Lines Matching +full:set +full:- +full:aces
1 // SPDX-License-Identifier: LGPL-2.1+
38 /* S-1-22-1 Unmapped Unix users */
42 /* S-1-22-2 Unmapped Unix groups */
47 * See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
50 /* S-1-5-88 MS NFS and Apple style UID/GID/mode */
52 /* S-1-5-88-1 Unix uid */
57 /* S-1-5-88-2 Unix gid */
62 /* S-1-5-88-3 Unix mode */
69 * the same returns zero, if they do not match returns non-zero.
80 if (ctsid->revision != cwsid->revision) { in compare_sids()
81 if (ctsid->revision > cwsid->revision) in compare_sids()
84 return -1; in compare_sids()
89 if (ctsid->authority[i] != cwsid->authority[i]) { in compare_sids()
90 if (ctsid->authority[i] > cwsid->authority[i]) in compare_sids()
93 return -1; in compare_sids()
98 num_sat = ctsid->num_subauth; in compare_sids()
99 num_saw = cwsid->num_subauth; in compare_sids()
103 if (ctsid->sub_auth[i] != cwsid->sub_auth[i]) { in compare_sids()
104 if (le32_to_cpu(ctsid->sub_auth[i]) > in compare_sids()
105 le32_to_cpu(cwsid->sub_auth[i])) in compare_sids()
108 return -1; in compare_sids()
120 dst->revision = src->revision; in smb_copy_sid()
121 dst->num_subauth = min_t(u8, src->num_subauth, SID_MAX_SUB_AUTHORITIES); in smb_copy_sid()
123 dst->authority[i] = src->authority[i]; in smb_copy_sid()
124 for (i = 0; i < dst->num_subauth; ++i) in smb_copy_sid()
125 dst->sub_auth[i] = src->sub_auth[i]; in smb_copy_sid()
131 * bits to set can be: S_IRWXU, S_IRWXG or S_IRWXO ie 00700 or 00070 or 00007
149 if (S_ISDIR(fattr->cf_mode)) in access_flags_to_mode()
201 pntace->type = type; in fill_ace_for_sid()
202 pntace->flags = flags; in fill_ace_for_sid()
206 pntace->access_req = cpu_to_le32(access_req); in fill_ace_for_sid()
208 pntace->sid.revision = psid->revision; in fill_ace_for_sid()
209 pntace->sid.num_subauth = psid->num_subauth; in fill_ace_for_sid()
211 pntace->sid.authority[i] = psid->authority[i]; in fill_ace_for_sid()
212 for (i = 0; i < psid->num_subauth; i++) in fill_ace_for_sid()
213 pntace->sid.sub_auth[i] = psid->sub_auth[i]; in fill_ace_for_sid()
215 size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth * 4); in fill_ace_for_sid()
216 pntace->size = cpu_to_le16(size); in fill_ace_for_sid()
253 ssid->sub_auth[ssid->num_subauth] = cpu_to_le32(cid); in id_to_sid()
254 ssid->num_subauth++; in id_to_sid()
261 int rc = -EINVAL; in sid_to_id()
267 if (unlikely(psid->num_subauth > SID_MAX_SUB_AUTHORITIES)) { in sid_to_id()
269 __func__, psid->num_subauth); in sid_to_id()
270 return -EIO; in sid_to_id()
277 id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); in sid_to_id()
281 fattr->cf_uid = uid; in sid_to_id()
288 id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); in sid_to_id()
292 fattr->cf_gid = gid; in sid_to_id()
305 pace->e_tag = ACL_USER_OBJ; in posix_state_to_acl()
306 pace->e_perm = state->owner.allow; in posix_state_to_acl()
307 for (i = 0; i < state->users->n; i++) { in posix_state_to_acl()
309 pace->e_tag = ACL_USER; in posix_state_to_acl()
310 pace->e_uid = state->users->aces[i].uid; in posix_state_to_acl()
311 pace->e_perm = state->users->aces[i].perms.allow; in posix_state_to_acl()
315 pace->e_tag = ACL_GROUP_OBJ; in posix_state_to_acl()
316 pace->e_perm = state->group.allow; in posix_state_to_acl()
318 for (i = 0; i < state->groups->n; i++) { in posix_state_to_acl()
320 pace->e_tag = ACL_GROUP; in posix_state_to_acl()
321 pace->e_gid = state->groups->aces[i].gid; in posix_state_to_acl()
322 pace->e_perm = state->groups->aces[i].perms.allow; in posix_state_to_acl()
325 if (state->users->n || state->groups->n) { in posix_state_to_acl()
327 pace->e_tag = ACL_MASK; in posix_state_to_acl()
328 pace->e_perm = state->mask.allow; in posix_state_to_acl()
332 pace->e_tag = ACL_OTHER; in posix_state_to_acl()
333 pace->e_perm = state->other.allow; in posix_state_to_acl()
348 state->users = kzalloc(alloc, GFP_KERNEL); in init_acl_state()
349 if (!state->users) in init_acl_state()
350 return -ENOMEM; in init_acl_state()
351 state->groups = kzalloc(alloc, GFP_KERNEL); in init_acl_state()
352 if (!state->groups) { in init_acl_state()
353 kfree(state->users); in init_acl_state()
354 return -ENOMEM; in init_acl_state()
361 kfree(state->users); in free_acl_state()
362 kfree(state->groups); in free_acl_state()
385 end_of_acl < (char *)pdacl + le16_to_cpu(pdacl->size)) { in parse_dacl()
390 ksmbd_debug(SMB, "DACL revision %d size %d num aces %d\n", in parse_dacl()
391 le16_to_cpu(pdacl->revision), le16_to_cpu(pdacl->size), in parse_dacl()
392 le32_to_cpu(pdacl->num_aces)); in parse_dacl()
397 num_aces = le32_to_cpu(pdacl->num_aces); in parse_dacl()
422 * Also, if num_aces is 0 i.e. DACL has no ACEs, in parse_dacl()
426 if (end_of_acl - acl_base < acl_size) in parse_dacl()
434 if (end_of_acl - acl_base < acl_size || in parse_dacl()
435 ppace[i]->sid.num_subauth > SID_MAX_SUB_AUTHORITIES || in parse_dacl()
436 (end_of_acl - acl_base < in parse_dacl()
437 acl_size + sizeof(__le32) * ppace[i]->sid.num_subauth) || in parse_dacl()
438 (le16_to_cpu(ppace[i]->size) < in parse_dacl()
439 acl_size + sizeof(__le32) * ppace[i]->sid.num_subauth)) in parse_dacl()
442 acl_size = le16_to_cpu(ppace[i]->size); in parse_dacl()
443 ppace[i]->access_req = in parse_dacl()
444 smb_map_generic_desired_access(ppace[i]->access_req); in parse_dacl()
446 if (!(compare_sids(&ppace[i]->sid, &sid_unix_NFS_mode))) { in parse_dacl()
447 fattr->cf_mode = in parse_dacl()
448 le32_to_cpu(ppace[i]->sid.sub_auth[2]); in parse_dacl()
450 } else if (!compare_sids(&ppace[i]->sid, pownersid)) { in parse_dacl()
452 ppace[i]->access_req, in parse_dacl()
453 ppace[i]->type); in parse_dacl()
461 } else if (!compare_sids(&ppace[i]->sid, pgrpsid) || in parse_dacl()
462 ppace[i]->sid.sub_auth[ppace[i]->sid.num_subauth - 1] == in parse_dacl()
465 ppace[i]->access_req, in parse_dacl()
466 ppace[i]->type); in parse_dacl()
473 } else if (!compare_sids(&ppace[i]->sid, &sid_everyone)) { in parse_dacl()
475 ppace[i]->access_req, in parse_dacl()
476 ppace[i]->type); in parse_dacl()
483 } else if (!compare_sids(&ppace[i]->sid, &creator_owner)) { in parse_dacl()
485 } else if (!compare_sids(&ppace[i]->sid, &creator_group)) { in parse_dacl()
487 } else if (!compare_sids(&ppace[i]->sid, &sid_authusers)) { in parse_dacl()
492 acl_mode = access_flags_to_mode(fattr, ppace[i]->access_req, in parse_dacl()
493 ppace[i]->type); in parse_dacl()
495 ret = sid_to_id(idmap, &ppace[i]->sid, SIDOWNER, &temp_fattr); in parse_dacl()
503 acl_state.users->aces[acl_state.users->n].uid = in parse_dacl()
505 acl_state.users->aces[acl_state.users->n++].perms.allow = in parse_dacl()
508 default_acl_state.users->aces[default_acl_state.users->n].uid = in parse_dacl()
510 default_acl_state.users->aces[default_acl_state.users->n++].perms.allow = in parse_dacl()
517 /* The owner must be set to at least read-only. */ in parse_dacl()
519 acl_state.users->aces[acl_state.users->n].uid = fattr->cf_uid; in parse_dacl()
520 acl_state.users->aces[acl_state.users->n++].perms.allow = in parse_dacl()
523 default_acl_state.users->aces[default_acl_state.users->n].uid = in parse_dacl()
524 fattr->cf_uid; in parse_dacl()
525 default_acl_state.users->aces[default_acl_state.users->n++].perms.allow = in parse_dacl()
531 acl_state.groups->aces[acl_state.groups->n].gid = in parse_dacl()
532 fattr->cf_gid; in parse_dacl()
533 acl_state.groups->aces[acl_state.groups->n++].perms.allow = in parse_dacl()
536 default_acl_state.groups->aces[default_acl_state.groups->n].gid = in parse_dacl()
537 fattr->cf_gid; in parse_dacl()
538 default_acl_state.groups->aces[default_acl_state.groups->n++].perms.allow = in parse_dacl()
543 fattr->cf_mode &= ~(0007); in parse_dacl()
544 fattr->cf_mode |= mode & 0007; in parse_dacl()
550 if (acl_state.users->n || acl_state.groups->n) { in parse_dacl()
554 fattr->cf_acls = in parse_dacl()
555 posix_acl_alloc(acl_state.users->n + in parse_dacl()
556 acl_state.groups->n + 4, GFP_KERNEL); in parse_dacl()
557 if (fattr->cf_acls) { in parse_dacl()
558 cf_pace = fattr->cf_acls->a_entries; in parse_dacl()
564 if (default_acl_state.users->n || default_acl_state.groups->n) { in parse_dacl()
568 fattr->cf_dacls = in parse_dacl()
569 posix_acl_alloc(default_acl_state.users->n + in parse_dacl()
570 default_acl_state.groups->n + 4, GFP_KERNEL); in parse_dacl()
571 if (fattr->cf_dacls) { in parse_dacl()
572 cf_pdace = fattr->cf_dacls->a_entries; in parse_dacl()
591 if (!fattr->cf_acls) in set_posix_acl_entries_dacl()
594 pace = fattr->cf_acls->a_entries; in set_posix_acl_entries_dacl()
595 for (i = 0; i < fattr->cf_acls->a_count; i++, pace++) { in set_posix_acl_entries_dacl()
602 if (pace->e_tag == ACL_USER) { in set_posix_acl_entries_dacl()
610 } else if (pace->e_tag == ACL_GROUP) { in set_posix_acl_entries_dacl()
615 } else if (pace->e_tag == ACL_OTHER && !nt_aces_num) { in set_posix_acl_entries_dacl()
623 if (ntace->sid.sub_auth[ntace->sid.num_subauth - 1] == in set_posix_acl_entries_dacl()
624 sid->sub_auth[sid->num_subauth - 1]) in set_posix_acl_entries_dacl()
627 le16_to_cpu(ntace->size)); in set_posix_acl_entries_dacl()
630 if (S_ISDIR(fattr->cf_mode) && pace->e_tag == ACL_OTHER) in set_posix_acl_entries_dacl()
635 pace->e_perm, 0777); in set_posix_acl_entries_dacl()
637 if (pace->e_tag == ACL_USER) in set_posix_acl_entries_dacl()
638 ntace->access_req |= in set_posix_acl_entries_dacl()
641 if (S_ISDIR(fattr->cf_mode) && in set_posix_acl_entries_dacl()
642 (pace->e_tag == ACL_USER || pace->e_tag == ACL_GROUP)) { in set_posix_acl_entries_dacl()
645 0x03, pace->e_perm, 0777); in set_posix_acl_entries_dacl()
647 if (pace->e_tag == ACL_USER) in set_posix_acl_entries_dacl()
648 ntace->access_req |= in set_posix_acl_entries_dacl()
660 if (!fattr->cf_dacls) in set_posix_acl_entries_dacl()
663 pace = fattr->cf_dacls->a_entries; in set_posix_acl_entries_dacl()
664 for (i = 0; i < fattr->cf_dacls->a_count; i++, pace++) { in set_posix_acl_entries_dacl()
669 if (pace->e_tag == ACL_USER) { in set_posix_acl_entries_dacl()
674 } else if (pace->e_tag == ACL_GROUP) { in set_posix_acl_entries_dacl()
686 pace->e_perm, 0777); in set_posix_acl_entries_dacl()
688 if (pace->e_tag == ACL_USER) in set_posix_acl_entries_dacl()
689 ntace->access_req |= in set_posix_acl_entries_dacl()
704 int nt_num_aces = le32_to_cpu(nt_dacl->num_aces), num_aces = 0; in set_ntacl_dacl()
717 nt_ace_size = le16_to_cpu(ntace->size); in set_ntacl_dacl()
723 aces_size -= nt_ace_size; in set_ntacl_dacl()
731 pndacl->num_aces = cpu_to_le32(num_aces); in set_ntacl_dacl()
732 pndacl->size = cpu_to_le16(le16_to_cpu(pndacl->size) + size); in set_ntacl_dacl()
746 if (fattr->cf_acls) { in set_mode_dacl()
753 uid = from_kuid(&init_user_ns, fattr->cf_uid); in set_mode_dacl()
759 fattr->cf_mode, 0700); in set_mode_dacl()
760 pace->sid.sub_auth[pace->sid.num_subauth++] = cpu_to_le32(uid); in set_mode_dacl()
761 pace->size = cpu_to_le16(ace_size + 4); in set_mode_dacl()
762 size += le16_to_cpu(pace->size); in set_mode_dacl()
767 ACCESS_ALLOWED, 0, fattr->cf_mode, 0070); in set_mode_dacl()
768 pace->sid.sub_auth[pace->sid.num_subauth++] = in set_mode_dacl()
769 cpu_to_le32(from_kgid(&init_user_ns, fattr->cf_gid)); in set_mode_dacl()
770 pace->size = cpu_to_le16(ace_size + 4); in set_mode_dacl()
771 size += le16_to_cpu(pace->size); in set_mode_dacl()
775 if (S_ISDIR(fattr->cf_mode)) { in set_mode_dacl()
780 0x0b, fattr->cf_mode, 0700); in set_mode_dacl()
785 0x0b, fattr->cf_mode, 0070); in set_mode_dacl()
792 fattr->cf_mode, 0007); in set_mode_dacl()
795 pndacl->num_aces = cpu_to_le32(num_aces); in set_mode_dacl()
796 pndacl->size = cpu_to_le16(le16_to_cpu(pndacl->size) + size); in set_mode_dacl()
802 * validate that we do not go past end of ACL - sid must be at least 8 in parse_sid()
803 * bytes long (assuming no sub-auths - e.g. the null SID in parse_sid()
807 return -EINVAL; in parse_sid()
825 return -EIO; in parse_sec_desc()
828 return -EINVAL; in parse_sec_desc()
831 le32_to_cpu(pntsd->osidoffset)); in parse_sec_desc()
833 le32_to_cpu(pntsd->gsidoffset)); in parse_sec_desc()
834 dacloffset = le32_to_cpu(pntsd->dacloffset); in parse_sec_desc()
838 pntsd->revision, pntsd->type, le32_to_cpu(pntsd->osidoffset), in parse_sec_desc()
839 le32_to_cpu(pntsd->gsidoffset), in parse_sec_desc()
840 le32_to_cpu(pntsd->sacloffset), dacloffset); in parse_sec_desc()
842 pntsd_type = le16_to_cpu(pntsd->type); in parse_sec_desc()
844 ksmbd_debug(SMB, "DACL_PRESENT in DACL type is not set\n"); in parse_sec_desc()
848 pntsd->type = cpu_to_le16(DACL_PRESENT); in parse_sec_desc()
850 if (pntsd->osidoffset) { in parse_sec_desc()
865 if (pntsd->gsidoffset) { in parse_sec_desc()
882 pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); in parse_sec_desc()
884 pntsd->type |= cpu_to_le16(DACL_PROTECTED); in parse_sec_desc()
911 return -ENOMEM; in build_sec_desc()
913 uid = from_kuid(&init_user_ns, fattr->cf_uid); in build_sec_desc()
921 return -ENOMEM; in build_sec_desc()
924 gid = from_kgid(&init_user_ns, fattr->cf_gid); in build_sec_desc()
928 pntsd->sacloffset = 0; in build_sec_desc()
929 pntsd->revision = cpu_to_le16(1); in build_sec_desc()
930 pntsd->type = cpu_to_le16(SELF_RELATIVE); in build_sec_desc()
932 pntsd->type |= ppntsd->type; in build_sec_desc()
935 pntsd->osidoffset = cpu_to_le32(offset); in build_sec_desc()
938 offset += 1 + 1 + 6 + (nowner_sid_ptr->num_subauth * 4); in build_sec_desc()
942 pntsd->gsidoffset = cpu_to_le32(offset); in build_sec_desc()
945 offset += 1 + 1 + 6 + (ngroup_sid_ptr->num_subauth * 4); in build_sec_desc()
949 pntsd->type |= cpu_to_le16(DACL_PRESENT); in build_sec_desc()
951 dacl_ptr->revision = cpu_to_le16(2); in build_sec_desc()
952 dacl_ptr->size = cpu_to_le16(sizeof(struct smb_acl)); in build_sec_desc()
953 dacl_ptr->num_aces = 0; in build_sec_desc()
959 unsigned int dacl_offset = le32_to_cpu(ppntsd->dacloffset); in build_sec_desc()
960 int ppdacl_size, ntacl_size = ppntsd_size - dacl_offset; in build_sec_desc()
967 ppdacl_size = le16_to_cpu(ppdacl_ptr->size); in build_sec_desc()
973 ntacl_size - sizeof(struct smb_acl), in build_sec_desc()
977 pntsd->dacloffset = cpu_to_le32(offset); in build_sec_desc()
978 offset += le16_to_cpu(dacl_ptr->size); in build_sec_desc()
991 ace->type = type; in smb_set_ace()
992 ace->flags = flags; in smb_set_ace()
993 ace->access_req = access_req; in smb_set_ace()
994 smb_copy_sid(&ace->sid, sid); in smb_set_ace()
995 ace->size = cpu_to_le16(1 + 1 + 2 + 4 + 1 + 1 + 6 + (sid->num_subauth * 4)); in smb_set_ace()
1003 struct smb_ace *parent_aces, *aces; in smb_inherit_dacl() local
1007 struct dentry *parent = path->dentry->d_parent; in smb_inherit_dacl()
1008 struct mnt_idmap *idmap = mnt_idmap(path->mnt); in smb_inherit_dacl()
1012 bool is_dir = S_ISDIR(d_inode(path->dentry)->i_mode); in smb_inherit_dacl()
1017 return -ENOENT; in smb_inherit_dacl()
1018 dacloffset = le32_to_cpu(parent_pntsd->dacloffset); in smb_inherit_dacl()
1020 rc = -EINVAL; in smb_inherit_dacl()
1025 acl_len = pntsd_size - dacloffset; in smb_inherit_dacl()
1026 num_aces = le32_to_cpu(parent_pdacl->num_aces); in smb_inherit_dacl()
1027 pntsd_type = le16_to_cpu(parent_pntsd->type); in smb_inherit_dacl()
1028 pdacl_size = le16_to_cpu(parent_pdacl->size); in smb_inherit_dacl()
1031 rc = -EINVAL; in smb_inherit_dacl()
1037 rc = -ENOMEM; in smb_inherit_dacl()
1041 aces = (struct smb_ace *)aces_base; in smb_inherit_dacl()
1044 aces_size = acl_len - sizeof(struct smb_acl); in smb_inherit_dacl()
1055 pace_size = le16_to_cpu(parent_aces->size); in smb_inherit_dacl()
1059 aces_size -= pace_size; in smb_inherit_dacl()
1061 flags = parent_aces->flags; in smb_inherit_dacl()
1074 if (!compare_sids(&creator_owner, &parent_aces->sid)) { in smb_inherit_dacl()
1078 } else if (!compare_sids(&creator_group, &parent_aces->sid)) { in smb_inherit_dacl()
1084 psid = &parent_aces->sid; in smb_inherit_dacl()
1088 smb_set_ace(aces, psid, parent_aces->type, inherited_flags, in smb_inherit_dacl()
1089 parent_aces->access_req); in smb_inherit_dacl()
1090 nt_size += le16_to_cpu(aces->size); in smb_inherit_dacl()
1092 aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); in smb_inherit_dacl()
1095 } else if (is_dir && !(parent_aces->flags & NO_PROPAGATE_INHERIT_ACE)) { in smb_inherit_dacl()
1096 psid = &parent_aces->sid; in smb_inherit_dacl()
1099 smb_set_ace(aces, psid, parent_aces->type, flags | inherited_flags, in smb_inherit_dacl()
1100 parent_aces->access_req); in smb_inherit_dacl()
1101 nt_size += le16_to_cpu(aces->size); in smb_inherit_dacl()
1102 aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); in smb_inherit_dacl()
1115 if (parent_pntsd->osidoffset) { in smb_inherit_dacl()
1117 le32_to_cpu(parent_pntsd->osidoffset)); in smb_inherit_dacl()
1118 powner_sid_size = 1 + 1 + 6 + (powner_sid->num_subauth * 4); in smb_inherit_dacl()
1120 if (parent_pntsd->gsidoffset) { in smb_inherit_dacl()
1122 le32_to_cpu(parent_pntsd->gsidoffset)); in smb_inherit_dacl()
1123 pgroup_sid_size = 1 + 1 + 6 + (pgroup_sid->num_subauth * 4); in smb_inherit_dacl()
1131 rc = -ENOMEM; in smb_inherit_dacl()
1135 pntsd->revision = cpu_to_le16(1); in smb_inherit_dacl()
1136 pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PRESENT); in smb_inherit_dacl()
1137 if (le16_to_cpu(parent_pntsd->type) & DACL_AUTO_INHERITED) in smb_inherit_dacl()
1138 pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); in smb_inherit_dacl()
1140 pntsd->osidoffset = parent_pntsd->osidoffset; in smb_inherit_dacl()
1141 pntsd->gsidoffset = parent_pntsd->gsidoffset; in smb_inherit_dacl()
1142 pntsd->dacloffset = parent_pntsd->dacloffset; in smb_inherit_dacl()
1144 if ((u64)le32_to_cpu(pntsd->osidoffset) + powner_sid_size > in smb_inherit_dacl()
1146 rc = -EINVAL; in smb_inherit_dacl()
1151 if ((u64)le32_to_cpu(pntsd->gsidoffset) + pgroup_sid_size > in smb_inherit_dacl()
1153 rc = -EINVAL; in smb_inherit_dacl()
1158 if ((u64)le32_to_cpu(pntsd->dacloffset) + sizeof(struct smb_acl) + nt_size > in smb_inherit_dacl()
1160 rc = -EINVAL; in smb_inherit_dacl()
1165 if (pntsd->osidoffset) { in smb_inherit_dacl()
1167 le32_to_cpu(pntsd->osidoffset)); in smb_inherit_dacl()
1172 if (pntsd->gsidoffset) { in smb_inherit_dacl()
1174 le32_to_cpu(pntsd->gsidoffset)); in smb_inherit_dacl()
1179 if (pntsd->dacloffset) { in smb_inherit_dacl()
1182 pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); in smb_inherit_dacl()
1183 pdacl->revision = cpu_to_le16(2); in smb_inherit_dacl()
1184 pdacl->size = cpu_to_le16(sizeof(struct smb_acl) + nt_size); in smb_inherit_dacl()
1185 pdacl->num_aces = cpu_to_le32(ace_cnt); in smb_inherit_dacl()
1218 struct mnt_idmap *idmap = mnt_idmap(path->mnt); in smb_check_perm_dacl()
1235 path->dentry, &pntsd); in smb_check_perm_dacl()
1239 dacl_offset = le32_to_cpu(pntsd->dacloffset); in smb_check_perm_dacl()
1244 pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); in smb_check_perm_dacl()
1245 acl_size = pntsd_size - dacl_offset; in smb_check_perm_dacl()
1246 pdacl_size = le16_to_cpu(pdacl->size); in smb_check_perm_dacl()
1251 if (!pdacl->num_aces) { in smb_check_perm_dacl()
1252 if (!(pdacl_size - sizeof(struct smb_acl)) && in smb_check_perm_dacl()
1254 rc = -EACCES; in smb_check_perm_dacl()
1265 aces_size = acl_size - sizeof(struct smb_acl); in smb_check_perm_dacl()
1266 for (i = 0; i < le32_to_cpu(pdacl->num_aces); i++) { in smb_check_perm_dacl()
1269 ace_size = le16_to_cpu(ace->size); in smb_check_perm_dacl()
1272 aces_size -= ace_size; in smb_check_perm_dacl()
1273 granted |= le32_to_cpu(ace->access_req); in smb_check_perm_dacl()
1274 ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size)); in smb_check_perm_dacl()
1277 if (!pdacl->num_aces) in smb_check_perm_dacl()
1286 aces_size = acl_size - sizeof(struct smb_acl); in smb_check_perm_dacl()
1287 for (i = 0; i < le32_to_cpu(pdacl->num_aces); i++) { in smb_check_perm_dacl()
1290 ace_size = le16_to_cpu(ace->size); in smb_check_perm_dacl()
1293 aces_size -= ace_size; in smb_check_perm_dacl()
1295 if (!compare_sids(&sid, &ace->sid) || in smb_check_perm_dacl()
1296 !compare_sids(&sid_unix_NFS_mode, &ace->sid)) { in smb_check_perm_dacl()
1300 if (!compare_sids(&sid_everyone, &ace->sid)) in smb_check_perm_dacl()
1303 ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size)); in smb_check_perm_dacl()
1310 granted |= le32_to_cpu(ace->access_req); in smb_check_perm_dacl()
1312 if (!pdacl->num_aces) in smb_check_perm_dacl()
1317 posix_acls = get_inode_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); in smb_check_perm_dacl()
1319 unsigned int id = -1; in smb_check_perm_dacl()
1321 pa_entry = posix_acls->a_entries; in smb_check_perm_dacl()
1322 for (i = 0; i < posix_acls->a_count; i++, pa_entry++) { in smb_check_perm_dacl()
1323 if (pa_entry->e_tag == ACL_USER) in smb_check_perm_dacl()
1325 else if (pa_entry->e_tag == ACL_GROUP) in smb_check_perm_dacl()
1331 mode_to_access_flags(pa_entry->e_perm, in smb_check_perm_dacl()
1351 rc = -EACCES; in smb_check_perm_dacl()
1356 switch (ace->type) { in smb_check_perm_dacl()
1358 access_bits = le32_to_cpu(ace->access_req); in smb_check_perm_dacl()
1362 access_bits = le32_to_cpu(~ace->access_req); in smb_check_perm_dacl()
1370 granted, le32_to_cpu(ace->access_req)); in smb_check_perm_dacl()
1371 rc = -EACCES; in smb_check_perm_dacl()
1387 struct inode *inode = d_inode(path->dentry); in set_info_sec()
1388 struct mnt_idmap *idmap = mnt_idmap(path->mnt); in set_info_sec()
1393 fattr.cf_mode = inode->i_mode; in set_info_sec()
1409 newattrs.ia_mode = (inode->i_mode & ~0777) | (fattr.cf_mode & 0777); in set_info_sec()
1414 rc = set_posix_acl(idmap, path->dentry, in set_info_sec()
1418 "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n", in set_info_sec()
1420 if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) { in set_info_sec()
1421 rc = set_posix_acl(idmap, path->dentry, in set_info_sec()
1425 "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n", in set_info_sec()
1431 rc = notify_change(idmap, path->dentry, &newattrs, NULL); in set_info_sec()
1437 if (type_check && !(le16_to_cpu(pntsd->type) & DACL_PRESENT)) in set_info_sec()
1440 if (test_share_config_flag(tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) { in set_info_sec()