tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* SPDX-License-Identifier: LGPL-2.1+ */
2/*
3 * Copyright (c) International Business Machines Corp., 2007
4 * Author(s): Steve French (sfrench@us.ibm.com)
5 * Modified by Namjae Jeon (linkinjeon@kernel.org)
6 */
7
8#ifndef _SMBACL_H
9#define _SMBACL_H
10
11#include "../common/smbacl.h"
12#include <linux/fs.h>
13#include <linux/namei.h>
14#include <linux/posix_acl.h>
15#include <linux/mnt_idmapping.h>
16
17#include "mgmt/tree_connect.h"
18
19/* Revision for ACLs */
20#define SD_REVISION 1
21
22/* Control flags for Security Descriptor */
23#define OWNER_DEFAULTED 0x0001
24#define GROUP_DEFAULTED 0x0002
25#define DACL_PRESENT 0x0004
26#define DACL_DEFAULTED 0x0008
27#define SACL_PRESENT 0x0010
28#define SACL_DEFAULTED 0x0020
29#define DACL_TRUSTED 0x0040
30#define SERVER_SECURITY 0x0080
31#define DACL_AUTO_INHERIT_REQ 0x0100
32#define SACL_AUTO_INHERIT_REQ 0x0200
33#define DACL_AUTO_INHERITED 0x0400
34#define SACL_AUTO_INHERITED 0x0800
35#define DACL_PROTECTED 0x1000
36#define SACL_PROTECTED 0x2000
37#define RM_CONTROL_VALID 0x4000
38#define SELF_RELATIVE 0x8000
39
40struct ksmbd_conn;
41
42struct smb_fattr {
43 kuid_t cf_uid;
44 kgid_t cf_gid;
45 umode_t cf_mode;
46 __le32 daccess;
47 struct posix_acl *cf_acls;
48 struct posix_acl *cf_dacls;
49};
50
51struct posix_ace_state {
52 u32 allow;
53 u32 deny;
54};
55
56struct posix_user_ace_state {
57 union {
58 kuid_t uid;
59 kgid_t gid;
60 };
61 struct posix_ace_state perms;
62};
63
64struct posix_ace_state_array {
65 int n;
66 struct posix_user_ace_state aces[];
67};
68
69/*
70 * while processing the nfsv4 ace, this maintains the partial permissions
71 * calculated so far:
72 */
73
74struct posix_acl_state {
75 struct posix_ace_state owner;
76 struct posix_ace_state group;
77 struct posix_ace_state other;
78 struct posix_ace_state everyone;
79 struct posix_ace_state mask; /* deny unused in this case */
80 struct posix_ace_state_array *users;
81 struct posix_ace_state_array *groups;
82};
83
84int parse_sec_desc(struct mnt_idmap *idmap, struct smb_ntsd *pntsd,
85 int acl_len, struct smb_fattr *fattr);
86int build_sec_desc(struct mnt_idmap *idmap, struct smb_ntsd *pntsd,
87 struct smb_ntsd *ppntsd, int ppntsd_size, int addition_info,
88 __u32 *secdesclen, struct smb_fattr *fattr);
89int init_acl_state(struct posix_acl_state *state, u16 cnt);
90void free_acl_state(struct posix_acl_state *state);
91void posix_state_to_acl(struct posix_acl_state *state,
92 struct posix_acl_entry *pace);
93int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid);
94bool smb_inherit_flags(int flags, bool is_dir);
95int smb_inherit_dacl(struct ksmbd_conn *conn, const struct path *path,
96 unsigned int uid, unsigned int gid);
97int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path,
98 __le32 *pdaccess, int uid);
99int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon,
100 const struct path *path, struct smb_ntsd *pntsd, int ntsd_len,
101 bool type_check, bool get_write);
102void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid);
103void ksmbd_init_domain(u32 *sub_auth);
104
105static inline uid_t posix_acl_uid_translate(struct mnt_idmap *idmap,
106 struct posix_acl_entry *pace)
107{
108 vfsuid_t vfsuid;
109
110 /* If this is an idmapped mount, apply the idmapping. */
111 vfsuid = make_vfsuid(idmap, &init_user_ns, pace->e_uid);
112
113 /* Translate the kuid into a userspace id ksmbd would see. */
114 return from_kuid(&init_user_ns, vfsuid_into_kuid(vfsuid));
115}
116
117static inline gid_t posix_acl_gid_translate(struct mnt_idmap *idmap,
118 struct posix_acl_entry *pace)
119{
120 vfsgid_t vfsgid;
121
122 /* If this is an idmapped mount, apply the idmapping. */
123 vfsgid = make_vfsgid(idmap, &init_user_ns, pace->e_gid);
124
125 /* Translate the kgid into a userspace id ksmbd would see. */
126 return from_kgid(&init_user_ns, vfsgid_into_kgid(vfsgid));
127}
128
129#endif /* _SMBACL_H */