 521 return -EFAULT; 522 if (rqdata.origin != 0) 523 return -EINVAL; 524 /* check for cmd */ 525 switch (rqdata.cmd) { 526 case NCP_LOCK_EX: 527 case NCP_LOCK_SH: 528 if (rqdata.timeout < 0) 529 return -EINVAL; 530 if (rqdata.timeout == 0) 531 rqdata.timeout = NCP_LOCK_DEFAULT_TIMEOUT; 532 else if (rqdata.timeout > NCP_LOCK_MAX_TIMEOUT) 533 rqdata.timeout = NCP_LOCK_MAX_TIMEOUT; 534 break; 535 case NCP_LOCK_LOG: 536 rqdata.timeout = NCP_LOCK_DEFAULT_TIMEOUT; /* has no effect */ 537 case NCP_LOCK_CLEAR: 538 break; 539 default: 540 return -EINVAL; 541 } 542 /* locking needs both read and write access */ 543 if ((result = ncp_make_open(inode, O_RDWR)) != 0) 544 { 545 return result; 546 } 547 result = -EISDIR; 548 if (!S_ISREG(inode->i_mode)) 549 goto outrel; 550 if (rqdata.cmd == NCP_LOCK_CLEAR) 551 { 552 result = ncp_ClearPhysicalRecord(NCP_SERVER(inode), 553 NCP_FINFO(inode)->file_handle, 554 rqdata.offset, 555 rqdata.length); 556 if (result > 0) result = 0; /* no such lock */ 557 } 558 else 559 { 560 int lockcmd; 561 562 switch (rqdata.cmd) 563 { 564 case NCP_LOCK_EX: lockcmd=1; break; 565 case NCP_LOCK_SH: lockcmd=3; break; 566 default: lockcmd=0; break; 567 } 568 result = ncp_LogPhysicalRecord(NCP_SERVER(inode), 569 NCP_FINFO(inode)->file_handle, 570 lockcmd, 571 rqdata.offset, 572 rqdata.length, 573 rqdata.timeout); 574 if (result > 0) result = -EAGAIN; 575 } 576 outrel: 577 ncp_inode_close(inode); 578 return result; 579 } 580 #endif /* CONFIG_NCPFS_IOCTL_LOCKING */ 581 582 #ifdef CONFIG_COMPAT 583 case NCP_IOC_GETOBJECTNAME_32: 584 { 585 struct compat_ncp_objectname_ioctl user; 586 size_t outl; 587 588 if (copy_from_user(&user, argp, sizeof(user))) 589 return -EFAULT; 590 down_read(&server->auth_rwsem); 591 user.auth_type = server->auth.auth_type; 592 outl = user.object_name_len; 593 user.object_name_len = server->auth.object_name_len; 594 if (outl > user.object_name_len) 595 outl = user.object_name_len; 596 result = 0; 597 if (outl) { 598 if (copy_to_user(compat_ptr(user.object_name), 599 server->auth.object_name, 600 outl)) 601 result = -EFAULT; 602 } 603 up_read(&server->auth_rwsem); 604 if (!result && copy_to_user(argp, &user, sizeof(user))) 605 result = -EFAULT; 606 return result; 607 } 608 #endif 609 610 case NCP_IOC_GETOBJECTNAME: 611 { 612 struct ncp_objectname_ioctl user; 613 size_t outl; 614 615 if (copy_from_user(&user, argp, sizeof(user))) 616 return -EFAULT; 617 down_read(&server->auth_rwsem); 618 user.auth_type = server->auth.auth_type; 619 outl = user.object_name_len; 620 user.object_name_len = server->auth.object_name_len; 621 if (outl > user.object_name_len) 622 outl = user.object_name_len; 623 result = 0; 624 if (outl) { 625 if (copy_to_user(user.object_name, 626 server->auth.object_name, 627 outl)) 628 result = -EFAULT; 629 } 630 up_read(&server->auth_rwsem); 631 if (!result && copy_to_user(argp, &user, sizeof(user))) 632 result = -EFAULT; 633 return result; 634 } 635 636 #ifdef CONFIG_COMPAT 637 case NCP_IOC_SETOBJECTNAME_32: 638 #endif 639 case NCP_IOC_SETOBJECTNAME: 640 { 641 struct ncp_objectname_ioctl user; 642 void* newname; 643 void* oldname; 644 size_t oldnamelen; 645 void* oldprivate; 646 size_t oldprivatelen; 647 648 #ifdef CONFIG_COMPAT 649 if (cmd == NCP_IOC_SETOBJECTNAME_32) { 650 struct compat_ncp_objectname_ioctl user32; 651 if (copy_from_user(&user32, argp, sizeof(user32))) 652 return -EFAULT; 653 user.auth_type = user32.auth_type; 654 user.object_name_len = user32.object_name_len; 655 user.object_name = compat_ptr(user32.object_name); 656 } else 657 #endif 658 if (copy_from_user(&user, argp, sizeof(user))) 659 return -EFAULT; 660 661 if (user.object_name_len > NCP_OBJECT_NAME_MAX_LEN) 662 return -ENOMEM; 663 if (user.object_name_len) { 664 newname = memdup_user(user.object_name, 665 user.object_name_len); 666 if (IS_ERR(newname)) 667 return PTR_ERR(newname); 668 } else { 669 newname = NULL; 670 } 671 down_write(&server->auth_rwsem); 672 oldname = server->auth.object_name; 673 oldnamelen = server->auth.object_name_len; 674 oldprivate = server->priv.data; 675 oldprivatelen = server->priv.len; 676 server->auth.auth_type = user.auth_type; 677 server->auth.object_name_len = user.object_name_len; 678 server->auth.object_name = newname; 679 server->priv.len = 0; 680 server->priv.data = NULL; 681 up_write(&server->auth_rwsem); 682 kfree(oldprivate); 683 kfree(oldname); 684 return 0; 685 } 686 687 #ifdef CONFIG_COMPAT 688 case NCP_IOC_GETPRIVATEDATA_32: 689 #endif 690 case NCP_IOC_GETPRIVATEDATA: 691 { 692 struct ncp_privatedata_ioctl user; 693 size_t outl; 694 695 #ifdef CONFIG_COMPAT 696 if (cmd == NCP_IOC_GETPRIVATEDATA_32) { 697 struct compat_ncp_privatedata_ioctl user32; 698 if (copy_from_user(&user32, argp, sizeof(user32))) 699 return -EFAULT; 700 user.len = user32.len; 701 user.data = compat_ptr(user32.data); 702 } else 703 #endif 704 if (copy_from_user(&user, argp, sizeof(user))) 705 return -EFAULT; 706 707 down_read(&server->auth_rwsem); 708 outl = user.len; 709 user.len = server->priv.len; 710 if (outl > user.len) outl = user.len; 711 result = 0; 712 if (outl) { 713 if (copy_to_user(user.data, 714 server->priv.data, 715 outl)) 716 result = -EFAULT; 717 } 718 up_read(&server->auth_rwsem); 719 if (result) 720 return result; 721 #ifdef CONFIG_COMPAT 722 if (cmd == NCP_IOC_GETPRIVATEDATA_32) { 723 struct compat_ncp_privatedata_ioctl user32; 724 user32.len = user.len; 725 user32.data = (unsigned long) user.data; 726 if (copy_to_user(argp, &user32, sizeof(user32))) 727 return -EFAULT; 728 } else 729 #endif 730 if (copy_to_user(argp, &user, sizeof(user))) 731 return -EFAULT; 732 733 return 0; 734 } 735 736 #ifdef CONFIG_COMPAT 737 case NCP_IOC_SETPRIVATEDATA_32: 738 #endif 739 case NCP_IOC_SETPRIVATEDATA: 740 { 741 struct ncp_privatedata_ioctl user; 742 void* new; 743 void* old; 744 size_t oldlen; 745 746 #ifdef CONFIG_COMPAT 747 if (cmd == NCP_IOC_SETPRIVATEDATA_32) { 748 struct compat_ncp_privatedata_ioctl user32; 749 if (copy_from_user(&user32, argp, sizeof(user32))) 750 return -EFAULT; 751 user.len = user32.len; 752 user.data = compat_ptr(user32.data); 753 } else 754 #endif 755 if (copy_from_user(&user, argp, sizeof(user))) 756 return -EFAULT; 757 758 if (user.len > NCP_PRIVATE_DATA_MAX_LEN) 759 return -ENOMEM; 760 if (user.len) { 761 new = memdup_user(user.data, user.len); 762 if (IS_ERR(new)) 763 return PTR_ERR(new); 764 } else { 765 new = NULL; 766 } 767 down_write(&server->auth_rwsem); 768 old = server->priv.data; 769 oldlen = server->priv.len; 770 server->priv.len = user.len; 771 server->priv.data = new; 772 up_write(&server->auth_rwsem); 773 kfree(old); 774 return 0; 775 } 776 777 #ifdef CONFIG_NCPFS_NLS 778 case NCP_IOC_SETCHARSETS: 779 return ncp_set_charsets(server, argp); 780 781 case NCP_IOC_GETCHARSETS: 782 return ncp_get_charsets(server, argp); 783 784 #endif /* CONFIG_NCPFS_NLS */ 785 786 case NCP_IOC_SETDENTRYTTL: 787 { 788 u_int32_t user; 789 790 if (copy_from_user(&user, argp, sizeof(user))) 791 return -EFAULT; 792 /* 20 secs at most... */ 793 if (user > 20000) 794 return -EINVAL; 795 user = (user * HZ) / 1000; 796 atomic_set(&server->dentry_ttl, user); 797 return 0; 798 } 799 800 case NCP_IOC_GETDENTRYTTL: 801 { 802 u_int32_t user = (atomic_read(&server->dentry_ttl) * 1000) / HZ; 803 if (copy_to_user(argp, &user, sizeof(user))) 804 return -EFAULT; 805 return 0; 806 } 807 808 } 809 return -EINVAL; 810 } 811 ncp_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)812 long ncp_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 813 { 814 struct inode *inode = file_inode(filp); 815 struct ncp_server *server = NCP_SERVER(inode); 816 kuid_t uid = current_uid(); 817 int need_drop_write = 0; 818 long ret; 819 820 switch (cmd) { 821 case NCP_IOC_SETCHARSETS: 822 case NCP_IOC_CONN_LOGGED_IN: 823 case NCP_IOC_SETROOT: 824 if (!capable(CAP_SYS_ADMIN)) { 825 ret = -EPERM; 826 goto out; 827 } 828 break; 829 } 830 if (!uid_eq(server->m.mounted_uid, uid)) { 831 switch (cmd) { 832 /* 833 * Only mount owner can issue these ioctls. Information 834 * necessary to authenticate to other NDS servers are 835 * stored here. 836 */ 837 case NCP_IOC_GETOBJECTNAME: 838 case NCP_IOC_SETOBJECTNAME: 839 case NCP_IOC_GETPRIVATEDATA: 840 case NCP_IOC_SETPRIVATEDATA: 841 #ifdef CONFIG_COMPAT 842 case NCP_IOC_GETOBJECTNAME_32: 843 case NCP_IOC_SETOBJECTNAME_32: 844 case NCP_IOC_GETPRIVATEDATA_32: 845 case NCP_IOC_SETPRIVATEDATA_32: 846 #endif 847 ret = -EACCES; 848 goto out; 849 /* 850 * These require write access on the inode if user id 851 * does not match. Note that they do not write to the 852 * file... But old code did mnt_want_write, so I keep 853 * it as is. Of course not for mountpoint owner, as 854 * that breaks read-only mounts altogether as ncpmount 855 * needs working NCP_IOC_NCPREQUEST and 856 * NCP_IOC_GET_FS_INFO. Some of these codes (setdentryttl, 857 * signinit, setsignwanted) should be probably restricted 858 * to owner only, or even more to CAP_SYS_ADMIN). 859 */ 860 case NCP_IOC_GET_FS_INFO: 861 case NCP_IOC_GET_FS_INFO_V2: 862 case NCP_IOC_NCPREQUEST: 863 case NCP_IOC_SETDENTRYTTL: 864 case NCP_IOC_SIGN_INIT: 865 case NCP_IOC_LOCKUNLOCK: 866 case NCP_IOC_SET_SIGN_WANTED: 867 #ifdef CONFIG_COMPAT 868 case NCP_IOC_GET_FS_INFO_V2_32: 869 case NCP_IOC_NCPREQUEST_32: 870 #endif 871 ret = mnt_want_write_file(filp); 872 if (ret) 873 goto out; 874 need_drop_write = 1; 875 ret = inode_permission(inode, MAY_WRITE); 876 if (ret) 877 goto outDropWrite; 878 break; 879 /* 880 * Read access required. 881 */ 882 case NCP_IOC_GETMOUNTUID16: 883 case NCP_IOC_GETMOUNTUID32: 884 case NCP_IOC_GETMOUNTUID64: 885 case NCP_IOC_GETROOT: 886 case NCP_IOC_SIGN_WANTED: 887 ret = inode_permission(inode, MAY_READ); 888 if (ret) 889 goto out; 890 break; 891 /* 892 * Anybody can read these. 893 */ 894 case NCP_IOC_GETCHARSETS: 895 case NCP_IOC_GETDENTRYTTL: 896 default: 897 /* Three codes below are protected by CAP_SYS_ADMIN above. */ 898 case NCP_IOC_SETCHARSETS: 899 case NCP_IOC_CONN_LOGGED_IN: 900 case NCP_IOC_SETROOT: 901 break; 902 } 903 } 904 ret = __ncp_ioctl(inode, cmd, arg); 905 outDropWrite: 906 if (need_drop_write) 907 mnt_drop_write_file(filp); 908 out: 909 return ret; 910 } 911 912 #ifdef CONFIG_COMPAT ncp_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)913 long ncp_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 914 { 915 long ret; 916 917 arg = (unsigned long) compat_ptr(arg); 918 ret = ncp_ioctl(file, cmd, arg); 919 return ret; 920 } 921 #endif 922