• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  ioctl.c
3  *
4  *  Copyright (C) 1995, 1996 by Volker Lendecke
5  *  Modified 1997 Peter Waltenberg, Bill Hawes, David Woodhouse for 2.1 dcache
6  *  Modified 1998, 1999 Wolfram Pienkoss for NLS
7  *
8  */
9 
10 #include <linux/capability.h>
11 #include <linux/compat.h>
12 #include <linux/errno.h>
13 #include <linux/fs.h>
14 #include <linux/ioctl.h>
15 #include <linux/time.h>
16 #include <linux/mm.h>
17 #include <linux/mount.h>
18 #include <linux/slab.h>
19 #include <linux/highuid.h>
20 #include <linux/vmalloc.h>
21 #include <linux/sched.h>
22 
23 #include <asm/uaccess.h>
24 
25 #include "ncp_fs.h"
26 
27 /* maximum limit for ncp_objectname_ioctl */
28 #define NCP_OBJECT_NAME_MAX_LEN	4096
29 /* maximum limit for ncp_privatedata_ioctl */
30 #define NCP_PRIVATE_DATA_MAX_LEN 8192
31 /* maximum negotiable packet size */
32 #define NCP_PACKET_SIZE_INTERNAL 65536
33 
34 static int
ncp_get_fs_info(struct ncp_server * server,struct inode * inode,struct ncp_fs_info __user * arg)35 ncp_get_fs_info(struct ncp_server * server, struct inode *inode,
36 		struct ncp_fs_info __user *arg)
37 {
38 	struct ncp_fs_info info;
39 
40 	if (copy_from_user(&info, arg, sizeof(info)))
41 		return -EFAULT;
42 
43 	if (info.version != NCP_GET_FS_INFO_VERSION) {
44 		ncp_dbg(1, "info.version invalid: %d\n", info.version);
45 		return -EINVAL;
46 	}
47 	/* TODO: info.addr = server->m.serv_addr; */
48 	SET_UID(info.mounted_uid, from_kuid_munged(current_user_ns(), server->m.mounted_uid));
49 	info.connection		= server->connection;
50 	info.buffer_size	= server->buffer_size;
51 	info.volume_number	= NCP_FINFO(inode)->volNumber;
52 	info.directory_id	= NCP_FINFO(inode)->DosDirNum;
53 
54 	if (copy_to_user(arg, &info, sizeof(info)))
55 		return -EFAULT;
56 	return 0;
57 }
58 
59 static int
ncp_get_fs_info_v2(struct ncp_server * server,struct inode * inode,struct ncp_fs_info_v2 __user * arg)60 ncp_get_fs_info_v2(struct ncp_server * server, struct inode *inode,
61 		   struct ncp_fs_info_v2 __user * arg)
62 {
63 	struct ncp_fs_info_v2 info2;
64 
65 	if (copy_from_user(&info2, arg, sizeof(info2)))
66 		return -EFAULT;
67 
68 	if (info2.version != NCP_GET_FS_INFO_VERSION_V2) {
69 		ncp_dbg(1, "info.version invalid: %d\n", info2.version);
70 		return -EINVAL;
71 	}
72 	info2.mounted_uid   = from_kuid_munged(current_user_ns(), server->m.mounted_uid);
73 	info2.connection    = server->connection;
74 	info2.buffer_size   = server->buffer_size;
75 	info2.volume_number = NCP_FINFO(inode)->volNumber;
76 	info2.directory_id  = NCP_FINFO(inode)->DosDirNum;
77 	info2.dummy1 = info2.dummy2 = info2.dummy3 = 0;
78 
79 	if (copy_to_user(arg, &info2, sizeof(info2)))
80 		return -EFAULT;
81 	return 0;
82 }
83 
84 #ifdef CONFIG_COMPAT
85 struct compat_ncp_objectname_ioctl
86 {
87 	s32		auth_type;
88 	u32		object_name_len;
89 	compat_caddr_t	object_name;	/* a userspace data, in most cases user name */
90 };
91 
92 struct compat_ncp_fs_info_v2 {
93 	s32 version;
94 	u32 mounted_uid;
95 	u32 connection;
96 	u32 buffer_size;
97 
98 	u32 volume_number;
99 	u32 directory_id;
100 
101 	u32 dummy1;
102 	u32 dummy2;
103 	u32 dummy3;
104 };
105 
106 struct compat_ncp_ioctl_request {
107 	u32 function;
108 	u32 size;
109 	compat_caddr_t data;
110 };
111 
112 struct compat_ncp_privatedata_ioctl
113 {
114 	u32		len;
115 	compat_caddr_t	data;		/* ~1000 for NDS */
116 };
117 
118 #define NCP_IOC_GET_FS_INFO_V2_32	_IOWR('n', 4, struct compat_ncp_fs_info_v2)
119 #define NCP_IOC_NCPREQUEST_32		_IOR('n', 1, struct compat_ncp_ioctl_request)
120 #define NCP_IOC_GETOBJECTNAME_32	_IOWR('n', 9, struct compat_ncp_objectname_ioctl)
121 #define NCP_IOC_SETOBJECTNAME_32	_IOR('n', 9, struct compat_ncp_objectname_ioctl)
122 #define NCP_IOC_GETPRIVATEDATA_32	_IOWR('n', 10, struct compat_ncp_privatedata_ioctl)
123 #define NCP_IOC_SETPRIVATEDATA_32	_IOR('n', 10, struct compat_ncp_privatedata_ioctl)
124 
125 static int
ncp_get_compat_fs_info_v2(struct ncp_server * server,struct inode * inode,struct compat_ncp_fs_info_v2 __user * arg)126 ncp_get_compat_fs_info_v2(struct ncp_server * server, struct inode *inode,
127 		   struct compat_ncp_fs_info_v2 __user * arg)
128 {
129 	struct compat_ncp_fs_info_v2 info2;
130 
131 	if (copy_from_user(&info2, arg, sizeof(info2)))
132 		return -EFAULT;
133 
134 	if (info2.version != NCP_GET_FS_INFO_VERSION_V2) {
135 		ncp_dbg(1, "info.version invalid: %d\n", info2.version);
136 		return -EINVAL;
137 	}
138 	info2.mounted_uid   = from_kuid_munged(current_user_ns(), server->m.mounted_uid);
139 	info2.connection    = server->connection;
140 	info2.buffer_size   = server->buffer_size;
141 	info2.volume_number = NCP_FINFO(inode)->volNumber;
142 	info2.directory_id  = NCP_FINFO(inode)->DosDirNum;
143 	info2.dummy1 = info2.dummy2 = info2.dummy3 = 0;
144 
145 	if (copy_to_user(arg, &info2, sizeof(info2)))
146 		return -EFAULT;
147 	return 0;
148 }
149 #endif
150 
151 #define NCP_IOC_GETMOUNTUID16		_IOW('n', 2, u16)
152 #define NCP_IOC_GETMOUNTUID32		_IOW('n', 2, u32)
153 #define NCP_IOC_GETMOUNTUID64		_IOW('n', 2, u64)
154 
155 #ifdef CONFIG_NCPFS_NLS
156 /* Here we are select the iocharset and the codepage for NLS.
157  * Thanks Petr Vandrovec for idea and many hints.
158  */
159 static int
ncp_set_charsets(struct ncp_server * server,struct ncp_nls_ioctl __user * arg)160 ncp_set_charsets(struct ncp_server* server, struct ncp_nls_ioctl __user *arg)
161 {
162 	struct ncp_nls_ioctl user;
163 	struct nls_table *codepage;
164 	struct nls_table *iocharset;
165 	struct nls_table *oldset_io;
166 	struct nls_table *oldset_cp;
167 	int utf8;
168 	int err;
169 
170 	if (copy_from_user(&user, arg, sizeof(user)))
171 		return -EFAULT;
172 
173 	codepage = NULL;
174 	user.codepage[NCP_IOCSNAME_LEN] = 0;
175 	if (!user.codepage[0] || !strcmp(user.codepage, "default"))
176 		codepage = load_nls_default();
177 	else {
178 		codepage = load_nls(user.codepage);
179 		if (!codepage) {
180 			return -EBADRQC;
181 		}
182 	}
183 
184 	iocharset = NULL;
185 	user.iocharset[NCP_IOCSNAME_LEN] = 0;
186 	if (!user.iocharset[0] || !strcmp(user.iocharset, "default")) {
187 		iocharset = load_nls_default();
188 		utf8 = 0;
189 	} else if (!strcmp(user.iocharset, "utf8")) {
190 		iocharset = load_nls_default();
191 		utf8 = 1;
192 	} else {
193 		iocharset = load_nls(user.iocharset);
194 		if (!iocharset) {
195 			unload_nls(codepage);
196 			return -EBADRQC;
197 		}
198 		utf8 = 0;
199 	}
200 
201 	mutex_lock(&server->root_setup_lock);
202 	if (server->root_setuped) {
203 		oldset_cp = codepage;
204 		oldset_io = iocharset;
205 		err = -EBUSY;
206 	} else {
207 		if (utf8)
208 			NCP_SET_FLAG(server, NCP_FLAG_UTF8);
209 		else
210 			NCP_CLR_FLAG(server, NCP_FLAG_UTF8);
211 		oldset_cp = server->nls_vol;
212 		server->nls_vol = codepage;
213 		oldset_io = server->nls_io;
214 		server->nls_io = iocharset;
215 		err = 0;
216 	}
217 	mutex_unlock(&server->root_setup_lock);
218 	unload_nls(oldset_cp);
219 	unload_nls(oldset_io);
220 
221 	return err;
222 }
223 
224 static int
ncp_get_charsets(struct ncp_server * server,struct ncp_nls_ioctl __user * arg)225 ncp_get_charsets(struct ncp_server* server, struct ncp_nls_ioctl __user *arg)
226 {
227 	struct ncp_nls_ioctl user;
228 	int len;
229 
230 	memset(&user, 0, sizeof(user));
231 	mutex_lock(&server->root_setup_lock);
232 	if (server->nls_vol && server->nls_vol->charset) {
233 		len = strlen(server->nls_vol->charset);
234 		if (len > NCP_IOCSNAME_LEN)
235 			len = NCP_IOCSNAME_LEN;
236 		strncpy(user.codepage, server->nls_vol->charset, len);
237 		user.codepage[len] = 0;
238 	}
239 
240 	if (NCP_IS_FLAG(server, NCP_FLAG_UTF8))
241 		strcpy(user.iocharset, "utf8");
242 	else if (server->nls_io && server->nls_io->charset) {
243 		len = strlen(server->nls_io->charset);
244 		if (len > NCP_IOCSNAME_LEN)
245 			len = NCP_IOCSNAME_LEN;
246 		strncpy(user.iocharset,	server->nls_io->charset, len);
247 		user.iocharset[len] = 0;
248 	}
249 	mutex_unlock(&server->root_setup_lock);
250 
251 	if (copy_to_user(arg, &user, sizeof(user)))
252 		return -EFAULT;
253 	return 0;
254 }
255 #endif /* CONFIG_NCPFS_NLS */
256 
__ncp_ioctl(struct inode * inode,unsigned int cmd,unsigned long arg)257 static long __ncp_ioctl(struct inode *inode, unsigned int cmd, unsigned long arg)
258 {
259 	struct ncp_server *server = NCP_SERVER(inode);
260 	int result;
261 	struct ncp_ioctl_request request;
262 	char* bouncebuffer;
263 	void __user *argp = (void __user *)arg;
264 
265 	switch (cmd) {
266 #ifdef CONFIG_COMPAT
267 	case NCP_IOC_NCPREQUEST_32:
268 #endif
269 	case NCP_IOC_NCPREQUEST:
270 #ifdef CONFIG_COMPAT
271 		if (cmd == NCP_IOC_NCPREQUEST_32) {
272 			struct compat_ncp_ioctl_request request32;
273 			if (copy_from_user(&request32, argp, sizeof(request32)))
274 				return -EFAULT;
275 			request.function = request32.function;
276 			request.size = request32.size;
277 			request.data = compat_ptr(request32.data);
278 		} else
279 #endif
280 		if (copy_from_user(&request, argp, sizeof(request)))
281 			return -EFAULT;
282 
283 		if ((request.function > 255)
284 		    || (request.size >
285 		  NCP_PACKET_SIZE - sizeof(struct ncp_request_header))) {
286 			return -EINVAL;
287 		}
288 		bouncebuffer = vmalloc(NCP_PACKET_SIZE_INTERNAL);
289 		if (!bouncebuffer)
290 			return -ENOMEM;
291 		if (copy_from_user(bouncebuffer, request.data, request.size)) {
292 			vfree(bouncebuffer);
293 			return -EFAULT;
294 		}
295 		ncp_lock_server(server);
296 
297 		/* FIXME: We hack around in the server's structures
298 		   here to be able to use ncp_request */
299 
300 		server->has_subfunction = 0;
301 		server->current_size = request.size;
302 		memcpy(server->packet, bouncebuffer, request.size);
303 
304 		result = ncp_request2(server, request.function,
305 			bouncebuffer, NCP_PACKET_SIZE_INTERNAL);
306 		if (result < 0)
307 			result = -EIO;
308 		else
309 			result = server->reply_size;
310 		ncp_unlock_server(server);
311 		ncp_dbg(1, "copy %d bytes\n", result);
312 		if (result >= 0)
313 			if (copy_to_user(request.data, bouncebuffer, result))
314 				result = -EFAULT;
315 		vfree(bouncebuffer);
316 		return result;
317 
318 	case NCP_IOC_CONN_LOGGED_IN:
319 
320 		if (!(server->m.int_flags & NCP_IMOUNT_LOGGEDIN_POSSIBLE))
321 			return -EINVAL;
322 		mutex_lock(&server->root_setup_lock);
323 		if (server->root_setuped)
324 			result = -EBUSY;
325 		else {
326 			result = ncp_conn_logged_in(inode->i_sb);
327 			if (result == 0)
328 				server->root_setuped = 1;
329 		}
330 		mutex_unlock(&server->root_setup_lock);
331 		return result;
332 
333 	case NCP_IOC_GET_FS_INFO:
334 		return ncp_get_fs_info(server, inode, argp);
335 
336 	case NCP_IOC_GET_FS_INFO_V2:
337 		return ncp_get_fs_info_v2(server, inode, argp);
338 
339 #ifdef CONFIG_COMPAT
340 	case NCP_IOC_GET_FS_INFO_V2_32:
341 		return ncp_get_compat_fs_info_v2(server, inode, argp);
342 #endif
343 	/* we have too many combinations of CONFIG_COMPAT,
344 	 * CONFIG_64BIT and CONFIG_UID16, so just handle
345 	 * any of the possible ioctls */
346 	case NCP_IOC_GETMOUNTUID16:
347 		{
348 			u16 uid;
349 
350 			SET_UID(uid, from_kuid_munged(current_user_ns(), server->m.mounted_uid));
351 			if (put_user(uid, (u16 __user *)argp))
352 				return -EFAULT;
353 			return 0;
354 		}
355 	case NCP_IOC_GETMOUNTUID32:
356 	{
357 		uid_t uid = from_kuid_munged(current_user_ns(), server->m.mounted_uid);
358 		if (put_user(uid, (u32 __user *)argp))
359 			return -EFAULT;
360 		return 0;
361 	}
362 	case NCP_IOC_GETMOUNTUID64:
363 	{
364 		uid_t uid = from_kuid_munged(current_user_ns(), server->m.mounted_uid);
365 		if (put_user(uid, (u64 __user *)argp))
366 			return -EFAULT;
367 		return 0;
368 	}
369 	case NCP_IOC_GETROOT:
370 		{
371 			struct ncp_setroot_ioctl sr;
372 
373 			result = -EACCES;
374 			mutex_lock(&server->root_setup_lock);
375 			if (server->m.mounted_vol[0]) {
376 				struct dentry* dentry = inode->i_sb->s_root;
377 
378 				if (dentry) {
379 					struct inode* s_inode = d_inode(dentry);
380 
381 					if (s_inode) {
382 						sr.volNumber = NCP_FINFO(s_inode)->volNumber;
383 						sr.dirEntNum = NCP_FINFO(s_inode)->dirEntNum;
384 						sr.namespace = server->name_space[sr.volNumber];
385 						result = 0;
386 					} else
387 						ncp_dbg(1, "d_inode(s_root)==NULL\n");
388 				} else
389 					ncp_dbg(1, "s_root==NULL\n");
390 			} else {
391 				sr.volNumber = -1;
392 				sr.namespace = 0;
393 				sr.dirEntNum = 0;
394 				result = 0;
395 			}
396 			mutex_unlock(&server->root_setup_lock);
397 			if (!result && copy_to_user(argp, &sr, sizeof(sr)))
398 				result = -EFAULT;
399 			return result;
400 		}
401 
402 	case NCP_IOC_SETROOT:
403 		{
404 			struct ncp_setroot_ioctl sr;
405 			__u32 vnum;
406 			__le32 de;
407 			__le32 dosde;
408 			struct dentry* dentry;
409 
410 			if (copy_from_user(&sr, argp, sizeof(sr)))
411 				return -EFAULT;
412 			mutex_lock(&server->root_setup_lock);
413 			if (server->root_setuped)
414 				result = -EBUSY;
415 			else {
416 				if (sr.volNumber < 0) {
417 					server->m.mounted_vol[0] = 0;
418 					vnum = NCP_NUMBER_OF_VOLUMES;
419 					de = 0;
420 					dosde = 0;
421 					result = 0;
422 				} else if (sr.volNumber >= NCP_NUMBER_OF_VOLUMES) {
423 					result = -EINVAL;
424 				} else if (ncp_mount_subdir(server, sr.volNumber,
425 							sr.namespace, sr.dirEntNum,
426 							&vnum, &de, &dosde)) {
427 					result = -ENOENT;
428 				} else
429 					result = 0;
430 
431 				if (result == 0) {
432 					dentry = inode->i_sb->s_root;
433 					if (dentry) {
434 						struct inode* s_inode = d_inode(dentry);
435 
436 						if (s_inode) {
437 							NCP_FINFO(s_inode)->volNumber = vnum;
438 							NCP_FINFO(s_inode)->dirEntNum = de;
439 							NCP_FINFO(s_inode)->DosDirNum = dosde;
440 							server->root_setuped = 1;
441 						} else {
442 							ncp_dbg(1, "d_inode(s_root)==NULL\n");
443 							result = -EIO;
444 						}
445 					} else {
446 						ncp_dbg(1, "s_root==NULL\n");
447 						result = -EIO;
448 					}
449 				}
450 			}
451 			mutex_unlock(&server->root_setup_lock);
452 
453 			return result;
454 		}
455 
456 #ifdef CONFIG_NCPFS_PACKET_SIGNING
457 	case NCP_IOC_SIGN_INIT:
458 		{
459 			struct ncp_sign_init sign;
460 
461 			if (argp)
462 				if (copy_from_user(&sign, argp, sizeof(sign)))
463 					return -EFAULT;
464 			ncp_lock_server(server);
465 			mutex_lock(&server->rcv.creq_mutex);
466 			if (argp) {
467 				if (server->sign_wanted) {
468 					memcpy(server->sign_root,sign.sign_root,8);
469 					memcpy(server->sign_last,sign.sign_last,16);
470 					server->sign_active = 1;
471 				}
472 				/* ignore when signatures not wanted */
473 			} else {
474 				server->sign_active = 0;
475 			}
476 			mutex_unlock(&server->rcv.creq_mutex);
477 			ncp_unlock_server(server);
478 			return 0;
479 		}
480 
481         case NCP_IOC_SIGN_WANTED:
482 		{
483 			int state;
484 
485 			ncp_lock_server(server);
486 			state = server->sign_wanted;
487 			ncp_unlock_server(server);
488 			if (put_user(state, (int __user *)argp))
489 				return -EFAULT;
490 			return 0;
491 		}
492 
493 	case NCP_IOC_SET_SIGN_WANTED:
494 		{
495 			int newstate;
496 
497 			/* get only low 8 bits... */
498 			if (get_user(newstate, (unsigned char __user *)argp))
499 				return -EFAULT;
500 			result = 0;
501 			ncp_lock_server(server);
502 			if (server->sign_active) {
503 				/* cannot turn signatures OFF when active */
504 				if (!newstate)
505 					result = -EINVAL;
506 			} else {
507 				server->sign_wanted = newstate != 0;
508 			}
509 			ncp_unlock_server(server);
510 			return result;
511 		}
512 
513 #endif /* CONFIG_NCPFS_PACKET_SIGNING */
514 
515 #ifdef CONFIG_NCPFS_IOCTL_LOCKING
516 	case NCP_IOC_LOCKUNLOCK:
517 		{
518 			struct ncp_lock_ioctl	 rqdata;
519 
520 			if (copy_from_user(&rqdata, argp, sizeof(rqdata)))
521 				return -EFAULT;
522 			if (rqdata.origin != 0)
523 				return -EINVAL;
524 			/* check for cmd */
525 			switch (rqdata.cmd) {
526 				case NCP_LOCK_EX:
527 				case NCP_LOCK_SH:
528 						if (rqdata.timeout < 0)
529 							return -EINVAL;
530 						if (rqdata.timeout == 0)
531 							rqdata.timeout = NCP_LOCK_DEFAULT_TIMEOUT;
532 						else if (rqdata.timeout > NCP_LOCK_MAX_TIMEOUT)
533 							rqdata.timeout = NCP_LOCK_MAX_TIMEOUT;
534 						break;
535 				case NCP_LOCK_LOG:
536 						rqdata.timeout = NCP_LOCK_DEFAULT_TIMEOUT;	/* has no effect */
537 				case NCP_LOCK_CLEAR:
538 						break;
539 				default:
540 						return -EINVAL;
541 			}
542 			/* locking needs both read and write access */
543 			if ((result = ncp_make_open(inode, O_RDWR)) != 0)
544 			{
545 				return result;
546 			}
547 			result = -EISDIR;
548 			if (!S_ISREG(inode->i_mode))
549 				goto outrel;
550 			if (rqdata.cmd == NCP_LOCK_CLEAR)
551 			{
552 				result = ncp_ClearPhysicalRecord(NCP_SERVER(inode),
553 							NCP_FINFO(inode)->file_handle,
554 							rqdata.offset,
555 							rqdata.length);
556 				if (result > 0) result = 0;	/* no such lock */
557 			}
558 			else
559 			{
560 				int lockcmd;
561 
562 				switch (rqdata.cmd)
563 				{
564 					case NCP_LOCK_EX:  lockcmd=1; break;
565 					case NCP_LOCK_SH:  lockcmd=3; break;
566 					default:	   lockcmd=0; break;
567 				}
568 				result = ncp_LogPhysicalRecord(NCP_SERVER(inode),
569 							NCP_FINFO(inode)->file_handle,
570 							lockcmd,
571 							rqdata.offset,
572 							rqdata.length,
573 							rqdata.timeout);
574 				if (result > 0) result = -EAGAIN;
575 			}
576 outrel:
577 			ncp_inode_close(inode);
578 			return result;
579 		}
580 #endif	/* CONFIG_NCPFS_IOCTL_LOCKING */
581 
582 #ifdef CONFIG_COMPAT
583 	case NCP_IOC_GETOBJECTNAME_32:
584 		{
585 			struct compat_ncp_objectname_ioctl user;
586 			size_t outl;
587 
588 			if (copy_from_user(&user, argp, sizeof(user)))
589 				return -EFAULT;
590 			down_read(&server->auth_rwsem);
591 			user.auth_type = server->auth.auth_type;
592 			outl = user.object_name_len;
593 			user.object_name_len = server->auth.object_name_len;
594 			if (outl > user.object_name_len)
595 				outl = user.object_name_len;
596 			result = 0;
597 			if (outl) {
598 				if (copy_to_user(compat_ptr(user.object_name),
599 						 server->auth.object_name,
600 						 outl))
601 					result = -EFAULT;
602 			}
603 			up_read(&server->auth_rwsem);
604 			if (!result && copy_to_user(argp, &user, sizeof(user)))
605 				result = -EFAULT;
606 			return result;
607 		}
608 #endif
609 
610 	case NCP_IOC_GETOBJECTNAME:
611 		{
612 			struct ncp_objectname_ioctl user;
613 			size_t outl;
614 
615 			if (copy_from_user(&user, argp, sizeof(user)))
616 				return -EFAULT;
617 			down_read(&server->auth_rwsem);
618 			user.auth_type = server->auth.auth_type;
619 			outl = user.object_name_len;
620 			user.object_name_len = server->auth.object_name_len;
621 			if (outl > user.object_name_len)
622 				outl = user.object_name_len;
623 			result = 0;
624 			if (outl) {
625 				if (copy_to_user(user.object_name,
626 						 server->auth.object_name,
627 						 outl))
628 					result = -EFAULT;
629 			}
630 			up_read(&server->auth_rwsem);
631 			if (!result && copy_to_user(argp, &user, sizeof(user)))
632 				result = -EFAULT;
633 			return result;
634 		}
635 
636 #ifdef CONFIG_COMPAT
637 	case NCP_IOC_SETOBJECTNAME_32:
638 #endif
639 	case NCP_IOC_SETOBJECTNAME:
640 		{
641 			struct ncp_objectname_ioctl user;
642 			void* newname;
643 			void* oldname;
644 			size_t oldnamelen;
645 			void* oldprivate;
646 			size_t oldprivatelen;
647 
648 #ifdef CONFIG_COMPAT
649 			if (cmd == NCP_IOC_SETOBJECTNAME_32) {
650 				struct compat_ncp_objectname_ioctl user32;
651 				if (copy_from_user(&user32, argp, sizeof(user32)))
652 					return -EFAULT;
653 				user.auth_type = user32.auth_type;
654 				user.object_name_len = user32.object_name_len;
655 				user.object_name = compat_ptr(user32.object_name);
656 			} else
657 #endif
658 			if (copy_from_user(&user, argp, sizeof(user)))
659 				return -EFAULT;
660 
661 			if (user.object_name_len > NCP_OBJECT_NAME_MAX_LEN)
662 				return -ENOMEM;
663 			if (user.object_name_len) {
664 				newname = memdup_user(user.object_name,
665 						      user.object_name_len);
666 				if (IS_ERR(newname))
667 					return PTR_ERR(newname);
668 			} else {
669 				newname = NULL;
670 			}
671 			down_write(&server->auth_rwsem);
672 			oldname = server->auth.object_name;
673 			oldnamelen = server->auth.object_name_len;
674 			oldprivate = server->priv.data;
675 			oldprivatelen = server->priv.len;
676 			server->auth.auth_type = user.auth_type;
677 			server->auth.object_name_len = user.object_name_len;
678 			server->auth.object_name = newname;
679 			server->priv.len = 0;
680 			server->priv.data = NULL;
681 			up_write(&server->auth_rwsem);
682 			kfree(oldprivate);
683 			kfree(oldname);
684 			return 0;
685 		}
686 
687 #ifdef CONFIG_COMPAT
688 	case NCP_IOC_GETPRIVATEDATA_32:
689 #endif
690 	case NCP_IOC_GETPRIVATEDATA:
691 		{
692 			struct ncp_privatedata_ioctl user;
693 			size_t outl;
694 
695 #ifdef CONFIG_COMPAT
696 			if (cmd == NCP_IOC_GETPRIVATEDATA_32) {
697 				struct compat_ncp_privatedata_ioctl user32;
698 				if (copy_from_user(&user32, argp, sizeof(user32)))
699 					return -EFAULT;
700 				user.len = user32.len;
701 				user.data = compat_ptr(user32.data);
702 			} else
703 #endif
704 			if (copy_from_user(&user, argp, sizeof(user)))
705 				return -EFAULT;
706 
707 			down_read(&server->auth_rwsem);
708 			outl = user.len;
709 			user.len = server->priv.len;
710 			if (outl > user.len) outl = user.len;
711 			result = 0;
712 			if (outl) {
713 				if (copy_to_user(user.data,
714 						 server->priv.data,
715 						 outl))
716 					result = -EFAULT;
717 			}
718 			up_read(&server->auth_rwsem);
719 			if (result)
720 				return result;
721 #ifdef CONFIG_COMPAT
722 			if (cmd == NCP_IOC_GETPRIVATEDATA_32) {
723 				struct compat_ncp_privatedata_ioctl user32;
724 				user32.len = user.len;
725 				user32.data = (unsigned long) user.data;
726 				if (copy_to_user(argp, &user32, sizeof(user32)))
727 					return -EFAULT;
728 			} else
729 #endif
730 			if (copy_to_user(argp, &user, sizeof(user)))
731 				return -EFAULT;
732 
733 			return 0;
734 		}
735 
736 #ifdef CONFIG_COMPAT
737 	case NCP_IOC_SETPRIVATEDATA_32:
738 #endif
739 	case NCP_IOC_SETPRIVATEDATA:
740 		{
741 			struct ncp_privatedata_ioctl user;
742 			void* new;
743 			void* old;
744 			size_t oldlen;
745 
746 #ifdef CONFIG_COMPAT
747 			if (cmd == NCP_IOC_SETPRIVATEDATA_32) {
748 				struct compat_ncp_privatedata_ioctl user32;
749 				if (copy_from_user(&user32, argp, sizeof(user32)))
750 					return -EFAULT;
751 				user.len = user32.len;
752 				user.data = compat_ptr(user32.data);
753 			} else
754 #endif
755 			if (copy_from_user(&user, argp, sizeof(user)))
756 				return -EFAULT;
757 
758 			if (user.len > NCP_PRIVATE_DATA_MAX_LEN)
759 				return -ENOMEM;
760 			if (user.len) {
761 				new = memdup_user(user.data, user.len);
762 				if (IS_ERR(new))
763 					return PTR_ERR(new);
764 			} else {
765 				new = NULL;
766 			}
767 			down_write(&server->auth_rwsem);
768 			old = server->priv.data;
769 			oldlen = server->priv.len;
770 			server->priv.len = user.len;
771 			server->priv.data = new;
772 			up_write(&server->auth_rwsem);
773 			kfree(old);
774 			return 0;
775 		}
776 
777 #ifdef CONFIG_NCPFS_NLS
778 	case NCP_IOC_SETCHARSETS:
779 		return ncp_set_charsets(server, argp);
780 
781 	case NCP_IOC_GETCHARSETS:
782 		return ncp_get_charsets(server, argp);
783 
784 #endif /* CONFIG_NCPFS_NLS */
785 
786 	case NCP_IOC_SETDENTRYTTL:
787 		{
788 			u_int32_t user;
789 
790 			if (copy_from_user(&user, argp, sizeof(user)))
791 				return -EFAULT;
792 			/* 20 secs at most... */
793 			if (user > 20000)
794 				return -EINVAL;
795 			user = (user * HZ) / 1000;
796 			atomic_set(&server->dentry_ttl, user);
797 			return 0;
798 		}
799 
800 	case NCP_IOC_GETDENTRYTTL:
801 		{
802 			u_int32_t user = (atomic_read(&server->dentry_ttl) * 1000) / HZ;
803 			if (copy_to_user(argp, &user, sizeof(user)))
804 				return -EFAULT;
805 			return 0;
806 		}
807 
808 	}
809 	return -EINVAL;
810 }
811 
ncp_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)812 long ncp_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
813 {
814 	struct inode *inode = file_inode(filp);
815 	struct ncp_server *server = NCP_SERVER(inode);
816 	kuid_t uid = current_uid();
817 	int need_drop_write = 0;
818 	long ret;
819 
820 	switch (cmd) {
821 	case NCP_IOC_SETCHARSETS:
822 	case NCP_IOC_CONN_LOGGED_IN:
823 	case NCP_IOC_SETROOT:
824 		if (!capable(CAP_SYS_ADMIN)) {
825 			ret = -EPERM;
826 			goto out;
827 		}
828 		break;
829 	}
830 	if (!uid_eq(server->m.mounted_uid, uid)) {
831 		switch (cmd) {
832 		/*
833 		 * Only mount owner can issue these ioctls.  Information
834 		 * necessary to authenticate to other NDS servers are
835 		 * stored here.
836 		 */
837 		case NCP_IOC_GETOBJECTNAME:
838 		case NCP_IOC_SETOBJECTNAME:
839 		case NCP_IOC_GETPRIVATEDATA:
840 		case NCP_IOC_SETPRIVATEDATA:
841 #ifdef CONFIG_COMPAT
842 		case NCP_IOC_GETOBJECTNAME_32:
843 		case NCP_IOC_SETOBJECTNAME_32:
844 		case NCP_IOC_GETPRIVATEDATA_32:
845 		case NCP_IOC_SETPRIVATEDATA_32:
846 #endif
847 			ret = -EACCES;
848 			goto out;
849 		/*
850 		 * These require write access on the inode if user id
851 		 * does not match.  Note that they do not write to the
852 		 * file...  But old code did mnt_want_write, so I keep
853 		 * it as is.  Of course not for mountpoint owner, as
854 		 * that breaks read-only mounts altogether as ncpmount
855 		 * needs working NCP_IOC_NCPREQUEST and
856 		 * NCP_IOC_GET_FS_INFO.  Some of these codes (setdentryttl,
857 		 * signinit, setsignwanted) should be probably restricted
858 		 * to owner only, or even more to CAP_SYS_ADMIN).
859 		 */
860 		case NCP_IOC_GET_FS_INFO:
861 		case NCP_IOC_GET_FS_INFO_V2:
862 		case NCP_IOC_NCPREQUEST:
863 		case NCP_IOC_SETDENTRYTTL:
864 		case NCP_IOC_SIGN_INIT:
865 		case NCP_IOC_LOCKUNLOCK:
866 		case NCP_IOC_SET_SIGN_WANTED:
867 #ifdef CONFIG_COMPAT
868 		case NCP_IOC_GET_FS_INFO_V2_32:
869 		case NCP_IOC_NCPREQUEST_32:
870 #endif
871 			ret = mnt_want_write_file(filp);
872 			if (ret)
873 				goto out;
874 			need_drop_write = 1;
875 			ret = inode_permission(inode, MAY_WRITE);
876 			if (ret)
877 				goto outDropWrite;
878 			break;
879 		/*
880 		 * Read access required.
881 		 */
882 		case NCP_IOC_GETMOUNTUID16:
883 		case NCP_IOC_GETMOUNTUID32:
884 		case NCP_IOC_GETMOUNTUID64:
885 		case NCP_IOC_GETROOT:
886 		case NCP_IOC_SIGN_WANTED:
887 			ret = inode_permission(inode, MAY_READ);
888 			if (ret)
889 				goto out;
890 			break;
891 		/*
892 		 * Anybody can read these.
893 		 */
894 		case NCP_IOC_GETCHARSETS:
895 		case NCP_IOC_GETDENTRYTTL:
896 		default:
897 		/* Three codes below are protected by CAP_SYS_ADMIN above. */
898 		case NCP_IOC_SETCHARSETS:
899 		case NCP_IOC_CONN_LOGGED_IN:
900 		case NCP_IOC_SETROOT:
901 			break;
902 		}
903 	}
904 	ret = __ncp_ioctl(inode, cmd, arg);
905 outDropWrite:
906 	if (need_drop_write)
907 		mnt_drop_write_file(filp);
908 out:
909 	return ret;
910 }
911 
912 #ifdef CONFIG_COMPAT
ncp_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)913 long ncp_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
914 {
915 	long ret;
916 
917 	arg = (unsigned long) compat_ptr(arg);
918 	ret = ncp_ioctl(file, cmd, arg);
919 	return ret;
920 }
921 #endif
922