4 * Copyright (C) International Business Machines Corp., 2007,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Contains the routines for mapping CIFS/NTFS ACLs
9 * This library is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published
11 * by the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
17 * the GNU Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include <linux/slab.h>
29 #include "cifsproto.h"
30 #include "cifs_debug.h"
33 static struct cifs_wksid wksidarr[NUM_WK_SIDS] = {
34 {{1, 0, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0, 0} }, "null user"},
35 {{1, 1, {0, 0, 0, 0, 0, 1}, {0, 0, 0, 0, 0} }, "nobody"},
36 {{1, 1, {0, 0, 0, 0, 0, 5}, {__constant_cpu_to_le32(11), 0, 0, 0, 0} }, "net-users"},
37 {{1, 1, {0, 0, 0, 0, 0, 5}, {__constant_cpu_to_le32(18), 0, 0, 0, 0} }, "sys"},
38 {{1, 2, {0, 0, 0, 0, 0, 5}, {__constant_cpu_to_le32(32), __constant_cpu_to_le32(544), 0, 0, 0} }, "root"},
39 {{1, 2, {0, 0, 0, 0, 0, 5}, {__constant_cpu_to_le32(32), __constant_cpu_to_le32(545), 0, 0, 0} }, "users"},
40 {{1, 2, {0, 0, 0, 0, 0, 5}, {__constant_cpu_to_le32(32), __constant_cpu_to_le32(546), 0, 0, 0} }, "guest"} }
44 /* security id for everyone/world system group */
45 static const struct cifs_sid sid_everyone = {
46 1, 1, {0, 0, 0, 0, 0, 1}, {0} };
47 /* security id for Authenticated Users system group */
48 static const struct cifs_sid sid_authusers = {
49 1, 1, {0, 0, 0, 0, 0, 5}, {11} };
51 static const struct cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {} };
54 int match_sid(struct cifs_sid *ctsid)
57 int num_subauth, num_sat, num_saw;
58 struct cifs_sid *cwsid;
63 for (i = 0; i < NUM_WK_SIDS; ++i) {
64 cwsid = &(wksidarr[i].cifssid);
66 /* compare the revision */
67 if (ctsid->revision != cwsid->revision)
70 /* compare all of the six auth values */
71 for (j = 0; j < 6; ++j) {
72 if (ctsid->authority[j] != cwsid->authority[j])
76 continue; /* all of the auth values did not match */
78 /* compare all of the subauth values if any */
79 num_sat = ctsid->num_subauth;
80 num_saw = cwsid->num_subauth;
81 num_subauth = num_sat < num_saw ? num_sat : num_saw;
83 for (j = 0; j < num_subauth; ++j) {
84 if (ctsid->sub_auth[j] != cwsid->sub_auth[j])
88 continue; /* all sub_auth values do not match */
91 cFYI(1, "matching sid: %s\n", wksidarr[i].sidname);
92 return 0; /* sids compare/match */
95 cFYI(1, "No matching sid");
99 /* if the two SIDs (roughly equivalent to a UUID for a user or group) are
100 the same returns 1, if they do not match returns 0 */
101 int compare_sids(const struct cifs_sid *ctsid, const struct cifs_sid *cwsid)
104 int num_subauth, num_sat, num_saw;
106 if ((!ctsid) || (!cwsid))
109 /* compare the revision */
110 if (ctsid->revision != cwsid->revision)
113 /* compare all of the six auth values */
114 for (i = 0; i < 6; ++i) {
115 if (ctsid->authority[i] != cwsid->authority[i])
119 /* compare all of the subauth values if any */
120 num_sat = ctsid->num_subauth;
121 num_saw = cwsid->num_subauth;
122 num_subauth = num_sat < num_saw ? num_sat : num_saw;
124 for (i = 0; i < num_subauth; ++i) {
125 if (ctsid->sub_auth[i] != cwsid->sub_auth[i])
130 return 1; /* sids compare/match */
134 /* copy ntsd, owner sid, and group sid from a security descriptor to another */
135 static void copy_sec_desc(const struct cifs_ntsd *pntsd,
136 struct cifs_ntsd *pnntsd, __u32 sidsoffset)
140 struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
141 struct cifs_sid *nowner_sid_ptr, *ngroup_sid_ptr;
143 /* copy security descriptor control portion */
144 pnntsd->revision = pntsd->revision;
145 pnntsd->type = pntsd->type;
146 pnntsd->dacloffset = cpu_to_le32(sizeof(struct cifs_ntsd));
147 pnntsd->sacloffset = 0;
148 pnntsd->osidoffset = cpu_to_le32(sidsoffset);
149 pnntsd->gsidoffset = cpu_to_le32(sidsoffset + sizeof(struct cifs_sid));
152 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
153 le32_to_cpu(pntsd->osidoffset));
154 nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + sidsoffset);
156 nowner_sid_ptr->revision = owner_sid_ptr->revision;
157 nowner_sid_ptr->num_subauth = owner_sid_ptr->num_subauth;
158 for (i = 0; i < 6; i++)
159 nowner_sid_ptr->authority[i] = owner_sid_ptr->authority[i];
160 for (i = 0; i < 5; i++)
161 nowner_sid_ptr->sub_auth[i] = owner_sid_ptr->sub_auth[i];
164 group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
165 le32_to_cpu(pntsd->gsidoffset));
166 ngroup_sid_ptr = (struct cifs_sid *)((char *)pnntsd + sidsoffset +
167 sizeof(struct cifs_sid));
169 ngroup_sid_ptr->revision = group_sid_ptr->revision;
170 ngroup_sid_ptr->num_subauth = group_sid_ptr->num_subauth;
171 for (i = 0; i < 6; i++)
172 ngroup_sid_ptr->authority[i] = group_sid_ptr->authority[i];
173 for (i = 0; i < 5; i++)
174 ngroup_sid_ptr->sub_auth[i] = group_sid_ptr->sub_auth[i];
181 change posix mode to reflect permissions
182 pmode is the existing mode (we only want to overwrite part of this
183 bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
185 static void access_flags_to_mode(__le32 ace_flags, int type, umode_t *pmode,
186 umode_t *pbits_to_set)
188 __u32 flags = le32_to_cpu(ace_flags);
189 /* the order of ACEs is important. The canonical order is to begin with
190 DENY entries followed by ALLOW, otherwise an allow entry could be
191 encountered first, making the subsequent deny entry like "dead code"
192 which would be superflous since Windows stops when a match is made
193 for the operation you are trying to perform for your user */
195 /* For deny ACEs we change the mask so that subsequent allow access
196 control entries do not turn on the bits we are denying */
197 if (type == ACCESS_DENIED) {
198 if (flags & GENERIC_ALL)
199 *pbits_to_set &= ~S_IRWXUGO;
201 if ((flags & GENERIC_WRITE) ||
202 ((flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
203 *pbits_to_set &= ~S_IWUGO;
204 if ((flags & GENERIC_READ) ||
205 ((flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
206 *pbits_to_set &= ~S_IRUGO;
207 if ((flags & GENERIC_EXECUTE) ||
208 ((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
209 *pbits_to_set &= ~S_IXUGO;
211 } else if (type != ACCESS_ALLOWED) {
212 cERROR(1, "unknown access control type %d", type);
215 /* else ACCESS_ALLOWED type */
217 if (flags & GENERIC_ALL) {
218 *pmode |= (S_IRWXUGO & (*pbits_to_set));
219 cFYI(DBG2, "all perms");
222 if ((flags & GENERIC_WRITE) ||
223 ((flags & FILE_WRITE_RIGHTS) == FILE_WRITE_RIGHTS))
224 *pmode |= (S_IWUGO & (*pbits_to_set));
225 if ((flags & GENERIC_READ) ||
226 ((flags & FILE_READ_RIGHTS) == FILE_READ_RIGHTS))
227 *pmode |= (S_IRUGO & (*pbits_to_set));
228 if ((flags & GENERIC_EXECUTE) ||
229 ((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
230 *pmode |= (S_IXUGO & (*pbits_to_set));
232 cFYI(DBG2, "access flags 0x%x mode now 0x%x", flags, *pmode);
237 Generate access flags to reflect permissions mode is the existing mode.
238 This function is called for every ACE in the DACL whose SID matches
239 with either owner or group or everyone.
242 static void mode_to_access_flags(umode_t mode, umode_t bits_to_use,
245 /* reset access mask */
248 /* bits to use are either S_IRWXU or S_IRWXG or S_IRWXO */
251 /* check for R/W/X UGO since we do not know whose flags
252 is this but we have cleared all the bits sans RWX for
253 either user or group or other as per bits_to_use */
255 *pace_flags |= SET_FILE_READ_RIGHTS;
257 *pace_flags |= SET_FILE_WRITE_RIGHTS;
259 *pace_flags |= SET_FILE_EXEC_RIGHTS;
261 cFYI(DBG2, "mode: 0x%x, access flags now 0x%x", mode, *pace_flags);
265 static __u16 fill_ace_for_sid(struct cifs_ace *pntace,
266 const struct cifs_sid *psid, __u64 nmode, umode_t bits)
270 __u32 access_req = 0;
272 pntace->type = ACCESS_ALLOWED;
274 mode_to_access_flags(nmode, bits, &access_req);
276 access_req = SET_MINIMUM_RIGHTS;
277 pntace->access_req = cpu_to_le32(access_req);
279 pntace->sid.revision = psid->revision;
280 pntace->sid.num_subauth = psid->num_subauth;
281 for (i = 0; i < 6; i++)
282 pntace->sid.authority[i] = psid->authority[i];
283 for (i = 0; i < psid->num_subauth; i++)
284 pntace->sid.sub_auth[i] = psid->sub_auth[i];
286 size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4);
287 pntace->size = cpu_to_le16(size);
293 #ifdef CONFIG_CIFS_DEBUG2
294 static void dump_ace(struct cifs_ace *pace, char *end_of_acl)
298 /* validate that we do not go past end of acl */
300 if (le16_to_cpu(pace->size) < 16) {
301 cERROR(1, "ACE too small %d", le16_to_cpu(pace->size));
305 if (end_of_acl < (char *)pace + le16_to_cpu(pace->size)) {
306 cERROR(1, "ACL too small to parse ACE");
310 num_subauth = pace->sid.num_subauth;
313 cFYI(1, "ACE revision %d num_auth %d type %d flags %d size %d",
314 pace->sid.revision, pace->sid.num_subauth, pace->type,
315 pace->flags, le16_to_cpu(pace->size));
316 for (i = 0; i < num_subauth; ++i) {
317 cFYI(1, "ACE sub_auth[%d]: 0x%x", i,
318 le32_to_cpu(pace->sid.sub_auth[i]));
321 /* BB add length check to make sure that we do not have huge
322 num auths and therefore go off the end */
330 static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
331 struct cifs_sid *pownersid, struct cifs_sid *pgrpsid,
332 struct cifs_fattr *fattr)
338 struct cifs_ace **ppace;
340 /* BB need to add parm so we can store the SID BB */
343 /* no DACL in the security descriptor, set
344 all the permissions for user/group/other */
345 fattr->cf_mode |= S_IRWXUGO;
349 /* validate that we do not go past end of acl */
350 if (end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) {
351 cERROR(1, "ACL too small to parse DACL");
355 cFYI(DBG2, "DACL revision %d size %d num aces %d",
356 le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size),
357 le32_to_cpu(pdacl->num_aces));
359 /* reset rwx permissions for user/group/other.
360 Also, if num_aces is 0 i.e. DACL has no ACEs,
361 user/group/other have no permissions */
362 fattr->cf_mode &= ~(S_IRWXUGO);
364 acl_base = (char *)pdacl;
365 acl_size = sizeof(struct cifs_acl);
367 num_aces = le32_to_cpu(pdacl->num_aces);
369 umode_t user_mask = S_IRWXU;
370 umode_t group_mask = S_IRWXG;
371 umode_t other_mask = S_IRWXU | S_IRWXG | S_IRWXO;
373 ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
376 for (i = 0; i < num_aces; ++i) {
377 ppace[i] = (struct cifs_ace *) (acl_base + acl_size);
378 #ifdef CONFIG_CIFS_DEBUG2
379 dump_ace(ppace[i], end_of_acl);
381 if (compare_sids(&(ppace[i]->sid), pownersid))
382 access_flags_to_mode(ppace[i]->access_req,
386 if (compare_sids(&(ppace[i]->sid), pgrpsid))
387 access_flags_to_mode(ppace[i]->access_req,
391 if (compare_sids(&(ppace[i]->sid), &sid_everyone))
392 access_flags_to_mode(ppace[i]->access_req,
396 if (compare_sids(&(ppace[i]->sid), &sid_authusers))
397 access_flags_to_mode(ppace[i]->access_req,
403 /* memcpy((void *)(&(cifscred->aces[i])),
405 sizeof(struct cifs_ace)); */
407 acl_base = (char *)ppace[i];
408 acl_size = le16_to_cpu(ppace[i]->size);
418 static int set_chmod_dacl(struct cifs_acl *pndacl, struct cifs_sid *pownersid,
419 struct cifs_sid *pgrpsid, __u64 nmode)
422 struct cifs_acl *pnndacl;
424 pnndacl = (struct cifs_acl *)((char *)pndacl + sizeof(struct cifs_acl));
426 size += fill_ace_for_sid((struct cifs_ace *) ((char *)pnndacl + size),
427 pownersid, nmode, S_IRWXU);
428 size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size),
429 pgrpsid, nmode, S_IRWXG);
430 size += fill_ace_for_sid((struct cifs_ace *)((char *)pnndacl + size),
431 &sid_everyone, nmode, S_IRWXO);
433 pndacl->size = cpu_to_le16(size + sizeof(struct cifs_acl));
434 pndacl->num_aces = cpu_to_le32(3);
440 static int parse_sid(struct cifs_sid *psid, char *end_of_acl)
442 /* BB need to add parm so we can store the SID BB */
444 /* validate that we do not go past end of ACL - sid must be at least 8
445 bytes long (assuming no sub-auths - e.g. the null SID */
446 if (end_of_acl < (char *)psid + 8) {
447 cERROR(1, "ACL too small to parse SID %p", psid);
451 if (psid->num_subauth) {
452 #ifdef CONFIG_CIFS_DEBUG2
454 cFYI(1, "SID revision %d num_auth %d",
455 psid->revision, psid->num_subauth);
457 for (i = 0; i < psid->num_subauth; i++) {
458 cFYI(1, "SID sub_auth[%d]: 0x%x ", i,
459 le32_to_cpu(psid->sub_auth[i]));
462 /* BB add length check to make sure that we do not have huge
463 num auths and therefore go off the end */
465 le32_to_cpu(psid->sub_auth[psid->num_subauth-1]));
473 /* Convert CIFS ACL to POSIX form */
474 static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
475 struct cifs_fattr *fattr)
478 struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
479 struct cifs_acl *dacl_ptr; /* no need for SACL ptr */
480 char *end_of_acl = ((char *)pntsd) + acl_len;
486 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
487 le32_to_cpu(pntsd->osidoffset));
488 group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
489 le32_to_cpu(pntsd->gsidoffset));
490 dacloffset = le32_to_cpu(pntsd->dacloffset);
491 dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
492 cFYI(DBG2, "revision %d type 0x%x ooffset 0x%x goffset 0x%x "
493 "sacloffset 0x%x dacloffset 0x%x",
494 pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset),
495 le32_to_cpu(pntsd->gsidoffset),
496 le32_to_cpu(pntsd->sacloffset), dacloffset);
497 /* cifs_dump_mem("owner_sid: ", owner_sid_ptr, 64); */
498 rc = parse_sid(owner_sid_ptr, end_of_acl);
502 rc = parse_sid(group_sid_ptr, end_of_acl);
507 parse_dacl(dacl_ptr, end_of_acl, owner_sid_ptr,
508 group_sid_ptr, fattr);
510 cFYI(1, "no ACL"); /* BB grant all or default perms? */
512 /* cifscred->uid = owner_sid_ptr->rid;
513 cifscred->gid = group_sid_ptr->rid;
514 memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,
515 sizeof(struct cifs_sid));
516 memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,
517 sizeof(struct cifs_sid)); */
523 /* Convert permission bits from mode to equivalent CIFS ACL */
524 static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
525 struct inode *inode, __u64 nmode)
531 struct cifs_sid *owner_sid_ptr, *group_sid_ptr;
532 struct cifs_acl *dacl_ptr = NULL; /* no need for SACL ptr */
533 struct cifs_acl *ndacl_ptr = NULL; /* no need for SACL ptr */
535 if ((inode == NULL) || (pntsd == NULL) || (pnntsd == NULL))
538 owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +
539 le32_to_cpu(pntsd->osidoffset));
540 group_sid_ptr = (struct cifs_sid *)((char *)pntsd +
541 le32_to_cpu(pntsd->gsidoffset));
543 dacloffset = le32_to_cpu(pntsd->dacloffset);
544 dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);
546 ndacloffset = sizeof(struct cifs_ntsd);
547 ndacl_ptr = (struct cifs_acl *)((char *)pnntsd + ndacloffset);
548 ndacl_ptr->revision = dacl_ptr->revision;
550 ndacl_ptr->num_aces = 0;
552 rc = set_chmod_dacl(ndacl_ptr, owner_sid_ptr, group_sid_ptr, nmode);
554 sidsoffset = ndacloffset + le16_to_cpu(ndacl_ptr->size);
556 /* copy security descriptor control portion and owner and group sid */
557 copy_sec_desc(pntsd, pnntsd, sidsoffset);
562 static struct cifs_ntsd *get_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb,
563 __u16 fid, u32 *pacllen)
565 struct cifs_ntsd *pntsd = NULL;
567 struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);
570 return ERR_CAST(tlink);
573 rc = CIFSSMBGetCIFSACL(xid, tlink_tcon(tlink), fid, &pntsd, pacllen);
576 cifs_put_tlink(tlink);
578 cFYI(1, "%s: rc = %d ACL len %d", __func__, rc, *pacllen);
584 static struct cifs_ntsd *get_cifs_acl_by_path(struct cifs_sb_info *cifs_sb,
585 const char *path, u32 *pacllen)
587 struct cifs_ntsd *pntsd = NULL;
591 struct cifsTconInfo *tcon;
592 struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);
595 return ERR_CAST(tlink);
597 tcon = tlink_tcon(tlink);
600 rc = CIFSSMBOpen(xid, tcon, path, FILE_OPEN, READ_CONTROL, 0,
601 &fid, &oplock, NULL, cifs_sb->local_nls,
602 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
604 rc = CIFSSMBGetCIFSACL(xid, tcon, fid, &pntsd, pacllen);
605 CIFSSMBClose(xid, tcon, fid);
608 cifs_put_tlink(tlink);
611 cFYI(1, "%s: rc = %d ACL len %d", __func__, rc, *pacllen);
617 /* Retrieve an ACL from the server */
618 struct cifs_ntsd *get_cifs_acl(struct cifs_sb_info *cifs_sb,
619 struct inode *inode, const char *path,
622 struct cifs_ntsd *pntsd = NULL;
623 struct cifsFileInfo *open_file = NULL;
626 open_file = find_readable_file(CIFS_I(inode), true);
628 return get_cifs_acl_by_path(cifs_sb, path, pacllen);
630 pntsd = get_cifs_acl_by_fid(cifs_sb, open_file->netfid, pacllen);
631 cifsFileInfo_put(open_file);
635 static int set_cifs_acl_by_fid(struct cifs_sb_info *cifs_sb, __u16 fid,
636 struct cifs_ntsd *pnntsd, u32 acllen)
639 struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);
642 return PTR_ERR(tlink);
645 rc = CIFSSMBSetCIFSACL(xid, tlink_tcon(tlink), fid, pnntsd, acllen);
647 cifs_put_tlink(tlink);
649 cFYI(DBG2, "SetCIFSACL rc = %d", rc);
653 static int set_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, const char *path,
654 struct cifs_ntsd *pnntsd, u32 acllen)
659 struct cifsTconInfo *tcon;
660 struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);
663 return PTR_ERR(tlink);
665 tcon = tlink_tcon(tlink);
668 rc = CIFSSMBOpen(xid, tcon, path, FILE_OPEN, WRITE_DAC, 0,
669 &fid, &oplock, NULL, cifs_sb->local_nls,
670 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
672 cERROR(1, "Unable to open file to set ACL");
676 rc = CIFSSMBSetCIFSACL(xid, tcon, fid, pnntsd, acllen);
677 cFYI(DBG2, "SetCIFSACL rc = %d", rc);
679 CIFSSMBClose(xid, tcon, fid);
682 cifs_put_tlink(tlink);
686 /* Set an ACL on the server */
687 static int set_cifs_acl(struct cifs_ntsd *pnntsd, __u32 acllen,
688 struct inode *inode, const char *path)
690 struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
691 struct cifsFileInfo *open_file;
694 cFYI(DBG2, "set ACL for %s from mode 0x%x", path, inode->i_mode);
696 open_file = find_readable_file(CIFS_I(inode), true);
698 return set_cifs_acl_by_path(cifs_sb, path, pnntsd, acllen);
700 rc = set_cifs_acl_by_fid(cifs_sb, open_file->netfid, pnntsd, acllen);
701 cifsFileInfo_put(open_file);
705 /* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */
707 cifs_acl_to_fattr(struct cifs_sb_info *cifs_sb, struct cifs_fattr *fattr,
708 struct inode *inode, const char *path, const __u16 *pfid)
710 struct cifs_ntsd *pntsd = NULL;
714 cFYI(DBG2, "converting ACL to mode for %s", path);
717 pntsd = get_cifs_acl_by_fid(cifs_sb, *pfid, &acllen);
719 pntsd = get_cifs_acl(cifs_sb, inode, path, &acllen);
721 /* if we can retrieve the ACL, now parse Access Control Entries, ACEs */
724 cERROR(1, "%s: error %d getting sec desc", __func__, rc);
726 rc = parse_sec_desc(pntsd, acllen, fattr);
729 cERROR(1, "parse sec desc failed rc = %d", rc);
735 /* Convert mode bits to an ACL so we can update the ACL on the server */
736 int mode_to_cifs_acl(struct inode *inode, const char *path, __u64 nmode)
739 __u32 secdesclen = 0;
740 struct cifs_ntsd *pntsd = NULL; /* acl obtained from server */
741 struct cifs_ntsd *pnntsd = NULL; /* modified acl to be sent to server */
743 cFYI(DBG2, "set ACL from mode for %s", path);
745 /* Get the security descriptor */
746 pntsd = get_cifs_acl(CIFS_SB(inode->i_sb), inode, path, &secdesclen);
748 /* Add three ACEs for owner, group, everyone getting rid of
749 other ACEs as chmod disables ACEs and set the security descriptor */
753 cERROR(1, "%s: error %d getting sec desc", __func__, rc);
755 /* allocate memory for the smb header,
756 set security descriptor request security descriptor
757 parameters, and secuirty descriptor itself */
759 secdesclen = secdesclen < DEFSECDESCLEN ?
760 DEFSECDESCLEN : secdesclen;
761 pnntsd = kmalloc(secdesclen, GFP_KERNEL);
763 cERROR(1, "Unable to allocate security descriptor");
768 rc = build_sec_desc(pntsd, pnntsd, inode, nmode);
770 cFYI(DBG2, "build_sec_desc rc: %d", rc);
773 /* Set the security descriptor */
774 rc = set_cifs_acl(pnntsd, secdesclen, inode, path);
775 cFYI(DBG2, "set_cifs_acl rc: %d", rc);