Lines Matching +full:set +full:- +full:aces
1 // SPDX-License-Identifier: LGPL-2.1+
38 /* S-1-22-1 Unmapped Unix users */
42 /* S-1-22-2 Unmapped Unix groups */
47 * See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
50 /* S-1-5-88 MS NFS and Apple style UID/GID/mode */
52 /* S-1-5-88-1 Unix uid */
57 /* S-1-5-88-2 Unix gid */
62 /* S-1-5-88-3 Unix mode */
69 * the same returns zero, if they do not match returns non-zero.
80 if (ctsid->revision != cwsid->revision) { in compare_sids()
81 if (ctsid->revision > cwsid->revision) in compare_sids()
84 return -1; in compare_sids()
89 if (ctsid->authority[i] != cwsid->authority[i]) { in compare_sids()
90 if (ctsid->authority[i] > cwsid->authority[i]) in compare_sids()
93 return -1; in compare_sids()
98 num_sat = ctsid->num_subauth; in compare_sids()
99 num_saw = cwsid->num_subauth; in compare_sids()
103 if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) { in compare_sids()
104 if (le32_to_cpu(ctsid->sub_auth[i]) > in compare_sids()
105 le32_to_cpu(cwsid->sub_auth[i])) in compare_sids()
108 return -1; in compare_sids()
120 dst->revision = src->revision; in smb_copy_sid()
121 dst->num_subauth = min_t(u8, src->num_subauth, SID_MAX_SUB_AUTHORITIES); in smb_copy_sid()
123 dst->authority[i] = src->authority[i]; in smb_copy_sid()
124 for (i = 0; i < dst->num_subauth; ++i) in smb_copy_sid()
125 dst->sub_auth[i] = src->sub_auth[i]; in smb_copy_sid()
131 * bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
149 if (S_ISDIR(fattr->cf_mode)) in access_flags_to_mode()
201 pntace->type = type; in fill_ace_for_sid()
202 pntace->flags = flags; in fill_ace_for_sid()
206 pntace->access_req = cpu_to_le32(access_req); in fill_ace_for_sid()
208 pntace->sid.revision = psid->revision; in fill_ace_for_sid()
209 pntace->sid.num_subauth = psid->num_subauth; in fill_ace_for_sid()
211 pntace->sid.authority[i] = psid->authority[i]; in fill_ace_for_sid()
212 for (i = 0; i < psid->num_subauth; i++) in fill_ace_for_sid()
213 pntace->sid.sub_auth[i] = psid->sub_auth[i]; in fill_ace_for_sid()
215 size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4); in fill_ace_for_sid()
216 pntace->size = cpu_to_le16(size); in fill_ace_for_sid()
253 ssid->sub_auth[ssid->num_subauth] = cpu_to_le32(cid); in id_to_sid()
254 ssid->num_subauth++; in id_to_sid()
261 int rc = -EINVAL; in sid_to_id()
267 if (unlikely(psid->num_subauth > SID_MAX_SUB_AUTHORITIES)) { in sid_to_id()
269 __func__, psid->num_subauth); in sid_to_id()
270 return -EIO; in sid_to_id()
273 if (psid->num_subauth == 0) { in sid_to_id()
275 return -EIO; in sid_to_id()
282 id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); in sid_to_id()
286 fattr->cf_uid = uid; in sid_to_id()
293 id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); in sid_to_id()
297 fattr->cf_gid = gid; in sid_to_id()
310 pace->e_tag = ACL_USER_OBJ; in posix_state_to_acl()
311 pace->e_perm = state->owner.allow; in posix_state_to_acl()
312 for (i = 0; i < state->users->n; i++) { in posix_state_to_acl()
314 pace->e_tag = ACL_USER; in posix_state_to_acl()
315 pace->e_uid = state->users->aces[i].uid; in posix_state_to_acl()
316 pace->e_perm = state->users->aces[i].perms.allow; in posix_state_to_acl()
320 pace->e_tag = ACL_GROUP_OBJ; in posix_state_to_acl()
321 pace->e_perm = state->group.allow; in posix_state_to_acl()
323 for (i = 0; i < state->groups->n; i++) { in posix_state_to_acl()
325 pace->e_tag = ACL_GROUP; in posix_state_to_acl()
326 pace->e_gid = state->groups->aces[i].gid; in posix_state_to_acl()
327 pace->e_perm = state->groups->aces[i].perms.allow; in posix_state_to_acl()
330 if (state->users->n || state->groups->n) { in posix_state_to_acl()
332 pace->e_tag = ACL_MASK; in posix_state_to_acl()
333 pace->e_perm = state->mask.allow; in posix_state_to_acl()
337 pace->e_tag = ACL_OTHER; in posix_state_to_acl()
338 pace->e_perm = state->other.allow; in posix_state_to_acl()
353 state->users = kzalloc(alloc, KSMBD_DEFAULT_GFP); in init_acl_state()
354 if (!state->users) in init_acl_state()
355 return -ENOMEM; in init_acl_state()
356 state->groups = kzalloc(alloc, KSMBD_DEFAULT_GFP); in init_acl_state()
357 if (!state->groups) { in init_acl_state()
358 kfree(state->users); in init_acl_state()
359 return -ENOMEM; in init_acl_state()
366 kfree(state->users); in free_acl_state()
367 kfree(state->groups); in free_acl_state()
390 end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { in parse_dacl()
395 ksmbd_debug(SMB, "DACL revision %d size %d num aces %d\n", in parse_dacl()
396 le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size), in parse_dacl()
397 le16_to_cpu(pdacl->num_aces)); in parse_dacl()
402 num_aces = le16_to_cpu(pdacl->num_aces); in parse_dacl()
406 if (num_aces > (le16_to_cpu(pdacl->size) - sizeof(struct smb_acl)) / in parse_dacl()
429 * Also, if num_aces is 0 i.e. DACL has no ACEs, in parse_dacl()
433 if (end_of_acl - acl_base < acl_size) in parse_dacl()
441 if (end_of_acl - acl_base < acl_size || in parse_dacl()
442 ppace[i]->sid.num_subauth == 0 || in parse_dacl()
443 ppace[i]->sid.num_subauth > SID_MAX_SUB_AUTHORITIES || in parse_dacl()
444 (end_of_acl - acl_base < in parse_dacl()
445 acl_size + sizeof(__le32) * ppace[i]->sid.num_subauth) || in parse_dacl()
446 (le16_to_cpu(ppace[i]->size) < in parse_dacl()
447 acl_size + sizeof(__le32) * ppace[i]->sid.num_subauth)) in parse_dacl()
450 acl_size = le16_to_cpu(ppace[i]->size); in parse_dacl()
451 ppace[i]->access_req = in parse_dacl()
452 smb_map_generic_desired_access(ppace[i]->access_req); in parse_dacl()
454 if (!(compare_sids(&ppace[i]->sid, &sid_unix_NFS_mode))) { in parse_dacl()
455 fattr->cf_mode = in parse_dacl()
456 le32_to_cpu(ppace[i]->sid.sub_auth[2]); in parse_dacl()
458 } else if (!compare_sids(&ppace[i]->sid, pownersid)) { in parse_dacl()
460 ppace[i]->access_req, in parse_dacl()
461 ppace[i]->type); in parse_dacl()
469 } else if (!compare_sids(&ppace[i]->sid, pgrpsid) || in parse_dacl()
470 ppace[i]->sid.sub_auth[ppace[i]->sid.num_subauth - 1] == in parse_dacl()
473 ppace[i]->access_req, in parse_dacl()
474 ppace[i]->type); in parse_dacl()
481 } else if (!compare_sids(&ppace[i]->sid, &sid_everyone)) { in parse_dacl()
483 ppace[i]->access_req, in parse_dacl()
484 ppace[i]->type); in parse_dacl()
491 } else if (!compare_sids(&ppace[i]->sid, &creator_owner)) { in parse_dacl()
493 } else if (!compare_sids(&ppace[i]->sid, &creator_group)) { in parse_dacl()
495 } else if (!compare_sids(&ppace[i]->sid, &sid_authusers)) { in parse_dacl()
500 acl_mode = access_flags_to_mode(fattr, ppace[i]->access_req, in parse_dacl()
501 ppace[i]->type); in parse_dacl()
503 ret = sid_to_id(idmap, &ppace[i]->sid, SIDOWNER, &temp_fattr); in parse_dacl()
511 acl_state.users->aces[acl_state.users->n].uid = in parse_dacl()
513 acl_state.users->aces[acl_state.users->n++].perms.allow = in parse_dacl()
516 default_acl_state.users->aces[default_acl_state.users->n].uid = in parse_dacl()
518 default_acl_state.users->aces[default_acl_state.users->n++].perms.allow = in parse_dacl()
525 /* The owner must be set to at least read-only. */ in parse_dacl()
527 acl_state.users->aces[acl_state.users->n].uid = fattr->cf_uid; in parse_dacl()
528 acl_state.users->aces[acl_state.users->n++].perms.allow = in parse_dacl()
531 default_acl_state.users->aces[default_acl_state.users->n].uid = in parse_dacl()
532 fattr->cf_uid; in parse_dacl()
533 default_acl_state.users->aces[default_acl_state.users->n++].perms.allow = in parse_dacl()
539 acl_state.groups->aces[acl_state.groups->n].gid = in parse_dacl()
540 fattr->cf_gid; in parse_dacl()
541 acl_state.groups->aces[acl_state.groups->n++].perms.allow = in parse_dacl()
544 default_acl_state.groups->aces[default_acl_state.groups->n].gid = in parse_dacl()
545 fattr->cf_gid; in parse_dacl()
546 default_acl_state.groups->aces[default_acl_state.groups->n++].perms.allow = in parse_dacl()
551 fattr->cf_mode &= ~(0007); in parse_dacl()
552 fattr->cf_mode |= mode & 0007; in parse_dacl()
558 if (acl_state.users->n || acl_state.groups->n) { in parse_dacl()
562 fattr->cf_acls = in parse_dacl()
563 posix_acl_alloc(acl_state.users->n + in parse_dacl()
564 acl_state.groups->n + 4, KSMBD_DEFAULT_GFP); in parse_dacl()
565 if (fattr->cf_acls) { in parse_dacl()
566 cf_pace = fattr->cf_acls->a_entries; in parse_dacl()
572 if (default_acl_state.users->n || default_acl_state.groups->n) { in parse_dacl()
576 fattr->cf_dacls = in parse_dacl()
577 posix_acl_alloc(default_acl_state.users->n + in parse_dacl()
578 default_acl_state.groups->n + 4, KSMBD_DEFAULT_GFP); in parse_dacl()
579 if (fattr->cf_dacls) { in parse_dacl()
580 cf_pdace = fattr->cf_dacls->a_entries; in parse_dacl()
599 if (!fattr->cf_acls) in set_posix_acl_entries_dacl()
602 pace = fattr->cf_acls->a_entries; in set_posix_acl_entries_dacl()
603 for (i = 0; i < fattr->cf_acls->a_count; i++, pace++) { in set_posix_acl_entries_dacl()
610 if (pace->e_tag == ACL_USER) { in set_posix_acl_entries_dacl()
618 } else if (pace->e_tag == ACL_GROUP) { in set_posix_acl_entries_dacl()
623 } else if (pace->e_tag == ACL_OTHER && !nt_aces_num) { in set_posix_acl_entries_dacl()
631 if (ntace->sid.sub_auth[ntace->sid.num_subauth - 1] == in set_posix_acl_entries_dacl()
632 sid->sub_auth[sid->num_subauth - 1]) in set_posix_acl_entries_dacl()
635 le16_to_cpu(ntace->size)); in set_posix_acl_entries_dacl()
638 if (S_ISDIR(fattr->cf_mode) && pace->e_tag == ACL_OTHER) in set_posix_acl_entries_dacl()
643 pace->e_perm, 0777); in set_posix_acl_entries_dacl()
645 if (pace->e_tag == ACL_USER) in set_posix_acl_entries_dacl()
646 ntace->access_req |= in set_posix_acl_entries_dacl()
649 if (S_ISDIR(fattr->cf_mode) && in set_posix_acl_entries_dacl()
650 (pace->e_tag == ACL_USER || pace->e_tag == ACL_GROUP)) { in set_posix_acl_entries_dacl()
653 0x03, pace->e_perm, 0777); in set_posix_acl_entries_dacl()
655 if (pace->e_tag == ACL_USER) in set_posix_acl_entries_dacl()
656 ntace->access_req |= in set_posix_acl_entries_dacl()
668 if (!fattr->cf_dacls) in set_posix_acl_entries_dacl()
671 pace = fattr->cf_dacls->a_entries; in set_posix_acl_entries_dacl()
672 for (i = 0; i < fattr->cf_dacls->a_count; i++, pace++) { in set_posix_acl_entries_dacl()
677 if (pace->e_tag == ACL_USER) { in set_posix_acl_entries_dacl()
682 } else if (pace->e_tag == ACL_GROUP) { in set_posix_acl_entries_dacl()
694 pace->e_perm, 0777); in set_posix_acl_entries_dacl()
696 if (pace->e_tag == ACL_USER) in set_posix_acl_entries_dacl()
697 ntace->access_req |= in set_posix_acl_entries_dacl()
712 u16 nt_num_aces = le16_to_cpu(nt_dacl->num_aces), num_aces = 0; in set_ntacl_dacl()
725 nt_ace_size = le16_to_cpu(ntace->size); in set_ntacl_dacl()
731 aces_size -= nt_ace_size; in set_ntacl_dacl()
739 pndacl->num_aces = cpu_to_le16(num_aces); in set_ntacl_dacl()
740 pndacl->size = cpu_to_le16(le16_to_cpu(pndacl->size) + size); in set_ntacl_dacl()
754 if (fattr->cf_acls) { in set_mode_dacl()
761 uid = from_kuid(&init_user_ns, fattr->cf_uid); in set_mode_dacl()
767 fattr->cf_mode, 0700); in set_mode_dacl()
768 pace->sid.sub_auth[pace->sid.num_subauth++] = cpu_to_le32(uid); in set_mode_dacl()
769 pace->size = cpu_to_le16(ace_size + 4); in set_mode_dacl()
770 size += le16_to_cpu(pace->size); in set_mode_dacl()
775 ACCESS_ALLOWED, 0, fattr->cf_mode, 0070); in set_mode_dacl()
776 pace->sid.sub_auth[pace->sid.num_subauth++] = in set_mode_dacl()
777 cpu_to_le32(from_kgid(&init_user_ns, fattr->cf_gid)); in set_mode_dacl()
778 pace->size = cpu_to_le16(ace_size + 4); in set_mode_dacl()
779 size += le16_to_cpu(pace->size); in set_mode_dacl()
783 if (S_ISDIR(fattr->cf_mode)) { in set_mode_dacl()
788 0x0b, fattr->cf_mode, 0700); in set_mode_dacl()
793 0x0b, fattr->cf_mode, 0070); in set_mode_dacl()
800 fattr->cf_mode, 0007); in set_mode_dacl()
803 pndacl->num_aces = cpu_to_le16(num_aces); in set_mode_dacl()
804 pndacl->size = cpu_to_le16(le16_to_cpu(pndacl->size) + size); in set_mode_dacl()
810 * validate that we do not go past end of ACL - sid must be at least 8 in parse_sid()
811 * bytes long (assuming no sub-auths - e.g. the null SID in parse_sid()
815 return -EINVAL; in parse_sid()
818 if (!psid->num_subauth) in parse_sid()
821 if (psid->num_subauth > SID_MAX_SUB_AUTHORITIES || in parse_sid()
822 end_of_acl < (char *)psid + 8 + sizeof(__le32) * psid->num_subauth) in parse_sid()
823 return -EINVAL; in parse_sid()
840 return -EIO; in parse_sec_desc()
843 return -EINVAL; in parse_sec_desc()
846 le32_to_cpu(pntsd->osidoffset)); in parse_sec_desc()
848 le32_to_cpu(pntsd->gsidoffset)); in parse_sec_desc()
849 dacloffset = le32_to_cpu(pntsd->dacloffset); in parse_sec_desc()
853 pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset), in parse_sec_desc()
854 le32_to_cpu(pntsd->gsidoffset), in parse_sec_desc()
855 le32_to_cpu(pntsd->sacloffset), dacloffset); in parse_sec_desc()
857 pntsd_type = le16_to_cpu(pntsd->type); in parse_sec_desc()
859 ksmbd_debug(SMB, "DACL_PRESENT in DACL type is not set\n"); in parse_sec_desc()
863 pntsd->type = cpu_to_le16(DACL_PRESENT); in parse_sec_desc()
865 if (pntsd->osidoffset) { in parse_sec_desc()
866 if (le32_to_cpu(pntsd->osidoffset) < sizeof(struct smb_ntsd)) in parse_sec_desc()
867 return -EINVAL; in parse_sec_desc()
883 if (pntsd->gsidoffset) { in parse_sec_desc()
884 if (le32_to_cpu(pntsd->gsidoffset) < sizeof(struct smb_ntsd)) in parse_sec_desc()
885 return -EINVAL; in parse_sec_desc()
903 pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); in parse_sec_desc()
905 pntsd->type |= cpu_to_le16(DACL_PROTECTED); in parse_sec_desc()
909 return -EINVAL; in parse_sec_desc()
935 return -ENOMEM; in build_sec_desc()
937 uid = from_kuid(&init_user_ns, fattr->cf_uid); in build_sec_desc()
945 return -ENOMEM; in build_sec_desc()
948 gid = from_kgid(&init_user_ns, fattr->cf_gid); in build_sec_desc()
952 pntsd->sacloffset = 0; in build_sec_desc()
953 pntsd->revision = cpu_to_le16(1); in build_sec_desc()
954 pntsd->type = cpu_to_le16(SELF_RELATIVE); in build_sec_desc()
956 pntsd->type |= ppntsd->type; in build_sec_desc()
959 pntsd->osidoffset = cpu_to_le32(offset); in build_sec_desc()
962 offset += 1 + 1 + 6 + (nowner_sid_ptr->num_subauth * 4); in build_sec_desc()
966 pntsd->gsidoffset = cpu_to_le32(offset); in build_sec_desc()
969 offset += 1 + 1 + 6 + (ngroup_sid_ptr->num_subauth * 4); in build_sec_desc()
973 pntsd->type |= cpu_to_le16(DACL_PRESENT); in build_sec_desc()
975 dacl_ptr->revision = cpu_to_le16(2); in build_sec_desc()
976 dacl_ptr->size = cpu_to_le16(sizeof(struct smb_acl)); in build_sec_desc()
977 dacl_ptr->num_aces = 0; in build_sec_desc()
983 unsigned int dacl_offset = le32_to_cpu(ppntsd->dacloffset); in build_sec_desc()
984 int ppdacl_size, ntacl_size = ppntsd_size - dacl_offset; in build_sec_desc()
991 ppdacl_size = le16_to_cpu(ppdacl_ptr->size); in build_sec_desc()
997 ntacl_size - sizeof(struct smb_acl), in build_sec_desc()
1001 pntsd->dacloffset = cpu_to_le32(offset); in build_sec_desc()
1002 offset += le16_to_cpu(dacl_ptr->size); in build_sec_desc()
1015 ace->type = type; in smb_set_ace()
1016 ace->flags = flags; in smb_set_ace()
1017 ace->access_req = access_req; in smb_set_ace()
1018 smb_copy_sid(&ace->sid, sid); in smb_set_ace()
1019 ace->size = cpu_to_le16(1 + 1 + 2 + 4 + 1 + 1 + 6 + (sid->num_subauth * 4)); in smb_set_ace()
1027 struct smb_ace *parent_aces, *aces; in smb_inherit_dacl() local
1031 struct dentry *parent = path->dentry->d_parent; in smb_inherit_dacl()
1032 struct mnt_idmap *idmap = mnt_idmap(path->mnt); in smb_inherit_dacl()
1039 bool is_dir = S_ISDIR(d_inode(path->dentry)->i_mode); in smb_inherit_dacl()
1044 return -ENOENT; in smb_inherit_dacl()
1046 dacloffset = le32_to_cpu(parent_pntsd->dacloffset); in smb_inherit_dacl()
1050 rc = -EINVAL; in smb_inherit_dacl()
1055 acl_len = pntsd_size - dacloffset; in smb_inherit_dacl()
1056 num_aces = le16_to_cpu(parent_pdacl->num_aces); in smb_inherit_dacl()
1057 pntsd_type = le16_to_cpu(parent_pntsd->type); in smb_inherit_dacl()
1058 pdacl_size = le16_to_cpu(parent_pdacl->size); in smb_inherit_dacl()
1061 rc = -EINVAL; in smb_inherit_dacl()
1068 rc = -ENOMEM; in smb_inherit_dacl()
1072 aces = (struct smb_ace *)aces_base; in smb_inherit_dacl()
1075 aces_size = acl_len - sizeof(struct smb_acl); in smb_inherit_dacl()
1086 pace_size = le16_to_cpu(parent_aces->size); in smb_inherit_dacl()
1090 aces_size -= pace_size; in smb_inherit_dacl()
1092 flags = parent_aces->flags; in smb_inherit_dacl()
1105 if (!compare_sids(&creator_owner, &parent_aces->sid)) { in smb_inherit_dacl()
1109 } else if (!compare_sids(&creator_group, &parent_aces->sid)) { in smb_inherit_dacl()
1115 psid = &parent_aces->sid; in smb_inherit_dacl()
1119 smb_set_ace(aces, psid, parent_aces->type, inherited_flags, in smb_inherit_dacl()
1120 parent_aces->access_req); in smb_inherit_dacl()
1121 nt_size += le16_to_cpu(aces->size); in smb_inherit_dacl()
1123 aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); in smb_inherit_dacl()
1126 } else if (is_dir && !(parent_aces->flags & NO_PROPAGATE_INHERIT_ACE)) { in smb_inherit_dacl()
1127 psid = &parent_aces->sid; in smb_inherit_dacl()
1130 smb_set_ace(aces, psid, parent_aces->type, flags | inherited_flags, in smb_inherit_dacl()
1131 parent_aces->access_req); in smb_inherit_dacl()
1132 nt_size += le16_to_cpu(aces->size); in smb_inherit_dacl()
1133 aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); in smb_inherit_dacl()
1146 if (parent_pntsd->osidoffset) { in smb_inherit_dacl()
1148 le32_to_cpu(parent_pntsd->osidoffset)); in smb_inherit_dacl()
1149 powner_sid_size = 1 + 1 + 6 + (powner_sid->num_subauth * 4); in smb_inherit_dacl()
1151 if (parent_pntsd->gsidoffset) { in smb_inherit_dacl()
1153 le32_to_cpu(parent_pntsd->gsidoffset)); in smb_inherit_dacl()
1154 pgroup_sid_size = 1 + 1 + 6 + (pgroup_sid->num_subauth * 4); in smb_inherit_dacl()
1162 rc = -ENOMEM; in smb_inherit_dacl()
1166 pntsd->revision = cpu_to_le16(1); in smb_inherit_dacl()
1167 pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PRESENT); in smb_inherit_dacl()
1168 if (le16_to_cpu(parent_pntsd->type) & DACL_AUTO_INHERITED) in smb_inherit_dacl()
1169 pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); in smb_inherit_dacl()
1171 pntsd->osidoffset = parent_pntsd->osidoffset; in smb_inherit_dacl()
1172 pntsd->gsidoffset = parent_pntsd->gsidoffset; in smb_inherit_dacl()
1173 pntsd->dacloffset = parent_pntsd->dacloffset; in smb_inherit_dacl()
1175 if ((u64)le32_to_cpu(pntsd->osidoffset) + powner_sid_size > in smb_inherit_dacl()
1177 rc = -EINVAL; in smb_inherit_dacl()
1182 if ((u64)le32_to_cpu(pntsd->gsidoffset) + pgroup_sid_size > in smb_inherit_dacl()
1184 rc = -EINVAL; in smb_inherit_dacl()
1189 if ((u64)le32_to_cpu(pntsd->dacloffset) + sizeof(struct smb_acl) + nt_size > in smb_inherit_dacl()
1191 rc = -EINVAL; in smb_inherit_dacl()
1196 if (pntsd->osidoffset) { in smb_inherit_dacl()
1198 le32_to_cpu(pntsd->osidoffset)); in smb_inherit_dacl()
1203 if (pntsd->gsidoffset) { in smb_inherit_dacl()
1205 le32_to_cpu(pntsd->gsidoffset)); in smb_inherit_dacl()
1210 if (pntsd->dacloffset) { in smb_inherit_dacl()
1213 pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); in smb_inherit_dacl()
1214 pdacl->revision = cpu_to_le16(2); in smb_inherit_dacl()
1215 pdacl->size = cpu_to_le16(sizeof(struct smb_acl) + nt_size); in smb_inherit_dacl()
1216 pdacl->num_aces = cpu_to_le16(ace_cnt); in smb_inherit_dacl()
1249 struct mnt_idmap *idmap = mnt_idmap(path->mnt); in smb_check_perm_dacl()
1268 path->dentry, &pntsd); in smb_check_perm_dacl()
1272 dacl_offset = le32_to_cpu(pntsd->dacloffset); in smb_check_perm_dacl()
1278 pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); in smb_check_perm_dacl()
1279 acl_size = pntsd_size - dacl_offset; in smb_check_perm_dacl()
1280 pdacl_size = le16_to_cpu(pdacl->size); in smb_check_perm_dacl()
1285 if (!pdacl->num_aces) { in smb_check_perm_dacl()
1286 if (!(pdacl_size - sizeof(struct smb_acl)) && in smb_check_perm_dacl()
1288 rc = -EACCES; in smb_check_perm_dacl()
1299 aces_size = acl_size - sizeof(struct smb_acl); in smb_check_perm_dacl()
1300 for (i = 0; i < le16_to_cpu(pdacl->num_aces); i++) { in smb_check_perm_dacl()
1303 ace_size = le16_to_cpu(ace->size); in smb_check_perm_dacl()
1306 aces_size -= ace_size; in smb_check_perm_dacl()
1307 granted |= le32_to_cpu(ace->access_req); in smb_check_perm_dacl()
1308 ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size)); in smb_check_perm_dacl()
1311 if (!pdacl->num_aces) in smb_check_perm_dacl()
1320 aces_size = acl_size - sizeof(struct smb_acl); in smb_check_perm_dacl()
1321 for (i = 0; i < le16_to_cpu(pdacl->num_aces); i++) { in smb_check_perm_dacl()
1324 ace_size = le16_to_cpu(ace->size); in smb_check_perm_dacl()
1327 aces_size -= ace_size; in smb_check_perm_dacl()
1329 if (!compare_sids(&sid, &ace->sid) || in smb_check_perm_dacl()
1330 !compare_sids(&sid_unix_NFS_mode, &ace->sid)) { in smb_check_perm_dacl()
1334 if (!compare_sids(&sid_everyone, &ace->sid)) in smb_check_perm_dacl()
1337 ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size)); in smb_check_perm_dacl()
1344 granted |= le32_to_cpu(ace->access_req); in smb_check_perm_dacl()
1346 if (!pdacl->num_aces) in smb_check_perm_dacl()
1351 posix_acls = get_inode_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); in smb_check_perm_dacl()
1353 unsigned int id = -1; in smb_check_perm_dacl()
1355 pa_entry = posix_acls->a_entries; in smb_check_perm_dacl()
1356 for (i = 0; i < posix_acls->a_count; i++, pa_entry++) { in smb_check_perm_dacl()
1357 if (pa_entry->e_tag == ACL_USER) in smb_check_perm_dacl()
1359 else if (pa_entry->e_tag == ACL_GROUP) in smb_check_perm_dacl()
1365 mode_to_access_flags(pa_entry->e_perm, in smb_check_perm_dacl()
1385 rc = -EACCES; in smb_check_perm_dacl()
1390 switch (ace->type) { in smb_check_perm_dacl()
1392 access_bits = le32_to_cpu(ace->access_req); in smb_check_perm_dacl()
1396 access_bits = le32_to_cpu(~ace->access_req); in smb_check_perm_dacl()
1404 granted, le32_to_cpu(ace->access_req)); in smb_check_perm_dacl()
1405 rc = -EACCES; in smb_check_perm_dacl()
1421 struct inode *inode = d_inode(path->dentry); in set_info_sec()
1422 struct mnt_idmap *idmap = mnt_idmap(path->mnt); in set_info_sec()
1427 fattr.cf_mode = inode->i_mode; in set_info_sec()
1443 newattrs.ia_mode = (inode->i_mode & ~0777) | (fattr.cf_mode & 0777); in set_info_sec()
1448 rc = set_posix_acl(idmap, path->dentry, in set_info_sec()
1452 "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", in set_info_sec()
1454 if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) { in set_info_sec()
1455 rc = set_posix_acl(idmap, path->dentry, in set_info_sec()
1459 "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", in set_info_sec()
1465 rc = notify_change(idmap, path->dentry, &newattrs, NULL); in set_info_sec()
1471 if (type_check && !(le16_to_cpu(pntsd->type) & DACL_PRESENT)) in set_info_sec()
1474 if (test_share_config_flag(tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) { in set_info_sec()