// SPDX-License-Identifier: LGPL-2.1+ /* * Copyright (C) International Business Machines Corp., 2007,2008 * Author(s): Steve French ([email protected]) * Copyright (C) 2020 Samsung Electronics Co., Ltd. * Author(s): Namjae Jeon <[email protected]> */ #include <linux/fs.h> #include <linux/slab.h> #include <linux/string.h> #include <linux/mnt_idmapping.h> #include "smbacl.h" #include "smb_common.h" #include "server.h" #include "misc.h" #include "mgmt/share_config.h" static const struct smb_sid domain = …; /* security id for everyone/world system group */ static const struct smb_sid creator_owner = …; /* security id for everyone/world system group */ static const struct smb_sid creator_group = …; /* security id for everyone/world system group */ static const struct smb_sid sid_everyone = …; /* security id for Authenticated Users system group */ static const struct smb_sid sid_authusers = …; /* S-1-22-1 Unmapped Unix users */ static const struct smb_sid sid_unix_users = …; /* S-1-22-2 Unmapped Unix groups */ static const struct smb_sid sid_unix_groups = …; /* * See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */ /* S-1-5-88 MS NFS and Apple style UID/GID/mode */ /* S-1-5-88-1 Unix uid */ static const struct smb_sid sid_unix_NFS_users = …; /* S-1-5-88-2 Unix gid */ static const struct smb_sid sid_unix_NFS_groups = …; /* S-1-5-88-3 Unix mode */ static const struct smb_sid sid_unix_NFS_mode = …; /* * if the two SIDs (roughly equivalent to a UUID for a user or group) are * the same returns zero, if they do not match returns non-zero. */ int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid) { … } static void smb_copy_sid(struct smb_sid *dst, const struct smb_sid *src) { … } /* * change posix mode to reflect permissions * pmode is the existing mode (we only want to overwrite part of this * bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007 */ static umode_t access_flags_to_mode(struct smb_fattr *fattr, __le32 ace_flags, int type) { … } /* * Generate access flags to reflect permissions mode is the existing mode. * This function is called for every ACE in the DACL whose SID matches * with either owner or group or everyone. */ static void mode_to_access_flags(umode_t mode, umode_t bits_to_use, __u32 *pace_flags) { … } static __u16 fill_ace_for_sid(struct smb_ace *pntace, const struct smb_sid *psid, int type, int flags, umode_t mode, umode_t bits) { … } void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) { … } static int sid_to_id(struct mnt_idmap *idmap, struct smb_sid *psid, uint sidtype, struct smb_fattr *fattr) { … } void posix_state_to_acl(struct posix_acl_state *state, struct posix_acl_entry *pace) { … } int init_acl_state(struct posix_acl_state *state, int cnt) { … } void free_acl_state(struct posix_acl_state *state) { … } static void parse_dacl(struct mnt_idmap *idmap, struct smb_acl *pdacl, char *end_of_acl, struct smb_sid *pownersid, struct smb_sid *pgrpsid, struct smb_fattr *fattr) { … } static void set_posix_acl_entries_dacl(struct mnt_idmap *idmap, struct smb_ace *pndace, struct smb_fattr *fattr, u32 *num_aces, u16 *size, u32 nt_aces_num) { … } static void set_ntacl_dacl(struct mnt_idmap *idmap, struct smb_acl *pndacl, struct smb_acl *nt_dacl, unsigned int aces_size, const struct smb_sid *pownersid, const struct smb_sid *pgrpsid, struct smb_fattr *fattr) { … } static void set_mode_dacl(struct mnt_idmap *idmap, struct smb_acl *pndacl, struct smb_fattr *fattr) { … } static int parse_sid(struct smb_sid *psid, char *end_of_acl) { … } /* Convert CIFS ACL to POSIX form */ int parse_sec_desc(struct mnt_idmap *idmap, struct smb_ntsd *pntsd, int acl_len, struct smb_fattr *fattr) { … } /* Convert permission bits from mode to equivalent CIFS ACL */ int build_sec_desc(struct mnt_idmap *idmap, struct smb_ntsd *pntsd, struct smb_ntsd *ppntsd, int ppntsd_size, int addition_info, __u32 *secdesclen, struct smb_fattr *fattr) { … } static void smb_set_ace(struct smb_ace *ace, const struct smb_sid *sid, u8 type, u8 flags, __le32 access_req) { … } int smb_inherit_dacl(struct ksmbd_conn *conn, const struct path *path, unsigned int uid, unsigned int gid) { … } bool smb_inherit_flags(int flags, bool is_dir) { … } int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path, __le32 *pdaccess, int uid) { … } int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, const struct path *path, struct smb_ntsd *pntsd, int ntsd_len, bool type_check, bool get_write) { … } void ksmbd_init_domain(u32 *sub_auth) { … }
Codebase Browser
linux