mirror of
https://github.com/wiidev/usbloadergx.git
synced 2024-11-18 09:19:17 +01:00
9e79c9d99b
* code cleanup
4695 lines
143 KiB
C
4695 lines
143 KiB
C
/**
|
|
* acls.c - General function to process NTFS ACLs
|
|
*
|
|
* This module is part of ntfs-3g library, but may also be
|
|
* integrated in tools running over Linux or Windows
|
|
*
|
|
* Copyright (c) 2007-2009 Jean-Pierre Andre
|
|
*
|
|
* This program/include file is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as published
|
|
* by the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program/include file is distributed in the hope that it will be
|
|
* useful, but WITHOUT ANY WARRANTY; without even the implied warranty
|
|
* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program (in the main directory of the NTFS-3G
|
|
* distribution in the file COPYING); if not, write to the Free Software
|
|
* Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
/*
|
|
* integration into ntfs-3g
|
|
*/
|
|
#include "config.h"
|
|
|
|
#ifdef HAVE_STDIO_H
|
|
#include <stdio.h>
|
|
#endif
|
|
#ifdef HAVE_STDLIB_H
|
|
#include <stdlib.h>
|
|
#endif
|
|
#ifdef HAVE_STRING_H
|
|
#include <string.h>
|
|
#endif
|
|
#ifdef HAVE_ERRNO_H
|
|
#include <errno.h>
|
|
#endif
|
|
#ifdef HAVE_SYS_STAT_H
|
|
#include <sys/stat.h>
|
|
#endif
|
|
#ifdef HAVE_FCNTL_H
|
|
#include <fcntl.h>
|
|
#endif
|
|
#ifdef HAVE_SYSLOG_H
|
|
#include <syslog.h>
|
|
#endif
|
|
#include <unistd.h>
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
|
|
#include "types.h"
|
|
#include "layout.h"
|
|
#include "security.h"
|
|
#include "acls.h"
|
|
#include "misc.h"
|
|
#else
|
|
|
|
/*
|
|
* integration into secaudit, check whether Win32,
|
|
* may have to be adapted to compiler or something else
|
|
*/
|
|
|
|
#ifndef WIN32
|
|
#if defined(__WIN32) | defined(__WIN32__) | defined(WNSC)
|
|
#define WIN32 1
|
|
#endif
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
#include <time.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <stdarg.h>
|
|
#include <sys/types.h>
|
|
#include <errno.h>
|
|
|
|
/*
|
|
* integration into secaudit/Win32
|
|
*/
|
|
#ifdef WIN32
|
|
#include <fcntl.h>
|
|
#include <windows.h>
|
|
#define __LITTLE_ENDIAN 1234
|
|
#define __BYTE_ORDER __LITTLE_ENDIAN
|
|
#else
|
|
/*
|
|
* integration into secaudit/STSC
|
|
*/
|
|
#ifdef STSC
|
|
#include <stat.h>
|
|
#undef __BYTE_ORDER
|
|
#define __BYTE_ORDER __BIG_ENDIAN
|
|
#else
|
|
/*
|
|
* integration into secaudit/Linux
|
|
*/
|
|
#include <sys/stat.h>
|
|
#include <endian.h>
|
|
#include <unistd.h>
|
|
#include <dlfcn.h>
|
|
#endif /* STSC */
|
|
#endif /* WIN32 */
|
|
#include "secaudit.h"
|
|
#endif /* HAVE_CONFIG_H */
|
|
|
|
/*
|
|
* A few useful constants
|
|
*/
|
|
|
|
/*
|
|
* null SID (S-1-0-0)
|
|
*/
|
|
|
|
static const char nullsidbytes[] =
|
|
{
|
|
1, /* revision */
|
|
1, /* auth count */
|
|
0, 0, 0, 0, 0, 0, /* base */
|
|
0, 0, 0, 0 /* 1st level */
|
|
};
|
|
|
|
static const SID *nullsid = ( const SID* )nullsidbytes;
|
|
|
|
/*
|
|
* SID for world (S-1-1-0)
|
|
*/
|
|
|
|
static const char worldsidbytes[] =
|
|
{
|
|
1, /* revision */
|
|
1, /* auth count */
|
|
0, 0, 0, 0, 0, 1, /* base */
|
|
0, 0, 0, 0 /* 1st level */
|
|
} ;
|
|
|
|
const SID *worldsid = ( const SID* )worldsidbytes;
|
|
|
|
/*
|
|
* SID for administrator
|
|
*/
|
|
|
|
static const char adminsidbytes[] =
|
|
{
|
|
1, /* revision */
|
|
2, /* auth count */
|
|
0, 0, 0, 0, 0, 5, /* base */
|
|
32, 0, 0, 0, /* 1st level */
|
|
32, 2, 0, 0 /* 2nd level */
|
|
};
|
|
|
|
const SID *adminsid = ( const SID* )adminsidbytes;
|
|
|
|
/*
|
|
* SID for system
|
|
*/
|
|
|
|
static const char systemsidbytes[] =
|
|
{
|
|
1, /* revision */
|
|
1, /* auth count */
|
|
0, 0, 0, 0, 0, 5, /* base */
|
|
18, 0, 0, 0 /* 1st level */
|
|
};
|
|
|
|
static const SID *systemsid = ( const SID* )systemsidbytes;
|
|
|
|
/*
|
|
* SID for generic creator-owner
|
|
* S-1-3-0
|
|
*/
|
|
|
|
static const char ownersidbytes[] =
|
|
{
|
|
1, /* revision */
|
|
1, /* auth count */
|
|
0, 0, 0, 0, 0, 3, /* base */
|
|
0, 0, 0, 0 /* 1st level */
|
|
} ;
|
|
|
|
static const SID *ownersid = ( const SID* )ownersidbytes;
|
|
|
|
/*
|
|
* SID for generic creator-group
|
|
* S-1-3-1
|
|
*/
|
|
|
|
static const char groupsidbytes[] =
|
|
{
|
|
1, /* revision */
|
|
1, /* auth count */
|
|
0, 0, 0, 0, 0, 3, /* base */
|
|
1, 0, 0, 0 /* 1st level */
|
|
} ;
|
|
|
|
static const SID *groupsid = ( const SID* )groupsidbytes;
|
|
|
|
/*
|
|
* Determine the size of a SID
|
|
*/
|
|
|
|
int ntfs_sid_size( const SID * sid )
|
|
{
|
|
return ( sid->sub_authority_count * 4 + 8 );
|
|
}
|
|
|
|
/*
|
|
* Test whether two SID are equal
|
|
*/
|
|
|
|
BOOL ntfs_same_sid( const SID *first, const SID *second )
|
|
{
|
|
int size;
|
|
|
|
size = ntfs_sid_size( first );
|
|
return ( ( ntfs_sid_size( second ) == size )
|
|
&& !memcmp( first, second, size ) );
|
|
}
|
|
|
|
/*
|
|
* Test whether a SID means "world user"
|
|
* Local users group also recognized as world
|
|
*/
|
|
|
|
static int is_world_sid( const SID * usid )
|
|
{
|
|
return (
|
|
/* check whether S-1-1-0 : world */
|
|
( ( usid->sub_authority_count == 1 )
|
|
&& ( usid->identifier_authority.high_part == const_cpu_to_be16( 0 ) )
|
|
&& ( usid->identifier_authority.low_part == const_cpu_to_be32( 1 ) )
|
|
&& ( usid->sub_authority[0] == const_cpu_to_le32( 0 ) ) )
|
|
|
|
/* check whether S-1-5-32-545 : local user */
|
|
|| ( ( usid->sub_authority_count == 2 )
|
|
&& ( usid->identifier_authority.high_part == const_cpu_to_be16( 0 ) )
|
|
&& ( usid->identifier_authority.low_part == const_cpu_to_be32( 5 ) )
|
|
&& ( usid->sub_authority[0] == const_cpu_to_le32( 32 ) )
|
|
&& ( usid->sub_authority[1] == const_cpu_to_le32( 545 ) ) )
|
|
);
|
|
}
|
|
|
|
/*
|
|
* Test whether a SID means "some user (or group)"
|
|
* Currently we only check for S-1-5-21... but we should
|
|
* probably test for other configurations
|
|
*/
|
|
|
|
BOOL ntfs_is_user_sid( const SID *usid )
|
|
{
|
|
return ( ( usid->sub_authority_count == 5 )
|
|
&& ( usid->identifier_authority.high_part == const_cpu_to_be16( 0 ) )
|
|
&& ( usid->identifier_authority.low_part == const_cpu_to_be32( 5 ) )
|
|
&& ( usid->sub_authority[0] == const_cpu_to_le32( 21 ) ) );
|
|
}
|
|
|
|
/*
|
|
* Determine the size of a security attribute
|
|
* whatever the order of fields
|
|
*/
|
|
|
|
unsigned int ntfs_attr_size( const char *attr )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const ACL *pdacl;
|
|
const ACL *psacl;
|
|
const SID *psid;
|
|
unsigned int offdacl;
|
|
unsigned int offsacl;
|
|
unsigned int offowner;
|
|
unsigned int offgroup;
|
|
unsigned int endsid;
|
|
unsigned int endacl;
|
|
unsigned int attrsz;
|
|
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )attr;
|
|
/*
|
|
* First check group, which is the last field in all descriptors
|
|
* we build, and in most descriptors built by Windows
|
|
*/
|
|
attrsz = sizeof( SECURITY_DESCRIPTOR_RELATIVE );
|
|
offgroup = le32_to_cpu( phead->group );
|
|
if ( offgroup >= attrsz )
|
|
{
|
|
/* find end of GSID */
|
|
psid = ( const SID* ) & attr[offgroup];
|
|
endsid = offgroup + ntfs_sid_size( psid );
|
|
if ( endsid > attrsz ) attrsz = endsid;
|
|
}
|
|
offowner = le32_to_cpu( phead->owner );
|
|
if ( offowner >= attrsz )
|
|
{
|
|
/* find end of USID */
|
|
psid = ( const SID* ) & attr[offowner];
|
|
endsid = offowner + ntfs_sid_size( psid );
|
|
attrsz = endsid;
|
|
}
|
|
offsacl = le32_to_cpu( phead->sacl );
|
|
if ( offsacl >= attrsz )
|
|
{
|
|
/* find end of SACL */
|
|
psacl = ( const ACL* ) & attr[offsacl];
|
|
endacl = offsacl + le16_to_cpu( psacl->size );
|
|
if ( endacl > attrsz )
|
|
attrsz = endacl;
|
|
}
|
|
|
|
|
|
/* find end of DACL */
|
|
offdacl = le32_to_cpu( phead->dacl );
|
|
if ( offdacl >= attrsz )
|
|
{
|
|
pdacl = ( const ACL* ) & attr[offdacl];
|
|
endacl = offdacl + le16_to_cpu( pdacl->size );
|
|
if ( endacl > attrsz )
|
|
attrsz = endacl;
|
|
}
|
|
return ( attrsz );
|
|
}
|
|
|
|
/*
|
|
* Do sanity checks on a SID read from storage
|
|
* (just check revision and number of authorities)
|
|
*/
|
|
|
|
BOOL ntfs_valid_sid( const SID *sid )
|
|
{
|
|
return ( ( sid->revision == SID_REVISION )
|
|
&& ( sid->sub_authority_count >= 1 )
|
|
&& ( sid->sub_authority_count <= 8 ) );
|
|
}
|
|
|
|
/*
|
|
* Check whether a SID is acceptable for an implicit
|
|
* mapping pattern.
|
|
* It should have been already checked it is a valid user SID.
|
|
*
|
|
* The last authority reference has to be >= 1000 (Windows usage)
|
|
* and <= 0x7fffffff, so that 30 bits from a uid and 30 more bits
|
|
* from a gid an be inserted with no overflow.
|
|
*/
|
|
|
|
BOOL ntfs_valid_pattern( const SID *sid )
|
|
{
|
|
int cnt;
|
|
u32 auth;
|
|
le32 leauth;
|
|
|
|
cnt = sid->sub_authority_count;
|
|
leauth = sid->sub_authority[cnt-1];
|
|
auth = le32_to_cpu( leauth );
|
|
return ( ( auth >= 1000 ) && ( auth <= 0x7fffffff ) );
|
|
}
|
|
|
|
/*
|
|
* Compute the uid or gid associated to a SID
|
|
* through an implicit mapping
|
|
*
|
|
* Returns 0 (root) if it does not match pattern
|
|
*/
|
|
|
|
static u32 findimplicit( const SID *xsid, const SID *pattern, int parity )
|
|
{
|
|
BIGSID defsid;
|
|
SID *psid;
|
|
u32 xid; /* uid or gid */
|
|
int cnt;
|
|
u32 carry;
|
|
le32 leauth;
|
|
u32 uauth;
|
|
u32 xlast;
|
|
u32 rlast;
|
|
|
|
memcpy( &defsid, pattern, ntfs_sid_size( pattern ) );
|
|
psid = ( SID* ) & defsid;
|
|
cnt = psid->sub_authority_count;
|
|
xid = 0;
|
|
if ( xsid->sub_authority_count == cnt )
|
|
{
|
|
psid->sub_authority[cnt-1] = xsid->sub_authority[cnt-1];
|
|
leauth = xsid->sub_authority[cnt-1];
|
|
xlast = le32_to_cpu( leauth );
|
|
leauth = pattern->sub_authority[cnt-1];
|
|
rlast = le32_to_cpu( leauth );
|
|
|
|
if ( ( xlast > rlast ) && !( ( xlast ^ rlast ^ parity ) & 1 ) )
|
|
{
|
|
/* direct check for basic situation */
|
|
if ( ntfs_same_sid( psid, xsid ) )
|
|
xid = ( ( xlast - rlast ) >> 1 ) & 0x3fffffff;
|
|
else
|
|
{
|
|
/*
|
|
* check whether part of mapping had to be
|
|
* recorded in a higher level authority
|
|
*/
|
|
carry = 1;
|
|
do
|
|
{
|
|
leauth = psid->sub_authority[cnt-2];
|
|
uauth = le32_to_cpu( leauth ) + 1;
|
|
psid->sub_authority[cnt-2]
|
|
= cpu_to_le32( uauth );
|
|
}
|
|
while ( !ntfs_same_sid( psid, xsid )
|
|
&& ( ++carry < 4 ) );
|
|
if ( carry < 4 )
|
|
xid = ( ( ( xlast - rlast ) >> 1 )
|
|
& 0x3fffffff ) | ( carry << 30 );
|
|
}
|
|
}
|
|
}
|
|
return ( xid );
|
|
}
|
|
|
|
/*
|
|
* Find usid mapped to a Linux user
|
|
* Returns NULL if not found
|
|
*/
|
|
|
|
const SID *ntfs_find_usid( const struct MAPPING* usermapping,
|
|
uid_t uid, SID *defusid )
|
|
{
|
|
const struct MAPPING *p;
|
|
const SID *sid;
|
|
le32 leauth;
|
|
u32 uauth;
|
|
int cnt;
|
|
|
|
if ( !uid )
|
|
sid = adminsid;
|
|
else
|
|
{
|
|
p = usermapping;
|
|
while ( p && p->xid && ( ( uid_t )p->xid != uid ) )
|
|
p = p->next;
|
|
if ( p && !p->xid )
|
|
{
|
|
/*
|
|
* default pattern has been reached :
|
|
* build an implicit SID according to pattern
|
|
* (the pattern format was checked while reading
|
|
* the mapping file)
|
|
*/
|
|
memcpy( defusid, p->sid, ntfs_sid_size( p->sid ) );
|
|
cnt = defusid->sub_authority_count;
|
|
leauth = defusid->sub_authority[cnt-1];
|
|
uauth = le32_to_cpu( leauth ) + 2 * ( uid & 0x3fffffff );
|
|
defusid->sub_authority[cnt-1] = cpu_to_le32( uauth );
|
|
if ( uid & 0xc0000000 )
|
|
{
|
|
leauth = defusid->sub_authority[cnt-2];
|
|
uauth = le32_to_cpu( leauth ) + ( ( uid >> 30 ) & 3 );
|
|
defusid->sub_authority[cnt-2] = cpu_to_le32( uauth );
|
|
}
|
|
sid = defusid;
|
|
}
|
|
else
|
|
sid = ( p ? p->sid : ( const SID* )NULL );
|
|
}
|
|
return ( sid );
|
|
}
|
|
|
|
/*
|
|
* Find Linux group mapped to a gsid
|
|
* Returns 0 (root) if not found
|
|
*/
|
|
|
|
const SID *ntfs_find_gsid( const struct MAPPING* groupmapping,
|
|
gid_t gid, SID *defgsid )
|
|
{
|
|
const struct MAPPING *p;
|
|
const SID *sid;
|
|
le32 leauth;
|
|
u32 uauth;
|
|
int cnt;
|
|
|
|
if ( !gid )
|
|
sid = adminsid;
|
|
else
|
|
{
|
|
p = groupmapping;
|
|
while ( p && p->xid && ( ( gid_t )p->xid != gid ) )
|
|
p = p->next;
|
|
if ( p && !p->xid )
|
|
{
|
|
/*
|
|
* default pattern has been reached :
|
|
* build an implicit SID according to pattern
|
|
* (the pattern format was checked while reading
|
|
* the mapping file)
|
|
*/
|
|
memcpy( defgsid, p->sid, ntfs_sid_size( p->sid ) );
|
|
cnt = defgsid->sub_authority_count;
|
|
leauth = defgsid->sub_authority[cnt-1];
|
|
uauth = le32_to_cpu( leauth ) + 2 * ( gid & 0x3fffffff ) + 1;
|
|
defgsid->sub_authority[cnt-1] = cpu_to_le32( uauth );
|
|
if ( gid & 0xc0000000 )
|
|
{
|
|
leauth = defgsid->sub_authority[cnt-2];
|
|
uauth = le32_to_cpu( leauth ) + ( ( gid >> 30 ) & 3 );
|
|
defgsid->sub_authority[cnt-2] = cpu_to_le32( uauth );
|
|
}
|
|
sid = defgsid;
|
|
}
|
|
else
|
|
sid = ( p ? p->sid : ( const SID* )NULL );
|
|
}
|
|
return ( sid );
|
|
}
|
|
|
|
/*
|
|
* Find Linux owner mapped to a usid
|
|
* Returns 0 (root) if not found
|
|
*/
|
|
|
|
uid_t ntfs_find_user( const struct MAPPING* usermapping, const SID *usid )
|
|
{
|
|
uid_t uid;
|
|
const struct MAPPING *p;
|
|
|
|
p = usermapping;
|
|
while ( p && p->xid && !ntfs_same_sid( usid, p->sid ) )
|
|
p = p->next;
|
|
if ( p && !p->xid )
|
|
/*
|
|
* No explicit mapping found, try implicit mapping
|
|
*/
|
|
uid = findimplicit( usid, p->sid, 0 );
|
|
else
|
|
uid = ( p ? p->xid : 0 );
|
|
return ( uid );
|
|
}
|
|
|
|
/*
|
|
* Find Linux group mapped to a gsid
|
|
* Returns 0 (root) if not found
|
|
*/
|
|
|
|
gid_t ntfs_find_group( const struct MAPPING* groupmapping, const SID * gsid )
|
|
{
|
|
gid_t gid;
|
|
const struct MAPPING *p;
|
|
int gsidsz;
|
|
|
|
gsidsz = ntfs_sid_size( gsid );
|
|
p = groupmapping;
|
|
while ( p && p->xid && !ntfs_same_sid( gsid, p->sid ) )
|
|
p = p->next;
|
|
if ( p && !p->xid )
|
|
/*
|
|
* No explicit mapping found, try implicit mapping
|
|
*/
|
|
gid = findimplicit( gsid, p->sid, 1 );
|
|
else
|
|
gid = ( p ? p->xid : 0 );
|
|
return ( gid );
|
|
}
|
|
|
|
/*
|
|
* Check the validity of the ACEs in a DACL or SACL
|
|
*/
|
|
|
|
static BOOL valid_acl( const ACL *pacl, unsigned int end )
|
|
{
|
|
const ACCESS_ALLOWED_ACE *pace;
|
|
unsigned int offace;
|
|
unsigned int acecnt;
|
|
unsigned int acesz;
|
|
unsigned int nace;
|
|
BOOL ok;
|
|
|
|
ok = TRUE;
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
offace = sizeof( ACL );
|
|
for ( nace = 0; ( nace < acecnt ) && ok; nace++ )
|
|
{
|
|
/* be sure the beginning is within range */
|
|
if ( ( offace + sizeof( ACCESS_ALLOWED_ACE ) ) > end )
|
|
ok = FALSE;
|
|
else
|
|
{
|
|
pace = ( const ACCESS_ALLOWED_ACE* )
|
|
& ( ( const char* )pacl )[offace];
|
|
acesz = le16_to_cpu( pace->size );
|
|
if ( ( ( offace + acesz ) > end )
|
|
|| !ntfs_valid_sid( &pace->sid )
|
|
|| ( ( ntfs_sid_size( &pace->sid ) + 8 ) != ( int )acesz ) )
|
|
ok = FALSE;
|
|
offace += acesz;
|
|
}
|
|
}
|
|
return ( ok );
|
|
}
|
|
|
|
/*
|
|
* Do sanity checks on security descriptors read from storage
|
|
* basically, we make sure that every field holds within
|
|
* allocated storage
|
|
* Should not be called with a NULL argument
|
|
* returns TRUE if considered safe
|
|
* if not, error should be logged by caller
|
|
*/
|
|
|
|
BOOL ntfs_valid_descr( const char *securattr, unsigned int attrsz )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const ACL *pdacl;
|
|
const ACL *psacl;
|
|
unsigned int offdacl;
|
|
unsigned int offsacl;
|
|
unsigned int offowner;
|
|
unsigned int offgroup;
|
|
BOOL ok;
|
|
|
|
ok = TRUE;
|
|
|
|
/*
|
|
* first check overall size if within allocation range
|
|
* and a DACL is present
|
|
* and owner and group SID are valid
|
|
*/
|
|
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )securattr;
|
|
offdacl = le32_to_cpu( phead->dacl );
|
|
offsacl = le32_to_cpu( phead->sacl );
|
|
offowner = le32_to_cpu( phead->owner );
|
|
offgroup = le32_to_cpu( phead->group );
|
|
pdacl = ( const ACL* ) & securattr[offdacl];
|
|
psacl = ( const ACL* ) & securattr[offsacl];
|
|
|
|
/*
|
|
* size check occurs before the above pointers are used
|
|
*
|
|
* "DR Watson" standard directory on WinXP has an
|
|
* old revision and no DACL though SE_DACL_PRESENT is set
|
|
*/
|
|
if ( ( attrsz >= sizeof( SECURITY_DESCRIPTOR_RELATIVE ) )
|
|
&& ( phead->revision == SECURITY_DESCRIPTOR_REVISION )
|
|
&& ( offowner >= sizeof( SECURITY_DESCRIPTOR_RELATIVE ) )
|
|
&& ( ( offowner + 2 ) < attrsz )
|
|
&& ( offgroup >= sizeof( SECURITY_DESCRIPTOR_RELATIVE ) )
|
|
&& ( ( offgroup + 2 ) < attrsz )
|
|
&& ( !offdacl
|
|
|| ( ( offdacl >= sizeof( SECURITY_DESCRIPTOR_RELATIVE ) )
|
|
&& ( offdacl + sizeof( ACL ) < attrsz ) ) )
|
|
&& ( !offsacl
|
|
|| ( ( offsacl >= sizeof( SECURITY_DESCRIPTOR_RELATIVE ) )
|
|
&& ( offsacl + sizeof( ACL ) < attrsz ) ) )
|
|
&& !( phead->owner & const_cpu_to_le32( 3 ) )
|
|
&& !( phead->group & const_cpu_to_le32( 3 ) )
|
|
&& !( phead->dacl & const_cpu_to_le32( 3 ) )
|
|
&& !( phead->sacl & const_cpu_to_le32( 3 ) )
|
|
&& ( ntfs_attr_size( securattr ) <= attrsz )
|
|
&& ntfs_valid_sid( ( const SID* )&securattr[offowner] )
|
|
&& ntfs_valid_sid( ( const SID* )&securattr[offgroup] )
|
|
/*
|
|
* if there is an ACL, as indicated by offdacl,
|
|
* require SE_DACL_PRESENT
|
|
* but "Dr Watson" has SE_DACL_PRESENT though no DACL
|
|
*/
|
|
&& ( !offdacl
|
|
|| ( ( phead->control & SE_DACL_PRESENT )
|
|
&& ( ( pdacl->revision == ACL_REVISION )
|
|
|| ( pdacl->revision == ACL_REVISION_DS ) ) ) )
|
|
/* same for SACL */
|
|
&& ( !offsacl
|
|
|| ( ( phead->control & SE_SACL_PRESENT )
|
|
&& ( ( psacl->revision == ACL_REVISION )
|
|
|| ( psacl->revision == ACL_REVISION_DS ) ) ) ) )
|
|
{
|
|
/*
|
|
* Check the DACL and SACL if present
|
|
*/
|
|
if ( ( offdacl && !valid_acl( pdacl, attrsz - offdacl ) )
|
|
|| ( offsacl && !valid_acl( psacl, attrsz - offsacl ) ) )
|
|
ok = FALSE;
|
|
}
|
|
else
|
|
ok = FALSE;
|
|
return ( ok );
|
|
}
|
|
|
|
/*
|
|
* Copy the inheritable parts of an ACL
|
|
*
|
|
* Returns the size of the new ACL
|
|
* or zero if nothing is inheritable
|
|
*/
|
|
|
|
int ntfs_inherit_acl( const ACL *oldacl, ACL *newacl,
|
|
const SID *usid, const SID *gsid, BOOL fordir )
|
|
{
|
|
unsigned int src;
|
|
unsigned int dst;
|
|
int oldcnt;
|
|
int newcnt;
|
|
unsigned int selection;
|
|
int nace;
|
|
int acesz;
|
|
int usidsz;
|
|
int gsidsz;
|
|
const ACCESS_ALLOWED_ACE *poldace;
|
|
ACCESS_ALLOWED_ACE *pnewace;
|
|
|
|
usidsz = ntfs_sid_size( usid );
|
|
gsidsz = ntfs_sid_size( gsid );
|
|
|
|
/* ACL header */
|
|
|
|
newacl->revision = ACL_REVISION;
|
|
newacl->alignment1 = 0;
|
|
newacl->alignment2 = const_cpu_to_le16( 0 );
|
|
src = dst = sizeof( ACL );
|
|
|
|
selection = ( fordir ? CONTAINER_INHERIT_ACE : OBJECT_INHERIT_ACE );
|
|
newcnt = 0;
|
|
oldcnt = le16_to_cpu( oldacl->ace_count );
|
|
for ( nace = 0; nace < oldcnt; nace++ )
|
|
{
|
|
poldace = ( const ACCESS_ALLOWED_ACE* )( ( const char* )oldacl + src );
|
|
acesz = le16_to_cpu( poldace->size );
|
|
/* inheritance for access */
|
|
if ( poldace->flags & selection )
|
|
{
|
|
pnewace = ( ACCESS_ALLOWED_ACE* )
|
|
( ( char* )newacl + dst );
|
|
memcpy( pnewace, poldace, acesz );
|
|
/*
|
|
* Replace generic creator-owner and
|
|
* creator-group by owner and group
|
|
*/
|
|
if ( ntfs_same_sid( &pnewace->sid, ownersid ) )
|
|
{
|
|
memcpy( &pnewace->sid, usid, usidsz );
|
|
acesz = usidsz + 8;
|
|
pnewace->size = cpu_to_le16( acesz );
|
|
}
|
|
if ( ntfs_same_sid( &pnewace->sid, groupsid ) )
|
|
{
|
|
memcpy( &pnewace->sid, gsid, gsidsz );
|
|
acesz = gsidsz + 8;
|
|
pnewace->size = cpu_to_le16( acesz );
|
|
}
|
|
if ( pnewace->mask & GENERIC_ALL )
|
|
{
|
|
pnewace->mask &= ~GENERIC_ALL;
|
|
if ( fordir )
|
|
pnewace->mask |= OWNER_RIGHTS
|
|
| DIR_READ
|
|
| DIR_WRITE
|
|
| DIR_EXEC;
|
|
else
|
|
/*
|
|
* The last flag is not defined for a file,
|
|
* however Windows sets it, so do the same
|
|
*/
|
|
pnewace->mask |= OWNER_RIGHTS
|
|
| FILE_READ
|
|
| FILE_WRITE
|
|
| FILE_EXEC
|
|
| cpu_to_le32( 0x40 );
|
|
}
|
|
/* remove inheritance flags */
|
|
pnewace->flags &= ~( OBJECT_INHERIT_ACE
|
|
| CONTAINER_INHERIT_ACE
|
|
| INHERIT_ONLY_ACE );
|
|
dst += acesz;
|
|
newcnt++;
|
|
}
|
|
/* inheritance for further inheritance */
|
|
if ( fordir
|
|
&& ( poldace->flags
|
|
& ( CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ) ) )
|
|
{
|
|
pnewace = ( ACCESS_ALLOWED_ACE* )
|
|
( ( char* )newacl + dst );
|
|
memcpy( pnewace, poldace, acesz );
|
|
/*
|
|
* Replace generic creator-owner and
|
|
* creator-group by owner and group
|
|
*/
|
|
if ( ntfs_same_sid( &pnewace->sid, ownersid ) )
|
|
{
|
|
memcpy( &pnewace->sid, usid, usidsz );
|
|
acesz = usidsz + 8;
|
|
}
|
|
if ( ntfs_same_sid( &pnewace->sid, groupsid ) )
|
|
{
|
|
memcpy( &pnewace->sid, gsid, gsidsz );
|
|
acesz = gsidsz + 8;
|
|
}
|
|
dst += acesz;
|
|
newcnt++;
|
|
}
|
|
src += acesz;
|
|
}
|
|
/*
|
|
* Adjust header if something was inherited
|
|
*/
|
|
if ( dst > sizeof( ACL ) )
|
|
{
|
|
newacl->ace_count = cpu_to_le16( newcnt );
|
|
newacl->size = cpu_to_le16( dst );
|
|
}
|
|
else
|
|
dst = 0;
|
|
return ( dst );
|
|
}
|
|
|
|
#if POSIXACLS
|
|
|
|
/*
|
|
* Do sanity checks on a Posix descriptor
|
|
* Should not be called with a NULL argument
|
|
* returns TRUE if considered safe
|
|
* if not, error should be logged by caller
|
|
*/
|
|
|
|
BOOL ntfs_valid_posix( const struct POSIX_SECURITY *pxdesc )
|
|
{
|
|
const struct POSIX_ACL *pacl;
|
|
int i;
|
|
BOOL ok;
|
|
u16 tag;
|
|
u32 id;
|
|
int perms;
|
|
struct
|
|
{
|
|
u16 previous;
|
|
u32 previousid;
|
|
u16 tagsset;
|
|
mode_t mode;
|
|
int owners;
|
|
int groups;
|
|
int others;
|
|
} checks[2], *pchk;
|
|
|
|
for ( i = 0; i < 2; i++ )
|
|
{
|
|
checks[i].mode = 0;
|
|
checks[i].tagsset = 0;
|
|
checks[i].owners = 0;
|
|
checks[i].groups = 0;
|
|
checks[i].others = 0;
|
|
checks[i].previous = 0;
|
|
checks[i].previousid = 0;
|
|
}
|
|
ok = TRUE;
|
|
pacl = &pxdesc->acl;
|
|
/*
|
|
* header (strict for now)
|
|
*/
|
|
if ( ( pacl->version != POSIX_VERSION )
|
|
|| ( pacl->flags != 0 )
|
|
|| ( pacl->filler != 0 ) )
|
|
ok = FALSE;
|
|
/*
|
|
* Reject multiple owner, group or other
|
|
* but do not require them to be present
|
|
* Also check the ACEs are in correct order
|
|
* which implies there is no duplicates
|
|
*/
|
|
for ( i = 0; i < pxdesc->acccnt + pxdesc->defcnt; i++ )
|
|
{
|
|
if ( i >= pxdesc->firstdef )
|
|
pchk = &checks[1];
|
|
else
|
|
pchk = &checks[0];
|
|
perms = pacl->ace[i].perms;
|
|
tag = pacl->ace[i].tag;
|
|
pchk->tagsset |= tag;
|
|
id = pacl->ace[i].id;
|
|
if ( perms & ~7 ) ok = FALSE;
|
|
if ( ( tag < pchk->previous )
|
|
|| ( ( tag == pchk->previous )
|
|
&& ( id <= pchk->previousid ) ) )
|
|
ok = FALSE;
|
|
pchk->previous = tag;
|
|
pchk->previousid = id;
|
|
switch ( tag )
|
|
{
|
|
case POSIX_ACL_USER_OBJ :
|
|
if ( pchk->owners++ )
|
|
ok = FALSE;
|
|
if ( id != ( u32 ) - 1 )
|
|
ok = FALSE;
|
|
pchk->mode |= perms << 6;
|
|
break;
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
if ( pchk->groups++ )
|
|
ok = FALSE;
|
|
if ( id != ( u32 ) - 1 )
|
|
ok = FALSE;
|
|
pchk->mode = ( pchk->mode & 07707 ) | ( perms << 3 );
|
|
break;
|
|
case POSIX_ACL_OTHER :
|
|
if ( pchk->others++ )
|
|
ok = FALSE;
|
|
if ( id != ( u32 ) - 1 )
|
|
ok = FALSE;
|
|
pchk->mode |= perms;
|
|
break;
|
|
case POSIX_ACL_USER :
|
|
case POSIX_ACL_GROUP :
|
|
if ( id == ( u32 ) - 1 )
|
|
ok = FALSE;
|
|
break;
|
|
case POSIX_ACL_MASK :
|
|
if ( id != ( u32 ) - 1 )
|
|
ok = FALSE;
|
|
pchk->mode = ( pchk->mode & 07707 ) | ( perms << 3 );
|
|
break;
|
|
default :
|
|
ok = FALSE;
|
|
break;
|
|
}
|
|
}
|
|
if ( ( pxdesc->acccnt > 0 )
|
|
&& ( ( checks[0].owners != 1 ) || ( checks[0].groups != 1 )
|
|
|| ( checks[0].others != 1 ) ) )
|
|
ok = FALSE;
|
|
/* do not check owner, group or other are present in */
|
|
/* the default ACL, Windows does not necessarily set them */
|
|
/* descriptor */
|
|
if ( pxdesc->defcnt && ( pxdesc->acccnt > pxdesc->firstdef ) )
|
|
ok = FALSE;
|
|
if ( ( pxdesc->acccnt < 0 ) || ( pxdesc->defcnt < 0 ) )
|
|
ok = FALSE;
|
|
/* check mode, unless null or no tag set */
|
|
if ( pxdesc->mode
|
|
&& checks[0].tagsset
|
|
&& ( checks[0].mode != ( pxdesc->mode & 0777 ) ) )
|
|
ok = FALSE;
|
|
/* check tagsset */
|
|
if ( pxdesc->tagsset != checks[0].tagsset )
|
|
ok = FALSE;
|
|
return ( ok );
|
|
}
|
|
|
|
/*
|
|
* Set standard header data into a Posix ACL
|
|
* The mode argument should provide the 3 upper bits of target mode
|
|
*/
|
|
|
|
static mode_t posix_header( struct POSIX_SECURITY *pxdesc, mode_t basemode )
|
|
{
|
|
mode_t mode;
|
|
u16 tagsset;
|
|
struct POSIX_ACE *pace;
|
|
int i;
|
|
|
|
mode = basemode & 07000;
|
|
tagsset = 0;
|
|
for ( i = 0; i < pxdesc->acccnt; i++ )
|
|
{
|
|
pace = &pxdesc->acl.ace[i];
|
|
tagsset |= pace->tag;
|
|
switch ( pace->tag )
|
|
{
|
|
case POSIX_ACL_USER_OBJ :
|
|
mode |= ( pace->perms & 7 ) << 6;
|
|
break;
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
case POSIX_ACL_MASK :
|
|
mode = ( mode & 07707 ) | ( ( pace->perms & 7 ) << 3 );
|
|
break;
|
|
case POSIX_ACL_OTHER :
|
|
mode |= pace->perms & 7;
|
|
break;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
pxdesc->tagsset = tagsset;
|
|
pxdesc->mode = mode;
|
|
pxdesc->acl.version = POSIX_VERSION;
|
|
pxdesc->acl.flags = 0;
|
|
pxdesc->acl.filler = 0;
|
|
return ( mode );
|
|
}
|
|
|
|
/*
|
|
* Sort ACEs in a Posix ACL
|
|
* This is useful for always getting reusable converted ACLs,
|
|
* it also helps in merging ACEs.
|
|
* Repeated tag+id are allowed and not merged here.
|
|
*
|
|
* Tags should be in ascending sequence and for a repeatable tag
|
|
* ids should be in ascending sequence.
|
|
*/
|
|
|
|
void ntfs_sort_posix( struct POSIX_SECURITY *pxdesc )
|
|
{
|
|
struct POSIX_ACL *pacl;
|
|
struct POSIX_ACE ace;
|
|
int i;
|
|
int offs;
|
|
BOOL done;
|
|
u16 tag;
|
|
u16 previous;
|
|
u32 id;
|
|
u32 previousid;
|
|
|
|
|
|
/*
|
|
* Check sequencing of tag+id in access ACE's
|
|
*/
|
|
pacl = &pxdesc->acl;
|
|
do
|
|
{
|
|
done = TRUE;
|
|
previous = pacl->ace[0].tag;
|
|
previousid = pacl->ace[0].id;
|
|
for ( i = 1; i < pxdesc->acccnt; i++ )
|
|
{
|
|
tag = pacl->ace[i].tag;
|
|
id = pacl->ace[i].id;
|
|
|
|
if ( ( tag < previous )
|
|
|| ( ( tag == previous ) && ( id < previousid ) ) )
|
|
{
|
|
done = FALSE;
|
|
memcpy( &ace, &pacl->ace[i-1], sizeof( struct POSIX_ACE ) );
|
|
memcpy( &pacl->ace[i-1], &pacl->ace[i], sizeof( struct POSIX_ACE ) );
|
|
memcpy( &pacl->ace[i], &ace, sizeof( struct POSIX_ACE ) );
|
|
}
|
|
else
|
|
{
|
|
previous = tag;
|
|
previousid = id;
|
|
}
|
|
}
|
|
}
|
|
while ( !done );
|
|
/*
|
|
* Same for default ACEs
|
|
*/
|
|
do
|
|
{
|
|
done = TRUE;
|
|
if ( ( pxdesc->defcnt ) > 1 )
|
|
{
|
|
offs = pxdesc->firstdef;
|
|
previous = pacl->ace[offs].tag;
|
|
previousid = pacl->ace[offs].id;
|
|
for ( i = offs + 1; i < offs + pxdesc->defcnt; i++ )
|
|
{
|
|
tag = pacl->ace[i].tag;
|
|
id = pacl->ace[i].id;
|
|
|
|
if ( ( tag < previous )
|
|
|| ( ( tag == previous ) && ( id < previousid ) ) )
|
|
{
|
|
done = FALSE;
|
|
memcpy( &ace, &pacl->ace[i-1], sizeof( struct POSIX_ACE ) );
|
|
memcpy( &pacl->ace[i-1], &pacl->ace[i], sizeof( struct POSIX_ACE ) );
|
|
memcpy( &pacl->ace[i], &ace, sizeof( struct POSIX_ACE ) );
|
|
}
|
|
else
|
|
{
|
|
previous = tag;
|
|
previousid = id;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
while ( !done );
|
|
}
|
|
|
|
/*
|
|
* Merge a new mode into a Posix descriptor
|
|
* The Posix descriptor is not reallocated, its size is unchanged
|
|
*
|
|
* returns 0 if ok
|
|
*/
|
|
|
|
int ntfs_merge_mode_posix( struct POSIX_SECURITY *pxdesc, mode_t mode )
|
|
{
|
|
int i;
|
|
BOOL maskfound;
|
|
struct POSIX_ACE *pace;
|
|
int todo;
|
|
|
|
maskfound = FALSE;
|
|
todo = POSIX_ACL_USER_OBJ | POSIX_ACL_GROUP_OBJ | POSIX_ACL_OTHER;
|
|
for ( i = pxdesc->acccnt - 1; i >= 0; i-- )
|
|
{
|
|
pace = &pxdesc->acl.ace[i];
|
|
switch ( pace->tag )
|
|
{
|
|
case POSIX_ACL_USER_OBJ :
|
|
pace->perms = ( mode >> 6 ) & 7;
|
|
todo &= ~POSIX_ACL_USER_OBJ;
|
|
break;
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
if ( !maskfound )
|
|
pace->perms = ( mode >> 3 ) & 7;
|
|
todo &= ~POSIX_ACL_GROUP_OBJ;
|
|
break;
|
|
case POSIX_ACL_MASK :
|
|
pace->perms = ( mode >> 3 ) & 7;
|
|
maskfound = TRUE;
|
|
break;
|
|
case POSIX_ACL_OTHER :
|
|
pace->perms = mode & 7;
|
|
todo &= ~POSIX_ACL_OTHER;
|
|
break;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
pxdesc->mode = mode;
|
|
return ( todo ? -1 : 0 );
|
|
}
|
|
|
|
/*
|
|
* Replace an access or default Posix ACL
|
|
* The resulting ACL is checked for validity
|
|
*
|
|
* Returns a new ACL or NULL if there is a problem
|
|
*/
|
|
|
|
struct POSIX_SECURITY *ntfs_replace_acl( const struct POSIX_SECURITY *oldpxdesc,
|
|
const struct POSIX_ACL *newacl, int count, BOOL deflt )
|
|
{
|
|
struct POSIX_SECURITY *newpxdesc;
|
|
size_t newsize;
|
|
int offset;
|
|
int oldoffset;
|
|
int i;
|
|
|
|
if ( deflt )
|
|
newsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( oldpxdesc->acccnt + count )*sizeof( struct POSIX_ACE );
|
|
else
|
|
newsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( oldpxdesc->defcnt + count )*sizeof( struct POSIX_ACE );
|
|
newpxdesc = ( struct POSIX_SECURITY* )malloc( newsize );
|
|
if ( newpxdesc )
|
|
{
|
|
if ( deflt )
|
|
{
|
|
offset = oldpxdesc->acccnt;
|
|
newpxdesc->acccnt = oldpxdesc->acccnt;
|
|
newpxdesc->defcnt = count;
|
|
newpxdesc->firstdef = offset;
|
|
/* copy access ACEs */
|
|
for ( i = 0; i < newpxdesc->acccnt; i++ )
|
|
newpxdesc->acl.ace[i] = oldpxdesc->acl.ace[i];
|
|
/* copy default ACEs */
|
|
for ( i = 0; i < count; i++ )
|
|
newpxdesc->acl.ace[i + offset] = newacl->ace[i];
|
|
}
|
|
else
|
|
{
|
|
offset = count;
|
|
newpxdesc->acccnt = count;
|
|
newpxdesc->defcnt = oldpxdesc->defcnt;
|
|
newpxdesc->firstdef = count;
|
|
/* copy access ACEs */
|
|
for ( i = 0; i < count; i++ )
|
|
newpxdesc->acl.ace[i] = newacl->ace[i];
|
|
/* copy default ACEs */
|
|
oldoffset = oldpxdesc->firstdef;
|
|
for ( i = 0; i < newpxdesc->defcnt; i++ )
|
|
newpxdesc->acl.ace[i + offset] = oldpxdesc->acl.ace[i + oldoffset];
|
|
}
|
|
/* assume special flags unchanged */
|
|
posix_header( newpxdesc, oldpxdesc->mode );
|
|
if ( !ntfs_valid_posix( newpxdesc ) )
|
|
{
|
|
/* do not log, this is an application error */
|
|
free( newpxdesc );
|
|
newpxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
errno = EINVAL;
|
|
}
|
|
}
|
|
else
|
|
errno = ENOMEM;
|
|
return ( newpxdesc );
|
|
}
|
|
|
|
/*
|
|
* Build an inherited Posix descriptor from parent
|
|
* descriptor (if any) restricted to creation mode
|
|
*
|
|
* Returns the inherited descriptor or NULL if there is a problem
|
|
*/
|
|
|
|
struct POSIX_SECURITY *ntfs_build_inherited_posix(
|
|
const struct POSIX_SECURITY *pxdesc, mode_t mode,
|
|
mode_t mask, BOOL isdir )
|
|
{
|
|
struct POSIX_SECURITY *pydesc;
|
|
struct POSIX_ACE *pyace;
|
|
int count;
|
|
int defcnt;
|
|
int size;
|
|
int i;
|
|
s16 tagsset;
|
|
|
|
if ( pxdesc && pxdesc->defcnt )
|
|
{
|
|
if ( isdir )
|
|
count = 2 * pxdesc->defcnt + 3;
|
|
else
|
|
count = pxdesc->defcnt + 3;
|
|
}
|
|
else
|
|
count = 3;
|
|
pydesc = ( struct POSIX_SECURITY* )malloc(
|
|
sizeof( struct POSIX_SECURITY ) + count*sizeof( struct POSIX_ACE ) );
|
|
if ( pydesc )
|
|
{
|
|
/*
|
|
* Copy inherited tags and adapt perms
|
|
* Use requested mode, ignoring umask
|
|
* (not possible with older versions of fuse)
|
|
*/
|
|
tagsset = 0;
|
|
defcnt = ( pxdesc ? pxdesc->defcnt : 0 );
|
|
for ( i = defcnt - 1; i >= 0; i-- )
|
|
{
|
|
pyace = &pydesc->acl.ace[i];
|
|
*pyace = pxdesc->acl.ace[pxdesc->firstdef + i];
|
|
switch ( pyace->tag )
|
|
{
|
|
case POSIX_ACL_USER_OBJ :
|
|
pyace->perms &= ( mode >> 6 ) & 7;
|
|
break;
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
if ( !( tagsset & POSIX_ACL_MASK ) )
|
|
pyace->perms &= ( mode >> 3 ) & 7;
|
|
break;
|
|
case POSIX_ACL_OTHER :
|
|
pyace->perms &= mode & 7;
|
|
break;
|
|
case POSIX_ACL_MASK :
|
|
pyace->perms &= ( mode >> 3 ) & 7;
|
|
break;
|
|
default :
|
|
break;
|
|
}
|
|
tagsset |= pyace->tag;
|
|
}
|
|
pydesc->acccnt = defcnt;
|
|
/*
|
|
* If some standard tags were missing, append them from mode
|
|
* and sort the list
|
|
* Here we have to use the umask'ed mode
|
|
*/
|
|
if ( ~tagsset & ( POSIX_ACL_USER_OBJ
|
|
| POSIX_ACL_GROUP_OBJ | POSIX_ACL_OTHER ) )
|
|
{
|
|
i = defcnt;
|
|
/* owner was missing */
|
|
if ( !( tagsset & POSIX_ACL_USER_OBJ ) )
|
|
{
|
|
pyace = &pydesc->acl.ace[i];
|
|
pyace->tag = POSIX_ACL_USER_OBJ;
|
|
pyace->id = -1;
|
|
pyace->perms = ( ( mode & ~mask ) >> 6 ) & 7;
|
|
tagsset |= POSIX_ACL_USER_OBJ;
|
|
i++;
|
|
}
|
|
/* owning group was missing */
|
|
if ( !( tagsset & POSIX_ACL_GROUP_OBJ ) )
|
|
{
|
|
pyace = &pydesc->acl.ace[i];
|
|
pyace->tag = POSIX_ACL_GROUP_OBJ;
|
|
pyace->id = -1;
|
|
pyace->perms = ( ( mode & ~mask ) >> 3 ) & 7;
|
|
tagsset |= POSIX_ACL_GROUP_OBJ;
|
|
i++;
|
|
}
|
|
/* other was missing */
|
|
if ( !( tagsset & POSIX_ACL_OTHER ) )
|
|
{
|
|
pyace = &pydesc->acl.ace[i];
|
|
pyace->tag = POSIX_ACL_OTHER;
|
|
pyace->id = -1;
|
|
pyace->perms = mode & ~mask & 7;
|
|
tagsset |= POSIX_ACL_OTHER;
|
|
i++;
|
|
}
|
|
pydesc->acccnt = i;
|
|
pydesc->firstdef = i;
|
|
pydesc->defcnt = 0;
|
|
ntfs_sort_posix( pydesc );
|
|
}
|
|
|
|
/*
|
|
* append as a default ACL if a directory
|
|
*/
|
|
pydesc->firstdef = pydesc->acccnt;
|
|
if ( defcnt && isdir )
|
|
{
|
|
size = sizeof( struct POSIX_ACE ) * defcnt;
|
|
memcpy( &pydesc->acl.ace[pydesc->firstdef],
|
|
&pxdesc->acl.ace[pxdesc->firstdef], size );
|
|
pydesc->defcnt = defcnt;
|
|
}
|
|
else
|
|
{
|
|
pydesc->defcnt = 0;
|
|
}
|
|
/* assume special bits are not inherited */
|
|
posix_header( pydesc, mode & 07000 );
|
|
if ( !ntfs_valid_posix( pydesc ) )
|
|
{
|
|
ntfs_log_error( "Error building an inherited Posix desc\n" );
|
|
errno = EIO;
|
|
free( pydesc );
|
|
pydesc = ( struct POSIX_SECURITY* )NULL;
|
|
}
|
|
}
|
|
else
|
|
errno = ENOMEM;
|
|
return ( pydesc );
|
|
}
|
|
|
|
static int merge_lists_posix( struct POSIX_ACE *targetace,
|
|
const struct POSIX_ACE *firstace,
|
|
const struct POSIX_ACE *secondace,
|
|
int firstcnt, int secondcnt )
|
|
{
|
|
int k;
|
|
|
|
k = 0;
|
|
/*
|
|
* No list is exhausted :
|
|
* if same tag+id in both list :
|
|
* ignore ACE from second list
|
|
* else take the one with smaller tag+id
|
|
*/
|
|
while ( ( firstcnt > 0 ) && ( secondcnt > 0 ) )
|
|
if ( ( firstace->tag == secondace->tag )
|
|
&& ( firstace->id == secondace->id ) )
|
|
{
|
|
secondace++;
|
|
secondcnt--;
|
|
}
|
|
else if ( ( firstace->tag < secondace->tag )
|
|
|| ( ( firstace->tag == secondace->tag )
|
|
&& ( firstace->id < secondace->id ) ) )
|
|
{
|
|
targetace->tag = firstace->tag;
|
|
targetace->id = firstace->id;
|
|
targetace->perms = firstace->perms;
|
|
firstace++;
|
|
targetace++;
|
|
firstcnt--;
|
|
k++;
|
|
}
|
|
else
|
|
{
|
|
targetace->tag = secondace->tag;
|
|
targetace->id = secondace->id;
|
|
targetace->perms = secondace->perms;
|
|
secondace++;
|
|
targetace++;
|
|
secondcnt--;
|
|
k++;
|
|
}
|
|
/*
|
|
* One list is exhausted, copy the other one
|
|
*/
|
|
while ( firstcnt > 0 )
|
|
{
|
|
targetace->tag = firstace->tag;
|
|
targetace->id = firstace->id;
|
|
targetace->perms = firstace->perms;
|
|
firstace++;
|
|
targetace++;
|
|
firstcnt--;
|
|
k++;
|
|
}
|
|
while ( secondcnt > 0 )
|
|
{
|
|
targetace->tag = secondace->tag;
|
|
targetace->id = secondace->id;
|
|
targetace->perms = secondace->perms;
|
|
secondace++;
|
|
targetace++;
|
|
secondcnt--;
|
|
k++;
|
|
}
|
|
return ( k );
|
|
}
|
|
|
|
/*
|
|
* Merge two Posix ACLs
|
|
* The input ACLs have to be adequately sorted
|
|
*
|
|
* Returns the merged ACL, which is allocated and has to be freed by caller,
|
|
* or NULL if failed
|
|
*/
|
|
|
|
struct POSIX_SECURITY *ntfs_merge_descr_posix( const struct POSIX_SECURITY *first,
|
|
const struct POSIX_SECURITY *second )
|
|
{
|
|
struct POSIX_SECURITY *pxdesc;
|
|
struct POSIX_ACE *targetace;
|
|
const struct POSIX_ACE *firstace;
|
|
const struct POSIX_ACE *secondace;
|
|
size_t size;
|
|
int k;
|
|
|
|
size = sizeof( struct POSIX_SECURITY )
|
|
+ ( first->acccnt + first->defcnt
|
|
+ second->acccnt + second->defcnt )*sizeof( struct POSIX_ACE );
|
|
pxdesc = ( struct POSIX_SECURITY* )malloc( size );
|
|
if ( pxdesc )
|
|
{
|
|
/*
|
|
* merge access ACEs
|
|
*/
|
|
firstace = first->acl.ace;
|
|
secondace = second->acl.ace;
|
|
targetace = pxdesc->acl.ace;
|
|
k = merge_lists_posix( targetace, firstace, secondace,
|
|
first->acccnt, second->acccnt );
|
|
pxdesc->acccnt = k;
|
|
/*
|
|
* merge default ACEs
|
|
*/
|
|
pxdesc->firstdef = k;
|
|
firstace = &first->acl.ace[first->firstdef];
|
|
secondace = &second->acl.ace[second->firstdef];
|
|
targetace = &pxdesc->acl.ace[k];
|
|
k = merge_lists_posix( targetace, firstace, secondace,
|
|
first->defcnt, second->defcnt );
|
|
pxdesc->defcnt = k;
|
|
/*
|
|
* build header
|
|
*/
|
|
pxdesc->acl.version = POSIX_VERSION;
|
|
pxdesc->acl.flags = 0;
|
|
pxdesc->acl.filler = 0;
|
|
pxdesc->mode = 0;
|
|
pxdesc->tagsset = 0;
|
|
}
|
|
else
|
|
errno = ENOMEM;
|
|
return ( pxdesc );
|
|
}
|
|
|
|
struct BUILD_CONTEXT
|
|
{
|
|
BOOL isdir;
|
|
BOOL adminowns;
|
|
BOOL groupowns;
|
|
u16 selfuserperms;
|
|
u16 selfgrpperms;
|
|
u16 grpperms;
|
|
u16 othperms;
|
|
u16 mask;
|
|
u16 designates;
|
|
u16 withmask;
|
|
u16 rootspecial;
|
|
} ;
|
|
|
|
|
|
|
|
static BOOL build_user_denials( ACL *pacl,
|
|
const SID *usid, struct MAPPING* const mapping[],
|
|
ACE_FLAGS flags, const struct POSIX_ACE *pxace,
|
|
struct BUILD_CONTEXT *pset )
|
|
{
|
|
BIGSID defsid;
|
|
ACCESS_ALLOWED_ACE *pdace;
|
|
const SID *sid;
|
|
int sidsz;
|
|
int pos;
|
|
int acecnt;
|
|
le32 grants;
|
|
le32 denials;
|
|
u16 perms;
|
|
u16 mixperms;
|
|
u16 tag;
|
|
BOOL rejected;
|
|
BOOL rootuser;
|
|
BOOL avoidmask;
|
|
|
|
rejected = FALSE;
|
|
tag = pxace->tag;
|
|
perms = pxace->perms;
|
|
rootuser = FALSE;
|
|
pos = le16_to_cpu( pacl->size );
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
avoidmask = ( pset->mask == ( POSIX_PERM_R | POSIX_PERM_W | POSIX_PERM_X ) )
|
|
&& ( ( pset->designates && pset->withmask )
|
|
|| ( !pset->designates && !pset->withmask ) );
|
|
if ( tag == POSIX_ACL_USER_OBJ )
|
|
{
|
|
sid = usid;
|
|
sidsz = ntfs_sid_size( sid );
|
|
grants = OWNER_RIGHTS;
|
|
}
|
|
else
|
|
{
|
|
if ( pxace->id )
|
|
{
|
|
sid = NTFS_FIND_USID( mapping[MAPUSERS],
|
|
pxace->id, ( SID* ) & defsid );
|
|
grants = WORLD_RIGHTS;
|
|
}
|
|
else
|
|
{
|
|
sid = adminsid;
|
|
rootuser = TRUE;
|
|
grants = WORLD_RIGHTS & ~ROOT_OWNER_UNMARK;
|
|
}
|
|
if ( sid )
|
|
{
|
|
sidsz = ntfs_sid_size( sid );
|
|
/*
|
|
* Insert denial of complement of mask for
|
|
* each designated user (except root)
|
|
* WRITE_OWNER is inserted so that
|
|
* the mask can be identified
|
|
*/
|
|
if ( !avoidmask && !rootuser )
|
|
{
|
|
denials = WRITE_OWNER;
|
|
pdace = ( ACCESS_DENIED_ACE* ) & ( ( char* )pacl )[pos];
|
|
if ( pset->isdir )
|
|
{
|
|
if ( !( pset->mask & POSIX_PERM_X ) )
|
|
denials |= DIR_EXEC;
|
|
if ( !( pset->mask & POSIX_PERM_W ) )
|
|
denials |= DIR_WRITE;
|
|
if ( !( pset->mask & POSIX_PERM_R ) )
|
|
denials |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
if ( !( pset->mask & POSIX_PERM_X ) )
|
|
denials |= FILE_EXEC;
|
|
if ( !( pset->mask & POSIX_PERM_W ) )
|
|
denials |= FILE_WRITE;
|
|
if ( !( pset->mask & POSIX_PERM_R ) )
|
|
denials |= FILE_READ;
|
|
}
|
|
if ( rootuser )
|
|
grants &= ~ROOT_OWNER_UNMARK;
|
|
pdace->type = ACCESS_DENIED_ACE_TYPE;
|
|
pdace->flags = flags;
|
|
pdace->size = cpu_to_le16( sidsz + 8 );
|
|
pdace->mask = denials;
|
|
memcpy( ( char* )&pdace->sid, sid, sidsz );
|
|
pos += sidsz + 8;
|
|
acecnt++;
|
|
}
|
|
}
|
|
else
|
|
rejected = TRUE;
|
|
}
|
|
if ( !rejected )
|
|
{
|
|
if ( pset->isdir )
|
|
{
|
|
if ( perms & POSIX_PERM_X )
|
|
grants |= DIR_EXEC;
|
|
if ( perms & POSIX_PERM_W )
|
|
grants |= DIR_WRITE;
|
|
if ( perms & POSIX_PERM_R )
|
|
grants |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
if ( perms & POSIX_PERM_X )
|
|
grants |= FILE_EXEC;
|
|
if ( perms & POSIX_PERM_W )
|
|
grants |= FILE_WRITE;
|
|
if ( perms & POSIX_PERM_R )
|
|
grants |= FILE_READ;
|
|
}
|
|
|
|
/* a possible ACE to deny owner what he/she would */
|
|
/* induely get from administrator, group or world */
|
|
/* unless owner is administrator or group */
|
|
|
|
denials = const_cpu_to_le32( 0 );
|
|
pdace = ( ACCESS_DENIED_ACE* ) & ( ( char* )pacl )[pos];
|
|
if ( !pset->adminowns && !rootuser )
|
|
{
|
|
if ( !pset->groupowns )
|
|
{
|
|
mixperms = pset->grpperms | pset->othperms;
|
|
if ( tag == POSIX_ACL_USER_OBJ )
|
|
mixperms |= pset->selfuserperms;
|
|
if ( pset->isdir )
|
|
{
|
|
if ( mixperms & POSIX_PERM_X )
|
|
denials |= DIR_EXEC;
|
|
if ( mixperms & POSIX_PERM_W )
|
|
denials |= DIR_WRITE;
|
|
if ( mixperms & POSIX_PERM_R )
|
|
denials |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
if ( mixperms & POSIX_PERM_X )
|
|
denials |= FILE_EXEC;
|
|
if ( mixperms & POSIX_PERM_W )
|
|
denials |= FILE_WRITE;
|
|
if ( mixperms & POSIX_PERM_R )
|
|
denials |= FILE_READ;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
mixperms = ~pset->grpperms & pset->othperms;
|
|
if ( tag == POSIX_ACL_USER_OBJ )
|
|
mixperms |= pset->selfuserperms;
|
|
if ( pset->isdir )
|
|
{
|
|
if ( mixperms & POSIX_PERM_X )
|
|
denials |= DIR_EXEC;
|
|
if ( mixperms & POSIX_PERM_W )
|
|
denials |= DIR_WRITE;
|
|
if ( mixperms & POSIX_PERM_R )
|
|
denials |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
if ( mixperms & POSIX_PERM_X )
|
|
denials |= FILE_EXEC;
|
|
if ( mixperms & POSIX_PERM_W )
|
|
denials |= FILE_WRITE;
|
|
if ( mixperms & POSIX_PERM_R )
|
|
denials |= FILE_READ;
|
|
}
|
|
}
|
|
denials &= ~grants;
|
|
if ( denials )
|
|
{
|
|
pdace->type = ACCESS_DENIED_ACE_TYPE;
|
|
pdace->flags = flags;
|
|
pdace->size = cpu_to_le16( sidsz + 8 );
|
|
pdace->mask = denials;
|
|
memcpy( ( char* )&pdace->sid, sid, sidsz );
|
|
pos += sidsz + 8;
|
|
acecnt++;
|
|
}
|
|
}
|
|
}
|
|
pacl->size = cpu_to_le16( pos );
|
|
pacl->ace_count = cpu_to_le16( acecnt );
|
|
return ( !rejected );
|
|
}
|
|
|
|
static BOOL build_user_grants( ACL *pacl,
|
|
const SID *usid, struct MAPPING* const mapping[],
|
|
ACE_FLAGS flags, const struct POSIX_ACE *pxace,
|
|
struct BUILD_CONTEXT *pset )
|
|
{
|
|
BIGSID defsid;
|
|
ACCESS_ALLOWED_ACE *pgace;
|
|
const SID *sid;
|
|
int sidsz;
|
|
int pos;
|
|
int acecnt;
|
|
le32 grants;
|
|
u16 perms;
|
|
u16 tag;
|
|
BOOL rejected;
|
|
BOOL rootuser;
|
|
|
|
rejected = FALSE;
|
|
tag = pxace->tag;
|
|
perms = pxace->perms;
|
|
rootuser = FALSE;
|
|
pos = le16_to_cpu( pacl->size );
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
if ( tag == POSIX_ACL_USER_OBJ )
|
|
{
|
|
sid = usid;
|
|
sidsz = ntfs_sid_size( sid );
|
|
grants = OWNER_RIGHTS;
|
|
}
|
|
else
|
|
{
|
|
if ( pxace->id )
|
|
{
|
|
sid = NTFS_FIND_USID( mapping[MAPUSERS],
|
|
pxace->id, ( SID* ) & defsid );
|
|
if ( sid )
|
|
sidsz = ntfs_sid_size( sid );
|
|
else
|
|
rejected = TRUE;
|
|
grants = WORLD_RIGHTS;
|
|
}
|
|
else
|
|
{
|
|
sid = adminsid;
|
|
sidsz = ntfs_sid_size( sid );
|
|
rootuser = TRUE;
|
|
grants = WORLD_RIGHTS & ~ROOT_OWNER_UNMARK;
|
|
}
|
|
}
|
|
if ( !rejected )
|
|
{
|
|
if ( pset->isdir )
|
|
{
|
|
if ( perms & POSIX_PERM_X )
|
|
grants |= DIR_EXEC;
|
|
if ( perms & POSIX_PERM_W )
|
|
grants |= DIR_WRITE;
|
|
if ( perms & POSIX_PERM_R )
|
|
grants |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
if ( perms & POSIX_PERM_X )
|
|
grants |= FILE_EXEC;
|
|
if ( perms & POSIX_PERM_W )
|
|
grants |= FILE_WRITE;
|
|
if ( perms & POSIX_PERM_R )
|
|
grants |= FILE_READ;
|
|
}
|
|
if ( rootuser )
|
|
grants &= ~ROOT_OWNER_UNMARK;
|
|
pgace = ( ACCESS_DENIED_ACE* ) & ( ( char* )pacl )[pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
pgace->size = cpu_to_le16( sidsz + 8 );
|
|
pgace->flags = flags;
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, sid, sidsz );
|
|
pos += sidsz + 8;
|
|
acecnt = le16_to_cpu( pacl->ace_count ) + 1;
|
|
pacl->ace_count = cpu_to_le16( acecnt );
|
|
pacl->size = cpu_to_le16( pos );
|
|
}
|
|
return ( !rejected );
|
|
}
|
|
|
|
|
|
/* a grant ACE for group */
|
|
/* unless group-obj has the same rights as world */
|
|
/* but present if group is owner or owner is administrator */
|
|
/* this ACE will be inserted after denials for group */
|
|
|
|
static BOOL build_group_denials_grant( ACL *pacl,
|
|
const SID *gsid, struct MAPPING* const mapping[],
|
|
ACE_FLAGS flags, const struct POSIX_ACE *pxace,
|
|
struct BUILD_CONTEXT *pset )
|
|
{
|
|
BIGSID defsid;
|
|
ACCESS_ALLOWED_ACE *pdace;
|
|
ACCESS_ALLOWED_ACE *pgace;
|
|
const SID *sid;
|
|
int sidsz;
|
|
int pos;
|
|
int acecnt;
|
|
le32 grants;
|
|
le32 denials;
|
|
u16 perms;
|
|
u16 mixperms;
|
|
u16 tag;
|
|
BOOL avoidmask;
|
|
BOOL rootgroup;
|
|
BOOL rejected;
|
|
|
|
rejected = FALSE;
|
|
tag = pxace->tag;
|
|
perms = pxace->perms;
|
|
pos = le16_to_cpu( pacl->size );
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
rootgroup = FALSE;
|
|
avoidmask = ( pset->mask == ( POSIX_PERM_R | POSIX_PERM_W | POSIX_PERM_X ) )
|
|
&& ( ( pset->designates && pset->withmask )
|
|
|| ( !pset->designates && !pset->withmask ) );
|
|
if ( tag == POSIX_ACL_GROUP_OBJ )
|
|
sid = gsid;
|
|
else if ( pxace->id )
|
|
sid = NTFS_FIND_GSID( mapping[MAPGROUPS],
|
|
pxace->id, ( SID* ) & defsid );
|
|
else
|
|
{
|
|
sid = adminsid;
|
|
rootgroup = TRUE;
|
|
}
|
|
if ( sid )
|
|
{
|
|
sidsz = ntfs_sid_size( sid );
|
|
/*
|
|
* Insert denial of complement of mask for
|
|
* each group
|
|
* WRITE_OWNER is inserted so that
|
|
* the mask can be identified
|
|
* Note : this mask may lead on Windows to
|
|
* deny rights to administrators belonging
|
|
* to some user group
|
|
*/
|
|
if ( ( !avoidmask && !rootgroup )
|
|
|| ( pset->rootspecial
|
|
&& ( tag == POSIX_ACL_GROUP_OBJ ) ) )
|
|
{
|
|
denials = WRITE_OWNER;
|
|
pdace = ( ACCESS_DENIED_ACE* ) & ( ( char* )pacl )[pos];
|
|
if ( pset->isdir )
|
|
{
|
|
if ( !( pset->mask & POSIX_PERM_X ) )
|
|
denials |= DIR_EXEC;
|
|
if ( !( pset->mask & POSIX_PERM_W ) )
|
|
denials |= DIR_WRITE;
|
|
if ( !( pset->mask & POSIX_PERM_R ) )
|
|
denials |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
if ( !( pset->mask & POSIX_PERM_X ) )
|
|
denials |= FILE_EXEC;
|
|
if ( !( pset->mask & POSIX_PERM_W ) )
|
|
denials |= FILE_WRITE;
|
|
if ( !( pset->mask & POSIX_PERM_R ) )
|
|
denials |= FILE_READ;
|
|
}
|
|
pdace->type = ACCESS_DENIED_ACE_TYPE;
|
|
pdace->flags = flags;
|
|
pdace->size = cpu_to_le16( sidsz + 8 );
|
|
pdace->mask = denials;
|
|
memcpy( ( char* )&pdace->sid, sid, sidsz );
|
|
pos += sidsz + 8;
|
|
acecnt++;
|
|
}
|
|
}
|
|
else
|
|
rejected = TRUE;
|
|
if ( !rejected
|
|
&& ( pset->adminowns
|
|
|| pset->groupowns
|
|
|| avoidmask
|
|
|| rootgroup
|
|
|| ( perms != pset->othperms ) ) )
|
|
{
|
|
grants = WORLD_RIGHTS;
|
|
if ( rootgroup )
|
|
grants &= ~ROOT_GROUP_UNMARK;
|
|
if ( pset->isdir )
|
|
{
|
|
if ( perms & POSIX_PERM_X )
|
|
grants |= DIR_EXEC;
|
|
if ( perms & POSIX_PERM_W )
|
|
grants |= DIR_WRITE;
|
|
if ( perms & POSIX_PERM_R )
|
|
grants |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
if ( perms & POSIX_PERM_X )
|
|
grants |= FILE_EXEC;
|
|
if ( perms & POSIX_PERM_W )
|
|
grants |= FILE_WRITE;
|
|
if ( perms & POSIX_PERM_R )
|
|
grants |= FILE_READ;
|
|
}
|
|
|
|
/* a possible ACE to deny group what it would get from world */
|
|
/* or administrator, unless owner is administrator or group */
|
|
|
|
denials = const_cpu_to_le32( 0 );
|
|
pdace = ( ACCESS_DENIED_ACE* ) & ( ( char* )pacl )[pos];
|
|
if ( !pset->adminowns
|
|
&& !pset->groupowns
|
|
&& !rootgroup )
|
|
{
|
|
mixperms = pset->othperms;
|
|
if ( tag == POSIX_ACL_GROUP_OBJ )
|
|
mixperms |= pset->selfgrpperms;
|
|
if ( pset->isdir )
|
|
{
|
|
if ( mixperms & POSIX_PERM_X )
|
|
denials |= DIR_EXEC;
|
|
if ( mixperms & POSIX_PERM_W )
|
|
denials |= DIR_WRITE;
|
|
if ( mixperms & POSIX_PERM_R )
|
|
denials |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
if ( mixperms & POSIX_PERM_X )
|
|
denials |= FILE_EXEC;
|
|
if ( mixperms & POSIX_PERM_W )
|
|
denials |= FILE_WRITE;
|
|
if ( mixperms & POSIX_PERM_R )
|
|
denials |= FILE_READ;
|
|
}
|
|
denials &= ~( grants | OWNER_RIGHTS );
|
|
if ( denials )
|
|
{
|
|
pdace->type = ACCESS_DENIED_ACE_TYPE;
|
|
pdace->flags = flags;
|
|
pdace->size = cpu_to_le16( sidsz + 8 );
|
|
pdace->mask = denials;
|
|
memcpy( ( char* )&pdace->sid, sid, sidsz );
|
|
pos += sidsz + 8;
|
|
acecnt++;
|
|
}
|
|
}
|
|
|
|
/* now insert grants to group if more than world */
|
|
if ( pset->adminowns
|
|
|| pset->groupowns
|
|
|| ( avoidmask && ( pset->designates || pset->withmask ) )
|
|
|| ( perms & ~pset->othperms )
|
|
|| ( pset->rootspecial
|
|
&& ( tag == POSIX_ACL_GROUP_OBJ ) )
|
|
|| ( tag == POSIX_ACL_GROUP ) )
|
|
{
|
|
if ( rootgroup )
|
|
grants &= ~ROOT_GROUP_UNMARK;
|
|
pgace = ( ACCESS_DENIED_ACE* ) & ( ( char* )pacl )[pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
pgace->flags = flags;
|
|
pgace->size = cpu_to_le16( sidsz + 8 );
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, sid, sidsz );
|
|
pos += sidsz + 8;
|
|
acecnt++;
|
|
}
|
|
}
|
|
pacl->size = cpu_to_le16( pos );
|
|
pacl->ace_count = cpu_to_le16( acecnt );
|
|
return ( !rejected );
|
|
}
|
|
|
|
|
|
/*
|
|
* Build an ACL composed of several ACE's
|
|
* returns size of ACL or zero if failed
|
|
*
|
|
* Three schemes are defined :
|
|
*
|
|
* 1) if root is neither owner nor group up to 7 ACE's are set up :
|
|
* - denials to owner (preventing grants to world or group to apply)
|
|
* + mask denials to designated user (unless mask allows all)
|
|
* + denials to designated user
|
|
* - grants to owner (always present - first grant)
|
|
* + grants to designated user
|
|
* + mask denial to group (unless mask allows all)
|
|
* - denials to group (preventing grants to world to apply)
|
|
* - grants to group (unless group has no more than world rights)
|
|
* + mask denials to designated group (unless mask allows all)
|
|
* + grants to designated group
|
|
* + denials to designated group
|
|
* - grants to world (unless none)
|
|
* - full privileges to administrator, always present
|
|
* - full privileges to system, always present
|
|
*
|
|
* The same scheme is applied for Posix ACLs, with the mask represented
|
|
* as denials prepended to grants for designated users and groups
|
|
*
|
|
* This is inspired by an Internet Draft from Marius Aamodt Eriksen
|
|
* for mapping NFSv4 ACLs to Posix ACLs (draft-ietf-nfsv4-acl-mapping-00.txt)
|
|
* More recent versions of the draft (draft-ietf-nfsv4-acl-mapping-05.txt)
|
|
* are not followed, as they ignore the Posix mask and lead to
|
|
* loss of compatibility with Linux implementations on other fs.
|
|
*
|
|
* Note that denials to group are located after grants to owner.
|
|
* This only occurs in the unfrequent situation where world
|
|
* has more rights than group and cannot be avoided if owner and other
|
|
* have some common right which is denied to group (eg for mode 745
|
|
* executing has to be denied to group, but not to owner or world).
|
|
* This rare situation is processed by Windows correctly, but
|
|
* Windows utilities may want to change the order, with a
|
|
* consequence of applying the group denials to the Windows owner.
|
|
* The interpretation on Linux is not affected by the order change.
|
|
*
|
|
* 2) if root is either owner or group, two problems arise :
|
|
* - granting full rights to administrator (as needed to transpose
|
|
* to Windows rights bypassing granting to root) would imply
|
|
* Linux permissions to always be seen as rwx, no matter the chmod
|
|
* - there is no different SID to separate an administrator owner
|
|
* from an administrator group. Hence Linux permissions for owner
|
|
* would always be similar to permissions to group.
|
|
*
|
|
* as a work-around, up to 5 ACE's are set up if owner or group :
|
|
* - grants to owner, always present at first position
|
|
* - grants to group, always present
|
|
* - grants to world, unless none
|
|
* - full privileges to administrator, always present
|
|
* - full privileges to system, always present
|
|
*
|
|
* On Windows, these ACE's are processed normally, though they
|
|
* are redundant (owner, group and administrator are the same,
|
|
* as a consequence any denials would damage administrator rights)
|
|
* but on Linux, privileges to administrator are ignored (they
|
|
* are not needed as root has always full privileges), and
|
|
* neither grants to group are applied to owner, nor grants to
|
|
* world are applied to owner or group.
|
|
*
|
|
* 3) finally a similar situation arises when group is owner (they
|
|
* have the same SID), but is not root.
|
|
* In this situation up to 6 ACE's are set up :
|
|
*
|
|
* - denials to owner (preventing grants to world to apply)
|
|
* - grants to owner (always present)
|
|
* - grants to group (unless groups has same rights as world)
|
|
* - grants to world (unless none)
|
|
* - full privileges to administrator, always present
|
|
* - full privileges to system, always present
|
|
*
|
|
* On Windows, these ACE's are processed normally, though they
|
|
* are redundant (as owner and group are the same), but this has
|
|
* no impact on administrator rights
|
|
*
|
|
* Special flags (S_ISVTX, S_ISGID, S_ISUID) :
|
|
* an extra null ACE is inserted to hold these flags, using
|
|
* the same conventions as cygwin.
|
|
*
|
|
*/
|
|
|
|
static int buildacls_posix( struct MAPPING* const mapping[],
|
|
char *secattr, int offs, const struct POSIX_SECURITY *pxdesc,
|
|
int isdir, const SID *usid, const SID *gsid )
|
|
{
|
|
struct BUILD_CONTEXT aceset[2], *pset;
|
|
BOOL adminowns;
|
|
BOOL groupowns;
|
|
ACL *pacl;
|
|
ACCESS_ALLOWED_ACE *pgace;
|
|
ACCESS_ALLOWED_ACE *pdace;
|
|
const struct POSIX_ACE *pxace;
|
|
BOOL ok;
|
|
mode_t mode;
|
|
u16 tag;
|
|
u16 perms;
|
|
ACE_FLAGS flags;
|
|
int pos;
|
|
int i;
|
|
int k;
|
|
BIGSID defsid;
|
|
const SID *sid;
|
|
int acecnt;
|
|
int usidsz;
|
|
int gsidsz;
|
|
int wsidsz;
|
|
int asidsz;
|
|
int ssidsz;
|
|
int nsidsz;
|
|
le32 grants;
|
|
|
|
usidsz = ntfs_sid_size( usid );
|
|
gsidsz = ntfs_sid_size( gsid );
|
|
wsidsz = ntfs_sid_size( worldsid );
|
|
asidsz = ntfs_sid_size( adminsid );
|
|
ssidsz = ntfs_sid_size( systemsid );
|
|
mode = pxdesc->mode;
|
|
/* adminowns and groupowns are used for both lists */
|
|
adminowns = ntfs_same_sid( usid, adminsid )
|
|
|| ntfs_same_sid( gsid, adminsid );
|
|
groupowns = !adminowns && ntfs_same_sid( usid, gsid );
|
|
|
|
ok = TRUE;
|
|
|
|
/* ACL header */
|
|
pacl = ( ACL* ) & secattr[offs];
|
|
pacl->revision = ACL_REVISION;
|
|
pacl->alignment1 = 0;
|
|
pacl->size = cpu_to_le16( sizeof( ACL ) + usidsz + 8 );
|
|
pacl->ace_count = const_cpu_to_le16( 0 );
|
|
pacl->alignment2 = const_cpu_to_le16( 0 );
|
|
|
|
/*
|
|
* Determine what is allowed to some group or world
|
|
* to prevent designated users or other groups to get
|
|
* rights from groups or world
|
|
* Do the same if owner and group appear as designated
|
|
* user or group
|
|
* Also get global mask
|
|
*/
|
|
for ( k = 0; k < 2; k++ )
|
|
{
|
|
pset = &aceset[k];
|
|
pset->selfuserperms = 0;
|
|
pset->selfgrpperms = 0;
|
|
pset->grpperms = 0;
|
|
pset->othperms = 0;
|
|
pset->mask = ( POSIX_PERM_R | POSIX_PERM_W | POSIX_PERM_X );
|
|
pset->designates = 0;
|
|
pset->withmask = 0;
|
|
pset->rootspecial = 0;
|
|
pset->adminowns = adminowns;
|
|
pset->groupowns = groupowns;
|
|
pset->isdir = isdir;
|
|
}
|
|
|
|
for ( i = pxdesc->acccnt + pxdesc->defcnt - 1; i >= 0; i-- )
|
|
{
|
|
if ( i >= pxdesc->acccnt )
|
|
{
|
|
pset = &aceset[1];
|
|
pxace = &pxdesc->acl.ace[i + pxdesc->firstdef - pxdesc->acccnt];
|
|
}
|
|
else
|
|
{
|
|
pset = &aceset[0];
|
|
pxace = &pxdesc->acl.ace[i];
|
|
}
|
|
switch ( pxace->tag )
|
|
{
|
|
case POSIX_ACL_USER :
|
|
pset->designates++;
|
|
if ( pxace->id )
|
|
{
|
|
sid = NTFS_FIND_USID( mapping[MAPUSERS],
|
|
pxace->id, ( SID* ) & defsid );
|
|
if ( sid && ntfs_same_sid( sid, usid ) )
|
|
pset->selfuserperms |= pxace->perms;
|
|
}
|
|
else
|
|
/* root as designated user is processed apart */
|
|
pset->rootspecial = TRUE;
|
|
break;
|
|
case POSIX_ACL_GROUP :
|
|
pset->designates++;
|
|
if ( pxace->id )
|
|
{
|
|
sid = NTFS_FIND_GSID( mapping[MAPUSERS],
|
|
pxace->id, ( SID* ) & defsid );
|
|
if ( sid && ntfs_same_sid( sid, gsid ) )
|
|
pset->selfgrpperms |= pxace->perms;
|
|
}
|
|
else
|
|
/* root as designated group is processed apart */
|
|
pset->rootspecial = TRUE;
|
|
/* fall through */
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
pset->grpperms |= pxace->perms;
|
|
break;
|
|
case POSIX_ACL_OTHER :
|
|
pset->othperms = pxace->perms;
|
|
break;
|
|
case POSIX_ACL_MASK :
|
|
pset->withmask++;
|
|
pset->mask = pxace->perms;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ( pxdesc->defcnt && ( pxdesc->firstdef != pxdesc->acccnt ) )
|
|
{
|
|
ntfs_log_error( "** error : access and default not consecutive\n" );
|
|
return ( 0 );
|
|
}
|
|
/*
|
|
* First insert all denials for owner and each
|
|
* designated user (with mask if needed)
|
|
*/
|
|
|
|
pacl->ace_count = const_cpu_to_le16( 0 );
|
|
pacl->size = const_cpu_to_le16( sizeof( ACL ) );
|
|
for ( i = 0; ( i < ( pxdesc->acccnt + pxdesc->defcnt ) ) && ok; i++ )
|
|
{
|
|
if ( i >= pxdesc->acccnt )
|
|
{
|
|
flags = INHERIT_ONLY_ACE
|
|
| OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
|
|
pset = &aceset[1];
|
|
pxace = &pxdesc->acl.ace[i + pxdesc->firstdef - pxdesc->acccnt];
|
|
}
|
|
else
|
|
{
|
|
if ( pxdesc->defcnt )
|
|
flags = NO_PROPAGATE_INHERIT_ACE;
|
|
else
|
|
flags = ( isdir ? DIR_INHERITANCE
|
|
: FILE_INHERITANCE );
|
|
pset = &aceset[0];
|
|
pxace = &pxdesc->acl.ace[i];
|
|
}
|
|
tag = pxace->tag;
|
|
perms = pxace->perms;
|
|
switch ( tag )
|
|
{
|
|
|
|
/* insert denial ACEs for each owner or allowed user */
|
|
|
|
case POSIX_ACL_USER :
|
|
case POSIX_ACL_USER_OBJ :
|
|
|
|
ok = build_user_denials( pacl,
|
|
usid, mapping, flags, pxace, pset );
|
|
break;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* for directories, insert a world execution denial
|
|
* inherited to plain files.
|
|
* This is to prevent Windows from granting execution
|
|
* of files through inheritance from parent directory
|
|
*/
|
|
|
|
if ( isdir && ok )
|
|
{
|
|
pos = le16_to_cpu( pacl->size );
|
|
pdace = ( ACCESS_DENIED_ACE* ) & secattr[offs + pos];
|
|
pdace->type = ACCESS_DENIED_ACE_TYPE;
|
|
pdace->flags = INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE;
|
|
pdace->size = cpu_to_le16( wsidsz + 8 );
|
|
pdace->mask = FILE_EXEC;
|
|
memcpy( ( char* )&pdace->sid, worldsid, wsidsz );
|
|
pos += wsidsz + 8;
|
|
acecnt = le16_to_cpu( pacl->ace_count ) + 1;
|
|
pacl->ace_count = cpu_to_le16( acecnt );
|
|
pacl->size = cpu_to_le16( pos );
|
|
}
|
|
|
|
/*
|
|
* now insert (if needed)
|
|
* - grants to owner and designated users
|
|
* - mask and denials for all groups
|
|
* - grants to other
|
|
*/
|
|
|
|
for ( i = 0; ( i < ( pxdesc->acccnt + pxdesc->defcnt ) ) && ok; i++ )
|
|
{
|
|
if ( i >= pxdesc->acccnt )
|
|
{
|
|
flags = INHERIT_ONLY_ACE
|
|
| OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
|
|
pset = &aceset[1];
|
|
pxace = &pxdesc->acl.ace[i + pxdesc->firstdef - pxdesc->acccnt];
|
|
}
|
|
else
|
|
{
|
|
if ( pxdesc->defcnt )
|
|
flags = NO_PROPAGATE_INHERIT_ACE;
|
|
else
|
|
flags = ( isdir ? DIR_INHERITANCE
|
|
: FILE_INHERITANCE );
|
|
pset = &aceset[0];
|
|
pxace = &pxdesc->acl.ace[i];
|
|
}
|
|
tag = pxace->tag;
|
|
perms = pxace->perms;
|
|
switch ( tag )
|
|
{
|
|
|
|
/* ACE for each owner or allowed user */
|
|
|
|
case POSIX_ACL_USER :
|
|
case POSIX_ACL_USER_OBJ :
|
|
ok = build_user_grants( pacl, usid,
|
|
mapping, flags, pxace, pset );
|
|
break;
|
|
|
|
case POSIX_ACL_GROUP :
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
|
|
/* denials and grants for groups */
|
|
|
|
ok = build_group_denials_grant( pacl, gsid,
|
|
mapping, flags, pxace, pset );
|
|
break;
|
|
|
|
case POSIX_ACL_OTHER :
|
|
|
|
/* grants for other users */
|
|
|
|
pos = le16_to_cpu( pacl->size );
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
grants = WORLD_RIGHTS;
|
|
if ( isdir )
|
|
{
|
|
if ( perms & POSIX_PERM_X )
|
|
grants |= DIR_EXEC;
|
|
if ( perms & POSIX_PERM_W )
|
|
grants |= DIR_WRITE;
|
|
if ( perms & POSIX_PERM_R )
|
|
grants |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
if ( perms & POSIX_PERM_X )
|
|
grants |= FILE_EXEC;
|
|
if ( perms & POSIX_PERM_W )
|
|
grants |= FILE_WRITE;
|
|
if ( perms & POSIX_PERM_R )
|
|
grants |= FILE_READ;
|
|
}
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
pgace->flags = flags;
|
|
pgace->size = cpu_to_le16( wsidsz + 8 );
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, worldsid, wsidsz );
|
|
pos += wsidsz + 8;
|
|
acecnt = le16_to_cpu( pacl->ace_count ) + 1;
|
|
pacl->ace_count = cpu_to_le16( acecnt );
|
|
pacl->size = cpu_to_le16( pos );
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ( !ok )
|
|
{
|
|
errno = EINVAL;
|
|
pos = 0;
|
|
}
|
|
else
|
|
{
|
|
/* an ACE for administrators */
|
|
/* always full access */
|
|
|
|
pos = le16_to_cpu( pacl->size );
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
if ( isdir )
|
|
flags = OBJECT_INHERIT_ACE
|
|
| CONTAINER_INHERIT_ACE;
|
|
else
|
|
flags = NO_PROPAGATE_INHERIT_ACE;
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
pgace->flags = flags;
|
|
pgace->size = cpu_to_le16( asidsz + 8 );
|
|
grants = OWNER_RIGHTS | FILE_READ | FILE_WRITE | FILE_EXEC;
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, adminsid, asidsz );
|
|
pos += asidsz + 8;
|
|
acecnt++;
|
|
|
|
/* an ACE for system (needed ?) */
|
|
/* always full access */
|
|
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
pgace->flags = flags;
|
|
pgace->size = cpu_to_le16( ssidsz + 8 );
|
|
grants = OWNER_RIGHTS | FILE_READ | FILE_WRITE | FILE_EXEC;
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, systemsid, ssidsz );
|
|
pos += ssidsz + 8;
|
|
acecnt++;
|
|
|
|
/* a null ACE to hold special flags */
|
|
/* using the same representation as cygwin */
|
|
|
|
if ( mode & ( S_ISVTX | S_ISGID | S_ISUID ) )
|
|
{
|
|
nsidsz = ntfs_sid_size( nullsid );
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
pgace->flags = NO_PROPAGATE_INHERIT_ACE;
|
|
pgace->size = cpu_to_le16( nsidsz + 8 );
|
|
grants = const_cpu_to_le32( 0 );
|
|
if ( mode & S_ISUID )
|
|
grants |= FILE_APPEND_DATA;
|
|
if ( mode & S_ISGID )
|
|
grants |= FILE_WRITE_DATA;
|
|
if ( mode & S_ISVTX )
|
|
grants |= FILE_READ_DATA;
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, nullsid, nsidsz );
|
|
pos += nsidsz + 8;
|
|
acecnt++;
|
|
}
|
|
|
|
/* fix ACL header */
|
|
pacl->size = cpu_to_le16( pos );
|
|
pacl->ace_count = cpu_to_le16( acecnt );
|
|
}
|
|
return ( ok ? pos : 0 );
|
|
}
|
|
|
|
#endif /* POSIXACLS */
|
|
|
|
static int buildacls( char *secattr, int offs, mode_t mode, int isdir,
|
|
const SID * usid, const SID * gsid )
|
|
{
|
|
ACL *pacl;
|
|
ACCESS_ALLOWED_ACE *pgace;
|
|
ACCESS_ALLOWED_ACE *pdace;
|
|
BOOL adminowns;
|
|
BOOL groupowns;
|
|
ACE_FLAGS gflags;
|
|
int pos;
|
|
int acecnt;
|
|
int usidsz;
|
|
int gsidsz;
|
|
int wsidsz;
|
|
int asidsz;
|
|
int ssidsz;
|
|
int nsidsz;
|
|
le32 grants;
|
|
le32 denials;
|
|
|
|
usidsz = ntfs_sid_size( usid );
|
|
gsidsz = ntfs_sid_size( gsid );
|
|
wsidsz = ntfs_sid_size( worldsid );
|
|
asidsz = ntfs_sid_size( adminsid );
|
|
ssidsz = ntfs_sid_size( systemsid );
|
|
adminowns = ntfs_same_sid( usid, adminsid )
|
|
|| ntfs_same_sid( gsid, adminsid );
|
|
groupowns = !adminowns && ntfs_same_sid( usid, gsid );
|
|
|
|
/* ACL header */
|
|
pacl = ( ACL* ) & secattr[offs];
|
|
pacl->revision = ACL_REVISION;
|
|
pacl->alignment1 = 0;
|
|
pacl->size = cpu_to_le16( sizeof( ACL ) + usidsz + 8 );
|
|
pacl->ace_count = const_cpu_to_le16( 1 );
|
|
pacl->alignment2 = const_cpu_to_le16( 0 );
|
|
pos = sizeof( ACL );
|
|
acecnt = 0;
|
|
|
|
/* compute a grant ACE for owner */
|
|
/* this ACE will be inserted after denial for owner */
|
|
|
|
grants = OWNER_RIGHTS;
|
|
if ( isdir )
|
|
{
|
|
gflags = DIR_INHERITANCE;
|
|
if ( mode & S_IXUSR )
|
|
grants |= DIR_EXEC;
|
|
if ( mode & S_IWUSR )
|
|
grants |= DIR_WRITE;
|
|
if ( mode & S_IRUSR )
|
|
grants |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
gflags = FILE_INHERITANCE;
|
|
if ( mode & S_IXUSR )
|
|
grants |= FILE_EXEC;
|
|
if ( mode & S_IWUSR )
|
|
grants |= FILE_WRITE;
|
|
if ( mode & S_IRUSR )
|
|
grants |= FILE_READ;
|
|
}
|
|
|
|
/* a possible ACE to deny owner what he/she would */
|
|
/* induely get from administrator, group or world */
|
|
/* unless owner is administrator or group */
|
|
|
|
denials = const_cpu_to_le32( 0 );
|
|
pdace = ( ACCESS_DENIED_ACE* ) & secattr[offs + pos];
|
|
if ( !adminowns )
|
|
{
|
|
if ( !groupowns )
|
|
{
|
|
if ( isdir )
|
|
{
|
|
pdace->flags = DIR_INHERITANCE;
|
|
if ( mode & ( S_IXGRP | S_IXOTH ) )
|
|
denials |= DIR_EXEC;
|
|
if ( mode & ( S_IWGRP | S_IWOTH ) )
|
|
denials |= DIR_WRITE;
|
|
if ( mode & ( S_IRGRP | S_IROTH ) )
|
|
denials |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
pdace->flags = FILE_INHERITANCE;
|
|
if ( mode & ( S_IXGRP | S_IXOTH ) )
|
|
denials |= FILE_EXEC;
|
|
if ( mode & ( S_IWGRP | S_IWOTH ) )
|
|
denials |= FILE_WRITE;
|
|
if ( mode & ( S_IRGRP | S_IROTH ) )
|
|
denials |= FILE_READ;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if ( isdir )
|
|
{
|
|
pdace->flags = DIR_INHERITANCE;
|
|
if ( ( mode & S_IXOTH ) && !( mode & S_IXGRP ) )
|
|
denials |= DIR_EXEC;
|
|
if ( ( mode & S_IWOTH ) && !( mode & S_IWGRP ) )
|
|
denials |= DIR_WRITE;
|
|
if ( ( mode & S_IROTH ) && !( mode & S_IRGRP ) )
|
|
denials |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
pdace->flags = FILE_INHERITANCE;
|
|
if ( ( mode & S_IXOTH ) && !( mode & S_IXGRP ) )
|
|
denials |= FILE_EXEC;
|
|
if ( ( mode & S_IWOTH ) && !( mode & S_IWGRP ) )
|
|
denials |= FILE_WRITE;
|
|
if ( ( mode & S_IROTH ) && !( mode & S_IRGRP ) )
|
|
denials |= FILE_READ;
|
|
}
|
|
}
|
|
denials &= ~grants;
|
|
if ( denials )
|
|
{
|
|
pdace->type = ACCESS_DENIED_ACE_TYPE;
|
|
pdace->size = cpu_to_le16( usidsz + 8 );
|
|
pdace->mask = denials;
|
|
memcpy( ( char* )&pdace->sid, usid, usidsz );
|
|
pos += usidsz + 8;
|
|
acecnt++;
|
|
}
|
|
}
|
|
/*
|
|
* for directories, a world execution denial
|
|
* inherited to plain files
|
|
*/
|
|
|
|
if ( isdir )
|
|
{
|
|
pdace = ( ACCESS_DENIED_ACE* ) & secattr[offs + pos];
|
|
pdace->type = ACCESS_DENIED_ACE_TYPE;
|
|
pdace->flags = INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE;
|
|
pdace->size = cpu_to_le16( wsidsz + 8 );
|
|
pdace->mask = FILE_EXEC;
|
|
memcpy( ( char* )&pdace->sid, worldsid, wsidsz );
|
|
pos += wsidsz + 8;
|
|
acecnt++;
|
|
}
|
|
|
|
|
|
/* now insert grants to owner */
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
pgace->size = cpu_to_le16( usidsz + 8 );
|
|
pgace->flags = gflags;
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, usid, usidsz );
|
|
pos += usidsz + 8;
|
|
acecnt++;
|
|
|
|
/* a grant ACE for group */
|
|
/* unless group has the same rights as world */
|
|
/* but present if group is owner or owner is administrator */
|
|
/* this ACE will be inserted after denials for group */
|
|
|
|
if ( adminowns
|
|
|| groupowns
|
|
|| ( ( ( mode >> 3 ) ^ mode ) & 7 ) )
|
|
{
|
|
grants = WORLD_RIGHTS;
|
|
if ( isdir )
|
|
{
|
|
gflags = DIR_INHERITANCE;
|
|
if ( mode & S_IXGRP )
|
|
grants |= DIR_EXEC;
|
|
if ( mode & S_IWGRP )
|
|
grants |= DIR_WRITE;
|
|
if ( mode & S_IRGRP )
|
|
grants |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
gflags = FILE_INHERITANCE;
|
|
if ( mode & S_IXGRP )
|
|
grants |= FILE_EXEC;
|
|
if ( mode & S_IWGRP )
|
|
grants |= FILE_WRITE;
|
|
if ( mode & S_IRGRP )
|
|
grants |= FILE_READ;
|
|
}
|
|
|
|
/* a possible ACE to deny group what it would get from world */
|
|
/* or administrator, unless owner is administrator or group */
|
|
|
|
denials = const_cpu_to_le32( 0 );
|
|
pdace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
if ( !adminowns && !groupowns )
|
|
{
|
|
if ( isdir )
|
|
{
|
|
pdace->flags = DIR_INHERITANCE;
|
|
if ( mode & S_IXOTH )
|
|
denials |= DIR_EXEC;
|
|
if ( mode & S_IWOTH )
|
|
denials |= DIR_WRITE;
|
|
if ( mode & S_IROTH )
|
|
denials |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
pdace->flags = FILE_INHERITANCE;
|
|
if ( mode & S_IXOTH )
|
|
denials |= FILE_EXEC;
|
|
if ( mode & S_IWOTH )
|
|
denials |= FILE_WRITE;
|
|
if ( mode & S_IROTH )
|
|
denials |= FILE_READ;
|
|
}
|
|
denials &= ~( grants | OWNER_RIGHTS );
|
|
if ( denials )
|
|
{
|
|
pdace->type = ACCESS_DENIED_ACE_TYPE;
|
|
pdace->size = cpu_to_le16( gsidsz + 8 );
|
|
pdace->mask = denials;
|
|
memcpy( ( char* )&pdace->sid, gsid, gsidsz );
|
|
pos += gsidsz + 8;
|
|
acecnt++;
|
|
}
|
|
}
|
|
|
|
if ( adminowns
|
|
|| groupowns
|
|
|| ( ( mode >> 3 ) & ~mode & 7 ) )
|
|
{
|
|
/* now insert grants to group */
|
|
/* if more rights than other */
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
pgace->flags = gflags;
|
|
pgace->size = cpu_to_le16( gsidsz + 8 );
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, gsid, gsidsz );
|
|
pos += gsidsz + 8;
|
|
acecnt++;
|
|
}
|
|
}
|
|
|
|
/* an ACE for world users */
|
|
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
grants = WORLD_RIGHTS;
|
|
if ( isdir )
|
|
{
|
|
pgace->flags = DIR_INHERITANCE;
|
|
if ( mode & S_IXOTH )
|
|
grants |= DIR_EXEC;
|
|
if ( mode & S_IWOTH )
|
|
grants |= DIR_WRITE;
|
|
if ( mode & S_IROTH )
|
|
grants |= DIR_READ;
|
|
}
|
|
else
|
|
{
|
|
pgace->flags = FILE_INHERITANCE;
|
|
if ( mode & S_IXOTH )
|
|
grants |= FILE_EXEC;
|
|
if ( mode & S_IWOTH )
|
|
grants |= FILE_WRITE;
|
|
if ( mode & S_IROTH )
|
|
grants |= FILE_READ;
|
|
}
|
|
pgace->size = cpu_to_le16( wsidsz + 8 );
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, worldsid, wsidsz );
|
|
pos += wsidsz + 8;
|
|
acecnt++;
|
|
|
|
/* an ACE for administrators */
|
|
/* always full access */
|
|
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
if ( isdir )
|
|
pgace->flags = DIR_INHERITANCE;
|
|
else
|
|
pgace->flags = FILE_INHERITANCE;
|
|
pgace->size = cpu_to_le16( asidsz + 8 );
|
|
grants = OWNER_RIGHTS | FILE_READ | FILE_WRITE | FILE_EXEC;
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, adminsid, asidsz );
|
|
pos += asidsz + 8;
|
|
acecnt++;
|
|
|
|
/* an ACE for system (needed ?) */
|
|
/* always full access */
|
|
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
if ( isdir )
|
|
pgace->flags = DIR_INHERITANCE;
|
|
else
|
|
pgace->flags = FILE_INHERITANCE;
|
|
pgace->size = cpu_to_le16( ssidsz + 8 );
|
|
grants = OWNER_RIGHTS | FILE_READ | FILE_WRITE | FILE_EXEC;
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, systemsid, ssidsz );
|
|
pos += ssidsz + 8;
|
|
acecnt++;
|
|
|
|
/* a null ACE to hold special flags */
|
|
/* using the same representation as cygwin */
|
|
|
|
if ( mode & ( S_ISVTX | S_ISGID | S_ISUID ) )
|
|
{
|
|
nsidsz = ntfs_sid_size( nullsid );
|
|
pgace = ( ACCESS_ALLOWED_ACE* ) & secattr[offs + pos];
|
|
pgace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
pgace->flags = NO_PROPAGATE_INHERIT_ACE;
|
|
pgace->size = cpu_to_le16( nsidsz + 8 );
|
|
grants = const_cpu_to_le32( 0 );
|
|
if ( mode & S_ISUID )
|
|
grants |= FILE_APPEND_DATA;
|
|
if ( mode & S_ISGID )
|
|
grants |= FILE_WRITE_DATA;
|
|
if ( mode & S_ISVTX )
|
|
grants |= FILE_READ_DATA;
|
|
pgace->mask = grants;
|
|
memcpy( ( char* )&pgace->sid, nullsid, nsidsz );
|
|
pos += nsidsz + 8;
|
|
acecnt++;
|
|
}
|
|
|
|
/* fix ACL header */
|
|
pacl->size = cpu_to_le16( pos );
|
|
pacl->ace_count = cpu_to_le16( acecnt );
|
|
return ( pos );
|
|
}
|
|
|
|
#if POSIXACLS
|
|
|
|
/*
|
|
* Build a full security descriptor from a Posix ACL
|
|
* returns descriptor in allocated memory, must free() after use
|
|
*/
|
|
|
|
char *ntfs_build_descr_posix( struct MAPPING* const mapping[],
|
|
struct POSIX_SECURITY *pxdesc,
|
|
int isdir, const SID *usid, const SID *gsid )
|
|
{
|
|
int newattrsz;
|
|
SECURITY_DESCRIPTOR_RELATIVE *pnhead;
|
|
char *newattr;
|
|
int aclsz;
|
|
int usidsz;
|
|
int gsidsz;
|
|
int wsidsz;
|
|
int asidsz;
|
|
int ssidsz;
|
|
int k;
|
|
|
|
usidsz = ntfs_sid_size( usid );
|
|
gsidsz = ntfs_sid_size( gsid );
|
|
wsidsz = ntfs_sid_size( worldsid );
|
|
asidsz = ntfs_sid_size( adminsid );
|
|
ssidsz = ntfs_sid_size( systemsid );
|
|
|
|
/* allocate enough space for the new security attribute */
|
|
newattrsz = sizeof( SECURITY_DESCRIPTOR_RELATIVE ) /* header */
|
|
+ usidsz + gsidsz /* usid and gsid */
|
|
+ sizeof( ACL ) /* acl header */
|
|
+ 2 * ( 8 + usidsz ) /* two possible ACE for user */
|
|
+ 3 * ( 8 + gsidsz ) /* three possible ACE for group and mask */
|
|
+ 8 + wsidsz /* one ACE for world */
|
|
+ 8 + asidsz /* one ACE for admin */
|
|
+ 8 + ssidsz; /* one ACE for system */
|
|
if ( isdir ) /* a world denial for directories */
|
|
newattrsz += 8 + wsidsz;
|
|
if ( pxdesc->mode & 07000 ) /* a NULL ACE for special modes */
|
|
newattrsz += 8 + ntfs_sid_size( nullsid );
|
|
/* account for non-owning users and groups */
|
|
for ( k = 0; k < pxdesc->acccnt; k++ )
|
|
{
|
|
if ( ( pxdesc->acl.ace[k].tag == POSIX_ACL_USER )
|
|
|| ( pxdesc->acl.ace[k].tag == POSIX_ACL_GROUP ) )
|
|
newattrsz += 3 * 40; /* fixme : maximum size */
|
|
}
|
|
/* account for default ACE's */
|
|
newattrsz += 2 * 40 * pxdesc->defcnt; /* fixme : maximum size */
|
|
newattr = ( char* )ntfs_malloc( newattrsz );
|
|
if ( newattr )
|
|
{
|
|
/* build the main header part */
|
|
pnhead = ( SECURITY_DESCRIPTOR_RELATIVE* )newattr;
|
|
pnhead->revision = SECURITY_DESCRIPTOR_REVISION;
|
|
pnhead->alignment = 0;
|
|
/*
|
|
* The flag SE_DACL_PROTECTED prevents the ACL
|
|
* to be changed in an inheritance after creation
|
|
*/
|
|
pnhead->control = SE_DACL_PRESENT | SE_DACL_PROTECTED
|
|
| SE_SELF_RELATIVE;
|
|
/*
|
|
* Windows prefers ACL first, do the same to
|
|
* get the same hash value and avoid duplication
|
|
*/
|
|
/* build permissions */
|
|
aclsz = buildacls_posix( mapping, newattr,
|
|
sizeof( SECURITY_DESCRIPTOR_RELATIVE ),
|
|
pxdesc, isdir, usid, gsid );
|
|
if ( aclsz && ( ( int )( sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz + usidsz + gsidsz ) <= newattrsz ) )
|
|
{
|
|
/* append usid and gsid */
|
|
memcpy( &newattr[sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz], usid, usidsz );
|
|
memcpy( &newattr[sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz + usidsz], gsid, gsidsz );
|
|
/* positions of ACL, USID and GSID into header */
|
|
pnhead->owner =
|
|
cpu_to_le32( sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz );
|
|
pnhead->group =
|
|
cpu_to_le32( sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz + usidsz );
|
|
pnhead->sacl = const_cpu_to_le32( 0 );
|
|
pnhead->dacl =
|
|
const_cpu_to_le32( sizeof( SECURITY_DESCRIPTOR_RELATIVE ) );
|
|
}
|
|
else
|
|
{
|
|
/* ACL failure (errno set) or overflow */
|
|
free( newattr );
|
|
newattr = ( char* )NULL;
|
|
if ( aclsz )
|
|
{
|
|
/* hope error was detected before overflowing */
|
|
ntfs_log_error( "Security descriptor is longer than expected\n" );
|
|
errno = EIO;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
errno = ENOMEM;
|
|
return ( newattr );
|
|
}
|
|
|
|
#endif /* POSIXACLS */
|
|
|
|
/*
|
|
* Build a full security descriptor
|
|
* returns descriptor in allocated memory, must free() after use
|
|
*/
|
|
|
|
char *ntfs_build_descr( mode_t mode,
|
|
int isdir, const SID * usid, const SID * gsid )
|
|
{
|
|
int newattrsz;
|
|
SECURITY_DESCRIPTOR_RELATIVE *pnhead;
|
|
char *newattr;
|
|
int aclsz;
|
|
int usidsz;
|
|
int gsidsz;
|
|
int wsidsz;
|
|
int asidsz;
|
|
int ssidsz;
|
|
|
|
usidsz = ntfs_sid_size( usid );
|
|
gsidsz = ntfs_sid_size( gsid );
|
|
wsidsz = ntfs_sid_size( worldsid );
|
|
asidsz = ntfs_sid_size( adminsid );
|
|
ssidsz = ntfs_sid_size( systemsid );
|
|
|
|
/* allocate enough space for the new security attribute */
|
|
newattrsz = sizeof( SECURITY_DESCRIPTOR_RELATIVE ) /* header */
|
|
+ usidsz + gsidsz /* usid and gsid */
|
|
+ sizeof( ACL ) /* acl header */
|
|
+ 2 * ( 8 + usidsz ) /* two possible ACE for user */
|
|
+ 2 * ( 8 + gsidsz ) /* two possible ACE for group */
|
|
+ 8 + wsidsz /* one ACE for world */
|
|
+ 8 + asidsz /* one ACE for admin */
|
|
+ 8 + ssidsz; /* one ACE for system */
|
|
if ( isdir ) /* a world denial for directories */
|
|
newattrsz += 8 + wsidsz;
|
|
if ( mode & 07000 ) /* a NULL ACE for special modes */
|
|
newattrsz += 8 + ntfs_sid_size( nullsid );
|
|
newattr = ( char* )ntfs_malloc( newattrsz );
|
|
if ( newattr )
|
|
{
|
|
/* build the main header part */
|
|
pnhead = ( SECURITY_DESCRIPTOR_RELATIVE* ) newattr;
|
|
pnhead->revision = SECURITY_DESCRIPTOR_REVISION;
|
|
pnhead->alignment = 0;
|
|
/*
|
|
* The flag SE_DACL_PROTECTED prevents the ACL
|
|
* to be changed in an inheritance after creation
|
|
*/
|
|
pnhead->control = SE_DACL_PRESENT | SE_DACL_PROTECTED
|
|
| SE_SELF_RELATIVE;
|
|
/*
|
|
* Windows prefers ACL first, do the same to
|
|
* get the same hash value and avoid duplication
|
|
*/
|
|
/* build permissions */
|
|
aclsz = buildacls( newattr,
|
|
sizeof( SECURITY_DESCRIPTOR_RELATIVE ),
|
|
mode, isdir, usid, gsid );
|
|
if ( ( ( int )sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz + usidsz + gsidsz ) <= newattrsz )
|
|
{
|
|
/* append usid and gsid */
|
|
memcpy( &newattr[sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz], usid, usidsz );
|
|
memcpy( &newattr[sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz + usidsz], gsid, gsidsz );
|
|
/* positions of ACL, USID and GSID into header */
|
|
pnhead->owner =
|
|
cpu_to_le32( sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz );
|
|
pnhead->group =
|
|
cpu_to_le32( sizeof( SECURITY_DESCRIPTOR_RELATIVE )
|
|
+ aclsz + usidsz );
|
|
pnhead->sacl = const_cpu_to_le32( 0 );
|
|
pnhead->dacl =
|
|
const_cpu_to_le32( sizeof( SECURITY_DESCRIPTOR_RELATIVE ) );
|
|
}
|
|
else
|
|
{
|
|
/* hope error was detected before overflowing */
|
|
free( newattr );
|
|
newattr = ( char* )NULL;
|
|
ntfs_log_error( "Security descriptor is longer than expected\n" );
|
|
errno = EIO;
|
|
}
|
|
}
|
|
else
|
|
errno = ENOMEM;
|
|
return ( newattr );
|
|
}
|
|
|
|
/*
|
|
* Create a mode_t permission set
|
|
* from owner, group and world grants as represented in ACEs
|
|
*/
|
|
|
|
static int merge_permissions( BOOL isdir,
|
|
le32 owner, le32 group, le32 world, le32 special )
|
|
|
|
{
|
|
int perm;
|
|
|
|
perm = 0;
|
|
/* build owner permission */
|
|
if ( owner )
|
|
{
|
|
if ( isdir )
|
|
{
|
|
/* exec if any of list, traverse */
|
|
if ( owner & DIR_GEXEC )
|
|
perm |= S_IXUSR;
|
|
/* write if any of addfile, adddir, delchild */
|
|
if ( owner & DIR_GWRITE )
|
|
perm |= S_IWUSR;
|
|
/* read if any of list */
|
|
if ( owner & DIR_GREAD )
|
|
perm |= S_IRUSR;
|
|
}
|
|
else
|
|
{
|
|
/* exec if execute or generic execute */
|
|
if ( owner & FILE_GEXEC )
|
|
perm |= S_IXUSR;
|
|
/* write if any of writedata or generic write */
|
|
if ( owner & FILE_GWRITE )
|
|
perm |= S_IWUSR;
|
|
/* read if any of readdata or generic read */
|
|
if ( owner & FILE_GREAD )
|
|
perm |= S_IRUSR;
|
|
}
|
|
}
|
|
/* build group permission */
|
|
if ( group )
|
|
{
|
|
if ( isdir )
|
|
{
|
|
/* exec if any of list, traverse */
|
|
if ( group & DIR_GEXEC )
|
|
perm |= S_IXGRP;
|
|
/* write if any of addfile, adddir, delchild */
|
|
if ( group & DIR_GWRITE )
|
|
perm |= S_IWGRP;
|
|
/* read if any of list */
|
|
if ( group & DIR_GREAD )
|
|
perm |= S_IRGRP;
|
|
}
|
|
else
|
|
{
|
|
/* exec if execute */
|
|
if ( group & FILE_GEXEC )
|
|
perm |= S_IXGRP;
|
|
/* write if any of writedata, appenddata */
|
|
if ( group & FILE_GWRITE )
|
|
perm |= S_IWGRP;
|
|
/* read if any of readdata */
|
|
if ( group & FILE_GREAD )
|
|
perm |= S_IRGRP;
|
|
}
|
|
}
|
|
/* build world permission */
|
|
if ( world )
|
|
{
|
|
if ( isdir )
|
|
{
|
|
/* exec if any of list, traverse */
|
|
if ( world & DIR_GEXEC )
|
|
perm |= S_IXOTH;
|
|
/* write if any of addfile, adddir, delchild */
|
|
if ( world & DIR_GWRITE )
|
|
perm |= S_IWOTH;
|
|
/* read if any of list */
|
|
if ( world & DIR_GREAD )
|
|
perm |= S_IROTH;
|
|
}
|
|
else
|
|
{
|
|
/* exec if execute */
|
|
if ( world & FILE_GEXEC )
|
|
perm |= S_IXOTH;
|
|
/* write if any of writedata, appenddata */
|
|
if ( world & FILE_GWRITE )
|
|
perm |= S_IWOTH;
|
|
/* read if any of readdata */
|
|
if ( world & FILE_GREAD )
|
|
perm |= S_IROTH;
|
|
}
|
|
}
|
|
/* build special permission flags */
|
|
if ( special )
|
|
{
|
|
if ( special & FILE_APPEND_DATA )
|
|
perm |= S_ISUID;
|
|
if ( special & FILE_WRITE_DATA )
|
|
perm |= S_ISGID;
|
|
if ( special & FILE_READ_DATA )
|
|
perm |= S_ISVTX;
|
|
}
|
|
return ( perm );
|
|
}
|
|
|
|
#if POSIXACLS
|
|
|
|
/*
|
|
* Normalize a Posix ACL either from a sorted raw set of
|
|
* access ACEs or default ACEs
|
|
* (standard case : different owner, group and administrator)
|
|
*/
|
|
|
|
static int norm_std_permissions_posix( struct POSIX_SECURITY *posix_desc,
|
|
BOOL groupowns, int start, int count, int target )
|
|
{
|
|
int j, k;
|
|
s32 id;
|
|
u16 tag;
|
|
u16 tagsset;
|
|
struct POSIX_ACE *pxace;
|
|
mode_t grantgrps;
|
|
mode_t grantwrld;
|
|
mode_t denywrld;
|
|
mode_t allow;
|
|
mode_t deny;
|
|
mode_t perms;
|
|
mode_t mode;
|
|
|
|
mode = 0;
|
|
tagsset = 0;
|
|
/*
|
|
* Determine what is granted to some group or world
|
|
* Also get denials to world which are meant to prevent
|
|
* execution flags to be inherited by plain files
|
|
*/
|
|
pxace = posix_desc->acl.ace;
|
|
grantgrps = 0;
|
|
grantwrld = 0;
|
|
denywrld = 0;
|
|
for ( j = start; j < ( start + count ); j++ )
|
|
{
|
|
if ( pxace[j].perms & POSIX_PERM_DENIAL )
|
|
{
|
|
/* deny world exec unless for default */
|
|
if ( ( pxace[j].tag == POSIX_ACL_OTHER )
|
|
&& !start )
|
|
denywrld = pxace[j].perms;
|
|
}
|
|
else
|
|
{
|
|
switch ( pxace[j].tag )
|
|
{
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
grantgrps |= pxace[j].perms;
|
|
break;
|
|
case POSIX_ACL_GROUP :
|
|
if ( pxace[j].id )
|
|
grantgrps |= pxace[j].perms;
|
|
break;
|
|
case POSIX_ACL_OTHER :
|
|
grantwrld = pxace[j].perms;
|
|
break;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
/*
|
|
* Collect groups of ACEs related to the same id
|
|
* and determine what is granted and what is denied.
|
|
* It is important the ACEs have been sorted
|
|
*/
|
|
j = start;
|
|
k = target;
|
|
while ( j < ( start + count ) )
|
|
{
|
|
tag = pxace[j].tag;
|
|
id = pxace[j].id;
|
|
if ( pxace[j].perms & POSIX_PERM_DENIAL )
|
|
{
|
|
deny = pxace[j].perms | denywrld;
|
|
allow = 0;
|
|
}
|
|
else
|
|
{
|
|
deny = denywrld;
|
|
allow = pxace[j].perms;
|
|
}
|
|
j++;
|
|
while ( ( j < ( start + count ) )
|
|
&& ( pxace[j].tag == tag )
|
|
&& ( pxace[j].id == id ) )
|
|
{
|
|
if ( pxace[j].perms & POSIX_PERM_DENIAL )
|
|
deny |= pxace[j].perms;
|
|
else
|
|
allow |= pxace[j].perms;
|
|
j++;
|
|
}
|
|
/*
|
|
* Build the permissions equivalent to grants and denials
|
|
*/
|
|
if ( groupowns )
|
|
{
|
|
if ( tag == POSIX_ACL_MASK )
|
|
perms = ~deny;
|
|
else
|
|
perms = allow & ~deny;
|
|
}
|
|
else
|
|
switch ( tag )
|
|
{
|
|
case POSIX_ACL_USER_OBJ :
|
|
perms = ( allow | grantgrps | grantwrld ) & ~deny;
|
|
break;
|
|
case POSIX_ACL_USER :
|
|
if ( id )
|
|
perms = ( allow | grantgrps | grantwrld )
|
|
& ~deny;
|
|
else
|
|
perms = allow;
|
|
break;
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
perms = ( allow | grantwrld ) & ~deny;
|
|
break;
|
|
case POSIX_ACL_GROUP :
|
|
if ( id )
|
|
perms = ( allow | grantwrld ) & ~deny;
|
|
else
|
|
perms = allow;
|
|
break;
|
|
case POSIX_ACL_MASK :
|
|
perms = ~deny;
|
|
break;
|
|
default :
|
|
perms = allow & ~deny;
|
|
break;
|
|
}
|
|
/*
|
|
* Store into a Posix ACE
|
|
*/
|
|
if ( tag != POSIX_ACL_SPECIAL )
|
|
{
|
|
pxace[k].tag = tag;
|
|
pxace[k].id = id;
|
|
pxace[k].perms = perms
|
|
& ( POSIX_PERM_R | POSIX_PERM_W | POSIX_PERM_X );
|
|
tagsset |= tag;
|
|
k++;
|
|
}
|
|
switch ( tag )
|
|
{
|
|
case POSIX_ACL_USER_OBJ :
|
|
mode |= ( ( perms & 7 ) << 6 );
|
|
break;
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
case POSIX_ACL_MASK :
|
|
mode = ( mode & 07707 ) | ( ( perms & 7 ) << 3 );
|
|
break;
|
|
case POSIX_ACL_OTHER :
|
|
mode |= perms & 7;
|
|
break;
|
|
case POSIX_ACL_SPECIAL :
|
|
mode |= ( perms & ( S_ISVTX | S_ISUID | S_ISGID ) );
|
|
break;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
if ( !start ) /* not satisfactory */
|
|
{
|
|
posix_desc->mode = mode;
|
|
posix_desc->tagsset = tagsset;
|
|
}
|
|
return ( k - target );
|
|
}
|
|
|
|
#endif /* POSIXACLS */
|
|
|
|
/*
|
|
* Interpret an ACL and extract meaningful grants
|
|
* (standard case : different owner, group and administrator)
|
|
*/
|
|
|
|
static int build_std_permissions( const char *securattr,
|
|
const SID *usid, const SID *gsid, BOOL isdir )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const ACL *pacl;
|
|
const ACCESS_ALLOWED_ACE *pace;
|
|
int offdacl;
|
|
int offace;
|
|
int acecnt;
|
|
int nace;
|
|
BOOL noown;
|
|
le32 special;
|
|
le32 allowown, allowgrp, allowall;
|
|
le32 denyown, denygrp, denyall;
|
|
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )securattr;
|
|
offdacl = le32_to_cpu( phead->dacl );
|
|
pacl = ( const ACL* ) & securattr[offdacl];
|
|
special = const_cpu_to_le32( 0 );
|
|
allowown = allowgrp = allowall = const_cpu_to_le32( 0 );
|
|
denyown = denygrp = denyall = const_cpu_to_le32( 0 );
|
|
noown = TRUE;
|
|
if ( offdacl )
|
|
{
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
offace = offdacl + sizeof( ACL );
|
|
}
|
|
else
|
|
{
|
|
acecnt = 0;
|
|
offace = 0;
|
|
}
|
|
for ( nace = 0; nace < acecnt; nace++ )
|
|
{
|
|
pace = ( const ACCESS_ALLOWED_ACE* ) & securattr[offace];
|
|
if ( !( pace->flags & INHERIT_ONLY_ACE ) )
|
|
{
|
|
if ( ntfs_same_sid( usid, &pace->sid )
|
|
|| ntfs_same_sid( ownersid, &pace->sid ) )
|
|
{
|
|
noown = FALSE;
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
allowown |= pace->mask;
|
|
else if ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
denyown |= pace->mask;
|
|
}
|
|
else if ( ntfs_same_sid( gsid, &pace->sid )
|
|
&& !( pace->mask & WRITE_OWNER ) )
|
|
{
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
allowgrp |= pace->mask;
|
|
else if ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
denygrp |= pace->mask;
|
|
}
|
|
else if ( is_world_sid( ( const SID* )&pace->sid ) )
|
|
{
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
allowall |= pace->mask;
|
|
else if ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
denyall |= pace->mask;
|
|
}
|
|
else if ( ( ntfs_same_sid( ( const SID* )&pace->sid, nullsid ) )
|
|
&& ( pace->type == ACCESS_ALLOWED_ACE_TYPE ) )
|
|
special |= pace->mask;
|
|
}
|
|
offace += le16_to_cpu( pace->size );
|
|
}
|
|
/*
|
|
* No indication about owner's rights : grant basic rights
|
|
* This happens for files created by Windows in directories
|
|
* created by Linux and owned by root, because Windows
|
|
* merges the admin ACEs
|
|
*/
|
|
if ( noown )
|
|
allowown = ( FILE_READ_DATA | FILE_WRITE_DATA | FILE_EXECUTE );
|
|
/*
|
|
* Add to owner rights granted to group or world
|
|
* unless denied personaly, and add to group rights
|
|
* granted to world unless denied specifically
|
|
*/
|
|
allowown |= ( allowgrp | allowall );
|
|
allowgrp |= allowall;
|
|
return ( merge_permissions( isdir,
|
|
allowown & ~( denyown | denyall ),
|
|
allowgrp & ~( denygrp | denyall ),
|
|
allowall & ~denyall,
|
|
special ) );
|
|
}
|
|
|
|
/*
|
|
* Interpret an ACL and extract meaningful grants
|
|
* (special case : owner and group are the same,
|
|
* and not administrator)
|
|
*/
|
|
|
|
static int build_owngrp_permissions( const char *securattr,
|
|
const SID *usid, BOOL isdir )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const ACL *pacl;
|
|
const ACCESS_ALLOWED_ACE *pace;
|
|
int offdacl;
|
|
int offace;
|
|
int acecnt;
|
|
int nace;
|
|
le32 special;
|
|
BOOL grppresent;
|
|
le32 allowown, allowgrp, allowall;
|
|
le32 denyown, denygrp, denyall;
|
|
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )securattr;
|
|
offdacl = le32_to_cpu( phead->dacl );
|
|
pacl = ( const ACL* ) & securattr[offdacl];
|
|
special = const_cpu_to_le32( 0 );
|
|
allowown = allowgrp = allowall = const_cpu_to_le32( 0 );
|
|
denyown = denygrp = denyall = const_cpu_to_le32( 0 );
|
|
grppresent = FALSE;
|
|
if ( offdacl )
|
|
{
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
offace = offdacl + sizeof( ACL );
|
|
}
|
|
else
|
|
acecnt = 0;
|
|
for ( nace = 0; nace < acecnt; nace++ )
|
|
{
|
|
pace = ( const ACCESS_ALLOWED_ACE* ) & securattr[offace];
|
|
if ( !( pace->flags & INHERIT_ONLY_ACE ) )
|
|
{
|
|
if ( ( ntfs_same_sid( usid, &pace->sid )
|
|
|| ntfs_same_sid( ownersid, &pace->sid ) )
|
|
&& ( pace->mask & WRITE_OWNER ) )
|
|
{
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
allowown |= pace->mask;
|
|
}
|
|
else if ( ntfs_same_sid( usid, &pace->sid )
|
|
&& ( !( pace->mask & WRITE_OWNER ) ) )
|
|
{
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
{
|
|
allowgrp |= pace->mask;
|
|
grppresent = TRUE;
|
|
}
|
|
}
|
|
else if ( is_world_sid( ( const SID* )&pace->sid ) )
|
|
{
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
allowall |= pace->mask;
|
|
else if ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
denyall |= pace->mask;
|
|
}
|
|
else if ( ( ntfs_same_sid( ( const SID* )&pace->sid, nullsid ) )
|
|
&& ( pace->type == ACCESS_ALLOWED_ACE_TYPE ) )
|
|
special |= pace->mask;
|
|
}
|
|
offace += le16_to_cpu( pace->size );
|
|
}
|
|
if ( !grppresent )
|
|
allowgrp = allowall;
|
|
return ( merge_permissions( isdir,
|
|
allowown & ~( denyown | denyall ),
|
|
allowgrp & ~( denygrp | denyall ),
|
|
allowall & ~denyall,
|
|
special ) );
|
|
}
|
|
|
|
#if POSIXACLS
|
|
|
|
/*
|
|
* Normalize a Posix ACL either from a sorted raw set of
|
|
* access ACEs or default ACEs
|
|
* (special case : owner or/and group is administrator)
|
|
*/
|
|
|
|
static int norm_ownadmin_permissions_posix( struct POSIX_SECURITY *posix_desc,
|
|
int start, int count, int target )
|
|
{
|
|
int j, k;
|
|
s32 id;
|
|
u16 tag;
|
|
u16 tagsset;
|
|
struct POSIX_ACE *pxace;
|
|
int acccnt;
|
|
mode_t denywrld;
|
|
mode_t allow;
|
|
mode_t deny;
|
|
mode_t perms;
|
|
mode_t mode;
|
|
|
|
mode = 0;
|
|
pxace = posix_desc->acl.ace;
|
|
acccnt = posix_desc->acccnt;
|
|
tagsset = 0;
|
|
denywrld = 0;
|
|
/*
|
|
* Get denials to world which are meant to prevent
|
|
* execution flags to be inherited by plain files
|
|
*/
|
|
for ( j = start; j < ( start + count ); j++ )
|
|
{
|
|
if ( pxace[j].perms & POSIX_PERM_DENIAL )
|
|
{
|
|
/* deny world exec not for default */
|
|
if ( ( pxace[j].tag == POSIX_ACL_OTHER )
|
|
&& !start )
|
|
denywrld = pxace[j].perms;
|
|
}
|
|
}
|
|
/*
|
|
* Collect groups of ACEs related to the same id
|
|
* and determine what is granted (denials are ignored)
|
|
* It is important the ACEs have been sorted
|
|
*/
|
|
j = start;
|
|
k = target;
|
|
deny = 0;
|
|
while ( j < ( start + count ) )
|
|
{
|
|
allow = 0;
|
|
tag = pxace[j].tag;
|
|
id = pxace[j].id;
|
|
if ( tag == POSIX_ACL_MASK )
|
|
{
|
|
deny = pxace[j].perms;
|
|
j++;
|
|
while ( ( j < ( start + count ) )
|
|
&& ( pxace[j].tag == POSIX_ACL_MASK ) )
|
|
j++;
|
|
}
|
|
else
|
|
{
|
|
if ( !( pxace[j].perms & POSIX_PERM_DENIAL ) )
|
|
allow = pxace[j].perms;
|
|
j++;
|
|
while ( ( j < ( start + count ) )
|
|
&& ( pxace[j].tag == tag )
|
|
&& ( pxace[j].id == id ) )
|
|
{
|
|
if ( !( pxace[j].perms & POSIX_PERM_DENIAL ) )
|
|
allow |= pxace[j].perms;
|
|
j++;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Store the grants into a Posix ACE
|
|
*/
|
|
if ( tag == POSIX_ACL_MASK )
|
|
perms = ~deny;
|
|
else
|
|
perms = allow & ~denywrld;
|
|
if ( tag != POSIX_ACL_SPECIAL )
|
|
{
|
|
pxace[k].tag = tag;
|
|
pxace[k].id = id;
|
|
pxace[k].perms = perms
|
|
& ( POSIX_PERM_R | POSIX_PERM_W | POSIX_PERM_X );
|
|
tagsset |= tag;
|
|
k++;
|
|
}
|
|
switch ( tag )
|
|
{
|
|
case POSIX_ACL_USER_OBJ :
|
|
mode |= ( ( perms & 7 ) << 6 );
|
|
break;
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
case POSIX_ACL_MASK :
|
|
mode = ( mode & 07707 ) | ( ( perms & 7 ) << 3 );
|
|
break;
|
|
case POSIX_ACL_OTHER :
|
|
mode |= perms & 7;
|
|
break;
|
|
case POSIX_ACL_SPECIAL :
|
|
mode |= perms & ( S_ISVTX | S_ISUID | S_ISGID );
|
|
break;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
if ( !start ) /* not satisfactory */
|
|
{
|
|
posix_desc->mode = mode;
|
|
posix_desc->tagsset = tagsset;
|
|
}
|
|
return ( k - target );
|
|
}
|
|
|
|
#endif /* POSIXACLS */
|
|
|
|
/*
|
|
* Interpret an ACL and extract meaningful grants
|
|
* (special case : owner or/and group is administrator)
|
|
*/
|
|
|
|
|
|
static int build_ownadmin_permissions( const char *securattr,
|
|
const SID *usid, const SID *gsid, BOOL isdir )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const ACL *pacl;
|
|
const ACCESS_ALLOWED_ACE *pace;
|
|
int offdacl;
|
|
int offace;
|
|
int acecnt;
|
|
int nace;
|
|
BOOL firstapply;
|
|
int isforeign;
|
|
le32 special;
|
|
le32 allowown, allowgrp, allowall;
|
|
le32 denyown, denygrp, denyall;
|
|
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )securattr;
|
|
offdacl = le32_to_cpu( phead->dacl );
|
|
pacl = ( const ACL* ) & securattr[offdacl];
|
|
special = const_cpu_to_le32( 0 );
|
|
allowown = allowgrp = allowall = const_cpu_to_le32( 0 );
|
|
denyown = denygrp = denyall = const_cpu_to_le32( 0 );
|
|
if ( offdacl )
|
|
{
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
offace = offdacl + sizeof( ACL );
|
|
}
|
|
else
|
|
{
|
|
acecnt = 0;
|
|
offace = 0;
|
|
}
|
|
firstapply = TRUE;
|
|
isforeign = 3;
|
|
for ( nace = 0; nace < acecnt; nace++ )
|
|
{
|
|
pace = ( const ACCESS_ALLOWED_ACE* ) & securattr[offace];
|
|
if ( !( pace->flags & INHERIT_ONLY_ACE )
|
|
&& !( ~pace->mask & ( ROOT_OWNER_UNMARK | ROOT_GROUP_UNMARK ) ) )
|
|
{
|
|
if ( ( ntfs_same_sid( usid, &pace->sid )
|
|
|| ntfs_same_sid( ownersid, &pace->sid ) )
|
|
&& ( ( ( pace->mask & WRITE_OWNER ) && firstapply ) ) )
|
|
{
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
{
|
|
allowown |= pace->mask;
|
|
isforeign &= ~1;
|
|
}
|
|
else if ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
denyown |= pace->mask;
|
|
}
|
|
else if ( ntfs_same_sid( gsid, &pace->sid )
|
|
&& ( !( pace->mask & WRITE_OWNER ) ) )
|
|
{
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
{
|
|
allowgrp |= pace->mask;
|
|
isforeign &= ~2;
|
|
}
|
|
else if ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
denygrp |= pace->mask;
|
|
}
|
|
else if ( is_world_sid( ( const SID* )&pace->sid ) )
|
|
{
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
allowall |= pace->mask;
|
|
else if ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
denyall |= pace->mask;
|
|
}
|
|
firstapply = FALSE;
|
|
}
|
|
else if ( !( pace->flags & INHERIT_ONLY_ACE ) )
|
|
if ( ( ntfs_same_sid( ( const SID* )&pace->sid, nullsid ) )
|
|
&& ( pace->type == ACCESS_ALLOWED_ACE_TYPE ) )
|
|
special |= pace->mask;
|
|
offace += le16_to_cpu( pace->size );
|
|
}
|
|
if ( isforeign )
|
|
{
|
|
allowown |= ( allowgrp | allowall );
|
|
allowgrp |= allowall;
|
|
}
|
|
return ( merge_permissions( isdir,
|
|
allowown & ~( denyown | denyall ),
|
|
allowgrp & ~( denygrp | denyall ),
|
|
allowall & ~denyall,
|
|
special ) );
|
|
}
|
|
|
|
#if OWNERFROMACL
|
|
|
|
/*
|
|
* Define the owner of a file as the first user allowed
|
|
* to change the owner, instead of the user defined as owner.
|
|
*
|
|
* This produces better approximations for files written by a
|
|
* Windows user in an inheritable directory owned by another user,
|
|
* as the access rights are inheritable but the ownership is not.
|
|
*
|
|
* An important case is the directories "Documents and Settings/user"
|
|
* which the users must have access to, though Windows considers them
|
|
* as owned by administrator.
|
|
*/
|
|
|
|
const SID *ntfs_acl_owner( const char *securattr )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const SID *usid;
|
|
const ACL *pacl;
|
|
const ACCESS_ALLOWED_ACE *pace;
|
|
int offdacl;
|
|
int offace;
|
|
int acecnt;
|
|
int nace;
|
|
BOOL found;
|
|
|
|
found = FALSE;
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )securattr;
|
|
offdacl = le32_to_cpu( phead->dacl );
|
|
if ( offdacl )
|
|
{
|
|
pacl = ( const ACL* ) & securattr[offdacl];
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
offace = offdacl + sizeof( ACL );
|
|
nace = 0;
|
|
do
|
|
{
|
|
pace = ( const ACCESS_ALLOWED_ACE* ) & securattr[offace];
|
|
if ( ( pace->mask & WRITE_OWNER )
|
|
&& ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
&& ntfs_is_user_sid( &pace->sid ) )
|
|
found = TRUE;
|
|
offace += le16_to_cpu( pace->size );
|
|
}
|
|
while ( !found && ( ++nace < acecnt ) );
|
|
}
|
|
if ( found )
|
|
usid = &pace->sid;
|
|
else
|
|
usid = ( const SID* ) & securattr[le32_to_cpu( phead->owner )];
|
|
return ( usid );
|
|
}
|
|
|
|
#else
|
|
|
|
/*
|
|
* Special case for files owned by administrator with full
|
|
* access granted to a mapped user : consider this user as the tenant
|
|
* of the file.
|
|
*
|
|
* This situation cannot be represented with Linux concepts and can
|
|
* only be found for files or directories created by Windows.
|
|
* Typical situation : directory "Documents and Settings/user" which
|
|
* is on the path to user's files and must be given access to user
|
|
* only.
|
|
*
|
|
* Check file is owned by administrator and no user has rights before
|
|
* calling.
|
|
* Returns the uid of tenant or zero if none
|
|
*/
|
|
|
|
|
|
static uid_t find_tenant( struct MAPPING *const mapping[],
|
|
const char *securattr )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const ACL *pacl;
|
|
const ACCESS_ALLOWED_ACE *pace;
|
|
int offdacl;
|
|
int offace;
|
|
int acecnt;
|
|
int nace;
|
|
uid_t tid;
|
|
uid_t xid;
|
|
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )securattr;
|
|
offdacl = le32_to_cpu( phead->dacl );
|
|
pacl = ( const ACL* ) & securattr[offdacl];
|
|
tid = 0;
|
|
if ( offdacl )
|
|
{
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
offace = offdacl + sizeof( ACL );
|
|
}
|
|
else
|
|
acecnt = 0;
|
|
for ( nace = 0; nace < acecnt; nace++ )
|
|
{
|
|
pace = ( const ACCESS_ALLOWED_ACE* ) & securattr[offace];
|
|
if ( ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
&& ( pace->mask & DIR_WRITE ) )
|
|
{
|
|
xid = NTFS_FIND_USER( mapping[MAPUSERS], &pace->sid );
|
|
if ( xid ) tid = xid;
|
|
}
|
|
offace += le16_to_cpu( pace->size );
|
|
}
|
|
return ( tid );
|
|
}
|
|
|
|
#endif /* OWNERFROMACL */
|
|
|
|
#if POSIXACLS
|
|
|
|
/*
|
|
* Build Posix permissions from an ACL
|
|
* returns a pointer to the requested permissions
|
|
* or a null pointer (with errno set) if there is a problem
|
|
*
|
|
* If the NTFS ACL was created according to our rules, the retrieved
|
|
* Posix ACL should be the exact ACL which was set. However if
|
|
* the NTFS ACL was built by a different tool, the result could
|
|
* be a a poor approximation of what was expected
|
|
*/
|
|
|
|
struct POSIX_SECURITY *ntfs_build_permissions_posix(
|
|
struct MAPPING *const mapping[],
|
|
const char *securattr,
|
|
const SID *usid, const SID *gsid, BOOL isdir )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
struct POSIX_SECURITY *pxdesc;
|
|
const ACL *pacl;
|
|
const ACCESS_ALLOWED_ACE *pace;
|
|
struct POSIX_ACE *pxace;
|
|
struct
|
|
{
|
|
uid_t prevuid;
|
|
gid_t prevgid;
|
|
int groupmasks;
|
|
s16 tagsset;
|
|
BOOL gotowner;
|
|
BOOL gotownermask;
|
|
BOOL gotgroup;
|
|
mode_t permswrld;
|
|
} ctx[2], *pctx;
|
|
int offdacl;
|
|
int offace;
|
|
int alloccnt;
|
|
int acecnt;
|
|
uid_t uid;
|
|
gid_t gid;
|
|
int i, j;
|
|
int k, l;
|
|
BOOL ignore;
|
|
BOOL adminowns;
|
|
BOOL groupowns;
|
|
BOOL firstinh;
|
|
BOOL genericinh;
|
|
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )securattr;
|
|
offdacl = le32_to_cpu( phead->dacl );
|
|
if ( offdacl )
|
|
{
|
|
pacl = ( const ACL* ) & securattr[offdacl];
|
|
acecnt = le16_to_cpu( pacl->ace_count );
|
|
offace = offdacl + sizeof( ACL );
|
|
}
|
|
else
|
|
{
|
|
acecnt = 0;
|
|
offace = 0;
|
|
}
|
|
adminowns = FALSE;
|
|
groupowns = ntfs_same_sid( gsid, usid );
|
|
firstinh = FALSE;
|
|
genericinh = FALSE;
|
|
/*
|
|
* Build a raw posix security descriptor
|
|
* by just translating permissions and ids
|
|
* Add 2 to the count of ACE to be able to insert
|
|
* a group ACE later in access and default ACLs
|
|
* and add 2 more to be able to insert ACEs for owner
|
|
* and 2 more for other
|
|
*/
|
|
alloccnt = acecnt + 6;
|
|
pxdesc = ( struct POSIX_SECURITY* )malloc(
|
|
sizeof( struct POSIX_SECURITY )
|
|
+ alloccnt*sizeof( struct POSIX_ACE ) );
|
|
k = 0;
|
|
l = alloccnt;
|
|
for ( i = 0; i < 2; i++ )
|
|
{
|
|
pctx = &ctx[i];
|
|
pctx->permswrld = 0;
|
|
pctx->prevuid = -1;
|
|
pctx->prevgid = -1;
|
|
pctx->groupmasks = 0;
|
|
pctx->tagsset = 0;
|
|
pctx->gotowner = FALSE;
|
|
pctx->gotgroup = FALSE;
|
|
pctx->gotownermask = FALSE;
|
|
}
|
|
for ( j = 0; j < acecnt; j++ )
|
|
{
|
|
pace = ( const ACCESS_ALLOWED_ACE* ) & securattr[offace];
|
|
if ( pace->flags & INHERIT_ONLY_ACE )
|
|
{
|
|
pxace = &pxdesc->acl.ace[l - 1];
|
|
pctx = &ctx[1];
|
|
}
|
|
else
|
|
{
|
|
pxace = &pxdesc->acl.ace[k];
|
|
pctx = &ctx[0];
|
|
}
|
|
ignore = FALSE;
|
|
/*
|
|
* grants for root as a designated user or group
|
|
*/
|
|
if ( ( ~pace->mask & ( ROOT_OWNER_UNMARK | ROOT_GROUP_UNMARK ) )
|
|
&& ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
&& ntfs_same_sid( &pace->sid, adminsid ) )
|
|
{
|
|
pxace->tag = ( pace->mask & ROOT_OWNER_UNMARK ? POSIX_ACL_GROUP : POSIX_ACL_USER );
|
|
pxace->id = 0;
|
|
if ( ( pace->mask & ( GENERIC_ALL | WRITE_OWNER ) )
|
|
&& ( pace->flags & INHERIT_ONLY_ACE ) )
|
|
ignore = genericinh = TRUE;
|
|
}
|
|
else if ( ntfs_same_sid( usid, &pace->sid ) )
|
|
{
|
|
pxace->id = -1;
|
|
/*
|
|
* Owner has no write-owner right :
|
|
* a group was defined same as owner
|
|
* or admin was owner or group :
|
|
* denials are meant to owner
|
|
* and grants are meant to group
|
|
*/
|
|
if ( !( pace->mask & ( WRITE_OWNER | GENERIC_ALL ) )
|
|
&& ( pace->type == ACCESS_ALLOWED_ACE_TYPE ) )
|
|
{
|
|
if ( ntfs_same_sid( gsid, usid ) )
|
|
{
|
|
pxace->tag = POSIX_ACL_GROUP_OBJ;
|
|
pxace->id = -1;
|
|
}
|
|
else
|
|
{
|
|
if ( ntfs_same_sid( &pace->sid, usid ) )
|
|
groupowns = TRUE;
|
|
gid = NTFS_FIND_GROUP( mapping[MAPGROUPS], &pace->sid );
|
|
if ( gid )
|
|
{
|
|
pxace->tag = POSIX_ACL_GROUP;
|
|
pxace->id = gid;
|
|
pctx->prevgid = gid;
|
|
}
|
|
else
|
|
{
|
|
uid = NTFS_FIND_USER( mapping[MAPUSERS], &pace->sid );
|
|
if ( uid )
|
|
{
|
|
pxace->tag = POSIX_ACL_USER;
|
|
pxace->id = uid;
|
|
}
|
|
else
|
|
ignore = TRUE;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* when group owns, late denials for owner
|
|
* mean group mask
|
|
*/
|
|
if ( ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
&& ( pace->mask & WRITE_OWNER ) )
|
|
{
|
|
pxace->tag = POSIX_ACL_MASK;
|
|
pctx->gotownermask = TRUE;
|
|
if ( pctx->gotowner )
|
|
pctx->groupmasks++;
|
|
}
|
|
else
|
|
{
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
pctx->gotowner = TRUE;
|
|
if ( pctx->gotownermask && !pctx->gotowner )
|
|
{
|
|
uid = NTFS_FIND_USER( mapping[MAPUSERS], &pace->sid );
|
|
pxace->id = uid;
|
|
pxace->tag = POSIX_ACL_USER;
|
|
}
|
|
else
|
|
pxace->tag = POSIX_ACL_USER_OBJ;
|
|
/* system ignored, and admin */
|
|
/* ignored at first position */
|
|
if ( pace->flags & INHERIT_ONLY_ACE )
|
|
{
|
|
if ( ( firstinh && ntfs_same_sid( &pace->sid, adminsid ) )
|
|
|| ntfs_same_sid( &pace->sid, systemsid ) )
|
|
ignore = TRUE;
|
|
if ( !firstinh )
|
|
{
|
|
firstinh = TRUE;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if ( ( adminowns && ntfs_same_sid( &pace->sid, adminsid ) )
|
|
|| ntfs_same_sid( &pace->sid, systemsid ) )
|
|
ignore = TRUE;
|
|
if ( ntfs_same_sid( usid, adminsid ) )
|
|
adminowns = TRUE;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else if ( ntfs_same_sid( gsid, &pace->sid ) )
|
|
{
|
|
if ( ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
&& ( pace->mask & WRITE_OWNER ) )
|
|
{
|
|
pxace->tag = POSIX_ACL_MASK;
|
|
pxace->id = -1;
|
|
if ( pctx->gotowner )
|
|
pctx->groupmasks++;
|
|
}
|
|
else
|
|
{
|
|
if ( pctx->gotgroup || ( pctx->groupmasks > 1 ) )
|
|
{
|
|
gid = NTFS_FIND_GROUP( mapping[MAPGROUPS], &pace->sid );
|
|
if ( gid )
|
|
{
|
|
pxace->id = gid;
|
|
pxace->tag = POSIX_ACL_GROUP;
|
|
pctx->prevgid = gid;
|
|
}
|
|
else
|
|
ignore = TRUE;
|
|
}
|
|
else
|
|
{
|
|
pxace->id = -1;
|
|
pxace->tag = POSIX_ACL_GROUP_OBJ;
|
|
if ( pace->type == ACCESS_ALLOWED_ACE_TYPE )
|
|
pctx->gotgroup = TRUE;
|
|
}
|
|
|
|
if ( ntfs_same_sid( gsid, adminsid )
|
|
|| ntfs_same_sid( gsid, systemsid ) )
|
|
{
|
|
if ( pace->mask & ( WRITE_OWNER | GENERIC_ALL ) )
|
|
ignore = TRUE;
|
|
if ( ntfs_same_sid( gsid, adminsid ) )
|
|
adminowns = TRUE;
|
|
else
|
|
genericinh = ignore;
|
|
}
|
|
}
|
|
}
|
|
else if ( is_world_sid( ( const SID* )&pace->sid ) )
|
|
{
|
|
pxace->id = -1;
|
|
pxace->tag = POSIX_ACL_OTHER;
|
|
if ( ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
&& ( pace->flags & INHERIT_ONLY_ACE ) )
|
|
ignore = TRUE;
|
|
}
|
|
else if ( ntfs_same_sid( ( const SID* )&pace->sid, nullsid ) )
|
|
{
|
|
pxace->id = -1;
|
|
pxace->tag = POSIX_ACL_SPECIAL;
|
|
}
|
|
else
|
|
{
|
|
uid = NTFS_FIND_USER( mapping[MAPUSERS], &pace->sid );
|
|
if ( uid )
|
|
{
|
|
if ( ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
&& ( pace->mask & WRITE_OWNER )
|
|
&& ( pctx->prevuid != uid ) )
|
|
{
|
|
pxace->id = -1;
|
|
pxace->tag = POSIX_ACL_MASK;
|
|
}
|
|
else
|
|
{
|
|
pxace->id = uid;
|
|
pxace->tag = POSIX_ACL_USER;
|
|
}
|
|
pctx->prevuid = uid;
|
|
}
|
|
else
|
|
{
|
|
gid = NTFS_FIND_GROUP( mapping[MAPGROUPS], &pace->sid );
|
|
if ( gid )
|
|
{
|
|
if ( ( pace->type == ACCESS_DENIED_ACE_TYPE )
|
|
&& ( pace->mask & WRITE_OWNER )
|
|
&& ( pctx->prevgid != gid ) )
|
|
{
|
|
pxace->tag = POSIX_ACL_MASK;
|
|
pctx->groupmasks++;
|
|
}
|
|
else
|
|
{
|
|
pxace->tag = POSIX_ACL_GROUP;
|
|
}
|
|
pxace->id = gid;
|
|
pctx->prevgid = gid;
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* do not grant rights to unknown
|
|
* people and do not define root as a
|
|
* designated user or group
|
|
*/
|
|
ignore = TRUE;
|
|
}
|
|
}
|
|
}
|
|
if ( !ignore )
|
|
{
|
|
pxace->perms = 0;
|
|
/* specific decoding for vtx/uid/gid */
|
|
if ( pxace->tag == POSIX_ACL_SPECIAL )
|
|
{
|
|
if ( pace->mask & FILE_APPEND_DATA )
|
|
pxace->perms |= S_ISUID;
|
|
if ( pace->mask & FILE_WRITE_DATA )
|
|
pxace->perms |= S_ISGID;
|
|
if ( pace->mask & FILE_READ_DATA )
|
|
pxace->perms |= S_ISVTX;
|
|
}
|
|
else if ( isdir )
|
|
{
|
|
if ( pace->mask & DIR_GEXEC )
|
|
pxace->perms |= POSIX_PERM_X;
|
|
if ( pace->mask & DIR_GWRITE )
|
|
pxace->perms |= POSIX_PERM_W;
|
|
if ( pace->mask & DIR_GREAD )
|
|
pxace->perms |= POSIX_PERM_R;
|
|
if ( ( pace->mask & GENERIC_ALL )
|
|
&& ( pace->flags & INHERIT_ONLY_ACE ) )
|
|
pxace->perms |= POSIX_PERM_X
|
|
| POSIX_PERM_W
|
|
| POSIX_PERM_R;
|
|
}
|
|
else
|
|
{
|
|
if ( pace->mask & FILE_GEXEC )
|
|
pxace->perms |= POSIX_PERM_X;
|
|
if ( pace->mask & FILE_GWRITE )
|
|
pxace->perms |= POSIX_PERM_W;
|
|
if ( pace->mask & FILE_GREAD )
|
|
pxace->perms |= POSIX_PERM_R;
|
|
}
|
|
|
|
if ( pace->type != ACCESS_ALLOWED_ACE_TYPE )
|
|
pxace->perms |= POSIX_PERM_DENIAL;
|
|
else if ( pxace->tag == POSIX_ACL_OTHER )
|
|
pctx->permswrld = pxace->perms;
|
|
pctx->tagsset |= pxace->tag;
|
|
if ( pace->flags & INHERIT_ONLY_ACE )
|
|
{
|
|
l--;
|
|
}
|
|
else
|
|
{
|
|
k++;
|
|
}
|
|
}
|
|
offace += le16_to_cpu( pace->size );
|
|
}
|
|
/*
|
|
* Create world perms if none (both lists)
|
|
*/
|
|
for ( i = 0; i < 2; i++ )
|
|
if ( ( genericinh || !i )
|
|
&& !( ctx[i].tagsset & POSIX_ACL_OTHER ) )
|
|
{
|
|
if ( i )
|
|
pxace = &pxdesc->acl.ace[--l];
|
|
else
|
|
pxace = &pxdesc->acl.ace[k++];
|
|
pxace->tag = POSIX_ACL_OTHER;
|
|
pxace->id = -1;
|
|
pxace->perms = 0;
|
|
ctx[i].tagsset |= POSIX_ACL_OTHER;
|
|
ctx[i].permswrld = 0;
|
|
}
|
|
/*
|
|
* Set basic owner perms if none (both lists)
|
|
* This happens for files created by Windows in directories
|
|
* created by Linux and owned by root, because Windows
|
|
* merges the admin ACEs
|
|
*/
|
|
for ( i = 0; i < 2; i++ )
|
|
if ( !( ctx[i].tagsset & POSIX_ACL_USER_OBJ )
|
|
&& ( ctx[i].tagsset & POSIX_ACL_OTHER ) )
|
|
{
|
|
if ( i )
|
|
pxace = &pxdesc->acl.ace[--l];
|
|
else
|
|
pxace = &pxdesc->acl.ace[k++];
|
|
pxace->tag = POSIX_ACL_USER_OBJ;
|
|
pxace->id = -1;
|
|
pxace->perms = POSIX_PERM_R | POSIX_PERM_W | POSIX_PERM_X;
|
|
ctx[i].tagsset |= POSIX_ACL_USER_OBJ;
|
|
}
|
|
/*
|
|
* Duplicate world perms as group_obj perms if none
|
|
*/
|
|
for ( i = 0; i < 2; i++ )
|
|
if ( ( ctx[i].tagsset & POSIX_ACL_OTHER )
|
|
&& !( ctx[i].tagsset & POSIX_ACL_GROUP_OBJ ) )
|
|
{
|
|
if ( i )
|
|
pxace = &pxdesc->acl.ace[--l];
|
|
else
|
|
pxace = &pxdesc->acl.ace[k++];
|
|
pxace->tag = POSIX_ACL_GROUP_OBJ;
|
|
pxace->id = -1;
|
|
pxace->perms = ctx[i].permswrld;
|
|
ctx[i].tagsset |= POSIX_ACL_GROUP_OBJ;
|
|
}
|
|
/*
|
|
* Also duplicate world perms as group perms if they
|
|
* were converted to mask and not followed by a group entry
|
|
*/
|
|
if ( ctx[0].groupmasks )
|
|
{
|
|
for ( j = k - 2; j >= 0; j-- )
|
|
{
|
|
if ( ( pxdesc->acl.ace[j].tag == POSIX_ACL_MASK )
|
|
&& ( pxdesc->acl.ace[j].id != -1 )
|
|
&& ( ( pxdesc->acl.ace[j+1].tag != POSIX_ACL_GROUP )
|
|
|| ( pxdesc->acl.ace[j+1].id
|
|
!= pxdesc->acl.ace[j].id ) ) )
|
|
{
|
|
pxace = &pxdesc->acl.ace[k];
|
|
pxace->tag = POSIX_ACL_GROUP;
|
|
pxace->id = pxdesc->acl.ace[j].id;
|
|
pxace->perms = ctx[0].permswrld;
|
|
ctx[0].tagsset |= POSIX_ACL_GROUP;
|
|
k++;
|
|
}
|
|
if ( pxdesc->acl.ace[j].tag == POSIX_ACL_MASK )
|
|
pxdesc->acl.ace[j].id = -1;
|
|
}
|
|
}
|
|
if ( ctx[1].groupmasks )
|
|
{
|
|
for ( j = l; j < ( alloccnt - 1 ); j++ )
|
|
{
|
|
if ( ( pxdesc->acl.ace[j].tag == POSIX_ACL_MASK )
|
|
&& ( pxdesc->acl.ace[j].id != -1 )
|
|
&& ( ( pxdesc->acl.ace[j+1].tag != POSIX_ACL_GROUP )
|
|
|| ( pxdesc->acl.ace[j+1].id
|
|
!= pxdesc->acl.ace[j].id ) ) )
|
|
{
|
|
pxace = &pxdesc->acl.ace[l - 1];
|
|
pxace->tag = POSIX_ACL_GROUP;
|
|
pxace->id = pxdesc->acl.ace[j].id;
|
|
pxace->perms = ctx[1].permswrld;
|
|
ctx[1].tagsset |= POSIX_ACL_GROUP;
|
|
l--;
|
|
}
|
|
if ( pxdesc->acl.ace[j].tag == POSIX_ACL_MASK )
|
|
pxdesc->acl.ace[j].id = -1;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Insert default mask if none present and
|
|
* there are designated users or groups
|
|
* (the space for it has not beed used)
|
|
*/
|
|
for ( i = 0; i < 2; i++ )
|
|
if ( ( ctx[i].tagsset & ( POSIX_ACL_USER | POSIX_ACL_GROUP ) )
|
|
&& !( ctx[i].tagsset & POSIX_ACL_MASK ) )
|
|
{
|
|
if ( i )
|
|
pxace = &pxdesc->acl.ace[--l];
|
|
else
|
|
pxace = &pxdesc->acl.ace[k++];
|
|
pxace->tag = POSIX_ACL_MASK;
|
|
pxace->id = -1;
|
|
pxace->perms = POSIX_PERM_DENIAL;
|
|
ctx[i].tagsset |= POSIX_ACL_MASK;
|
|
}
|
|
|
|
if ( k > l )
|
|
{
|
|
ntfs_log_error( "Posix descriptor is longer than expected\n" );
|
|
errno = EIO;
|
|
free( pxdesc );
|
|
pxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
}
|
|
else
|
|
{
|
|
pxdesc->acccnt = k;
|
|
pxdesc->defcnt = alloccnt - l;
|
|
pxdesc->firstdef = l;
|
|
pxdesc->tagsset = ctx[0].tagsset;
|
|
pxdesc->acl.version = POSIX_VERSION;
|
|
pxdesc->acl.flags = 0;
|
|
pxdesc->acl.filler = 0;
|
|
ntfs_sort_posix( pxdesc );
|
|
if ( adminowns )
|
|
{
|
|
k = norm_ownadmin_permissions_posix( pxdesc,
|
|
0, pxdesc->acccnt, 0 );
|
|
pxdesc->acccnt = k;
|
|
l = norm_ownadmin_permissions_posix( pxdesc,
|
|
pxdesc->firstdef, pxdesc->defcnt, k );
|
|
pxdesc->firstdef = k;
|
|
pxdesc->defcnt = l;
|
|
}
|
|
else
|
|
{
|
|
k = norm_std_permissions_posix( pxdesc, groupowns,
|
|
0, pxdesc->acccnt, 0 );
|
|
pxdesc->acccnt = k;
|
|
l = norm_std_permissions_posix( pxdesc, groupowns,
|
|
pxdesc->firstdef, pxdesc->defcnt, k );
|
|
pxdesc->firstdef = k;
|
|
pxdesc->defcnt = l;
|
|
}
|
|
}
|
|
if ( pxdesc && !ntfs_valid_posix( pxdesc ) )
|
|
{
|
|
ntfs_log_error( "Invalid Posix descriptor built\n" );
|
|
errno = EIO;
|
|
free( pxdesc );
|
|
pxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
}
|
|
return ( pxdesc );
|
|
}
|
|
|
|
#endif /* POSIXACLS */
|
|
|
|
/*
|
|
* Build unix-style (mode_t) permissions from an ACL
|
|
* returns the requested permissions
|
|
* or a negative result (with errno set) if there is a problem
|
|
*/
|
|
|
|
int ntfs_build_permissions( const char *securattr,
|
|
const SID *usid, const SID *gsid, BOOL isdir )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
int perm;
|
|
BOOL adminowns;
|
|
BOOL groupowns;
|
|
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )securattr;
|
|
adminowns = ntfs_same_sid( usid, adminsid )
|
|
|| ntfs_same_sid( gsid, adminsid );
|
|
groupowns = !adminowns && ntfs_same_sid( gsid, usid );
|
|
if ( adminowns )
|
|
perm = build_ownadmin_permissions( securattr, usid, gsid, isdir );
|
|
else if ( groupowns )
|
|
perm = build_owngrp_permissions( securattr, usid, isdir );
|
|
else
|
|
perm = build_std_permissions( securattr, usid, gsid, isdir );
|
|
return ( perm );
|
|
}
|
|
|
|
/*
|
|
* The following must be in some library...
|
|
*/
|
|
|
|
static unsigned long atoul( const char *p )
|
|
{ /* must be somewhere ! */
|
|
unsigned long v;
|
|
|
|
v = 0;
|
|
while ( ( *p >= '0' ) && ( *p <= '9' ) )
|
|
v = v * 10 + ( *p++ ) - '0';
|
|
return ( v );
|
|
}
|
|
|
|
/*
|
|
* Build an internal representation of a SID
|
|
* Returns a copy in allocated memory if it succeeds
|
|
* The SID is checked to be a valid user one.
|
|
*/
|
|
|
|
static SID *encodesid( const char *sidstr )
|
|
{
|
|
SID *sid;
|
|
int cnt;
|
|
BIGSID bigsid;
|
|
SID *bsid;
|
|
u32 auth;
|
|
const char *p;
|
|
|
|
sid = ( SID* ) NULL;
|
|
if ( !strncmp( sidstr, "S-1-", 4 ) )
|
|
{
|
|
bsid = ( SID* ) & bigsid;
|
|
bsid->revision = SID_REVISION;
|
|
p = &sidstr[4];
|
|
auth = atoul( p );
|
|
bsid->identifier_authority.high_part = const_cpu_to_be16( 0 );
|
|
bsid->identifier_authority.low_part = cpu_to_be32( auth );
|
|
cnt = 0;
|
|
p = strchr( p, '-' );
|
|
while ( p && ( cnt < 8 ) )
|
|
{
|
|
p++;
|
|
auth = atoul( p );
|
|
bsid->sub_authority[cnt] = cpu_to_le32( auth );
|
|
p = strchr( p, '-' );
|
|
cnt++;
|
|
}
|
|
bsid->sub_authority_count = cnt;
|
|
if ( ( cnt > 0 ) && ntfs_valid_sid( bsid ) && ntfs_is_user_sid( bsid ) )
|
|
{
|
|
sid = ( SID* ) ntfs_malloc( 4 * cnt + 8 );
|
|
if ( sid )
|
|
memcpy( sid, bsid, 4 * cnt + 8 );
|
|
}
|
|
}
|
|
return ( sid );
|
|
}
|
|
|
|
/*
|
|
* Early logging before the logs are redirected
|
|
*
|
|
* (not quite satisfactory : this appears before the ntfs-g banner,
|
|
* and with a different pid)
|
|
*/
|
|
|
|
static void log_early_error( const char *format, ... )
|
|
__attribute__( ( format( printf, 1, 2 ) ) );
|
|
|
|
static void log_early_error( const char *format, ... )
|
|
{
|
|
va_list args;
|
|
|
|
va_start( args, format );
|
|
#ifdef HAVE_SYSLOG_H
|
|
openlog( "ntfs-3g", LOG_PID, LOG_USER );
|
|
ntfs_log_handler_syslog( NULL, NULL, 0,
|
|
NTFS_LOG_LEVEL_ERROR, NULL,
|
|
format, args );
|
|
#else
|
|
vfprintf( stderr, format, args );
|
|
#endif
|
|
va_end( args );
|
|
}
|
|
|
|
|
|
/*
|
|
* Get a single mapping item from buffer
|
|
*
|
|
* Always reads a full line, truncating long lines
|
|
* Refills buffer when exhausted
|
|
* Returns pointer to item, or NULL when there is no more
|
|
*/
|
|
|
|
static struct MAPLIST *getmappingitem( FILEREADER reader, void *fileid,
|
|
off_t *poffs, char *buf, int *psrc, s64 *psize )
|
|
{
|
|
int src;
|
|
int dst;
|
|
char *p;
|
|
char *q;
|
|
char *pu;
|
|
char *pg;
|
|
int gotend;
|
|
struct MAPLIST *item;
|
|
|
|
src = *psrc;
|
|
dst = 0;
|
|
/* allocate and get a full line */
|
|
item = ( struct MAPLIST* )ntfs_malloc( sizeof( struct MAPLIST ) );
|
|
if ( item )
|
|
{
|
|
do
|
|
{
|
|
gotend = 0;
|
|
while ( ( src < *psize )
|
|
&& ( buf[src] != '\n' ) )
|
|
{
|
|
if ( dst < LINESZ )
|
|
item->maptext[dst++] = buf[src];
|
|
src++;
|
|
}
|
|
if ( src >= *psize )
|
|
{
|
|
*poffs += *psize;
|
|
*psize = reader( fileid, buf, ( size_t )BUFSZ, *poffs );
|
|
src = 0;
|
|
}
|
|
else
|
|
{
|
|
gotend = 1;
|
|
src++;
|
|
item->maptext[dst] = '\0';
|
|
dst = 0;
|
|
}
|
|
}
|
|
while ( *psize && ( ( item->maptext[0] == '#' ) || !gotend ) );
|
|
if ( gotend )
|
|
{
|
|
pu = pg = ( char* )NULL;
|
|
/* decompose into uid, gid and sid */
|
|
p = item->maptext;
|
|
item->uidstr = item->maptext;
|
|
item->gidstr = strchr( item->uidstr, ':' );
|
|
if ( item->gidstr )
|
|
{
|
|
pu = item->gidstr++;
|
|
item->sidstr = strchr( item->gidstr, ':' );
|
|
if ( item->sidstr )
|
|
{
|
|
pg = item->sidstr++;
|
|
q = strchr( item->sidstr, ':' );
|
|
if ( q ) *q = 0;
|
|
}
|
|
}
|
|
if ( pu && pg )
|
|
*pu = *pg = '\0';
|
|
else
|
|
{
|
|
log_early_error( "Bad mapping item \"%s\"\n",
|
|
item->maptext );
|
|
free( item );
|
|
item = ( struct MAPLIST* )NULL;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
free( item ); /* free unused item */
|
|
item = ( struct MAPLIST* )NULL;
|
|
}
|
|
}
|
|
*psrc = src;
|
|
return ( item );
|
|
}
|
|
|
|
/*
|
|
* Read user mapping file and split into their attribute.
|
|
* Parameters are kept as text in a chained list until logins
|
|
* are converted to uid.
|
|
* Returns the head of list, if any
|
|
*
|
|
* If an absolute path is provided, the mapping file is assumed
|
|
* to be located in another mounted file system, and plain read()
|
|
* are used to get its contents.
|
|
* If a relative path is provided, the mapping file is assumed
|
|
* to be located on the current file system, and internal IO
|
|
* have to be used since we are still mounting and we have not
|
|
* entered the fuse loop yet.
|
|
*/
|
|
|
|
struct MAPLIST *ntfs_read_mapping( FILEREADER reader, void *fileid )
|
|
{
|
|
char buf[BUFSZ];
|
|
struct MAPLIST *item;
|
|
struct MAPLIST *firstitem;
|
|
struct MAPLIST *lastitem;
|
|
int src;
|
|
off_t offs;
|
|
s64 size;
|
|
|
|
firstitem = ( struct MAPLIST* )NULL;
|
|
lastitem = ( struct MAPLIST* )NULL;
|
|
offs = 0;
|
|
size = reader( fileid, buf, ( size_t )BUFSZ, ( off_t )0 );
|
|
if ( size > 0 )
|
|
{
|
|
src = 0;
|
|
do
|
|
{
|
|
item = getmappingitem( reader, fileid, &offs,
|
|
buf, &src, &size );
|
|
if ( item )
|
|
{
|
|
item->next = ( struct MAPLIST* )NULL;
|
|
if ( lastitem )
|
|
lastitem->next = item;
|
|
else
|
|
firstitem = item;
|
|
lastitem = item;
|
|
}
|
|
}
|
|
while ( item );
|
|
}
|
|
return ( firstitem );
|
|
}
|
|
|
|
/*
|
|
* Free memory used to store the user mapping
|
|
* The only purpose is to facilitate the detection of memory leaks
|
|
*/
|
|
|
|
void ntfs_free_mapping( struct MAPPING *mapping[] )
|
|
{
|
|
struct MAPPING *user;
|
|
struct MAPPING *group;
|
|
|
|
/* free user mappings */
|
|
while ( mapping[MAPUSERS] )
|
|
{
|
|
user = mapping[MAPUSERS];
|
|
/* do not free SIDs used for group mappings */
|
|
group = mapping[MAPGROUPS];
|
|
while ( group && ( group->sid != user->sid ) )
|
|
group = group->next;
|
|
if ( !group )
|
|
free( user->sid );
|
|
/* free group list if any */
|
|
if ( user->grcnt )
|
|
free( user->groups );
|
|
/* unchain item and free */
|
|
mapping[MAPUSERS] = user->next;
|
|
free( user );
|
|
}
|
|
/* free group mappings */
|
|
while ( mapping[MAPGROUPS] )
|
|
{
|
|
group = mapping[MAPGROUPS];
|
|
free( group->sid );
|
|
/* unchain item and free */
|
|
mapping[MAPGROUPS] = group->next;
|
|
free( group );
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
* Build the user mapping list
|
|
* user identification may be given in symbolic or numeric format
|
|
*
|
|
* ! Note ! : does getpwnam() read /etc/passwd or some other file ?
|
|
* if so there is a possible recursion into fuse if this
|
|
* file is on NTFS, and fuse is not recursion safe.
|
|
*/
|
|
|
|
struct MAPPING *ntfs_do_user_mapping( struct MAPLIST *firstitem )
|
|
{
|
|
struct MAPLIST *item;
|
|
struct MAPPING *firstmapping;
|
|
struct MAPPING *lastmapping;
|
|
struct MAPPING *mapping;
|
|
struct passwd *pwd;
|
|
SID *sid;
|
|
int uid;
|
|
|
|
firstmapping = ( struct MAPPING* )NULL;
|
|
lastmapping = ( struct MAPPING* )NULL;
|
|
for ( item = firstitem; item; item = item->next )
|
|
{
|
|
if ( ( item->uidstr[0] >= '0' ) && ( item->uidstr[0] <= '9' ) )
|
|
uid = atoi( item->uidstr );
|
|
else
|
|
{
|
|
uid = 0;
|
|
if ( item->uidstr[0] )
|
|
{
|
|
pwd = getpwnam( item->uidstr );
|
|
if ( pwd )
|
|
uid = pwd->pw_uid;
|
|
else
|
|
log_early_error( "Invalid user \"%s\"\n",
|
|
item->uidstr );
|
|
}
|
|
}
|
|
/*
|
|
* Records with no uid and no gid are inserted
|
|
* to define the implicit mapping pattern
|
|
*/
|
|
if ( uid
|
|
|| ( !item->uidstr[0] && !item->gidstr[0] ) )
|
|
{
|
|
sid = encodesid( item->sidstr );
|
|
if ( sid && !item->uidstr[0] && !item->gidstr[0]
|
|
&& !ntfs_valid_pattern( sid ) )
|
|
{
|
|
ntfs_log_error( "Bad implicit SID pattern %s\n",
|
|
item->sidstr );
|
|
sid = ( SID* )NULL;
|
|
}
|
|
if ( sid )
|
|
{
|
|
mapping =
|
|
( struct MAPPING* )
|
|
ntfs_malloc( sizeof( struct MAPPING ) );
|
|
if ( mapping )
|
|
{
|
|
mapping->sid = sid;
|
|
mapping->xid = uid;
|
|
mapping->grcnt = 0;
|
|
mapping->next = ( struct MAPPING* )NULL;
|
|
if ( lastmapping )
|
|
lastmapping->next = mapping;
|
|
else
|
|
firstmapping = mapping;
|
|
lastmapping = mapping;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return ( firstmapping );
|
|
}
|
|
|
|
/*
|
|
* Build the group mapping list
|
|
* group identification may be given in symbolic or numeric format
|
|
*
|
|
* gid not associated to a uid are processed first in order
|
|
* to favour real groups
|
|
*
|
|
* ! Note ! : does getgrnam() read /etc/group or some other file ?
|
|
* if so there is a possible recursion into fuse if this
|
|
* file is on NTFS, and fuse is not recursion safe.
|
|
*/
|
|
|
|
struct MAPPING *ntfs_do_group_mapping( struct MAPLIST *firstitem )
|
|
{
|
|
struct MAPLIST *item;
|
|
struct MAPPING *firstmapping;
|
|
struct MAPPING *lastmapping;
|
|
struct MAPPING *mapping;
|
|
struct group *grp;
|
|
BOOL secondstep;
|
|
BOOL ok;
|
|
int step;
|
|
SID *sid;
|
|
int gid;
|
|
|
|
firstmapping = ( struct MAPPING* )NULL;
|
|
lastmapping = ( struct MAPPING* )NULL;
|
|
for ( step = 1; step <= 2; step++ )
|
|
{
|
|
for ( item = firstitem; item; item = item->next )
|
|
{
|
|
secondstep = ( item->uidstr[0] != '\0' )
|
|
|| !item->gidstr[0];
|
|
ok = ( step == 1 ? !secondstep : secondstep );
|
|
if ( ( item->gidstr[0] >= '0' )
|
|
&& ( item->gidstr[0] <= '9' ) )
|
|
gid = atoi( item->gidstr );
|
|
else
|
|
{
|
|
gid = 0;
|
|
if ( item->gidstr[0] )
|
|
{
|
|
grp = getgrnam( item->gidstr );
|
|
if ( grp )
|
|
gid = grp->gr_gid;
|
|
else
|
|
log_early_error( "Invalid group \"%s\"\n",
|
|
item->gidstr );
|
|
}
|
|
}
|
|
/*
|
|
* Records with no uid and no gid are inserted in the
|
|
* second step to define the implicit mapping pattern
|
|
*/
|
|
if ( ok
|
|
&& ( gid
|
|
|| ( !item->uidstr[0] && !item->gidstr[0] ) ) )
|
|
{
|
|
sid = encodesid( item->sidstr );
|
|
if ( sid && !item->uidstr[0] && !item->gidstr[0]
|
|
&& !ntfs_valid_pattern( sid ) )
|
|
{
|
|
/* error already logged */
|
|
sid = ( SID* )NULL;
|
|
}
|
|
if ( sid )
|
|
{
|
|
mapping = ( struct MAPPING* )
|
|
ntfs_malloc( sizeof( struct MAPPING ) );
|
|
if ( mapping )
|
|
{
|
|
mapping->sid = sid;
|
|
mapping->xid = gid;
|
|
mapping->grcnt = 0;
|
|
mapping->next = ( struct MAPPING* )NULL;
|
|
if ( lastmapping )
|
|
lastmapping->next = mapping;
|
|
else
|
|
firstmapping = mapping;
|
|
lastmapping = mapping;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return ( firstmapping );
|
|
}
|