1 /* SPDX-License-Identifier: LGPL-2.1+ */ 2 /* 3 * Copyright (c) International Business Machines Corp., 2007 4 * Author(s): Steve French (sfrench@us.ibm.com) 5 * Modified by Namjae Jeon (linkinjeon@kernel.org) 6 */ 7 8 #ifndef _SMBACL_H 9 #define _SMBACL_H 10 11 #include "../common/smbacl.h" 12 #include <linux/fs.h> 13 #include <linux/namei.h> 14 #include <linux/posix_acl.h> 15 #include <linux/mnt_idmapping.h> 16 17 #include "mgmt/tree_connect.h" 18 19 /* Revision for ACLs */ 20 #define SD_REVISION 1 21 22 /* Control flags for Security Descriptor */ 23 #define OWNER_DEFAULTED 0x0001 24 #define GROUP_DEFAULTED 0x0002 25 #define DACL_PRESENT 0x0004 26 #define DACL_DEFAULTED 0x0008 27 #define SACL_PRESENT 0x0010 28 #define SACL_DEFAULTED 0x0020 29 #define DACL_TRUSTED 0x0040 30 #define SERVER_SECURITY 0x0080 31 #define DACL_AUTO_INHERIT_REQ 0x0100 32 #define SACL_AUTO_INHERIT_REQ 0x0200 33 #define DACL_AUTO_INHERITED 0x0400 34 #define SACL_AUTO_INHERITED 0x0800 35 #define DACL_PROTECTED 0x1000 36 #define SACL_PROTECTED 0x2000 37 #define RM_CONTROL_VALID 0x4000 38 #define SELF_RELATIVE 0x8000 39 40 struct ksmbd_conn; 41 42 struct smb_fattr { 43 kuid_t cf_uid; 44 kgid_t cf_gid; 45 umode_t cf_mode; 46 __le32 daccess; 47 struct posix_acl *cf_acls; 48 struct posix_acl *cf_dacls; 49 }; 50 51 struct posix_ace_state { 52 u32 allow; 53 u32 deny; 54 }; 55 56 struct posix_user_ace_state { 57 union { 58 kuid_t uid; 59 kgid_t gid; 60 }; 61 struct posix_ace_state perms; 62 }; 63 64 struct posix_ace_state_array { 65 int n; 66 struct posix_user_ace_state aces[]; 67 }; 68 69 /* 70 * while processing the nfsv4 ace, this maintains the partial permissions 71 * calculated so far: 72 */ 73 74 struct posix_acl_state { 75 struct posix_ace_state owner; 76 struct posix_ace_state group; 77 struct posix_ace_state other; 78 struct posix_ace_state everyone; 79 struct posix_ace_state mask; /* deny unused in this case */ 80 struct posix_ace_state_array *users; 81 struct posix_ace_state_array *groups; 82 }; 83 84 int parse_sec_desc(struct mnt_idmap *idmap, struct smb_ntsd *pntsd, 85 int acl_len, struct smb_fattr *fattr); 86 int build_sec_desc(struct mnt_idmap *idmap, struct smb_ntsd *pntsd, 87 struct smb_ntsd *ppntsd, int ppntsd_size, int addition_info, 88 __u32 *secdesclen, struct smb_fattr *fattr); 89 int init_acl_state(struct posix_acl_state *state, int cnt); 90 void free_acl_state(struct posix_acl_state *state); 91 void posix_state_to_acl(struct posix_acl_state *state, 92 struct posix_acl_entry *pace); 93 int compare_sids(const struct smb_sid *ctsid, const struct smb_sid *cwsid); 94 bool smb_inherit_flags(int flags, bool is_dir); 95 int smb_inherit_dacl(struct ksmbd_conn *conn, const struct path *path, 96 unsigned int uid, unsigned int gid); 97 int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path, 98 __le32 *pdaccess, int uid); 99 int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon, 100 const struct path *path, struct smb_ntsd *pntsd, int ntsd_len, 101 bool type_check, bool get_write); 102 void id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid); 103 void ksmbd_init_domain(u32 *sub_auth); 104 105 static inline uid_t posix_acl_uid_translate(struct mnt_idmap *idmap, 106 struct posix_acl_entry *pace) 107 { 108 vfsuid_t vfsuid; 109 110 /* If this is an idmapped mount, apply the idmapping. */ 111 vfsuid = make_vfsuid(idmap, &init_user_ns, pace->e_uid); 112 113 /* Translate the kuid into a userspace id ksmbd would see. */ 114 return from_kuid(&init_user_ns, vfsuid_into_kuid(vfsuid)); 115 } 116 117 static inline gid_t posix_acl_gid_translate(struct mnt_idmap *idmap, 118 struct posix_acl_entry *pace) 119 { 120 vfsgid_t vfsgid; 121 122 /* If this is an idmapped mount, apply the idmapping. */ 123 vfsgid = make_vfsgid(idmap, &init_user_ns, pace->e_gid); 124 125 /* Translate the kgid into a userspace id ksmbd would see. */ 126 return from_kgid(&init_user_ns, vfsgid_into_kgid(vfsgid)); 127 } 128 129 #endif /* _SMBACL_H */ 130