From patchwork Sat Mar  2 05:13:58 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve French <smfrench@gmail.com>
X-Patchwork-Id: 1050557
Return-Path: <linux-cifs-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=linux-cifs-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="cHwL66Pn"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44BDwh7151z9s4V
	for <incoming@patchwork.ozlabs.org>;
	Sat,  2 Mar 2019 16:14:12 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726693AbfCBFOL (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Sat, 2 Mar 2019 00:14:11 -0500
Received: from mail-pg1-f175.google.com ([209.85.215.175]:39768 "EHLO
	mail-pg1-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726049AbfCBFOL (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Sat, 2 Mar 2019 00:14:11 -0500
Received: by mail-pg1-f175.google.com with SMTP id h8so11923624pgp.6
	for <linux-cifs@vger.kernel.org>;
	Fri, 01 Mar 2019 21:14:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=mime-version:from:date:message-id:subject:to:cc;
	bh=qa54KcSsYBslxmLtXIrqLjK4P8u092HBPtzK+Cv0jK8=;
	b=cHwL66PnIpoQmmDPAtaDQAYXq/3aQBrhtBi7PE9OGanpoDOeqaCvppmOji5sTtRbFq
	vkkyMfaKQllKZTfnTx4eH/iYXuUNUGVRf+PCknWCab/5+xqA8caP/SVC/hoL+XDK5rGf
	LZP6xqY+XOkGuj47ZkLLjoh7sjd3OVVNIxS6hMm6nMl2nvZrJnadNwyHB6++B8EI20cq
	lxuYorsYm/s6GoiMsSQlFuMG0jELLce6cp6zF0JTXKfrvBk95lUgv3hivqtkFP6KVacu
	U0sTgZ4K9HbNCm6afMfASC6pJMSkVjocy5VTyjTBBTKeoxBeFStWoyJagS8nTJOg7kcl
	Ut4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc;
	bh=qa54KcSsYBslxmLtXIrqLjK4P8u092HBPtzK+Cv0jK8=;
	b=m3/EF13Ok02/rXbLh+KgzklT4tWt7LyjnRK65CsBZNiQ1Ezdg9WtYww9xsTrVH6SWY
	GGMz1WxODal4rRS7KMOiTVBu2yvYhr0KX+oecINi+/dJTQJWTj8JwV5Gz+JKLf3W9kof
	A2WpE9lyR6zVmmdpp8aUpvy1Df4FW+UxLWt52F4mb7HgLmgrL3eIzsBv9K1IkAjg8G74
	PY94TOWsJafEg0qc0kEfE9C9HG7t+5u3rVnp6qyyNE60HFP6IjAX2eDJIEhbqnA+rvXU
	FoVtEmxhk/R73FI2EhuIBa5KRo133xEZt5pczZ0/Ua6dE/GQqzeKxeOVvb/gjNnjDmbM
	kjdA==
X-Gm-Message-State: APjAAAUnH9BTnSOQIhMfTJH3Ue1KEpeVvVvqv+5xmkM7BD7xlP/KT+nU
	mK3aB1eVVMmB6MiApOion01dvBEOg/GnjaK31v3v+BJd
X-Google-Smtp-Source: 
 APXvYqxzk/0K/JD8QlS+J5Bi4eF6hjmITdvIzfrrNuXDyk2i6jK7DNkMDpz/M0ML+VknG7z63tn8p1POAdA1rQKyAo0=
X-Received: by 2002:a65:42c6:: with SMTP id l6mr8485903pgp.344.1551503649848;
	Fri, 01 Mar 2019 21:14:09 -0800 (PST)
MIME-Version: 1.0
From: Steve French <smfrench@gmail.com>
Date: Fri, 1 Mar 2019 23:13:58 -0600
Message-ID: 
 <CAH2r5mufwdyGa0vs2=7cNDLbUXz3nVNvnQfcUOTbm7+6GPnNmQ@mail.gmail.com>
Subject: [PATCH] setcifsacl - fix adding ACE when owner sid in unexpected
	location
To: CIFS <linux-cifs@vger.kernel.org>
Cc: Pavel Shilovsky <piastryyy@gmail.com>,
	Shirish Pargaonkar <shirishpargaonkar@gmail.com>,
	ronnie sahlberg <ronniesahlberg@gmail.com>
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org

Patch to fix setcifsacl when owner/group owner are at end instead of
beginning. Seems to work (see below).

$ setcifsacl -a "ACL:Administrator:ALLOWED/0x0/FULL" /mnt/file1
main: setxattr error: Invalid argument
$ getcifsacl /mnt/file1
REVISION:0x1
CONTROL:0x8404
OWNER:NT Authority\SYSTEM
GROUP:NT Authority\SYSTEM
ACL:NT Authority\SYSTEM:ALLOWED/I/FULL
ACL:BUILTIN\Administrators:ALLOWED/I/FULL
ACL:S-1-5-21-859164523-2028333235-149708467-500:ALLOWED/I/FULL
$ ./setcifsacl -a "ACL:Administrator:ALLOWED/0x0/FULL" /mnt/file1
$ getcifsacl /mnt/file1
REVISION:0x1
CONTROL:0x8004
OWNER:NT Authority\SYSTEM
GROUP:NT Authority\SYSTEM
ACL:NT Authority\SYSTEM:ALLOWED/I/FULL
ACL:BUILTIN\Administrators:ALLOWED/I/FULL
ACL:S-1-5-21-859164523-2028333235-149708467-500:ALLOWED/I/FULL
ACL:\administrator:ALLOWED/0x0/FULL

From 74314f24af13d708f39d68ca0a800301ce33d17a Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Fri, 1 Mar 2019 23:11:25 -0600
Subject: [PATCH] setcifsacl: fix problem in setting ACL when server returns
 owner information at end instead of beginning

If owner information is after the ACEs instead of before (e.g. Azure servers) in the ACL query
then we would get "invalid argument" returned on setcifsacl -a (adding an ACE).

This fixes that.

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 setcifsacl.c | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/setcifsacl.c b/setcifsacl.c
index ba34403..1b98c37 100644
--- a/setcifsacl.c
+++ b/setcifsacl.c
@@ -106,13 +106,32 @@ copy_sec_desc(const struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
 
 	/* copy owner sid */
 	owner_sid_ptr = (struct cifs_sid *)((char *)pntsd + osidsoffset);
-	nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + osidsoffset);
-	size = copy_cifs_sid(nowner_sid_ptr, owner_sid_ptr);
-	bufsize += size;
+	group_sid_ptr = (struct cifs_sid *)((char *)pntsd + gsidsoffset);
+	/*
+	 * some servers like Azure return the owner and group SIDs at end rather
+	 * than at the beginning of the ACL so don't want to overwrite the last ACEs
+         */
+	if (dacloffset <= osidsoffset) {
+		/* owners placed at end of ACL */
+		nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + dacloffset + size);
+		pnntsd->osidoffset = dacloffset + size;
+		size = copy_cifs_sid(nowner_sid_ptr, owner_sid_ptr);
+		bufsize += size;
+		/* put group SID after owner SID */
+		ngroup_sid_ptr = (struct cifs_sid *)((char *)nowner_sid_ptr + size);
+		pnntsd->gsidoffset = pnntsd->osidoffset + size;
+	} else {
+		/*
+		 * Most servers put the owner information at the beginning,
+		 * before the ACL
+		 */
+		nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + osidsoffset);
+		size = copy_cifs_sid(nowner_sid_ptr, owner_sid_ptr);
+		bufsize += size;
+		ngroup_sid_ptr = (struct cifs_sid *)((char *)pnntsd + gsidsoffset);
+	}
 
 	/* copy group sid */
-	group_sid_ptr = (struct cifs_sid *)((char *)pntsd + gsidsoffset);
-	ngroup_sid_ptr = (struct cifs_sid *)((char *)pnntsd + gsidsoffset);
 	size = copy_cifs_sid(ngroup_sid_ptr, group_sid_ptr);
 	bufsize += size;
 
-- 
2.17.1