Lines Matching refs:scx
1134 static BOOL staticgroupmember(struct SECURITY_CONTEXT *scx, uid_t uid, gid_t gid)
1143 user = scx->mapping[MAPUSERS];
1167 static BOOL groupmember(struct SECURITY_CONTEXT *scx, uid_t uid, gid_t gid)
1192 if (scx->vol->secure_flags & (1 << SECURITY_STATICGRPS))
1193 ismember = staticgroupmember(scx, uid, gid);
1196 tid = scx->tid;
1254 static BOOL groupmember(struct SECURITY_CONTEXT *scx, uid_t uid, gid_t gid)
1269 if (scx->vol->secure_flags & (1 << SECURITY_STATICGRPS))
1270 ismember = staticgroupmember(scx, uid, gid);
1273 tid = scx->tid;
1352 static int ntfs_basic_perms(const struct SECURITY_CONTEXT *scx,
1369 group = scx->mapping[MAPGROUPS];
1419 static struct PERMISSIONS_CACHE *create_caches(struct SECURITY_CONTEXT *scx,
1437 *scx->pseccache = cache;
1450 static void free_caches(struct SECURITY_CONTEXT *scx)
1455 pseccache = *scx->pseccache;
1526 static void resize_cache(struct SECURITY_CONTEXT *scx,
1536 oldcache = *scx->pseccache;
1559 *scx->pseccache = newcache;
1573 static struct CACHED_PERMISSIONS *enter_cache(struct SECURITY_CONTEXT *scx,
1577 static struct CACHED_PERMISSIONS *enter_cache(struct SECURITY_CONTEXT *scx,
1603 pcache = *scx->pseccache;
1637 pcache = create_caches(scx, securindex);
1640 resize_cache(scx, securindex);
1641 pcache = *scx->pseccache;
1708 scx->vol->legacy_cache, GENERIC(&wanted),
1735 static struct CACHED_PERMISSIONS *fetch_cache(struct SECURITY_CONTEXT *scx,
1751 pcache = *scx->pseccache;
1776 scx->vol->legacy_cache, GENERIC(&wanted),
1928 static int access_check_posix(struct SECURITY_CONTEXT *scx,
1942 noacl = !(scx->vol->secure_flags & (1 << SECURITY_ACL));
1944 perms = ntfs_basic_perms(scx, pxdesc);
1948 if (!scx->uid || (uid == scx->uid)) {
1949 if (!scx->uid) {
1999 && ((uid_t)pxace->id == scx->uid))
2029 && ((gid == scx->gid)
2030 || groupmember(scx, scx->uid, gid)))
2039 && groupmember(scx, scx->uid, pxace->id)) {
2068 static int ntfs_get_perm(struct SECURITY_CONTEXT *scx,
2082 if (!scx->mapping[MAPUSERS])
2086 cached = fetch_cache(scx,ni);
2090 perm = access_check_posix(scx,cached->pxdesc,request,uid,gid);
2095 securattr = getsecurityattr(scx->vol, ni);
2101 gid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
2104 pxdesc = ntfs_build_permissions_posix(scx->mapping,securattr,
2110 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2114 pxdesc = ntfs_build_permissions_posix(scx,securattr,
2121 uid = find_tenant(scx, securattr);
2125 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2133 && (scx->vol->secure_flags
2135 upgrade_secur_desc(scx->vol,
2144 enter_cache(scx, ni, uid,
2148 perm = access_check_posix(scx,pxdesc,request,uid,gid);
2169 int ntfs_get_posix_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
2184 if (!scx->mapping[MAPUSERS])
2188 cached = fetch_cache(scx,ni);
2192 securattr = getsecurityattr(scx->vol, ni);
2207 pxdesc = ntfs_build_permissions_posix(scx->mapping,securattr,
2219 && (scx->vol->secure_flags
2221 upgrade_secur_desc(scx->vol,
2225 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2229 uid = find_tenant(scx,
2232 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2234 gid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
2236 enter_cache(scx, ni, uid,
2301 static int ntfs_get_perm(struct SECURITY_CONTEXT *scx,
2314 if (!scx->mapping[MAPUSERS] || (!scx->uid && !(request & S_IEXEC)))
2318 cached = fetch_cache(scx,ni);
2327 securattr = getsecurityattr(scx->vol, ni);
2333 gid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
2338 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2345 uid = find_tenant(scx, securattr);
2349 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2357 && (scx->vol->secure_flags
2359 upgrade_secur_desc(scx->vol,
2368 enter_cache(scx, ni, uid,
2378 if (!scx->uid) {
2385 if (uid == scx->uid)
2393 if ((gid == scx->gid)
2396 && groupmember(scx, scx->uid, gid)))
2415 int ntfs_get_ntfs_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
2422 securattr = getsecurityattr(scx->vol, ni);
2438 int ntfs_get_owner_mode(struct SECURITY_CONTEXT *scx,
2452 if (!scx->mapping[MAPUSERS])
2456 cached = fetch_cache(scx,ni);
2459 if (!(scx->vol->secure_flags & (1 << SECURITY_ACL))
2461 perm = ntfs_basic_perms(scx,cached->pxdesc);
2472 securattr = getsecurityattr(scx->vol, ni);
2487 scx->mapping, securattr,
2490 if (!(scx->vol->secure_flags
2492 perm = ntfs_basic_perms(scx,
2511 && (scx->vol->secure_flags
2513 upgrade_secur_desc(scx->vol,
2517 stbuf->st_uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2521 find_tenant(scx,
2526 stbuf->st_uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2528 stbuf->st_gid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
2532 enter_cache(scx, ni, stbuf->st_uid,
2536 enter_cache(scx, ni, stbuf->st_uid,
2554 static struct POSIX_SECURITY *inherit_posix(struct SECURITY_CONTEXT *scx,
2569 cached = fetch_cache(scx,dir_ni);
2575 if (scx->vol->secure_flags & (1 << SECURITY_ACL))
2577 mode, scx->umask, isdir);
2580 mode, scx->umask, isdir);
2583 securattr = getsecurityattr(scx->vol, dir_ni);
2589 gid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
2592 pxdesc = ntfs_build_permissions_posix(scx->mapping,securattr,
2594 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2598 pxdesc = ntfs_build_permissions_posix(scx->mapping,securattr,
2601 uid = find_tenant(scx, securattr);
2603 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
2611 && (scx->vol->secure_flags
2613 upgrade_secur_desc(scx->vol,
2621 enter_cache(scx, dir_ni, uid,
2624 if (scx->vol->secure_flags
2628 scx->umask, isdir);
2632 scx->umask, isdir);
2647 le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
2668 pxdesc = inherit_posix(scx, dir_ni, mode, isdir);
2680 scx->vol->securid_cache, GENERIC(&wanted),
2688 if (!cached && (scx->vol->major_ver >= 3)) {
2689 usid = ntfs_find_usid(scx->mapping[MAPUSERS],uid,(SID*)&defusid);
2690 gsid = ntfs_find_gsid(scx->mapping[MAPGROUPS],gid,(SID*)&defgsid);
2696 newattr = ntfs_build_descr_posix(scx->mapping, pxdesc,
2700 securid = setsecurityattr(scx->vol,
2706 ntfs_enter_cache(scx->vol->securid_cache,
2729 int ntfs_set_inherited_posix(struct SECURITY_CONTEXT *scx,
2744 pxdesc = inherit_posix(scx, dir_ni, mode, isdir);
2746 usid = ntfs_find_usid(scx->mapping[MAPUSERS],uid,(SID*)&defusid);
2747 gsid = ntfs_find_gsid(scx->mapping[MAPGROUPS],gid,(SID*)&defgsid);
2753 newattr = ntfs_build_descr_posix(scx->mapping, pxdesc,
2757 res = update_secur_descr(scx->vol, newattr, ni);
2773 ntfs_invalidate_cache(scx->vol->legacy_cache,
2792 le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
2819 scx->vol->securid_cache, GENERIC(&wanted),
2827 if (!cached && (scx->vol->major_ver >= 3)) {
2828 usid = ntfs_find_usid(scx->mapping[MAPUSERS],uid,(SID*)&defusid);
2829 gsid = ntfs_find_gsid(scx->mapping[MAPGROUPS],gid,(SID*)&defgsid);
2838 securid = setsecurityattr(scx->vol,
2844 ntfs_enter_cache(scx->vol->securid_cache,
2870 int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
2874 int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
2910 scx->vol->securid_cache, GENERIC(&wanted),
2933 usid = ntfs_find_usid(scx->mapping[MAPUSERS],uid,(SID*)&defusid);
2934 gsid = ntfs_find_gsid(scx->mapping[MAPGROUPS],gid,(SID*)&defgsid);
2942 newattr = ntfs_build_descr_posix(scx->mapping, pxdesc,
2952 res = update_secur_descr(scx->vol, newattr, ni);
2965 ntfs_enter_cache(scx->vol->securid_cache,
2982 ntfs_invalidate_cache(scx->vol->legacy_cache,
3007 BOOL ntfs_allowed_as_owner(struct SECURITY_CONTEXT *scx, ntfs_inode *ni)
3017 processuid = scx->uid;
3023 if (!scx->mapping[MAPUSERS] || !processuid)
3028 cached = fetch_cache(scx, ni);
3033 oldattr = getsecurityattr(scx->vol, ni);
3045 uid = ntfs_find_user(scx->mapping[MAPUSERS],
3074 int ntfs_set_posix_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
3106 cached = fetch_cache(scx, ni);
3116 oldattr = getsecurityattr(scx->vol, ni);
3125 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
3126 gid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
3127 oldpxdesc = ntfs_build_permissions_posix(scx->mapping,
3150 processuid = scx->uid;
3157 if (processuid && (gid != scx->gid)
3158 && !groupmember(scx, scx->uid, gid)) {
3161 res = ntfs_set_owner_mode(scx, ni, uid, gid,
3176 int ntfs_remove_posix_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
3179 return (ntfs_set_posix_acl(scx, ni, name,
3191 int ntfs_set_ntfs_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
3206 res = update_secur_descr(scx->vol, attr, ni);
3228 ntfs_invalidate_cache(scx->vol->legacy_cache,
3252 int ntfs_set_mode(struct SECURITY_CONTEXT *scx, ntfs_inode *ni, mode_t mode)
3272 cached = fetch_cache(scx, ni);
3293 oldattr = getsecurityattr(scx->vol, ni);
3302 uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
3303 gid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
3306 newpxdesc = ntfs_build_permissions_posix(scx->mapping,
3317 processuid = scx->uid;
3324 if (processuid && (gid != scx->gid)
3325 && !groupmember(scx, scx->uid, gid))
3330 res = ntfs_set_owner_mode(scx, ni, uid, gid,
3333 res = ntfs_set_owner_mode(scx, ni, uid, gid,
3336 res = ntfs_set_owner_mode(scx, ni, uid, gid, mode);
3439 int ntfs_allowed_access(struct SECURITY_CONTEXT *scx,
3453 if (!scx->mapping[MAPUSERS]
3454 || (!scx->uid
3459 perm = ntfs_get_perm(scx, ni, accesstype);
3486 if ((ntfs_get_owner_mode(scx,ni,&stbuf) >= 0)
3487 && (stbuf.st_uid == scx->uid))
3520 int ntfs_allowed_create(struct SECURITY_CONTEXT *scx,
3532 if (!scx->mapping[MAPUSERS])
3535 perm = ntfs_get_perm(scx, dir_ni, S_IWRITE + S_IEXEC);
3536 if (!scx->mapping[MAPUSERS]
3537 || !scx->uid) {
3540 perm = ntfs_get_perm(scx, dir_ni, S_IWRITE + S_IEXEC);
3550 *pgid = scx->gid;
3554 if (ntfs_get_owner_mode(scx, dir_ni, &stbuf) >= 0) {
3577 BOOL old_ntfs_allowed_dir_access(struct SECURITY_CONTEXT *scx,
3594 dir_ni = ntfs_pathname_to_inode(scx->vol, NULL, dirpath);
3596 allow = ntfs_allowed_access(scx,
3605 ni = ntfs_pathname_to_inode(scx->vol, NULL,
3609 allow = (ntfs_get_owner_mode(scx,ni,&stbuf) >= 0)
3610 && (stbuf.st_uid == scx->uid);
3628 int ntfs_set_owner(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
3650 cached = fetch_cache(scx,ni);
3664 oldattr = getsecurityattr(scx->vol, ni);
3679 pxdesc = ntfs_build_permissions_posix(scx->mapping, oldattr,
3683 fileuid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
3684 filegid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
3692 fileuid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
3693 filegid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
3704 if (!scx->uid
3706 && ((gid == scx->gid) || groupmember(scx, scx->uid, gid))
3707 && (fileuid == scx->uid))) {
3721 res = ntfs_set_owner_mode(scx, ni, uid, gid,
3724 res = ntfs_set_owner_mode(scx, ni, uid, gid, mode);
3752 int ntfs_set_ownmod(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
3773 cached = fetch_cache(scx,ni);
3795 oldattr = getsecurityattr(scx->vol, ni);
3810 newpxdesc = ntfs_build_permissions_posix(scx->mapping, oldattr,
3815 fileuid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
3816 filegid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
3826 if (!scx->uid
3828 && ((gid == scx->gid) || groupmember(scx, scx->uid, gid))
3829 && (fileuid == scx->uid))) {
3837 res = ntfs_set_owner_mode(scx, ni, uid, gid,
3840 res = ntfs_set_owner_mode(scx, ni, uid, gid, mode);
3866 static le32 build_inherited_id(struct SECURITY_CONTEXT *scx,
3890 if (scx->mapping[MAPUSERS]) {
3891 usid = ntfs_find_usid(scx->mapping[MAPUSERS], scx->uid, (SID*)&defusid);
3892 gsid = ntfs_find_gsid(scx->mapping[MAPGROUPS], scx->gid, (SID*)&defgsid);
3917 if (!scx->uid)
3929 if (!scx->gid)
4005 securid = setsecurityattr(scx->vol,
4029 le32 ntfs_inherited_id(struct SECURITY_CONTEXT *scx,
4044 cached = fetch_cache(scx, dir_ni);
4046 && (cached->uid == scx->uid) && (cached->gid == scx->gid))
4055 parentattr = getsecurityattr(scx->vol, dir_ni);
4057 securid = build_inherited_id(scx,
4065 cached = fetch_cache(scx, dir_ni);
4067 && (cached->uid == scx->uid)
4068 && (cached->gid == scx->gid)) {
4135 static int link_group_members(struct SECURITY_CONTEXT *scx)
4143 for (usermapping=scx->mapping[MAPUSERS]; usermapping && !res;
4149 for (groupmapping=scx->mapping[MAPGROUPS];
4169 static int ntfs_do_default_mapping(struct SECURITY_CONTEXT *scx,
4193 scx->mapping[MAPUSERS] = usermapping;
4194 scx->mapping[MAPGROUPS] = groupmapping;
4248 static int ntfs_default_mapping(struct SECURITY_CONTEXT *scx)
4257 ni = ntfs_pathname_to_inode(scx->vol, NULL, "/.");
4259 securattr = getsecurityattr(scx->vol, ni);
4264 res = ntfs_do_default_mapping(scx,
4265 scx->uid, scx->gid, usid);
4307 int ntfs_build_mapping(struct SECURITY_CONTEXT *scx, const char *usermap_path,
4334 scx->mapping[MAPUSERS] = (struct MAPPING*)NULL;
4335 scx->mapping[MAPGROUPS] = (struct MAPPING*)NULL;
4346 ni = ntfs_pathname_to_inode(scx->vol, NULL, usermap_path);
4359 scx->mapping[MAPUSERS] = usermapping;
4360 scx->mapping[MAPGROUPS] = groupmapping;
4373 if (!ntfs_do_default_mapping(scx,
4378 return (!scx->mapping[MAPUSERS] || link_group_members(scx));
4541 void ntfs_destroy_security_context(struct SECURITY_CONTEXT *scx)
4543 ntfs_free_mapping(scx->mapping);
4544 free_caches(scx);
5340 struct SECURITY_CONTEXT *scx;
5353 scx = &scapi->security;
5354 scx->vol = vol;
5355 scx->uid = getuid();
5356 scx->gid = getgid();
5357 scx->pseccache = &scapi->seccache;
5358 scx->vol->secure_flags = 0;
5360 ntfs_build_mapping(scx,(const char*)NULL,TRUE);