mirror of
https://github.com/wiidev/usbloadergx.git
synced 2025-01-09 18:29:22 +01:00
9e79c9d99b
* code cleanup
5698 lines
175 KiB
C
5698 lines
175 KiB
C
/**
|
|
* security.c - Handling security/ACLs in NTFS. Originated from the Linux-NTFS project.
|
|
*
|
|
* Copyright (c) 2004 Anton Altaparmakov
|
|
* Copyright (c) 2005-2006 Szabolcs Szakacsits
|
|
* Copyright (c) 2006 Yura Pakhuchiy
|
|
* Copyright (c) 2007-2009 Jean-Pierre Andre
|
|
*
|
|
* This program/include file is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as published
|
|
* by the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program/include file is distributed in the hope that it will be
|
|
* useful, but WITHOUT ANY WARRANTY; without even the implied warranty
|
|
* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program (in the main directory of the NTFS-3G
|
|
* distribution in the file COPYING); if not, write to the Free Software
|
|
* Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include "config.h"
|
|
#endif
|
|
|
|
#ifdef HAVE_STDIO_H
|
|
#include <stdio.h>
|
|
#endif
|
|
#ifdef HAVE_STDLIB_H
|
|
#include <stdlib.h>
|
|
#endif
|
|
#ifdef HAVE_STRING_H
|
|
#include <string.h>
|
|
#endif
|
|
#ifdef HAVE_ERRNO_H
|
|
#include <errno.h>
|
|
#endif
|
|
#ifdef HAVE_FCNTL_H
|
|
#include <fcntl.h>
|
|
#endif
|
|
#ifdef HAVE_SETXATTR
|
|
#include <sys/xattr.h>
|
|
#endif
|
|
#ifdef HAVE_SYS_STAT_H
|
|
#include <sys/stat.h>
|
|
#endif
|
|
|
|
#include <unistd.h>
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
|
|
#include "param.h"
|
|
#include "types.h"
|
|
#include "layout.h"
|
|
#include "attrib.h"
|
|
#include "index.h"
|
|
#include "dir.h"
|
|
#include "bitmap.h"
|
|
#include "security.h"
|
|
#include "acls.h"
|
|
#include "cache.h"
|
|
#include "misc.h"
|
|
|
|
/*
|
|
* JPA NTFS constants or structs
|
|
* should be moved to layout.h
|
|
*/
|
|
|
|
#define ALIGN_SDS_BLOCK 0x40000 /* Alignment for a $SDS block */
|
|
#define ALIGN_SDS_ENTRY 16 /* Alignment for a $SDS entry */
|
|
#define STUFFSZ 0x4000 /* unitary stuffing size for $SDS */
|
|
#define FIRST_SECURITY_ID 0x100 /* Lowest security id */
|
|
|
|
/* Mask for attributes which can be forced */
|
|
#define FILE_ATTR_SETTABLE ( FILE_ATTR_READONLY \
|
|
| FILE_ATTR_HIDDEN \
|
|
| FILE_ATTR_SYSTEM \
|
|
| FILE_ATTR_ARCHIVE \
|
|
| FILE_ATTR_TEMPORARY \
|
|
| FILE_ATTR_OFFLINE \
|
|
| FILE_ATTR_NOT_CONTENT_INDEXED )
|
|
|
|
struct SII /* this is an image of an $SII index entry */
|
|
{
|
|
le16 offs;
|
|
le16 size;
|
|
le32 fill1;
|
|
le16 indexsz;
|
|
le16 indexksz;
|
|
le16 flags;
|
|
le16 fill2;
|
|
le32 keysecurid;
|
|
|
|
/* did not find official description for the following */
|
|
le32 hash;
|
|
le32 securid;
|
|
le32 dataoffsl; /* documented as badly aligned */
|
|
le32 dataoffsh;
|
|
le32 datasize;
|
|
} ;
|
|
|
|
struct SDH /* this is an image of an $SDH index entry */
|
|
{
|
|
le16 offs;
|
|
le16 size;
|
|
le32 fill1;
|
|
le16 indexsz;
|
|
le16 indexksz;
|
|
le16 flags;
|
|
le16 fill2;
|
|
le32 keyhash;
|
|
le32 keysecurid;
|
|
|
|
/* did not find official description for the following */
|
|
le32 hash;
|
|
le32 securid;
|
|
le32 dataoffsl;
|
|
le32 dataoffsh;
|
|
le32 datasize;
|
|
le32 fill3;
|
|
} ;
|
|
|
|
/*
|
|
* A few useful constants
|
|
*/
|
|
|
|
static ntfschar sii_stream[] = { const_cpu_to_le16( '$' ),
|
|
const_cpu_to_le16( 'S' ),
|
|
const_cpu_to_le16( 'I' ),
|
|
const_cpu_to_le16( 'I' ),
|
|
const_cpu_to_le16( 0 )
|
|
};
|
|
static ntfschar sdh_stream[] = { const_cpu_to_le16( '$' ),
|
|
const_cpu_to_le16( 'S' ),
|
|
const_cpu_to_le16( 'D' ),
|
|
const_cpu_to_le16( 'H' ),
|
|
const_cpu_to_le16( 0 )
|
|
};
|
|
|
|
/*
|
|
* null SID (S-1-0-0)
|
|
*/
|
|
|
|
extern const SID *nullsid;
|
|
|
|
/*
|
|
* The zero GUID.
|
|
*/
|
|
|
|
static const GUID __zero_guid = { const_cpu_to_le32( 0 ), const_cpu_to_le16( 0 ),
|
|
const_cpu_to_le16( 0 ), { 0, 0, 0, 0, 0, 0, 0, 0 }
|
|
};
|
|
static const GUID *const zero_guid = &__zero_guid;
|
|
|
|
/**
|
|
* ntfs_guid_is_zero - check if a GUID is zero
|
|
* @guid: [IN] guid to check
|
|
*
|
|
* Return TRUE if @guid is a valid pointer to a GUID and it is the zero GUID
|
|
* and FALSE otherwise.
|
|
*/
|
|
BOOL ntfs_guid_is_zero( const GUID *guid )
|
|
{
|
|
return ( memcmp( guid, zero_guid, sizeof( *zero_guid ) ) );
|
|
}
|
|
|
|
/**
|
|
* ntfs_guid_to_mbs - convert a GUID to a multi byte string
|
|
* @guid: [IN] guid to convert
|
|
* @guid_str: [OUT] string in which to return the GUID (optional)
|
|
*
|
|
* Convert the GUID pointed to by @guid to a multi byte string of the form
|
|
* "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX". Therefore, @guid_str (if not NULL)
|
|
* needs to be able to store at least 37 bytes.
|
|
*
|
|
* If @guid_str is not NULL it will contain the converted GUID on return. If
|
|
* it is NULL a string will be allocated and this will be returned. The caller
|
|
* is responsible for free()ing the string in that case.
|
|
*
|
|
* On success return the converted string and on failure return NULL with errno
|
|
* set to the error code.
|
|
*/
|
|
char *ntfs_guid_to_mbs( const GUID *guid, char *guid_str )
|
|
{
|
|
char *_guid_str;
|
|
int res;
|
|
|
|
if ( !guid )
|
|
{
|
|
errno = EINVAL;
|
|
return NULL;
|
|
}
|
|
_guid_str = guid_str;
|
|
if ( !_guid_str )
|
|
{
|
|
_guid_str = ( char* )ntfs_malloc( 37 );
|
|
if ( !_guid_str )
|
|
return _guid_str;
|
|
}
|
|
res = snprintf( _guid_str, 37,
|
|
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
|
( unsigned int )le32_to_cpu( guid->data1 ),
|
|
le16_to_cpu( guid->data2 ), le16_to_cpu( guid->data3 ),
|
|
guid->data4[0], guid->data4[1],
|
|
guid->data4[2], guid->data4[3], guid->data4[4],
|
|
guid->data4[5], guid->data4[6], guid->data4[7] );
|
|
if ( res == 36 )
|
|
return _guid_str;
|
|
if ( !guid_str )
|
|
free( _guid_str );
|
|
errno = EINVAL;
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* ntfs_sid_to_mbs_size - determine maximum size for the string of a SID
|
|
* @sid: [IN] SID for which to determine the maximum string size
|
|
*
|
|
* Determine the maximum multi byte string size in bytes which is needed to
|
|
* store the standard textual representation of the SID pointed to by @sid.
|
|
* See ntfs_sid_to_mbs(), below.
|
|
*
|
|
* On success return the maximum number of bytes needed to store the multi byte
|
|
* string and on failure return -1 with errno set to the error code.
|
|
*/
|
|
int ntfs_sid_to_mbs_size( const SID *sid )
|
|
{
|
|
int size, i;
|
|
|
|
if ( !ntfs_sid_is_valid( sid ) )
|
|
{
|
|
errno = EINVAL;
|
|
return -1;
|
|
}
|
|
/* Start with "S-". */
|
|
size = 2;
|
|
/*
|
|
* Add the SID_REVISION. Hopefully the compiler will optimize this
|
|
* away as SID_REVISION is a constant.
|
|
*/
|
|
for ( i = SID_REVISION; i > 0; i /= 10 )
|
|
size++;
|
|
/* Add the "-". */
|
|
size++;
|
|
/*
|
|
* Add the identifier authority. If it needs to be in decimal, the
|
|
* maximum is 2^32-1 = 4294967295 = 10 characters. If it needs to be
|
|
* in hexadecimal, then maximum is 0x665544332211 = 14 characters.
|
|
*/
|
|
if ( !sid->identifier_authority.high_part )
|
|
size += 10;
|
|
else
|
|
size += 14;
|
|
/*
|
|
* Finally, add the sub authorities. For each we have a "-" followed
|
|
* by a decimal which can be up to 2^32-1 = 4294967295 = 10 characters.
|
|
*/
|
|
size += ( 1 + 10 ) * sid->sub_authority_count;
|
|
/* We need the zero byte at the end, too. */
|
|
size++;
|
|
return size * sizeof( char );
|
|
}
|
|
|
|
/**
|
|
* ntfs_sid_to_mbs - convert a SID to a multi byte string
|
|
* @sid: [IN] SID to convert
|
|
* @sid_str: [OUT] string in which to return the SID (optional)
|
|
* @sid_str_size: [IN] size in bytes of @sid_str
|
|
*
|
|
* Convert the SID pointed to by @sid to its standard textual representation.
|
|
* @sid_str (if not NULL) needs to be able to store at least
|
|
* ntfs_sid_to_mbs_size() bytes. @sid_str_size is the size in bytes of
|
|
* @sid_str if @sid_str is not NULL.
|
|
*
|
|
* The standard textual representation of the SID is of the form:
|
|
* S-R-I-S-S...
|
|
* Where:
|
|
* - The first "S" is the literal character 'S' identifying the following
|
|
* digits as a SID.
|
|
* - R is the revision level of the SID expressed as a sequence of digits
|
|
* in decimal.
|
|
* - I is the 48-bit identifier_authority, expressed as digits in decimal,
|
|
* if I < 2^32, or hexadecimal prefixed by "0x", if I >= 2^32.
|
|
* - S... is one or more sub_authority values, expressed as digits in
|
|
* decimal.
|
|
*
|
|
* If @sid_str is not NULL it will contain the converted SUID on return. If it
|
|
* is NULL a string will be allocated and this will be returned. The caller is
|
|
* responsible for free()ing the string in that case.
|
|
*
|
|
* On success return the converted string and on failure return NULL with errno
|
|
* set to the error code.
|
|
*/
|
|
char *ntfs_sid_to_mbs( const SID *sid, char *sid_str, size_t sid_str_size )
|
|
{
|
|
u64 u;
|
|
le32 leauth;
|
|
char *s;
|
|
int i, j, cnt;
|
|
|
|
/*
|
|
* No need to check @sid if !@sid_str since ntfs_sid_to_mbs_size() will
|
|
* check @sid, too. 8 is the minimum SID string size.
|
|
*/
|
|
if ( sid_str && ( sid_str_size < 8 || !ntfs_sid_is_valid( sid ) ) )
|
|
{
|
|
errno = EINVAL;
|
|
return NULL;
|
|
}
|
|
/* Allocate string if not provided. */
|
|
if ( !sid_str )
|
|
{
|
|
cnt = ntfs_sid_to_mbs_size( sid );
|
|
if ( cnt < 0 )
|
|
return NULL;
|
|
s = ( char* )ntfs_malloc( cnt );
|
|
if ( !s )
|
|
return s;
|
|
sid_str = s;
|
|
/* So we know we allocated it. */
|
|
sid_str_size = 0;
|
|
}
|
|
else
|
|
{
|
|
s = sid_str;
|
|
cnt = sid_str_size;
|
|
}
|
|
/* Start with "S-R-". */
|
|
i = snprintf( s, cnt, "S-%hhu-", ( unsigned char )sid->revision );
|
|
if ( i < 0 || i >= cnt )
|
|
goto err_out;
|
|
s += i;
|
|
cnt -= i;
|
|
/* Add the identifier authority. */
|
|
for ( u = i = 0, j = 40; i < 6; i++, j -= 8 )
|
|
u += ( u64 )sid->identifier_authority.value[i] << j;
|
|
if ( !sid->identifier_authority.high_part )
|
|
i = snprintf( s, cnt, "%lu", ( unsigned long )u );
|
|
else
|
|
i = snprintf( s, cnt, "0x%llx", ( unsigned long long )u );
|
|
if ( i < 0 || i >= cnt )
|
|
goto err_out;
|
|
s += i;
|
|
cnt -= i;
|
|
/* Finally, add the sub authorities. */
|
|
for ( j = 0; j < sid->sub_authority_count; j++ )
|
|
{
|
|
leauth = sid->sub_authority[j];
|
|
i = snprintf( s, cnt, "-%u", ( unsigned int )
|
|
le32_to_cpu( leauth ) );
|
|
if ( i < 0 || i >= cnt )
|
|
goto err_out;
|
|
s += i;
|
|
cnt -= i;
|
|
}
|
|
return sid_str;
|
|
err_out:
|
|
if ( i >= cnt )
|
|
i = EMSGSIZE;
|
|
else
|
|
i = errno;
|
|
if ( !sid_str_size )
|
|
free( sid_str );
|
|
errno = i;
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* ntfs_generate_guid - generatates a random current guid.
|
|
* @guid: [OUT] pointer to a GUID struct to hold the generated guid.
|
|
*
|
|
* perhaps not a very good random number generator though...
|
|
*/
|
|
void ntfs_generate_guid( GUID *guid )
|
|
{
|
|
unsigned int i;
|
|
u8 *p = ( u8 * )guid;
|
|
|
|
for ( i = 0; i < sizeof( GUID ); i++ )
|
|
{
|
|
p[i] = ( u8 )( random() & 0xFF );
|
|
if ( i == 7 )
|
|
p[7] = ( p[7] & 0x0F ) | 0x40;
|
|
if ( i == 8 )
|
|
p[8] = ( p[8] & 0x3F ) | 0x80;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* ntfs_security_hash - calculate the hash of a security descriptor
|
|
* @sd: self-relative security descriptor whose hash to calculate
|
|
* @length: size in bytes of the security descritor @sd
|
|
*
|
|
* Calculate the hash of the self-relative security descriptor @sd of length
|
|
* @length bytes.
|
|
*
|
|
* This hash is used in the $Secure system file as the primary key for the $SDH
|
|
* index and is also stored in the header of each security descriptor in the
|
|
* $SDS data stream as well as in the index data of both the $SII and $SDH
|
|
* indexes. In all three cases it forms part of the SDS_ENTRY_HEADER
|
|
* structure.
|
|
*
|
|
* Return the calculated security hash in little endian.
|
|
*/
|
|
le32 ntfs_security_hash( const SECURITY_DESCRIPTOR_RELATIVE *sd, const u32 len )
|
|
{
|
|
const le32 *pos = ( const le32* )sd;
|
|
const le32 *end = pos + ( len >> 2 );
|
|
u32 hash = 0;
|
|
|
|
while ( pos < end )
|
|
{
|
|
hash = le32_to_cpup( pos ) + ntfs_rol32( hash, 3 );
|
|
pos++;
|
|
}
|
|
return cpu_to_le32( hash );
|
|
}
|
|
|
|
/*
|
|
* Internal read
|
|
* copied and pasted from ntfs_fuse_read() and made independent
|
|
* of fuse context
|
|
*/
|
|
|
|
static int ntfs_local_read( ntfs_inode *ni,
|
|
ntfschar *stream_name, int stream_name_len,
|
|
char *buf, size_t size, off_t offset )
|
|
{
|
|
ntfs_attr *na = NULL;
|
|
int res, total = 0;
|
|
|
|
na = ntfs_attr_open( ni, AT_DATA, stream_name, stream_name_len );
|
|
if ( !na )
|
|
{
|
|
res = -errno;
|
|
goto exit;
|
|
}
|
|
if ( ( size_t )offset < ( size_t )na->data_size )
|
|
{
|
|
if ( offset + size > ( size_t )na->data_size )
|
|
size = na->data_size - offset;
|
|
while ( size )
|
|
{
|
|
res = ntfs_attr_pread( na, offset, size, buf );
|
|
if ( ( off_t )res < ( off_t )size )
|
|
ntfs_log_perror( "ntfs_attr_pread partial read "
|
|
"(%lld : %lld <> %d)",
|
|
( long long )offset,
|
|
( long long )size, res );
|
|
if ( res <= 0 )
|
|
{
|
|
res = -errno;
|
|
goto exit;
|
|
}
|
|
size -= res;
|
|
offset += res;
|
|
total += res;
|
|
}
|
|
}
|
|
res = total;
|
|
exit:
|
|
if ( na )
|
|
ntfs_attr_close( na );
|
|
return res;
|
|
}
|
|
|
|
|
|
/*
|
|
* Internal write
|
|
* copied and pasted from ntfs_fuse_write() and made independent
|
|
* of fuse context
|
|
*/
|
|
|
|
static int ntfs_local_write( ntfs_inode *ni,
|
|
ntfschar *stream_name, int stream_name_len,
|
|
char *buf, size_t size, off_t offset )
|
|
{
|
|
ntfs_attr *na = NULL;
|
|
int res, total = 0;
|
|
|
|
na = ntfs_attr_open( ni, AT_DATA, stream_name, stream_name_len );
|
|
if ( !na )
|
|
{
|
|
res = -errno;
|
|
goto exit;
|
|
}
|
|
while ( size )
|
|
{
|
|
res = ntfs_attr_pwrite( na, offset, size, buf );
|
|
if ( res < ( s64 )size )
|
|
ntfs_log_perror( "ntfs_attr_pwrite partial write (%lld: "
|
|
"%lld <> %d)", ( long long )offset,
|
|
( long long )size, res );
|
|
if ( res <= 0 )
|
|
{
|
|
res = -errno;
|
|
goto exit;
|
|
}
|
|
size -= res;
|
|
offset += res;
|
|
total += res;
|
|
}
|
|
res = total;
|
|
exit:
|
|
if ( na )
|
|
ntfs_attr_close( na );
|
|
return res;
|
|
}
|
|
|
|
|
|
/*
|
|
* Get the first entry of current index block
|
|
* cut and pasted form ntfs_ie_get_first() in index.c
|
|
*/
|
|
|
|
static INDEX_ENTRY *ntfs_ie_get_first( INDEX_HEADER *ih )
|
|
{
|
|
return ( INDEX_ENTRY* )( ( u8* )ih + le32_to_cpu( ih->entries_offset ) );
|
|
}
|
|
|
|
/*
|
|
* Stuff a 256KB block into $SDS before writing descriptors
|
|
* into the block.
|
|
*
|
|
* This prevents $SDS from being automatically declared as sparse
|
|
* when the second copy of the first security descriptor is written
|
|
* 256KB further ahead.
|
|
*
|
|
* Having $SDS declared as a sparse file is not wrong by itself
|
|
* and chkdsk leaves it as a sparse file. It does however complain
|
|
* and add a sparse flag (0x0200) into field file_attributes of
|
|
* STANDARD_INFORMATION of $Secure. This probably means that a
|
|
* sparse attribute (ATTR_IS_SPARSE) is only allowed in sparse
|
|
* files (FILE_ATTR_SPARSE_FILE).
|
|
*
|
|
* Windows normally does not convert to sparse attribute or sparse
|
|
* file. Stuffing is just a way to get to the same result.
|
|
*/
|
|
|
|
static int entersecurity_stuff( ntfs_volume *vol, off_t offs )
|
|
{
|
|
int res;
|
|
int written;
|
|
unsigned long total;
|
|
char *stuff;
|
|
|
|
res = 0;
|
|
total = 0;
|
|
stuff = ( char* )ntfs_malloc( STUFFSZ );
|
|
if ( stuff )
|
|
{
|
|
memset( stuff, 0, STUFFSZ );
|
|
do
|
|
{
|
|
written = ntfs_local_write( vol->secure_ni,
|
|
STREAM_SDS, 4, stuff, STUFFSZ, offs );
|
|
if ( written == STUFFSZ )
|
|
{
|
|
total += STUFFSZ;
|
|
offs += STUFFSZ;
|
|
}
|
|
else
|
|
{
|
|
errno = ENOSPC;
|
|
res = -1;
|
|
}
|
|
}
|
|
while ( !res && ( total < ALIGN_SDS_BLOCK ) );
|
|
free( stuff );
|
|
}
|
|
else
|
|
{
|
|
errno = ENOMEM;
|
|
res = -1;
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
/*
|
|
* Enter a new security descriptor into $Secure (data only)
|
|
* it has to be written twice with an offset of 256KB
|
|
*
|
|
* Should only be called by entersecurityattr() to ensure consistency
|
|
*
|
|
* Returns zero if sucessful
|
|
*/
|
|
|
|
static int entersecurity_data( ntfs_volume *vol,
|
|
const SECURITY_DESCRIPTOR_RELATIVE *attr, s64 attrsz,
|
|
le32 hash, le32 keyid, off_t offs, int gap )
|
|
{
|
|
int res;
|
|
int written1;
|
|
int written2;
|
|
char *fullattr;
|
|
int fullsz;
|
|
SECURITY_DESCRIPTOR_HEADER *phsds;
|
|
|
|
res = -1;
|
|
fullsz = attrsz + gap + sizeof( SECURITY_DESCRIPTOR_HEADER );
|
|
fullattr = ( char* )ntfs_malloc( fullsz );
|
|
if ( fullattr )
|
|
{
|
|
/*
|
|
* Clear the gap from previous descriptor
|
|
* this could be useful for appending the second
|
|
* copy to the end of file. When creating a new
|
|
* 256K block, the gap is cleared while writing
|
|
* the first copy
|
|
*/
|
|
if ( gap )
|
|
memset( fullattr, 0, gap );
|
|
memcpy( &fullattr[gap + sizeof( SECURITY_DESCRIPTOR_HEADER )],
|
|
attr, attrsz );
|
|
phsds = ( SECURITY_DESCRIPTOR_HEADER* ) & fullattr[gap];
|
|
phsds->hash = hash;
|
|
phsds->security_id = keyid;
|
|
phsds->offset = cpu_to_le64( offs );
|
|
phsds->length = cpu_to_le32( fullsz - gap );
|
|
written1 = ntfs_local_write( vol->secure_ni,
|
|
STREAM_SDS, 4, fullattr, fullsz,
|
|
offs - gap );
|
|
written2 = ntfs_local_write( vol->secure_ni,
|
|
STREAM_SDS, 4, fullattr, fullsz,
|
|
offs - gap + ALIGN_SDS_BLOCK );
|
|
if ( ( written1 == fullsz )
|
|
&& ( written2 == written1 ) )
|
|
res = 0;
|
|
else
|
|
errno = ENOSPC;
|
|
free( fullattr );
|
|
}
|
|
else
|
|
errno = ENOMEM;
|
|
return ( res );
|
|
}
|
|
|
|
/*
|
|
* Enter a new security descriptor in $Secure (indexes only)
|
|
*
|
|
* Should only be called by entersecurityattr() to ensure consistency
|
|
*
|
|
* Returns zero if sucessful
|
|
*/
|
|
|
|
static int entersecurity_indexes( ntfs_volume *vol, s64 attrsz,
|
|
le32 hash, le32 keyid, off_t offs )
|
|
{
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
le32 dataoffsl;
|
|
le32 dataoffsh;
|
|
} parts;
|
|
le64 all;
|
|
} realign;
|
|
int res;
|
|
ntfs_index_context *xsii;
|
|
ntfs_index_context *xsdh;
|
|
struct SII newsii;
|
|
struct SDH newsdh;
|
|
|
|
res = -1;
|
|
/* enter a new $SII record */
|
|
|
|
xsii = vol->secure_xsii;
|
|
ntfs_index_ctx_reinit( xsii );
|
|
newsii.offs = const_cpu_to_le16( 20 );
|
|
newsii.size = const_cpu_to_le16( sizeof( struct SII ) - 20 );
|
|
newsii.fill1 = const_cpu_to_le32( 0 );
|
|
newsii.indexsz = const_cpu_to_le16( sizeof( struct SII ) );
|
|
newsii.indexksz = const_cpu_to_le16( sizeof( SII_INDEX_KEY ) );
|
|
newsii.flags = const_cpu_to_le16( 0 );
|
|
newsii.fill2 = const_cpu_to_le16( 0 );
|
|
newsii.keysecurid = keyid;
|
|
newsii.hash = hash;
|
|
newsii.securid = keyid;
|
|
realign.all = cpu_to_le64( offs );
|
|
newsii.dataoffsh = realign.parts.dataoffsh;
|
|
newsii.dataoffsl = realign.parts.dataoffsl;
|
|
newsii.datasize = cpu_to_le32( attrsz
|
|
+ sizeof( SECURITY_DESCRIPTOR_HEADER ) );
|
|
if ( !ntfs_ie_add( xsii, ( INDEX_ENTRY* )&newsii ) )
|
|
{
|
|
|
|
/* enter a new $SDH record */
|
|
|
|
xsdh = vol->secure_xsdh;
|
|
ntfs_index_ctx_reinit( xsdh );
|
|
newsdh.offs = const_cpu_to_le16( 24 );
|
|
newsdh.size = const_cpu_to_le16(
|
|
sizeof( SECURITY_DESCRIPTOR_HEADER ) );
|
|
newsdh.fill1 = const_cpu_to_le32( 0 );
|
|
newsdh.indexsz = const_cpu_to_le16(
|
|
sizeof( struct SDH ) );
|
|
newsdh.indexksz = const_cpu_to_le16(
|
|
sizeof( SDH_INDEX_KEY ) );
|
|
newsdh.flags = const_cpu_to_le16( 0 );
|
|
newsdh.fill2 = const_cpu_to_le16( 0 );
|
|
newsdh.keyhash = hash;
|
|
newsdh.keysecurid = keyid;
|
|
newsdh.hash = hash;
|
|
newsdh.securid = keyid;
|
|
newsdh.dataoffsh = realign.parts.dataoffsh;
|
|
newsdh.dataoffsl = realign.parts.dataoffsl;
|
|
newsdh.datasize = cpu_to_le32( attrsz
|
|
+ sizeof( SECURITY_DESCRIPTOR_HEADER ) );
|
|
/* special filler value, Windows generally */
|
|
/* fills with 0x00490049, sometimes with zero */
|
|
newsdh.fill3 = const_cpu_to_le32( 0x00490049 );
|
|
if ( !ntfs_ie_add( xsdh, ( INDEX_ENTRY* )&newsdh ) )
|
|
res = 0;
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
/*
|
|
* Enter a new security descriptor in $Secure (data and indexes)
|
|
* Returns id of entry, or zero if there is a problem.
|
|
* (should not be called for NTFS version < 3.0)
|
|
*
|
|
* important : calls have to be serialized, however no locking is
|
|
* needed while fuse is not multithreaded
|
|
*/
|
|
|
|
static le32 entersecurityattr( ntfs_volume *vol,
|
|
const SECURITY_DESCRIPTOR_RELATIVE *attr, s64 attrsz,
|
|
le32 hash )
|
|
{
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
le32 dataoffsl;
|
|
le32 dataoffsh;
|
|
} parts;
|
|
le64 all;
|
|
} realign;
|
|
le32 securid;
|
|
le32 keyid;
|
|
u32 newkey;
|
|
off_t offs;
|
|
int gap;
|
|
int size;
|
|
BOOL found;
|
|
struct SII *psii;
|
|
INDEX_ENTRY *entry;
|
|
INDEX_ENTRY *next;
|
|
ntfs_index_context *xsii;
|
|
int retries;
|
|
ntfs_attr *na;
|
|
int olderrno;
|
|
|
|
/* find the first available securid beyond the last key */
|
|
/* in $Secure:$SII. This also determines the first */
|
|
/* available location in $Secure:$SDS, as this stream */
|
|
/* is always appended to and the id's are allocated */
|
|
/* in sequence */
|
|
|
|
securid = const_cpu_to_le32( 0 );
|
|
xsii = vol->secure_xsii;
|
|
ntfs_index_ctx_reinit( xsii );
|
|
offs = size = 0;
|
|
keyid = const_cpu_to_le32( -1 );
|
|
olderrno = errno;
|
|
found = !ntfs_index_lookup( ( char* ) & keyid,
|
|
sizeof( SII_INDEX_KEY ), xsii );
|
|
if ( !found && ( errno != ENOENT ) )
|
|
{
|
|
ntfs_log_perror( "Inconsistency in index $SII" );
|
|
psii = ( struct SII* )NULL;
|
|
}
|
|
else
|
|
{
|
|
/* restore errno to avoid misinterpretation */
|
|
errno = olderrno;
|
|
entry = xsii->entry;
|
|
psii = ( struct SII* )xsii->entry;
|
|
}
|
|
if ( psii )
|
|
{
|
|
/*
|
|
* Get last entry in block, but must get first one
|
|
* one first, as we should already be beyond the
|
|
* last one. For some reason the search for the last
|
|
* entry sometimes does not return the last block...
|
|
* we assume this can only happen in root block
|
|
*/
|
|
if ( xsii->is_in_root )
|
|
entry = ntfs_ie_get_first
|
|
( ( INDEX_HEADER* ) & xsii->ir->index );
|
|
else
|
|
entry = ntfs_ie_get_first
|
|
( ( INDEX_HEADER* ) & xsii->ib->index );
|
|
/*
|
|
* All index blocks should be at least half full
|
|
* so there always is a last entry but one,
|
|
* except when creating the first entry in index root.
|
|
* This was however found not to be true : chkdsk
|
|
* sometimes deletes all the (unused) keys in the last
|
|
* index block without rebalancing the tree.
|
|
* When this happens, a new search is restarted from
|
|
* the smallest key.
|
|
*/
|
|
keyid = const_cpu_to_le32( 0 );
|
|
retries = 0;
|
|
while ( entry )
|
|
{
|
|
next = ntfs_index_next( entry, xsii );
|
|
if ( next )
|
|
{
|
|
psii = ( struct SII* )next;
|
|
/* save last key and */
|
|
/* available position */
|
|
keyid = psii->keysecurid;
|
|
realign.parts.dataoffsh
|
|
= psii->dataoffsh;
|
|
realign.parts.dataoffsl
|
|
= psii->dataoffsl;
|
|
offs = le64_to_cpu( realign.all );
|
|
size = le32_to_cpu( psii->datasize );
|
|
}
|
|
entry = next;
|
|
if ( !entry && !keyid && !retries )
|
|
{
|
|
/* search failed, retry from smallest key */
|
|
ntfs_index_ctx_reinit( xsii );
|
|
found = !ntfs_index_lookup( ( char* ) & keyid,
|
|
sizeof( SII_INDEX_KEY ), xsii );
|
|
if ( !found && ( errno != ENOENT ) )
|
|
{
|
|
ntfs_log_perror( "Index $SII is broken" );
|
|
}
|
|
else
|
|
{
|
|
/* restore errno */
|
|
errno = olderrno;
|
|
entry = xsii->entry;
|
|
}
|
|
retries++;
|
|
}
|
|
}
|
|
}
|
|
if ( !keyid )
|
|
{
|
|
/*
|
|
* could not find any entry, before creating the first
|
|
* entry, make a double check by making sure size of $SII
|
|
* is less than needed for one entry
|
|
*/
|
|
securid = const_cpu_to_le32( 0 );
|
|
na = ntfs_attr_open( vol->secure_ni, AT_INDEX_ROOT, sii_stream, 4 );
|
|
if ( na )
|
|
{
|
|
if ( ( size_t )na->data_size < sizeof( struct SII ) )
|
|
{
|
|
ntfs_log_error( "Creating the first security_id\n" );
|
|
securid = const_cpu_to_le32( FIRST_SECURITY_ID );
|
|
}
|
|
ntfs_attr_close( na );
|
|
}
|
|
if ( !securid )
|
|
{
|
|
ntfs_log_error( "Error creating a security_id\n" );
|
|
errno = EIO;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
newkey = le32_to_cpu( keyid ) + 1;
|
|
securid = cpu_to_le32( newkey );
|
|
}
|
|
/*
|
|
* The security attr has to be written twice 256KB
|
|
* apart. This implies that offsets like
|
|
* 0x40000*odd_integer must be left available for
|
|
* the second copy. So align to next block when
|
|
* the last byte overflows on a wrong block.
|
|
*/
|
|
|
|
if ( securid )
|
|
{
|
|
gap = ( -size ) & ( ALIGN_SDS_ENTRY - 1 );
|
|
offs += gap + size;
|
|
if ( ( offs + attrsz + sizeof( SECURITY_DESCRIPTOR_HEADER ) - 1 )
|
|
& ALIGN_SDS_BLOCK )
|
|
{
|
|
offs = ( ( offs + attrsz
|
|
+ sizeof( SECURITY_DESCRIPTOR_HEADER ) - 1 )
|
|
| ( ALIGN_SDS_BLOCK - 1 ) ) + 1;
|
|
}
|
|
if ( !( offs & ( ALIGN_SDS_BLOCK - 1 ) ) )
|
|
entersecurity_stuff( vol, offs );
|
|
/*
|
|
* now write the security attr to storage :
|
|
* first data, then SII, then SDH
|
|
* If failure occurs while writing SDS, data will never
|
|
* be accessed through indexes, and will be overwritten
|
|
* by the next allocated descriptor
|
|
* If failure occurs while writing SII, the id has not
|
|
* recorded and will be reallocated later
|
|
* If failure occurs while writing SDH, the space allocated
|
|
* in SDS or SII will not be reused, an inconsistency
|
|
* will persist with no significant consequence
|
|
*/
|
|
if ( entersecurity_data( vol, attr, attrsz, hash, securid, offs, gap )
|
|
|| entersecurity_indexes( vol, attrsz, hash, securid, offs ) )
|
|
securid = const_cpu_to_le32( 0 );
|
|
}
|
|
/* inode now is dirty, synchronize it all */
|
|
ntfs_index_entry_mark_dirty( vol->secure_xsii );
|
|
ntfs_index_ctx_reinit( vol->secure_xsii );
|
|
ntfs_index_entry_mark_dirty( vol->secure_xsdh );
|
|
ntfs_index_ctx_reinit( vol->secure_xsdh );
|
|
NInoSetDirty( vol->secure_ni );
|
|
if ( ntfs_inode_sync( vol->secure_ni ) )
|
|
ntfs_log_perror( "Could not sync $Secure\n" );
|
|
return ( securid );
|
|
}
|
|
|
|
/*
|
|
* Find a matching security descriptor in $Secure,
|
|
* if none, allocate a new id and write the descriptor to storage
|
|
* Returns id of entry, or zero if there is a problem.
|
|
*
|
|
* important : calls have to be serialized, however no locking is
|
|
* needed while fuse is not multithreaded
|
|
*/
|
|
|
|
static le32 setsecurityattr( ntfs_volume *vol,
|
|
const SECURITY_DESCRIPTOR_RELATIVE *attr, s64 attrsz )
|
|
{
|
|
struct SDH *psdh; /* this is an image of index (le) */
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
le32 dataoffsl;
|
|
le32 dataoffsh;
|
|
} parts;
|
|
le64 all;
|
|
} realign;
|
|
BOOL found;
|
|
BOOL collision;
|
|
size_t size;
|
|
size_t rdsize;
|
|
s64 offs;
|
|
int res;
|
|
ntfs_index_context *xsdh;
|
|
char *oldattr;
|
|
SDH_INDEX_KEY key;
|
|
INDEX_ENTRY *entry;
|
|
le32 securid;
|
|
le32 hash;
|
|
int olderrno;
|
|
|
|
hash = ntfs_security_hash( attr, attrsz );
|
|
oldattr = ( char* )NULL;
|
|
securid = const_cpu_to_le32( 0 );
|
|
res = 0;
|
|
xsdh = vol->secure_xsdh;
|
|
if ( vol->secure_ni && xsdh && !vol->secure_reentry++ )
|
|
{
|
|
ntfs_index_ctx_reinit( xsdh );
|
|
/*
|
|
* find the nearest key as (hash,0)
|
|
* (do not search for partial key : in case of collision,
|
|
* it could return a key which is not the first one which
|
|
* collides)
|
|
*/
|
|
key.hash = hash;
|
|
key.security_id = const_cpu_to_le32( 0 );
|
|
olderrno = errno;
|
|
found = !ntfs_index_lookup( ( char* ) & key,
|
|
sizeof( SDH_INDEX_KEY ), xsdh );
|
|
if ( !found && ( errno != ENOENT ) )
|
|
ntfs_log_perror( "Inconsistency in index $SDH" );
|
|
else
|
|
{
|
|
/* restore errno to avoid misinterpretation */
|
|
errno = olderrno;
|
|
entry = xsdh->entry;
|
|
found = FALSE;
|
|
/*
|
|
* lookup() may return a node with no data,
|
|
* if so get next
|
|
*/
|
|
if ( entry->ie_flags & INDEX_ENTRY_END )
|
|
entry = ntfs_index_next( entry, xsdh );
|
|
do
|
|
{
|
|
collision = FALSE;
|
|
psdh = ( struct SDH* )entry;
|
|
if ( psdh )
|
|
size = ( size_t ) le32_to_cpu( psdh->datasize )
|
|
- sizeof( SECURITY_DESCRIPTOR_HEADER );
|
|
else size = 0;
|
|
/* if hash is not the same, the key is not present */
|
|
if ( psdh && ( size > 0 )
|
|
&& ( psdh->keyhash == hash ) )
|
|
{
|
|
/* if hash is the same */
|
|
/* check the whole record */
|
|
realign.parts.dataoffsh = psdh->dataoffsh;
|
|
realign.parts.dataoffsl = psdh->dataoffsl;
|
|
offs = le64_to_cpu( realign.all )
|
|
+ sizeof( SECURITY_DESCRIPTOR_HEADER );
|
|
oldattr = ( char* )ntfs_malloc( size );
|
|
if ( oldattr )
|
|
{
|
|
rdsize = ntfs_local_read(
|
|
vol->secure_ni,
|
|
STREAM_SDS, 4,
|
|
oldattr, size, offs );
|
|
found = ( rdsize == size )
|
|
&& !memcmp( oldattr, attr, size );
|
|
free( oldattr );
|
|
/* if the records do not compare */
|
|
/* (hash collision), try next one */
|
|
if ( !found )
|
|
{
|
|
entry = ntfs_index_next(
|
|
entry, xsdh );
|
|
collision = TRUE;
|
|
}
|
|
}
|
|
else
|
|
res = ENOMEM;
|
|
}
|
|
}
|
|
while ( collision && entry );
|
|
if ( found )
|
|
securid = psdh->keysecurid;
|
|
else
|
|
{
|
|
if ( res )
|
|
{
|
|
errno = res;
|
|
securid = const_cpu_to_le32( 0 );
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* no matching key :
|
|
* have to build a new one
|
|
*/
|
|
securid = entersecurityattr( vol,
|
|
attr, attrsz, hash );
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if ( --vol->secure_reentry )
|
|
ntfs_log_perror( "Reentry error, check no multithreading\n" );
|
|
return ( securid );
|
|
}
|
|
|
|
|
|
/*
|
|
* Update the security descriptor of a file
|
|
* Either as an attribute (complying with pre v3.x NTFS version)
|
|
* or, when possible, as an entry in $Secure (for NTFS v3.x)
|
|
*
|
|
* returns 0 if success
|
|
*/
|
|
|
|
static int update_secur_descr( ntfs_volume *vol,
|
|
char *newattr, ntfs_inode *ni )
|
|
{
|
|
int newattrsz;
|
|
int written;
|
|
int res;
|
|
ntfs_attr *na;
|
|
|
|
newattrsz = ntfs_attr_size( newattr );
|
|
|
|
#if !FORCE_FORMAT_v1x
|
|
if ( ( vol->major_ver < 3 ) || !vol->secure_ni )
|
|
{
|
|
#endif
|
|
|
|
/* update for NTFS format v1.x */
|
|
|
|
/* update the old security attribute */
|
|
na = ntfs_attr_open( ni, AT_SECURITY_DESCRIPTOR, AT_UNNAMED, 0 );
|
|
if ( na )
|
|
{
|
|
/* resize attribute */
|
|
res = ntfs_attr_truncate( na, ( s64 ) newattrsz );
|
|
/* overwrite value */
|
|
if ( !res )
|
|
{
|
|
written = ( int )ntfs_attr_pwrite( na, ( s64 ) 0,
|
|
( s64 ) newattrsz, newattr );
|
|
if ( written != newattrsz )
|
|
{
|
|
ntfs_log_error( "Failed to update "
|
|
"a v1.x security descriptor\n" );
|
|
errno = EIO;
|
|
res = -1;
|
|
}
|
|
}
|
|
|
|
ntfs_attr_close( na );
|
|
/* if old security attribute was found, also */
|
|
/* truncate standard information attribute to v1.x */
|
|
/* this is needed when security data is wanted */
|
|
/* as v1.x though volume is formatted for v3.x */
|
|
na = ntfs_attr_open( ni, AT_STANDARD_INFORMATION,
|
|
AT_UNNAMED, 0 );
|
|
if ( na )
|
|
{
|
|
clear_nino_flag( ni, v3_Extensions );
|
|
/*
|
|
* Truncating the record does not sweep extensions
|
|
* from copy in memory. Clear security_id to be safe
|
|
*/
|
|
ni->security_id = const_cpu_to_le32( 0 );
|
|
res = ntfs_attr_truncate( na, ( s64 )48 );
|
|
ntfs_attr_close( na );
|
|
clear_nino_flag( ni, v3_Extensions );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* insert the new security attribute if there
|
|
* were none
|
|
*/
|
|
res = ntfs_attr_add( ni, AT_SECURITY_DESCRIPTOR,
|
|
AT_UNNAMED, 0, ( u8* )newattr,
|
|
( s64 ) newattrsz );
|
|
}
|
|
#if !FORCE_FORMAT_v1x
|
|
}
|
|
else
|
|
{
|
|
|
|
/* update for NTFS format v3.x */
|
|
|
|
le32 securid;
|
|
|
|
securid = setsecurityattr( vol,
|
|
( const SECURITY_DESCRIPTOR_RELATIVE* )newattr,
|
|
( s64 )newattrsz );
|
|
if ( securid )
|
|
{
|
|
na = ntfs_attr_open( ni, AT_STANDARD_INFORMATION,
|
|
AT_UNNAMED, 0 );
|
|
if ( na )
|
|
{
|
|
res = 0;
|
|
if ( !test_nino_flag( ni, v3_Extensions ) )
|
|
{
|
|
/* expand standard information attribute to v3.x */
|
|
res = ntfs_attr_truncate( na,
|
|
( s64 )sizeof( STANDARD_INFORMATION ) );
|
|
ni->owner_id = const_cpu_to_le32( 0 );
|
|
ni->quota_charged = const_cpu_to_le64( 0 );
|
|
ni->usn = const_cpu_to_le64( 0 );
|
|
ntfs_attr_remove( ni,
|
|
AT_SECURITY_DESCRIPTOR,
|
|
AT_UNNAMED, 0 );
|
|
}
|
|
set_nino_flag( ni, v3_Extensions );
|
|
ni->security_id = securid;
|
|
ntfs_attr_close( na );
|
|
}
|
|
else
|
|
{
|
|
ntfs_log_error( "Failed to update "
|
|
"standard informations\n" );
|
|
errno = EIO;
|
|
res = -1;
|
|
}
|
|
}
|
|
else
|
|
res = -1;
|
|
}
|
|
#endif
|
|
|
|
/* mark node as dirty */
|
|
NInoSetDirty( ni );
|
|
return ( res );
|
|
}
|
|
|
|
/*
|
|
* Upgrade the security descriptor of a file
|
|
* This is intended to allow graceful upgrades for files which
|
|
* were created in previous versions, with a security attributes
|
|
* and no security id.
|
|
*
|
|
* It will allocate a security id and replace the individual
|
|
* security attribute by a reference to the global one
|
|
*
|
|
* Special files are not upgraded (currently / and files in
|
|
* directories /$*)
|
|
*
|
|
* Though most code is similar to update_secur_desc() it has
|
|
* been kept apart to facilitate the further processing of
|
|
* special cases or even to remove it if found dangerous.
|
|
*
|
|
* returns 0 if success,
|
|
* 1 if not upgradable. This is not an error.
|
|
* -1 if there is a problem
|
|
*/
|
|
|
|
static int upgrade_secur_desc( ntfs_volume *vol,
|
|
const char *attr, ntfs_inode *ni )
|
|
{
|
|
int attrsz;
|
|
int res;
|
|
le32 securid;
|
|
ntfs_attr *na;
|
|
|
|
/*
|
|
* upgrade requires NTFS format v3.x
|
|
* also refuse upgrading for special files
|
|
* whose number is less than FILE_first_user
|
|
*/
|
|
|
|
if ( ( vol->major_ver >= 3 )
|
|
&& ( ni->mft_no >= FILE_first_user ) )
|
|
{
|
|
attrsz = ntfs_attr_size( attr );
|
|
securid = setsecurityattr( vol,
|
|
( const SECURITY_DESCRIPTOR_RELATIVE* )attr,
|
|
( s64 )attrsz );
|
|
if ( securid )
|
|
{
|
|
na = ntfs_attr_open( ni, AT_STANDARD_INFORMATION,
|
|
AT_UNNAMED, 0 );
|
|
if ( na )
|
|
{
|
|
res = 0;
|
|
/* expand standard information attribute to v3.x */
|
|
res = ntfs_attr_truncate( na,
|
|
( s64 )sizeof( STANDARD_INFORMATION ) );
|
|
ni->owner_id = const_cpu_to_le32( 0 );
|
|
ni->quota_charged = const_cpu_to_le64( 0 );
|
|
ni->usn = const_cpu_to_le64( 0 );
|
|
ntfs_attr_remove( ni, AT_SECURITY_DESCRIPTOR,
|
|
AT_UNNAMED, 0 );
|
|
set_nino_flag( ni, v3_Extensions );
|
|
ni->security_id = securid;
|
|
ntfs_attr_close( na );
|
|
}
|
|
else
|
|
{
|
|
ntfs_log_error( "Failed to upgrade "
|
|
"standard informations\n" );
|
|
errno = EIO;
|
|
res = -1;
|
|
}
|
|
}
|
|
else
|
|
res = -1;
|
|
/* mark node as dirty */
|
|
NInoSetDirty( ni );
|
|
}
|
|
else
|
|
res = 1;
|
|
|
|
return ( res );
|
|
}
|
|
|
|
/*
|
|
* Optional simplified checking of group membership
|
|
*
|
|
* This only takes into account the groups defined in
|
|
* /etc/group at initialization time.
|
|
* It does not take into account the groups dynamically set by
|
|
* setgroups() nor the changes in /etc/group since initialization
|
|
*
|
|
* This optional method could be useful if standard checking
|
|
* leads to a performance concern.
|
|
*
|
|
* Should not be called for user root, however the group may be root
|
|
*
|
|
*/
|
|
|
|
static BOOL staticgroupmember( struct SECURITY_CONTEXT *scx, uid_t uid, gid_t gid )
|
|
{
|
|
BOOL ingroup;
|
|
int grcnt;
|
|
gid_t *groups;
|
|
struct MAPPING *user;
|
|
|
|
ingroup = FALSE;
|
|
if ( uid )
|
|
{
|
|
user = scx->mapping[MAPUSERS];
|
|
while ( user && ( ( uid_t )user->xid != uid ) )
|
|
user = user->next;
|
|
if ( user )
|
|
{
|
|
groups = user->groups;
|
|
grcnt = user->grcnt;
|
|
while ( ( --grcnt >= 0 ) && ( groups[grcnt] != gid ) ) { }
|
|
ingroup = ( grcnt >= 0 );
|
|
}
|
|
}
|
|
return ( ingroup );
|
|
}
|
|
|
|
|
|
/*
|
|
* Check whether current thread owner is member of file group
|
|
*
|
|
* Should not be called for user root, however the group may be root
|
|
*
|
|
* As indicated by Miklos Szeredi :
|
|
*
|
|
* The group list is available in
|
|
*
|
|
* /proc/$PID/task/$TID/status
|
|
*
|
|
* and fuse supplies TID in get_fuse_context()->pid. The only problem is
|
|
* finding out PID, for which I have no good solution, except to iterate
|
|
* through all processes. This is rather slow, but may be speeded up
|
|
* with caching and heuristics (for single threaded programs PID = TID).
|
|
*
|
|
* The following implementation gets the group list from
|
|
* /proc/$TID/task/$TID/status which apparently exists and
|
|
* contains the same data.
|
|
*/
|
|
|
|
static BOOL groupmember( struct SECURITY_CONTEXT *scx, uid_t uid, gid_t gid )
|
|
{
|
|
static char key[] = "\nGroups:";
|
|
char buf[BUFSZ+1];
|
|
char filename[64];
|
|
enum { INKEY, INSEP, INNUM, INEND } state;
|
|
int fd;
|
|
char c;
|
|
int matched;
|
|
BOOL ismember;
|
|
int got;
|
|
char *p;
|
|
gid_t grp;
|
|
pid_t tid;
|
|
|
|
if ( scx->vol->secure_flags & ( 1 << SECURITY_STATICGRPS ) )
|
|
ismember = staticgroupmember( scx, uid, gid );
|
|
else
|
|
{
|
|
ismember = FALSE; /* default return */
|
|
tid = scx->tid;
|
|
sprintf( filename, "/proc/%u/task/%u/status", tid, tid );
|
|
fd = open( filename, O_RDONLY );
|
|
if ( fd >= 0 )
|
|
{
|
|
got = read( fd, buf, BUFSZ );
|
|
buf[got] = 0;
|
|
state = INKEY;
|
|
matched = 0;
|
|
p = buf;
|
|
grp = 0;
|
|
/*
|
|
* A simple automaton to process lines like
|
|
* Groups: 14 500 513
|
|
*/
|
|
do
|
|
{
|
|
c = *p++;
|
|
if ( !c )
|
|
{
|
|
/* refill buffer */
|
|
got = read( fd, buf, BUFSZ );
|
|
buf[got] = 0;
|
|
p = buf;
|
|
c = *p++; /* 0 at end of file */
|
|
}
|
|
switch ( state )
|
|
{
|
|
case INKEY :
|
|
if ( key[matched] == c )
|
|
{
|
|
if ( !key[++matched] )
|
|
state = INSEP;
|
|
}
|
|
else if ( key[0] == c )
|
|
matched = 1;
|
|
else
|
|
matched = 0;
|
|
break;
|
|
case INSEP :
|
|
if ( ( c >= '0' ) && ( c <= '9' ) )
|
|
{
|
|
grp = c - '0';
|
|
state = INNUM;
|
|
}
|
|
else if ( ( c != ' ' ) && ( c != '\t' ) )
|
|
state = INEND;
|
|
break;
|
|
case INNUM :
|
|
if ( ( c >= '0' ) && ( c <= '9' ) )
|
|
grp = grp * 10 + c - '0';
|
|
else
|
|
{
|
|
ismember = ( grp == gid );
|
|
if ( ( c != ' ' ) && ( c != '\t' ) )
|
|
state = INEND;
|
|
else
|
|
state = INSEP;
|
|
}
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
while ( !ismember && c && ( state != INEND ) );
|
|
close( fd );
|
|
if ( !c )
|
|
ntfs_log_error( "No group record found in %s\n", filename );
|
|
}
|
|
else
|
|
ntfs_log_error( "Could not open %s\n", filename );
|
|
}
|
|
return ( ismember );
|
|
}
|
|
|
|
/*
|
|
* Cacheing is done two-way :
|
|
* - from uid, gid and perm to securid (CACHED_SECURID)
|
|
* - from a securid to uid, gid and perm (CACHED_PERMISSIONS)
|
|
*
|
|
* CACHED_SECURID data is kept in a most-recent-first list
|
|
* which should not be too long to be efficient. Its optimal
|
|
* size is depends on usage and is hard to determine.
|
|
*
|
|
* CACHED_PERMISSIONS data is kept in a two-level indexed array. It
|
|
* is optimal at the expense of storage. Use of a most-recent-first
|
|
* list would save memory and provide similar performances for
|
|
* standard usage, but not for file servers with too many file
|
|
* owners
|
|
*
|
|
* CACHED_PERMISSIONS_LEGACY is a special case for CACHED_PERMISSIONS
|
|
* for legacy directories which were not allocated a security_id
|
|
* it is organized in a most-recent-first list.
|
|
*
|
|
* In main caches, data is never invalidated, as the meaning of
|
|
* a security_id only changes when user mapping is changed, which
|
|
* current implies remounting. However returned entries may be
|
|
* overwritten at next update, so data has to be copied elsewhere
|
|
* before another cache update is made.
|
|
* In legacy cache, data has to be invalidated when protection is
|
|
* changed.
|
|
*
|
|
* Though the same data may be found in both list, they
|
|
* must be kept separately : the interpretation of ACL
|
|
* in both direction are approximations which could be non
|
|
* reciprocal for some configuration of the user mapping data
|
|
*
|
|
* During the process of recompiling ntfs-3g from a tgz archive,
|
|
* security processing added 7.6% to the cpu time used by ntfs-3g
|
|
* and 30% if the cache is disabled.
|
|
*/
|
|
|
|
static struct PERMISSIONS_CACHE *create_caches( struct SECURITY_CONTEXT *scx,
|
|
u32 securindex )
|
|
{
|
|
struct PERMISSIONS_CACHE *cache;
|
|
unsigned int index1;
|
|
unsigned int i;
|
|
|
|
cache = ( struct PERMISSIONS_CACHE* )NULL;
|
|
/* create the first permissions blocks */
|
|
index1 = securindex >> CACHE_PERMISSIONS_BITS;
|
|
cache = ( struct PERMISSIONS_CACHE* )
|
|
ntfs_malloc( sizeof( struct PERMISSIONS_CACHE )
|
|
+ index1*sizeof( struct CACHED_PERMISSIONS* ) );
|
|
if ( cache )
|
|
{
|
|
cache->head.last = index1;
|
|
cache->head.p_reads = 0;
|
|
cache->head.p_hits = 0;
|
|
cache->head.p_writes = 0;
|
|
*scx->pseccache = cache;
|
|
for ( i = 0; i <= index1; i++ )
|
|
cache->cachetable[i]
|
|
= ( struct CACHED_PERMISSIONS* )NULL;
|
|
}
|
|
return ( cache );
|
|
}
|
|
|
|
/*
|
|
* Free memory used by caches
|
|
* The only purpose is to facilitate the detection of memory leaks
|
|
*/
|
|
|
|
static void free_caches( struct SECURITY_CONTEXT *scx )
|
|
{
|
|
unsigned int index1;
|
|
struct PERMISSIONS_CACHE *pseccache;
|
|
|
|
pseccache = *scx->pseccache;
|
|
if ( pseccache )
|
|
{
|
|
for ( index1 = 0; index1 <= pseccache->head.last; index1++ )
|
|
if ( pseccache->cachetable[index1] )
|
|
{
|
|
#if POSIXACLS
|
|
struct CACHED_PERMISSIONS *cacheentry;
|
|
unsigned int index2;
|
|
|
|
for ( index2 = 0; index2 < ( 1 << CACHE_PERMISSIONS_BITS ); index2++ )
|
|
{
|
|
cacheentry = &pseccache->cachetable[index1][index2];
|
|
if ( cacheentry->valid
|
|
&& cacheentry->pxdesc )
|
|
free( cacheentry->pxdesc );
|
|
}
|
|
#endif
|
|
free( pseccache->cachetable[index1] );
|
|
}
|
|
free( pseccache );
|
|
}
|
|
}
|
|
|
|
static int compare( const struct CACHED_SECURID *cached,
|
|
const struct CACHED_SECURID *item )
|
|
{
|
|
#if POSIXACLS
|
|
size_t csize;
|
|
size_t isize;
|
|
|
|
/* only compare data and sizes */
|
|
csize = ( cached->variable ?
|
|
sizeof( struct POSIX_ACL )
|
|
+ ( ( ( struct POSIX_SECURITY* )cached->variable )->acccnt
|
|
+ ( ( struct POSIX_SECURITY* )cached->variable )->defcnt )
|
|
* sizeof( struct POSIX_ACE ) :
|
|
0 );
|
|
isize = ( item->variable ?
|
|
sizeof( struct POSIX_ACL )
|
|
+ ( ( ( struct POSIX_SECURITY* )item->variable )->acccnt
|
|
+ ( ( struct POSIX_SECURITY* )item->variable )->defcnt )
|
|
* sizeof( struct POSIX_ACE ) :
|
|
0 );
|
|
return ( ( cached->uid != item->uid )
|
|
|| ( cached->gid != item->gid )
|
|
|| ( cached->dmode != item->dmode )
|
|
|| ( csize != isize )
|
|
|| ( csize
|
|
&& isize
|
|
&& memcmp( &( ( struct POSIX_SECURITY* )cached->variable )->acl,
|
|
&( ( struct POSIX_SECURITY* )item->variable )->acl, csize ) ) );
|
|
#else
|
|
return ( ( cached->uid != item->uid )
|
|
|| ( cached->gid != item->gid )
|
|
|| ( cached->dmode != item->dmode ) );
|
|
#endif
|
|
}
|
|
|
|
static int leg_compare( const struct CACHED_PERMISSIONS_LEGACY *cached,
|
|
const struct CACHED_PERMISSIONS_LEGACY *item )
|
|
{
|
|
return ( cached->mft_no != item->mft_no );
|
|
}
|
|
|
|
/*
|
|
* Resize permission cache table
|
|
* do not call unless resizing is needed
|
|
*
|
|
* If allocation fails, the cache size is not updated
|
|
* Lack of memory is not considered as an error, the cache is left
|
|
* consistent and errno is not set.
|
|
*/
|
|
|
|
static void resize_cache( struct SECURITY_CONTEXT *scx,
|
|
u32 securindex )
|
|
{
|
|
struct PERMISSIONS_CACHE *oldcache;
|
|
struct PERMISSIONS_CACHE *newcache;
|
|
int newcnt;
|
|
int oldcnt;
|
|
unsigned int index1;
|
|
unsigned int i;
|
|
|
|
oldcache = *scx->pseccache;
|
|
index1 = securindex >> CACHE_PERMISSIONS_BITS;
|
|
newcnt = index1 + 1;
|
|
if ( newcnt <= ( ( CACHE_PERMISSIONS_SIZE
|
|
+ ( 1 << CACHE_PERMISSIONS_BITS )
|
|
- 1 ) >> CACHE_PERMISSIONS_BITS ) )
|
|
{
|
|
/* expand cache beyond current end, do not use realloc() */
|
|
/* to avoid losing data when there is no more memory */
|
|
oldcnt = oldcache->head.last + 1;
|
|
newcache = ( struct PERMISSIONS_CACHE* )
|
|
ntfs_malloc(
|
|
sizeof( struct PERMISSIONS_CACHE )
|
|
+ ( newcnt - 1 ) * sizeof( struct CACHED_PERMISSIONS* ) );
|
|
if ( newcache )
|
|
{
|
|
memcpy( newcache, oldcache,
|
|
sizeof( struct PERMISSIONS_CACHE )
|
|
+ ( oldcnt - 1 )*sizeof( struct CACHED_PERMISSIONS* ) );
|
|
free( oldcache );
|
|
/* mark new entries as not valid */
|
|
for ( i = newcache->head.last + 1; i <= index1; i++ )
|
|
newcache->cachetable[i]
|
|
= ( struct CACHED_PERMISSIONS* )NULL;
|
|
newcache->head.last = index1;
|
|
*scx->pseccache = newcache;
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Enter uid, gid and mode into cache, if possible
|
|
*
|
|
* returns the updated or created cache entry,
|
|
* or NULL if not possible (typically if there is no
|
|
* security id associated)
|
|
*/
|
|
|
|
#if POSIXACLS
|
|
static struct CACHED_PERMISSIONS *enter_cache( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode *ni, uid_t uid, gid_t gid,
|
|
struct POSIX_SECURITY *pxdesc )
|
|
#else
|
|
static struct CACHED_PERMISSIONS *enter_cache( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode )
|
|
#endif
|
|
{
|
|
struct CACHED_PERMISSIONS *cacheentry;
|
|
struct CACHED_PERMISSIONS *cacheblock;
|
|
struct PERMISSIONS_CACHE *pcache;
|
|
u32 securindex;
|
|
#if POSIXACLS
|
|
int pxsize;
|
|
struct POSIX_SECURITY *pxcached;
|
|
#endif
|
|
unsigned int index1;
|
|
unsigned int index2;
|
|
int i;
|
|
|
|
/* cacheing is only possible if a security_id has been defined */
|
|
if ( test_nino_flag( ni, v3_Extensions )
|
|
&& ni->security_id )
|
|
{
|
|
/*
|
|
* Immediately test the most frequent situation
|
|
* where the entry exists
|
|
*/
|
|
securindex = le32_to_cpu( ni->security_id );
|
|
index1 = securindex >> CACHE_PERMISSIONS_BITS;
|
|
index2 = securindex & ( ( 1 << CACHE_PERMISSIONS_BITS ) - 1 );
|
|
pcache = *scx->pseccache;
|
|
if ( pcache
|
|
&& ( pcache->head.last >= index1 )
|
|
&& pcache->cachetable[index1] )
|
|
{
|
|
cacheentry = &pcache->cachetable[index1][index2];
|
|
cacheentry->uid = uid;
|
|
cacheentry->gid = gid;
|
|
#if POSIXACLS
|
|
if ( cacheentry->valid && cacheentry->pxdesc )
|
|
free( cacheentry->pxdesc );
|
|
if ( pxdesc )
|
|
{
|
|
pxsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( pxdesc->acccnt + pxdesc->defcnt ) * sizeof( struct POSIX_ACE );
|
|
pxcached = ( struct POSIX_SECURITY* )malloc( pxsize );
|
|
if ( pxcached )
|
|
{
|
|
memcpy( pxcached, pxdesc, pxsize );
|
|
cacheentry->pxdesc = pxcached;
|
|
}
|
|
else
|
|
{
|
|
cacheentry->valid = 0;
|
|
cacheentry = ( struct CACHED_PERMISSIONS* )NULL;
|
|
}
|
|
cacheentry->mode = pxdesc->mode & 07777;
|
|
}
|
|
else
|
|
cacheentry->pxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
#else
|
|
cacheentry->mode = mode & 07777;
|
|
#endif
|
|
cacheentry->inh_fileid = const_cpu_to_le32( 0 );
|
|
cacheentry->inh_dirid = const_cpu_to_le32( 0 );
|
|
cacheentry->valid = 1;
|
|
pcache->head.p_writes++;
|
|
}
|
|
else
|
|
{
|
|
if ( !pcache )
|
|
{
|
|
/* create the first cache block */
|
|
pcache = create_caches( scx, securindex );
|
|
}
|
|
else
|
|
{
|
|
if ( index1 > pcache->head.last )
|
|
{
|
|
resize_cache( scx, securindex );
|
|
pcache = *scx->pseccache;
|
|
}
|
|
}
|
|
/* allocate block, if cache table was allocated */
|
|
if ( pcache && ( index1 <= pcache->head.last ) )
|
|
{
|
|
cacheblock = ( struct CACHED_PERMISSIONS* )
|
|
malloc( sizeof( struct CACHED_PERMISSIONS )
|
|
<< CACHE_PERMISSIONS_BITS );
|
|
pcache->cachetable[index1] = cacheblock;
|
|
for ( i = 0; i < ( 1 << CACHE_PERMISSIONS_BITS ); i++ )
|
|
cacheblock[i].valid = 0;
|
|
cacheentry = &cacheblock[index2];
|
|
if ( cacheentry )
|
|
{
|
|
cacheentry->uid = uid;
|
|
cacheentry->gid = gid;
|
|
#if POSIXACLS
|
|
if ( pxdesc )
|
|
{
|
|
pxsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( pxdesc->acccnt + pxdesc->defcnt ) * sizeof( struct POSIX_ACE );
|
|
pxcached = ( struct POSIX_SECURITY* )malloc( pxsize );
|
|
if ( pxcached )
|
|
{
|
|
memcpy( pxcached, pxdesc, pxsize );
|
|
cacheentry->pxdesc = pxcached;
|
|
}
|
|
else
|
|
{
|
|
cacheentry->valid = 0;
|
|
cacheentry = ( struct CACHED_PERMISSIONS* )NULL;
|
|
}
|
|
cacheentry->mode = pxdesc->mode & 07777;
|
|
}
|
|
else
|
|
cacheentry->pxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
#else
|
|
cacheentry->mode = mode & 07777;
|
|
#endif
|
|
cacheentry->inh_fileid = const_cpu_to_le32( 0 );
|
|
cacheentry->inh_dirid = const_cpu_to_le32( 0 );
|
|
cacheentry->valid = 1;
|
|
pcache->head.p_writes++;
|
|
}
|
|
}
|
|
else
|
|
cacheentry = ( struct CACHED_PERMISSIONS* )NULL;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
cacheentry = ( struct CACHED_PERMISSIONS* )NULL;
|
|
#if CACHE_LEGACY_SIZE
|
|
if ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
{
|
|
struct CACHED_PERMISSIONS_LEGACY wanted;
|
|
struct CACHED_PERMISSIONS_LEGACY *legacy;
|
|
|
|
wanted.perm.uid = uid;
|
|
wanted.perm.gid = gid;
|
|
#if POSIXACLS
|
|
wanted.perm.mode = pxdesc->mode & 07777;
|
|
wanted.perm.inh_fileid = const_cpu_to_le32( 0 );
|
|
wanted.perm.inh_dirid = const_cpu_to_le32( 0 );
|
|
wanted.mft_no = ni->mft_no;
|
|
wanted.variable = ( void* )pxdesc;
|
|
wanted.varsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( pxdesc->acccnt + pxdesc->defcnt ) * sizeof( struct POSIX_ACE );
|
|
#else
|
|
wanted.perm.mode = mode & 07777;
|
|
wanted.perm.inh_fileid = const_cpu_to_le32( 0 );
|
|
wanted.perm.inh_dirid = const_cpu_to_le32( 0 );
|
|
wanted.mft_no = ni->mft_no;
|
|
wanted.variable = ( void* )NULL;
|
|
wanted.varsize = 0;
|
|
#endif
|
|
legacy = ( struct CACHED_PERMISSIONS_LEGACY* )ntfs_enter_cache(
|
|
scx->vol->legacy_cache, GENERIC( &wanted ),
|
|
( cache_compare )leg_compare );
|
|
if ( legacy )
|
|
{
|
|
cacheentry = &legacy->perm;
|
|
#if POSIXACLS
|
|
/*
|
|
* give direct access to the cached pxdesc
|
|
* in the permissions structure
|
|
*/
|
|
cacheentry->pxdesc = legacy->variable;
|
|
#endif
|
|
}
|
|
}
|
|
#endif
|
|
}
|
|
return ( cacheentry );
|
|
}
|
|
|
|
/*
|
|
* Fetch owner, group and permission of a file, if cached
|
|
*
|
|
* Beware : do not use the returned entry after a cache update :
|
|
* the cache may be relocated making the returned entry meaningless
|
|
*
|
|
* returns the cache entry, or NULL if not available
|
|
*/
|
|
|
|
static struct CACHED_PERMISSIONS *fetch_cache( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode *ni )
|
|
{
|
|
struct CACHED_PERMISSIONS *cacheentry;
|
|
struct PERMISSIONS_CACHE *pcache;
|
|
u32 securindex;
|
|
unsigned int index1;
|
|
unsigned int index2;
|
|
|
|
/* cacheing is only possible if a security_id has been defined */
|
|
cacheentry = ( struct CACHED_PERMISSIONS* )NULL;
|
|
if ( test_nino_flag( ni, v3_Extensions )
|
|
&& ( ni->security_id ) )
|
|
{
|
|
securindex = le32_to_cpu( ni->security_id );
|
|
index1 = securindex >> CACHE_PERMISSIONS_BITS;
|
|
index2 = securindex & ( ( 1 << CACHE_PERMISSIONS_BITS ) - 1 );
|
|
pcache = *scx->pseccache;
|
|
if ( pcache
|
|
&& ( pcache->head.last >= index1 )
|
|
&& pcache->cachetable[index1] )
|
|
{
|
|
cacheentry = &pcache->cachetable[index1][index2];
|
|
/* reject if entry is not valid */
|
|
if ( !cacheentry->valid )
|
|
cacheentry = ( struct CACHED_PERMISSIONS* )NULL;
|
|
else
|
|
pcache->head.p_hits++;
|
|
if ( pcache )
|
|
pcache->head.p_reads++;
|
|
}
|
|
}
|
|
#if CACHE_LEGACY_SIZE
|
|
else
|
|
{
|
|
cacheentry = ( struct CACHED_PERMISSIONS* )NULL;
|
|
if ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
{
|
|
struct CACHED_PERMISSIONS_LEGACY wanted;
|
|
struct CACHED_PERMISSIONS_LEGACY *legacy;
|
|
|
|
wanted.mft_no = ni->mft_no;
|
|
wanted.variable = ( void* )NULL;
|
|
wanted.varsize = 0;
|
|
legacy = ( struct CACHED_PERMISSIONS_LEGACY* )ntfs_fetch_cache(
|
|
scx->vol->legacy_cache, GENERIC( &wanted ),
|
|
( cache_compare )leg_compare );
|
|
if ( legacy ) cacheentry = &legacy->perm;
|
|
}
|
|
}
|
|
#endif
|
|
#if POSIXACLS
|
|
if ( cacheentry && !cacheentry->pxdesc )
|
|
{
|
|
ntfs_log_error( "No Posix descriptor in cache\n" );
|
|
cacheentry = ( struct CACHED_PERMISSIONS* )NULL;
|
|
}
|
|
#endif
|
|
return ( cacheentry );
|
|
}
|
|
|
|
/*
|
|
* Retrieve a security attribute from $Secure
|
|
*/
|
|
|
|
static char *retrievesecurityattr( ntfs_volume *vol, SII_INDEX_KEY id )
|
|
{
|
|
struct SII *psii;
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
le32 dataoffsl;
|
|
le32 dataoffsh;
|
|
} parts;
|
|
le64 all;
|
|
} realign;
|
|
int found;
|
|
size_t size;
|
|
size_t rdsize;
|
|
s64 offs;
|
|
ntfs_inode *ni;
|
|
ntfs_index_context *xsii;
|
|
char *securattr;
|
|
|
|
securattr = ( char* )NULL;
|
|
ni = vol->secure_ni;
|
|
xsii = vol->secure_xsii;
|
|
if ( ni && xsii )
|
|
{
|
|
ntfs_index_ctx_reinit( xsii );
|
|
found =
|
|
!ntfs_index_lookup( ( char* ) & id,
|
|
sizeof( SII_INDEX_KEY ), xsii );
|
|
if ( found )
|
|
{
|
|
psii = ( struct SII* )xsii->entry;
|
|
size =
|
|
( size_t ) le32_to_cpu( psii->datasize )
|
|
- sizeof( SECURITY_DESCRIPTOR_HEADER );
|
|
/* work around bad alignment problem */
|
|
realign.parts.dataoffsh = psii->dataoffsh;
|
|
realign.parts.dataoffsl = psii->dataoffsl;
|
|
offs = le64_to_cpu( realign.all )
|
|
+ sizeof( SECURITY_DESCRIPTOR_HEADER );
|
|
|
|
securattr = ( char* )ntfs_malloc( size );
|
|
if ( securattr )
|
|
{
|
|
rdsize = ntfs_local_read(
|
|
ni, STREAM_SDS, 4,
|
|
securattr, size, offs );
|
|
if ( ( rdsize != size )
|
|
|| !ntfs_valid_descr( securattr,
|
|
rdsize ) )
|
|
{
|
|
/* error to be logged by caller */
|
|
free( securattr );
|
|
securattr = ( char* )NULL;
|
|
}
|
|
}
|
|
}
|
|
else if ( errno != ENOENT )
|
|
ntfs_log_perror( "Inconsistency in index $SII" );
|
|
}
|
|
if ( !securattr )
|
|
{
|
|
ntfs_log_error( "Failed to retrieve a security descriptor\n" );
|
|
errno = EIO;
|
|
}
|
|
return ( securattr );
|
|
}
|
|
|
|
/*
|
|
* Get the security descriptor associated to a file
|
|
*
|
|
* Either :
|
|
* - read the security descriptor attribute (v1.x format)
|
|
* - or find the descriptor in $Secure:$SDS (v3.x format)
|
|
*
|
|
* in both case, sanity checks are done on the attribute and
|
|
* the descriptor can be assumed safe
|
|
*
|
|
* The returned descriptor is dynamically allocated and has to be freed
|
|
*/
|
|
|
|
static char *getsecurityattr( ntfs_volume *vol, ntfs_inode *ni )
|
|
{
|
|
SII_INDEX_KEY securid;
|
|
char *securattr;
|
|
s64 readallsz;
|
|
|
|
/*
|
|
* Warning : in some situations, after fixing by chkdsk,
|
|
* v3_Extensions are marked present (long standard informations)
|
|
* with a default security descriptor inserted in an
|
|
* attribute
|
|
*/
|
|
if ( test_nino_flag( ni, v3_Extensions )
|
|
&& vol->secure_ni && ni->security_id )
|
|
{
|
|
/* get v3.x descriptor in $Secure */
|
|
securid.security_id = ni->security_id;
|
|
securattr = retrievesecurityattr( vol, securid );
|
|
if ( !securattr )
|
|
ntfs_log_error( "Bad security descriptor for 0x%lx\n",
|
|
( long )le32_to_cpu( ni->security_id ) );
|
|
}
|
|
else
|
|
{
|
|
/* get v1.x security attribute */
|
|
readallsz = 0;
|
|
securattr = ntfs_attr_readall( ni, AT_SECURITY_DESCRIPTOR,
|
|
AT_UNNAMED, 0, &readallsz );
|
|
if ( securattr && !ntfs_valid_descr( securattr, readallsz ) )
|
|
{
|
|
ntfs_log_error( "Bad security descriptor for inode %lld\n",
|
|
( long long )ni->mft_no );
|
|
free( securattr );
|
|
securattr = ( char* )NULL;
|
|
}
|
|
}
|
|
if ( !securattr )
|
|
{
|
|
/*
|
|
* in some situations, there is no security
|
|
* descriptor, and chkdsk does not detect or fix
|
|
* anything. This could be a normal situation.
|
|
* When this happens, simulate a descriptor with
|
|
* minimum rights, so that a real descriptor can
|
|
* be created by chown or chmod
|
|
*/
|
|
ntfs_log_error( "No security descriptor found for inode %lld\n",
|
|
( long long )ni->mft_no );
|
|
securattr = ntfs_build_descr( 0, 0, adminsid, adminsid );
|
|
}
|
|
return ( securattr );
|
|
}
|
|
|
|
#if POSIXACLS
|
|
|
|
/*
|
|
* Determine which access types to a file are allowed
|
|
* according to the relation of current process to the file
|
|
*
|
|
* Do not call if default_permissions is set
|
|
*/
|
|
|
|
static int access_check_posix( struct SECURITY_CONTEXT *scx,
|
|
struct POSIX_SECURITY *pxdesc, mode_t request,
|
|
uid_t uid, gid_t gid )
|
|
{
|
|
struct POSIX_ACE *pxace;
|
|
int userperms;
|
|
int groupperms;
|
|
int mask;
|
|
BOOL somegroup;
|
|
BOOL needgroups;
|
|
mode_t perms;
|
|
int i;
|
|
|
|
perms = pxdesc->mode;
|
|
/* owner and root access */
|
|
if ( !scx->uid || ( uid == scx->uid ) )
|
|
{
|
|
if ( !scx->uid )
|
|
{
|
|
/* root access if owner or other execution */
|
|
if ( perms & 0101 )
|
|
perms = 07777;
|
|
else
|
|
{
|
|
/* root access if some group execution */
|
|
groupperms = 0;
|
|
mask = 7;
|
|
for ( i = pxdesc->acccnt - 1; i >= 0 ; i-- )
|
|
{
|
|
pxace = &pxdesc->acl.ace[i];
|
|
switch ( pxace->tag )
|
|
{
|
|
case POSIX_ACL_USER_OBJ :
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
case POSIX_ACL_GROUP :
|
|
groupperms |= pxace->perms;
|
|
break;
|
|
case POSIX_ACL_MASK :
|
|
mask = pxace->perms & 7;
|
|
break;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
perms = ( groupperms & mask & 1 ) | 6;
|
|
}
|
|
}
|
|
else
|
|
perms &= 07700;
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* analyze designated users, get mask
|
|
* and identify whether we need to check
|
|
* the group memberships. The groups are
|
|
* not needed when all groups have the
|
|
* same permissions as other for the
|
|
* requested modes.
|
|
*/
|
|
userperms = -1;
|
|
groupperms = -1;
|
|
needgroups = FALSE;
|
|
mask = 7;
|
|
for ( i = pxdesc->acccnt - 1; i >= 0 ; i-- )
|
|
{
|
|
pxace = &pxdesc->acl.ace[i];
|
|
switch ( pxace->tag )
|
|
{
|
|
case POSIX_ACL_USER :
|
|
if ( ( uid_t )pxace->id == scx->uid )
|
|
userperms = pxace->perms;
|
|
break;
|
|
case POSIX_ACL_MASK :
|
|
mask = pxace->perms & 7;
|
|
break;
|
|
case POSIX_ACL_GROUP_OBJ :
|
|
case POSIX_ACL_GROUP :
|
|
if ( ( ( pxace->perms & mask ) ^ perms )
|
|
& ( request >> 6 ) & 7 )
|
|
needgroups = TRUE;
|
|
break;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
/* designated users */
|
|
if ( userperms >= 0 )
|
|
perms = ( perms & 07000 ) + ( userperms & mask );
|
|
else if ( !needgroups )
|
|
perms &= 07007;
|
|
else
|
|
{
|
|
/* owning group */
|
|
if ( !( ~( perms >> 3 ) & request & mask )
|
|
&& ( ( gid == scx->gid )
|
|
|| groupmember( scx, scx->uid, gid ) ) )
|
|
perms &= 07070;
|
|
else
|
|
{
|
|
/* other groups */
|
|
groupperms = -1;
|
|
somegroup = FALSE;
|
|
for ( i = pxdesc->acccnt - 1; i >= 0 ; i-- )
|
|
{
|
|
pxace = &pxdesc->acl.ace[i];
|
|
if ( ( pxace->tag == POSIX_ACL_GROUP )
|
|
&& groupmember( scx, uid, pxace->id ) )
|
|
{
|
|
if ( !( ~pxace->perms & request & mask ) )
|
|
groupperms = pxace->perms;
|
|
somegroup = TRUE;
|
|
}
|
|
}
|
|
if ( groupperms >= 0 )
|
|
perms = ( perms & 07000 ) + ( groupperms & mask );
|
|
else if ( somegroup )
|
|
perms = 0;
|
|
else
|
|
perms &= 07007;
|
|
}
|
|
}
|
|
}
|
|
return ( perms );
|
|
}
|
|
|
|
/*
|
|
* Get permissions to access a file
|
|
* Takes into account the relation of user to file (owner, group, ...)
|
|
* Do no use as mode of the file
|
|
* Do no call if default_permissions is set
|
|
*
|
|
* returns -1 if there is a problem
|
|
*/
|
|
|
|
static int ntfs_get_perm( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode * ni, mode_t request )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
char *securattr;
|
|
const SID *usid; /* owner of file/directory */
|
|
const SID *gsid; /* group of file/directory */
|
|
uid_t uid;
|
|
gid_t gid;
|
|
int perm;
|
|
BOOL isdir;
|
|
struct POSIX_SECURITY *pxdesc;
|
|
|
|
if ( !scx->mapping[MAPUSERS] )
|
|
perm = 07777;
|
|
else
|
|
{
|
|
/* check whether available in cache */
|
|
cached = fetch_cache( scx, ni );
|
|
if ( cached )
|
|
{
|
|
uid = cached->uid;
|
|
gid = cached->gid;
|
|
perm = access_check_posix( scx, cached->pxdesc, request, uid, gid );
|
|
}
|
|
else
|
|
{
|
|
perm = 0; /* default to no permission */
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
!= const_cpu_to_le16( 0 );
|
|
securattr = getsecurityattr( scx->vol, ni );
|
|
if ( securattr )
|
|
{
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )
|
|
securattr;
|
|
gsid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->group )];
|
|
gid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( securattr );
|
|
pxdesc = ntfs_build_permissions_posix( scx->mapping, securattr,
|
|
usid, gsid, isdir );
|
|
if ( pxdesc )
|
|
perm = pxdesc->mode & 07777;
|
|
else
|
|
perm = -1;
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#else
|
|
usid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->owner )];
|
|
pxdesc = ntfs_build_permissions_posix( scx, securattr,
|
|
usid, gsid, isdir );
|
|
if ( pxdesc )
|
|
perm = pxdesc->mode & 07777;
|
|
else
|
|
perm = -1;
|
|
if ( !perm && ntfs_same_sid( usid, adminsid ) )
|
|
{
|
|
uid = find_tenant( scx, securattr );
|
|
if ( uid )
|
|
perm = 0700;
|
|
}
|
|
else
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#endif
|
|
/*
|
|
* Create a security id if there were none
|
|
* and upgrade option is selected
|
|
*/
|
|
if ( !test_nino_flag( ni, v3_Extensions )
|
|
&& ( perm >= 0 )
|
|
&& ( scx->vol->secure_flags
|
|
& ( 1 << SECURITY_ADDSECURIDS ) ) )
|
|
{
|
|
upgrade_secur_desc( scx->vol,
|
|
securattr, ni );
|
|
/*
|
|
* fetch owner and group for cacheing
|
|
* if there is a securid
|
|
*/
|
|
}
|
|
if ( test_nino_flag( ni, v3_Extensions )
|
|
&& ( perm >= 0 ) )
|
|
{
|
|
enter_cache( scx, ni, uid,
|
|
gid, pxdesc );
|
|
}
|
|
if ( pxdesc )
|
|
{
|
|
perm = access_check_posix( scx, pxdesc, request, uid, gid );
|
|
free( pxdesc );
|
|
}
|
|
free( securattr );
|
|
}
|
|
else
|
|
{
|
|
perm = -1;
|
|
uid = gid = 0;
|
|
}
|
|
}
|
|
}
|
|
return ( perm );
|
|
}
|
|
|
|
/*
|
|
* Get a Posix ACL
|
|
*
|
|
* returns size or -errno if there is a problem
|
|
* if size was too small, no copy is done and errno is not set,
|
|
* the caller is expected to issue a new call
|
|
*/
|
|
|
|
int ntfs_get_posix_acl( struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
|
|
const char *name, char *value, size_t size )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
struct POSIX_SECURITY *pxdesc;
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
char *securattr;
|
|
const SID *usid; /* owner of file/directory */
|
|
const SID *gsid; /* group of file/directory */
|
|
uid_t uid;
|
|
gid_t gid;
|
|
int perm;
|
|
BOOL isdir;
|
|
size_t outsize;
|
|
|
|
outsize = 0; /* default to error */
|
|
if ( !scx->mapping[MAPUSERS] )
|
|
errno = ENOTSUP;
|
|
else
|
|
{
|
|
/* check whether available in cache */
|
|
cached = fetch_cache( scx, ni );
|
|
if ( cached )
|
|
pxdesc = cached->pxdesc;
|
|
else
|
|
{
|
|
securattr = getsecurityattr( scx->vol, ni );
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
!= const_cpu_to_le16( 0 );
|
|
if ( securattr )
|
|
{
|
|
phead =
|
|
( const SECURITY_DESCRIPTOR_RELATIVE* )
|
|
securattr;
|
|
gsid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->group )];
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( securattr );
|
|
#else
|
|
usid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->owner )];
|
|
#endif
|
|
pxdesc = ntfs_build_permissions_posix( scx->mapping, securattr,
|
|
usid, gsid, isdir );
|
|
|
|
/*
|
|
* fetch owner and group for cacheing
|
|
*/
|
|
if ( pxdesc )
|
|
{
|
|
perm = pxdesc->mode & 07777;
|
|
/*
|
|
* Create a security id if there were none
|
|
* and upgrade option is selected
|
|
*/
|
|
if ( !test_nino_flag( ni, v3_Extensions )
|
|
&& ( scx->vol->secure_flags
|
|
& ( 1 << SECURITY_ADDSECURIDS ) ) )
|
|
{
|
|
upgrade_secur_desc( scx->vol,
|
|
securattr, ni );
|
|
}
|
|
#if OWNERFROMACL
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#else
|
|
if ( !perm && ntfs_same_sid( usid, adminsid ) )
|
|
{
|
|
uid = find_tenant( scx,
|
|
securattr );
|
|
if ( uid )
|
|
perm = 0700;
|
|
}
|
|
else
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#endif
|
|
gid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
if ( pxdesc->tagsset & POSIX_ACL_EXTENSIONS )
|
|
enter_cache( scx, ni, uid,
|
|
gid, pxdesc );
|
|
}
|
|
free( securattr );
|
|
}
|
|
else
|
|
pxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
}
|
|
|
|
if ( pxdesc )
|
|
{
|
|
if ( ntfs_valid_posix( pxdesc ) )
|
|
{
|
|
if ( !strcmp( name, "system.posix_acl_default" ) )
|
|
{
|
|
if ( ni->mrec->flags
|
|
& MFT_RECORD_IS_DIRECTORY )
|
|
outsize = sizeof( struct POSIX_ACL )
|
|
+ pxdesc->defcnt * sizeof( struct POSIX_ACE );
|
|
else
|
|
{
|
|
/*
|
|
* getting default ACL from plain file :
|
|
* return EACCES if size > 0 as
|
|
* indicated in the man, but return ok
|
|
* if size == 0, so that ls does not
|
|
* display an error
|
|
*/
|
|
if ( size > 0 )
|
|
{
|
|
outsize = 0;
|
|
errno = EACCES;
|
|
}
|
|
else
|
|
outsize = sizeof( struct POSIX_ACL );
|
|
}
|
|
if ( outsize && ( outsize <= size ) )
|
|
{
|
|
memcpy( value, &pxdesc->acl, sizeof( struct POSIX_ACL ) );
|
|
memcpy( &value[sizeof( struct POSIX_ACL )],
|
|
&pxdesc->acl.ace[pxdesc->firstdef],
|
|
outsize - sizeof( struct POSIX_ACL ) );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
outsize = sizeof( struct POSIX_ACL )
|
|
+ pxdesc->acccnt * sizeof( struct POSIX_ACE );
|
|
if ( outsize <= size )
|
|
memcpy( value, &pxdesc->acl, outsize );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
outsize = 0;
|
|
errno = EIO;
|
|
ntfs_log_error( "Invalid Posix ACL built\n" );
|
|
}
|
|
if ( !cached )
|
|
free( pxdesc );
|
|
}
|
|
else
|
|
outsize = 0;
|
|
}
|
|
return ( outsize ? ( int )outsize : -errno );
|
|
}
|
|
|
|
#else /* POSIXACLS */
|
|
|
|
|
|
/*
|
|
* Get permissions to access a file
|
|
* Takes into account the relation of user to file (owner, group, ...)
|
|
* Do no use as mode of the file
|
|
*
|
|
* returns -1 if there is a problem
|
|
*/
|
|
|
|
static int ntfs_get_perm( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode *ni, mode_t request )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
char *securattr;
|
|
const SID *usid; /* owner of file/directory */
|
|
const SID *gsid; /* group of file/directory */
|
|
BOOL isdir;
|
|
uid_t uid;
|
|
gid_t gid;
|
|
int perm;
|
|
|
|
if ( !scx->mapping[MAPUSERS] || ( !scx->uid && !( request & S_IEXEC ) ) )
|
|
perm = 07777;
|
|
else
|
|
{
|
|
/* check whether available in cache */
|
|
cached = fetch_cache( scx, ni );
|
|
if ( cached )
|
|
{
|
|
perm = cached->mode;
|
|
uid = cached->uid;
|
|
gid = cached->gid;
|
|
}
|
|
else
|
|
{
|
|
perm = 0; /* default to no permission */
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
!= const_cpu_to_le16( 0 );
|
|
securattr = getsecurityattr( scx->vol, ni );
|
|
if ( securattr )
|
|
{
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )
|
|
securattr;
|
|
gsid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->group )];
|
|
gid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( securattr );
|
|
perm = ntfs_build_permissions( securattr,
|
|
usid, gsid, isdir );
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#else
|
|
usid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->owner )];
|
|
perm = ntfs_build_permissions( securattr,
|
|
usid, gsid, isdir );
|
|
if ( !perm && ntfs_same_sid( usid, adminsid ) )
|
|
{
|
|
uid = find_tenant( scx, securattr );
|
|
if ( uid )
|
|
perm = 0700;
|
|
}
|
|
else
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#endif
|
|
/*
|
|
* Create a security id if there were none
|
|
* and upgrade option is selected
|
|
*/
|
|
if ( !test_nino_flag( ni, v3_Extensions )
|
|
&& ( perm >= 0 )
|
|
&& ( scx->vol->secure_flags
|
|
& ( 1 << SECURITY_ADDSECURIDS ) ) )
|
|
{
|
|
upgrade_secur_desc( scx->vol,
|
|
securattr, ni );
|
|
/*
|
|
* fetch owner and group for cacheing
|
|
* if there is a securid
|
|
*/
|
|
}
|
|
if ( test_nino_flag( ni, v3_Extensions )
|
|
&& ( perm >= 0 ) )
|
|
{
|
|
enter_cache( scx, ni, uid,
|
|
gid, perm );
|
|
}
|
|
free( securattr );
|
|
}
|
|
else
|
|
{
|
|
perm = -1;
|
|
uid = gid = 0;
|
|
}
|
|
}
|
|
if ( perm >= 0 )
|
|
{
|
|
if ( !scx->uid )
|
|
{
|
|
/* root access and execution */
|
|
if ( perm & 0111 )
|
|
perm = 07777;
|
|
else
|
|
perm = 0;
|
|
}
|
|
else if ( uid == scx->uid )
|
|
perm &= 07700;
|
|
else
|
|
/*
|
|
* avoid checking group membership
|
|
* when the requested perms for group
|
|
* are the same as perms for other
|
|
*/
|
|
if ( ( gid == scx->gid )
|
|
|| ( ( ( ( perm >> 3 ) ^ perm )
|
|
& ( request >> 6 ) & 7 )
|
|
&& groupmember( scx, scx->uid, gid ) ) )
|
|
perm &= 07070;
|
|
else
|
|
perm &= 07007;
|
|
}
|
|
}
|
|
return ( perm );
|
|
}
|
|
|
|
#endif /* POSIXACLS */
|
|
|
|
/*
|
|
* Get an NTFS ACL
|
|
*
|
|
* Returns size or -errno if there is a problem
|
|
* if size was too small, no copy is done and errno is not set,
|
|
* the caller is expected to issue a new call
|
|
*/
|
|
|
|
int ntfs_get_ntfs_acl( struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
|
|
char *value, size_t size )
|
|
{
|
|
char *securattr;
|
|
size_t outsize;
|
|
|
|
outsize = 0; /* default to no data and no error */
|
|
securattr = getsecurityattr( scx->vol, ni );
|
|
if ( securattr )
|
|
{
|
|
outsize = ntfs_attr_size( securattr );
|
|
if ( outsize <= size )
|
|
{
|
|
memcpy( value, securattr, outsize );
|
|
}
|
|
free( securattr );
|
|
}
|
|
return ( outsize ? ( int )outsize : -errno );
|
|
}
|
|
|
|
/*
|
|
* Get owner, group and permissions in an stat structure
|
|
* returns permissions, or -1 if there is a problem
|
|
*/
|
|
|
|
int ntfs_get_owner_mode( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode * ni, struct stat *stbuf )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
char *securattr;
|
|
const SID *usid; /* owner of file/directory */
|
|
const SID *gsid; /* group of file/directory */
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
int perm;
|
|
BOOL isdir;
|
|
#if POSIXACLS
|
|
struct POSIX_SECURITY *pxdesc;
|
|
#endif
|
|
|
|
if ( !scx->mapping[MAPUSERS] )
|
|
perm = 07777;
|
|
else
|
|
{
|
|
/* check whether available in cache */
|
|
cached = fetch_cache( scx, ni );
|
|
if ( cached )
|
|
{
|
|
perm = cached->mode;
|
|
stbuf->st_uid = cached->uid;
|
|
stbuf->st_gid = cached->gid;
|
|
stbuf->st_mode = ( stbuf->st_mode & ~07777 ) + perm;
|
|
}
|
|
else
|
|
{
|
|
perm = -1; /* default to error */
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
!= const_cpu_to_le16( 0 );
|
|
securattr = getsecurityattr( scx->vol, ni );
|
|
if ( securattr )
|
|
{
|
|
phead =
|
|
( const SECURITY_DESCRIPTOR_RELATIVE* )
|
|
securattr;
|
|
gsid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->group )];
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( securattr );
|
|
#else
|
|
usid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->owner )];
|
|
#endif
|
|
#if POSIXACLS
|
|
pxdesc = ntfs_build_permissions_posix( scx->mapping, securattr,
|
|
usid, gsid, isdir );
|
|
if ( pxdesc )
|
|
perm = pxdesc->mode & 07777;
|
|
else
|
|
perm = -1;
|
|
#else
|
|
perm = ntfs_build_permissions( securattr,
|
|
usid, gsid, isdir );
|
|
#endif
|
|
/*
|
|
* fetch owner and group for cacheing
|
|
*/
|
|
if ( perm >= 0 )
|
|
{
|
|
/*
|
|
* Create a security id if there were none
|
|
* and upgrade option is selected
|
|
*/
|
|
if ( !test_nino_flag( ni, v3_Extensions )
|
|
&& ( scx->vol->secure_flags
|
|
& ( 1 << SECURITY_ADDSECURIDS ) ) )
|
|
{
|
|
upgrade_secur_desc( scx->vol,
|
|
securattr, ni );
|
|
}
|
|
#if OWNERFROMACL
|
|
stbuf->st_uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#else
|
|
if ( !perm && ntfs_same_sid( usid, adminsid ) )
|
|
{
|
|
stbuf->st_uid =
|
|
find_tenant( scx,
|
|
securattr );
|
|
if ( stbuf->st_uid )
|
|
perm = 0700;
|
|
}
|
|
else
|
|
stbuf->st_uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#endif
|
|
stbuf->st_gid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
stbuf->st_mode =
|
|
( stbuf->st_mode & ~07777 ) + perm;
|
|
#if POSIXACLS
|
|
enter_cache( scx, ni, stbuf->st_uid,
|
|
stbuf->st_gid, pxdesc );
|
|
free( pxdesc );
|
|
#else
|
|
enter_cache( scx, ni, stbuf->st_uid,
|
|
stbuf->st_gid, perm );
|
|
#endif
|
|
}
|
|
free( securattr );
|
|
}
|
|
}
|
|
}
|
|
return ( perm );
|
|
}
|
|
|
|
#if POSIXACLS
|
|
|
|
/*
|
|
* Get the base for a Posix inheritance and
|
|
* build an inherited Posix descriptor
|
|
*/
|
|
|
|
static struct POSIX_SECURITY *inherit_posix( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode *dir_ni, mode_t mode, BOOL isdir )
|
|
{
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
struct POSIX_SECURITY *pxdesc;
|
|
struct POSIX_SECURITY *pydesc;
|
|
char *securattr;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
uid_t uid;
|
|
gid_t gid;
|
|
|
|
pydesc = ( struct POSIX_SECURITY* )NULL;
|
|
/* check whether parent directory is available in cache */
|
|
cached = fetch_cache( scx, dir_ni );
|
|
if ( cached )
|
|
{
|
|
uid = cached->uid;
|
|
gid = cached->gid;
|
|
pxdesc = cached->pxdesc;
|
|
if ( pxdesc )
|
|
{
|
|
pydesc = ntfs_build_inherited_posix( pxdesc, mode,
|
|
scx->umask, isdir );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
securattr = getsecurityattr( scx->vol, dir_ni );
|
|
if ( securattr )
|
|
{
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )
|
|
securattr;
|
|
gsid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->group )];
|
|
gid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( securattr );
|
|
pxdesc = ntfs_build_permissions_posix( scx->mapping, securattr,
|
|
usid, gsid, TRUE );
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#else
|
|
usid = ( const SID* ) &
|
|
securattr[le32_to_cpu( phead->owner )];
|
|
pxdesc = ntfs_build_permissions_posix( scx->mapping, securattr,
|
|
usid, gsid, TRUE );
|
|
if ( pxdesc && ntfs_same_sid( usid, adminsid ) )
|
|
{
|
|
uid = find_tenant( scx, securattr );
|
|
}
|
|
else
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
#endif
|
|
if ( pxdesc )
|
|
{
|
|
/*
|
|
* Create a security id if there were none
|
|
* and upgrade option is selected
|
|
*/
|
|
if ( !test_nino_flag( dir_ni, v3_Extensions )
|
|
&& ( scx->vol->secure_flags
|
|
& ( 1 << SECURITY_ADDSECURIDS ) ) )
|
|
{
|
|
upgrade_secur_desc( scx->vol,
|
|
securattr, dir_ni );
|
|
/*
|
|
* fetch owner and group for cacheing
|
|
* if there is a securid
|
|
*/
|
|
}
|
|
if ( test_nino_flag( dir_ni, v3_Extensions ) )
|
|
{
|
|
enter_cache( scx, dir_ni, uid,
|
|
gid, pxdesc );
|
|
}
|
|
pydesc = ntfs_build_inherited_posix( pxdesc,
|
|
mode, scx->umask, isdir );
|
|
free( pxdesc );
|
|
}
|
|
free( securattr );
|
|
}
|
|
}
|
|
return ( pydesc );
|
|
}
|
|
|
|
/*
|
|
* Allocate a security_id for a file being created
|
|
*
|
|
* Returns zero if not possible (NTFS v3.x required)
|
|
*/
|
|
|
|
le32 ntfs_alloc_securid( struct SECURITY_CONTEXT *scx,
|
|
uid_t uid, gid_t gid, ntfs_inode *dir_ni,
|
|
mode_t mode, BOOL isdir )
|
|
{
|
|
#if !FORCE_FORMAT_v1x
|
|
const struct CACHED_SECURID *cached;
|
|
struct CACHED_SECURID wanted;
|
|
struct POSIX_SECURITY *pxdesc;
|
|
char *newattr;
|
|
int newattrsz;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
BIGSID defusid;
|
|
BIGSID defgsid;
|
|
le32 securid;
|
|
#endif
|
|
|
|
securid = const_cpu_to_le32( 0 );
|
|
|
|
#if !FORCE_FORMAT_v1x
|
|
|
|
pxdesc = inherit_posix( scx, dir_ni, mode, isdir );
|
|
if ( pxdesc )
|
|
{
|
|
/* check whether target securid is known in cache */
|
|
|
|
wanted.uid = uid;
|
|
wanted.gid = gid;
|
|
wanted.dmode = pxdesc->mode & mode & 07777;
|
|
if ( isdir ) wanted.dmode |= 0x10000;
|
|
wanted.variable = ( void* )pxdesc;
|
|
wanted.varsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( pxdesc->acccnt + pxdesc->defcnt ) * sizeof( struct POSIX_ACE );
|
|
cached = ( const struct CACHED_SECURID* )ntfs_fetch_cache(
|
|
scx->vol->securid_cache, GENERIC( &wanted ),
|
|
( cache_compare )compare );
|
|
/* quite simple, if we are lucky */
|
|
if ( cached )
|
|
securid = cached->securid;
|
|
|
|
/* not in cache : make sure we can create ids */
|
|
|
|
if ( !cached && ( scx->vol->major_ver >= 3 ) )
|
|
{
|
|
usid = ntfs_find_usid( scx->mapping[MAPUSERS], uid, ( SID* ) & defusid );
|
|
gsid = ntfs_find_gsid( scx->mapping[MAPGROUPS], gid, ( SID* ) & defgsid );
|
|
if ( !usid || !gsid )
|
|
{
|
|
ntfs_log_error( "File created by an unmapped user/group %d/%d\n",
|
|
( int )uid, ( int )gid );
|
|
usid = gsid = adminsid;
|
|
}
|
|
newattr = ntfs_build_descr_posix( scx->mapping, pxdesc,
|
|
isdir, usid, gsid );
|
|
if ( newattr )
|
|
{
|
|
newattrsz = ntfs_attr_size( newattr );
|
|
securid = setsecurityattr( scx->vol,
|
|
( const SECURITY_DESCRIPTOR_RELATIVE* )newattr,
|
|
newattrsz );
|
|
if ( securid )
|
|
{
|
|
/* update cache, for subsequent use */
|
|
wanted.securid = securid;
|
|
ntfs_enter_cache( scx->vol->securid_cache,
|
|
GENERIC( &wanted ),
|
|
( cache_compare )compare );
|
|
}
|
|
free( newattr );
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* could not build new security attribute
|
|
* errno set by ntfs_build_descr()
|
|
*/
|
|
}
|
|
}
|
|
free( pxdesc );
|
|
}
|
|
#endif
|
|
return ( securid );
|
|
}
|
|
|
|
/*
|
|
* Apply Posix inheritance to a newly created file
|
|
* (for NTFS 1.x only : no securid)
|
|
*/
|
|
|
|
int ntfs_set_inherited_posix( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode *ni, uid_t uid, gid_t gid,
|
|
ntfs_inode *dir_ni, mode_t mode )
|
|
{
|
|
struct POSIX_SECURITY *pxdesc;
|
|
char *newattr;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
BIGSID defusid;
|
|
BIGSID defgsid;
|
|
BOOL isdir;
|
|
int res;
|
|
|
|
res = -1;
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY ) != const_cpu_to_le16( 0 );
|
|
pxdesc = inherit_posix( scx, dir_ni, mode, isdir );
|
|
if ( pxdesc )
|
|
{
|
|
usid = ntfs_find_usid( scx->mapping[MAPUSERS], uid, ( SID* ) & defusid );
|
|
gsid = ntfs_find_gsid( scx->mapping[MAPGROUPS], gid, ( SID* ) & defgsid );
|
|
if ( !usid || !gsid )
|
|
{
|
|
ntfs_log_error( "File created by an unmapped user/group %d/%d\n",
|
|
( int )uid, ( int )gid );
|
|
usid = gsid = adminsid;
|
|
}
|
|
newattr = ntfs_build_descr_posix( scx->mapping, pxdesc,
|
|
isdir, usid, gsid );
|
|
if ( newattr )
|
|
{
|
|
/* Adjust Windows read-only flag */
|
|
res = update_secur_descr( scx->vol, newattr, ni );
|
|
if ( !res && !isdir )
|
|
{
|
|
if ( mode & S_IWUSR )
|
|
ni->flags &= ~FILE_ATTR_READONLY;
|
|
else
|
|
ni->flags |= FILE_ATTR_READONLY;
|
|
}
|
|
#if CACHE_LEGACY_SIZE
|
|
/* also invalidate legacy cache */
|
|
if ( isdir && !ni->security_id )
|
|
{
|
|
struct CACHED_PERMISSIONS_LEGACY legacy;
|
|
|
|
legacy.mft_no = ni->mft_no;
|
|
legacy.variable = pxdesc;
|
|
legacy.varsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( pxdesc->acccnt + pxdesc->defcnt ) * sizeof( struct POSIX_ACE );
|
|
ntfs_invalidate_cache( scx->vol->legacy_cache,
|
|
GENERIC( &legacy ),
|
|
( cache_compare )leg_compare, 0 );
|
|
}
|
|
#endif
|
|
free( newattr );
|
|
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* could not build new security attribute
|
|
* errno set by ntfs_build_descr()
|
|
*/
|
|
}
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
#else
|
|
|
|
le32 ntfs_alloc_securid( struct SECURITY_CONTEXT *scx,
|
|
uid_t uid, gid_t gid, mode_t mode, BOOL isdir )
|
|
{
|
|
#if !FORCE_FORMAT_v1x
|
|
const struct CACHED_SECURID *cached;
|
|
struct CACHED_SECURID wanted;
|
|
char *newattr;
|
|
int newattrsz;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
BIGSID defusid;
|
|
BIGSID defgsid;
|
|
le32 securid;
|
|
#endif
|
|
|
|
securid = const_cpu_to_le32( 0 );
|
|
|
|
#if !FORCE_FORMAT_v1x
|
|
/* check whether target securid is known in cache */
|
|
|
|
wanted.uid = uid;
|
|
wanted.gid = gid;
|
|
wanted.dmode = mode & 07777;
|
|
if ( isdir ) wanted.dmode |= 0x10000;
|
|
wanted.variable = ( void* )NULL;
|
|
wanted.varsize = 0;
|
|
cached = ( const struct CACHED_SECURID* )ntfs_fetch_cache(
|
|
scx->vol->securid_cache, GENERIC( &wanted ),
|
|
( cache_compare )compare );
|
|
/* quite simple, if we are lucky */
|
|
if ( cached )
|
|
securid = cached->securid;
|
|
|
|
/* not in cache : make sure we can create ids */
|
|
|
|
if ( !cached && ( scx->vol->major_ver >= 3 ) )
|
|
{
|
|
usid = ntfs_find_usid( scx->mapping[MAPUSERS], uid, ( SID* ) & defusid );
|
|
gsid = ntfs_find_gsid( scx->mapping[MAPGROUPS], gid, ( SID* ) & defgsid );
|
|
if ( !usid || !gsid )
|
|
{
|
|
ntfs_log_error( "File created by an unmapped user/group %d/%d\n",
|
|
( int )uid, ( int )gid );
|
|
usid = gsid = adminsid;
|
|
}
|
|
newattr = ntfs_build_descr( mode, isdir, usid, gsid );
|
|
if ( newattr )
|
|
{
|
|
newattrsz = ntfs_attr_size( newattr );
|
|
securid = setsecurityattr( scx->vol,
|
|
( const SECURITY_DESCRIPTOR_RELATIVE* )newattr,
|
|
newattrsz );
|
|
if ( securid )
|
|
{
|
|
/* update cache, for subsequent use */
|
|
wanted.securid = securid;
|
|
ntfs_enter_cache( scx->vol->securid_cache,
|
|
GENERIC( &wanted ),
|
|
( cache_compare )compare );
|
|
}
|
|
free( newattr );
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* could not build new security attribute
|
|
* errno set by ntfs_build_descr()
|
|
*/
|
|
}
|
|
}
|
|
#endif
|
|
return ( securid );
|
|
}
|
|
|
|
#endif
|
|
|
|
/*
|
|
* Update ownership and mode of a file, reusing an existing
|
|
* security descriptor when possible
|
|
*
|
|
* Returns zero if successful
|
|
*/
|
|
|
|
#if POSIXACLS
|
|
int ntfs_set_owner_mode( struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
|
|
uid_t uid, gid_t gid, mode_t mode,
|
|
struct POSIX_SECURITY *pxdesc )
|
|
#else
|
|
int ntfs_set_owner_mode( struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
|
|
uid_t uid, gid_t gid, mode_t mode )
|
|
#endif
|
|
{
|
|
int res;
|
|
const struct CACHED_SECURID *cached;
|
|
struct CACHED_SECURID wanted;
|
|
char *newattr;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
BIGSID defusid;
|
|
BIGSID defgsid;
|
|
BOOL isdir;
|
|
|
|
res = 0;
|
|
|
|
/* check whether target securid is known in cache */
|
|
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY ) != const_cpu_to_le16( 0 );
|
|
wanted.uid = uid;
|
|
wanted.gid = gid;
|
|
wanted.dmode = mode & 07777;
|
|
if ( isdir ) wanted.dmode |= 0x10000;
|
|
#if POSIXACLS
|
|
wanted.variable = ( void* )pxdesc;
|
|
if ( pxdesc )
|
|
wanted.varsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( pxdesc->acccnt + pxdesc->defcnt ) * sizeof( struct POSIX_ACE );
|
|
else
|
|
wanted.varsize = 0;
|
|
#else
|
|
wanted.variable = ( void* )NULL;
|
|
wanted.varsize = 0;
|
|
#endif
|
|
if ( test_nino_flag( ni, v3_Extensions ) )
|
|
{
|
|
cached = ( const struct CACHED_SECURID* )ntfs_fetch_cache(
|
|
scx->vol->securid_cache, GENERIC( &wanted ),
|
|
( cache_compare )compare );
|
|
/* quite simple, if we are lucky */
|
|
if ( cached )
|
|
{
|
|
ni->security_id = cached->securid;
|
|
NInoSetDirty( ni );
|
|
}
|
|
}
|
|
else cached = ( struct CACHED_SECURID* )NULL;
|
|
|
|
if ( !cached )
|
|
{
|
|
/*
|
|
* Do not use usid and gsid from former attributes,
|
|
* but recompute them to get repeatable results
|
|
* which can be kept in cache.
|
|
*/
|
|
usid = ntfs_find_usid( scx->mapping[MAPUSERS], uid, ( SID* ) & defusid );
|
|
gsid = ntfs_find_gsid( scx->mapping[MAPGROUPS], gid, ( SID* ) & defgsid );
|
|
if ( !usid || !gsid )
|
|
{
|
|
ntfs_log_error( "File made owned by an unmapped user/group %d/%d\n",
|
|
uid, gid );
|
|
usid = gsid = adminsid;
|
|
}
|
|
#if POSIXACLS
|
|
if ( pxdesc )
|
|
newattr = ntfs_build_descr_posix( scx->mapping, pxdesc,
|
|
isdir, usid, gsid );
|
|
else
|
|
newattr = ntfs_build_descr( mode,
|
|
isdir, usid, gsid );
|
|
#else
|
|
newattr = ntfs_build_descr( mode,
|
|
isdir, usid, gsid );
|
|
#endif
|
|
if ( newattr )
|
|
{
|
|
res = update_secur_descr( scx->vol, newattr, ni );
|
|
if ( !res )
|
|
{
|
|
/* adjust Windows read-only flag */
|
|
if ( !isdir )
|
|
{
|
|
if ( mode & S_IWUSR )
|
|
ni->flags &= ~FILE_ATTR_READONLY;
|
|
else
|
|
ni->flags |= FILE_ATTR_READONLY;
|
|
NInoFileNameSetDirty( ni );
|
|
}
|
|
/* update cache, for subsequent use */
|
|
if ( test_nino_flag( ni, v3_Extensions ) )
|
|
{
|
|
wanted.securid = ni->security_id;
|
|
ntfs_enter_cache( scx->vol->securid_cache,
|
|
GENERIC( &wanted ),
|
|
( cache_compare )compare );
|
|
}
|
|
#if CACHE_LEGACY_SIZE
|
|
/* also invalidate legacy cache */
|
|
if ( isdir && !ni->security_id )
|
|
{
|
|
struct CACHED_PERMISSIONS_LEGACY legacy;
|
|
|
|
legacy.mft_no = ni->mft_no;
|
|
#if POSIXACLS
|
|
legacy.variable = wanted.variable;
|
|
legacy.varsize = wanted.varsize;
|
|
#else
|
|
legacy.variable = ( void* )NULL;
|
|
legacy.varsize = 0;
|
|
#endif
|
|
ntfs_invalidate_cache( scx->vol->legacy_cache,
|
|
GENERIC( &legacy ),
|
|
( cache_compare )leg_compare, 0 );
|
|
}
|
|
#endif
|
|
}
|
|
free( newattr );
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* could not build new security attribute
|
|
* errno set by ntfs_build_descr()
|
|
*/
|
|
res = -1;
|
|
}
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
/*
|
|
* Check whether user has ownership rights on a file
|
|
*
|
|
* Returns TRUE if allowed
|
|
* if not, errno tells why
|
|
*/
|
|
|
|
BOOL ntfs_allowed_as_owner( struct SECURITY_CONTEXT *scx, ntfs_inode *ni )
|
|
{
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
char *oldattr;
|
|
const SID *usid;
|
|
uid_t processuid;
|
|
uid_t uid;
|
|
BOOL gotowner;
|
|
int allowed;
|
|
|
|
processuid = scx->uid;
|
|
/* TODO : use CAP_FOWNER process capability */
|
|
/*
|
|
* Always allow for root
|
|
* Also always allow if no mapping has been defined
|
|
*/
|
|
if ( !scx->mapping[MAPUSERS] || !processuid )
|
|
allowed = TRUE;
|
|
else
|
|
{
|
|
gotowner = FALSE; /* default */
|
|
/* get the owner, either from cache or from old attribute */
|
|
cached = fetch_cache( scx, ni );
|
|
if ( cached )
|
|
{
|
|
uid = cached->uid;
|
|
gotowner = TRUE;
|
|
}
|
|
else
|
|
{
|
|
oldattr = getsecurityattr( scx->vol, ni );
|
|
if ( oldattr )
|
|
{
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( oldattr );
|
|
#else
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )
|
|
oldattr;
|
|
usid = ( const SID* ) & oldattr
|
|
[le32_to_cpu( phead->owner )];
|
|
#endif
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS],
|
|
usid );
|
|
gotowner = TRUE;
|
|
free( oldattr );
|
|
}
|
|
}
|
|
allowed = FALSE;
|
|
if ( gotowner )
|
|
{
|
|
/* TODO : use CAP_FOWNER process capability */
|
|
if ( !processuid || ( processuid == uid ) )
|
|
allowed = TRUE;
|
|
else
|
|
errno = EPERM;
|
|
}
|
|
}
|
|
return ( allowed );
|
|
}
|
|
|
|
#ifdef HAVE_SETXATTR /* extended attributes interface required */
|
|
|
|
#if POSIXACLS
|
|
|
|
/*
|
|
* Set a new access or default Posix ACL to a file
|
|
* (or remove ACL if no input data)
|
|
* Validity of input data is checked after merging
|
|
*
|
|
* Returns 0, or -1 if there is a problem which errno describes
|
|
*/
|
|
|
|
int ntfs_set_posix_acl( struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
|
|
const char *name, const char *value, size_t size,
|
|
int flags )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
char *oldattr;
|
|
uid_t processuid;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
uid_t uid;
|
|
uid_t gid;
|
|
int res;
|
|
mode_t mode;
|
|
BOOL isdir;
|
|
BOOL deflt;
|
|
BOOL exist;
|
|
int count;
|
|
struct POSIX_SECURITY *oldpxdesc;
|
|
struct POSIX_SECURITY *newpxdesc;
|
|
|
|
/* get the current pxsec, either from cache or from old attribute */
|
|
res = -1;
|
|
deflt = !strcmp( name, "system.posix_acl_default" );
|
|
if ( size )
|
|
count = ( size - sizeof( struct POSIX_ACL ) ) / sizeof( struct POSIX_ACE );
|
|
else
|
|
count = 0;
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY ) != const_cpu_to_le16( 0 );
|
|
newpxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
if ( !deflt || isdir || !size )
|
|
{
|
|
cached = fetch_cache( scx, ni );
|
|
if ( cached )
|
|
{
|
|
uid = cached->uid;
|
|
gid = cached->gid;
|
|
oldpxdesc = cached->pxdesc;
|
|
if ( oldpxdesc )
|
|
{
|
|
mode = oldpxdesc->mode;
|
|
newpxdesc = ntfs_replace_acl( oldpxdesc,
|
|
( const struct POSIX_ACL* )value, count, deflt );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
oldattr = getsecurityattr( scx->vol, ni );
|
|
if ( oldattr )
|
|
{
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )oldattr;
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( oldattr );
|
|
#else
|
|
usid = ( const SID* ) & oldattr[le32_to_cpu( phead->owner )];
|
|
#endif
|
|
gsid = ( const SID* ) & oldattr[le32_to_cpu( phead->group )];
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
gid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
oldpxdesc = ntfs_build_permissions_posix( scx->mapping,
|
|
oldattr, usid, gsid, isdir );
|
|
if ( oldpxdesc )
|
|
{
|
|
if ( deflt )
|
|
exist = oldpxdesc->defcnt > 0;
|
|
else
|
|
exist = oldpxdesc->acccnt > 3;
|
|
if ( ( exist && ( flags & XATTR_CREATE ) )
|
|
|| ( !exist && ( flags & XATTR_REPLACE ) ) )
|
|
{
|
|
errno = ( exist ? EEXIST : ENODATA );
|
|
}
|
|
else
|
|
{
|
|
mode = oldpxdesc->mode;
|
|
newpxdesc = ntfs_replace_acl( oldpxdesc,
|
|
( const struct POSIX_ACL* )value, count, deflt );
|
|
}
|
|
free( oldpxdesc );
|
|
}
|
|
free( oldattr );
|
|
}
|
|
}
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
|
|
if ( newpxdesc )
|
|
{
|
|
processuid = scx->uid;
|
|
/* TODO : use CAP_FOWNER process capability */
|
|
if ( !processuid || ( uid == processuid ) )
|
|
{
|
|
/*
|
|
* clear setgid if file group does
|
|
* not match process group
|
|
*/
|
|
if ( processuid && ( gid != scx->gid )
|
|
&& !groupmember( scx, scx->uid, gid ) )
|
|
{
|
|
newpxdesc->mode &= ~S_ISGID;
|
|
}
|
|
res = ntfs_set_owner_mode( scx, ni, uid, gid,
|
|
newpxdesc->mode, newpxdesc );
|
|
}
|
|
else
|
|
errno = EPERM;
|
|
free( newpxdesc );
|
|
}
|
|
return ( res ? -1 : 0 );
|
|
}
|
|
|
|
/*
|
|
* Remove a default Posix ACL from a file
|
|
*
|
|
* Returns 0, or -1 if there is a problem which errno describes
|
|
*/
|
|
|
|
int ntfs_remove_posix_acl( struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
|
|
const char *name )
|
|
{
|
|
return ( ntfs_set_posix_acl( scx, ni, name,
|
|
( const char* )NULL, 0, 0 ) );
|
|
}
|
|
|
|
#endif
|
|
|
|
/*
|
|
* Set a new NTFS ACL to a file
|
|
*
|
|
* Returns 0, or -1 if there is a problem
|
|
*/
|
|
|
|
int ntfs_set_ntfs_acl( struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
|
|
const char *value, size_t size, int flags )
|
|
{
|
|
char *attr;
|
|
int res;
|
|
|
|
res = -1;
|
|
if ( ( size > 0 )
|
|
&& !( flags & XATTR_CREATE )
|
|
&& ntfs_valid_descr( value, size )
|
|
&& ( ntfs_attr_size( value ) == size ) )
|
|
{
|
|
/* need copying in order to write */
|
|
attr = ( char* )ntfs_malloc( size );
|
|
if ( attr )
|
|
{
|
|
memcpy( attr, value, size );
|
|
res = update_secur_descr( scx->vol, attr, ni );
|
|
/*
|
|
* No need to invalidate standard caches :
|
|
* the relation between a securid and
|
|
* the associated protection is unchanged,
|
|
* only the relation between a file and
|
|
* its securid and protection is changed.
|
|
*/
|
|
#if CACHE_LEGACY_SIZE
|
|
/*
|
|
* we must however invalidate the legacy
|
|
* cache, which is based on inode numbers.
|
|
* For safety, invalidate even if updating
|
|
* failed.
|
|
*/
|
|
if ( ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
&& !ni->security_id )
|
|
{
|
|
struct CACHED_PERMISSIONS_LEGACY legacy;
|
|
|
|
legacy.mft_no = ni->mft_no;
|
|
legacy.variable = ( char* )NULL;
|
|
legacy.varsize = 0;
|
|
ntfs_invalidate_cache( scx->vol->legacy_cache,
|
|
GENERIC( &legacy ),
|
|
( cache_compare )leg_compare, 0 );
|
|
}
|
|
#endif
|
|
free( attr );
|
|
}
|
|
else
|
|
errno = ENOMEM;
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( res ? -1 : 0 );
|
|
}
|
|
|
|
#endif /* HAVE_SETXATTR */
|
|
|
|
/*
|
|
* Set new permissions to a file
|
|
* Checks user mapping has been defined before request for setting
|
|
*
|
|
* rejected if request is not originated by owner or root
|
|
*
|
|
* returns 0 on success
|
|
* -1 on failure, with errno = EIO
|
|
*/
|
|
|
|
int ntfs_set_mode( struct SECURITY_CONTEXT *scx, ntfs_inode *ni, mode_t mode )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
char *oldattr;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
uid_t processuid;
|
|
uid_t uid;
|
|
uid_t gid;
|
|
int res;
|
|
#if POSIXACLS
|
|
BOOL isdir;
|
|
int pxsize;
|
|
const struct POSIX_SECURITY *oldpxdesc;
|
|
struct POSIX_SECURITY *newpxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
#endif
|
|
|
|
/* get the current owner, either from cache or from old attribute */
|
|
res = 0;
|
|
cached = fetch_cache( scx, ni );
|
|
if ( cached )
|
|
{
|
|
uid = cached->uid;
|
|
gid = cached->gid;
|
|
#if POSIXACLS
|
|
oldpxdesc = cached->pxdesc;
|
|
if ( oldpxdesc )
|
|
{
|
|
/* must copy before merging */
|
|
pxsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( oldpxdesc->acccnt + oldpxdesc->defcnt ) * sizeof( struct POSIX_ACE );
|
|
newpxdesc = ( struct POSIX_SECURITY* )malloc( pxsize );
|
|
if ( newpxdesc )
|
|
{
|
|
memcpy( newpxdesc, oldpxdesc, pxsize );
|
|
if ( ntfs_merge_mode_posix( newpxdesc, mode ) )
|
|
res = -1;
|
|
}
|
|
else
|
|
res = -1;
|
|
}
|
|
else
|
|
newpxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
#endif
|
|
}
|
|
else
|
|
{
|
|
oldattr = getsecurityattr( scx->vol, ni );
|
|
if ( oldattr )
|
|
{
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )oldattr;
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( oldattr );
|
|
#else
|
|
usid = ( const SID* ) & oldattr[le32_to_cpu( phead->owner )];
|
|
#endif
|
|
gsid = ( const SID* ) & oldattr[le32_to_cpu( phead->group )];
|
|
uid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
gid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
#if POSIXACLS
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY ) != const_cpu_to_le16( 0 );
|
|
newpxdesc = ntfs_build_permissions_posix( scx->mapping,
|
|
oldattr, usid, gsid, isdir );
|
|
if ( !newpxdesc || ntfs_merge_mode_posix( newpxdesc, mode ) )
|
|
res = -1;
|
|
#endif
|
|
free( oldattr );
|
|
}
|
|
else
|
|
res = -1;
|
|
}
|
|
|
|
if ( !res )
|
|
{
|
|
processuid = scx->uid;
|
|
/* TODO : use CAP_FOWNER process capability */
|
|
if ( !processuid || ( uid == processuid ) )
|
|
{
|
|
/*
|
|
* clear setgid if file group does
|
|
* not match process group
|
|
*/
|
|
if ( processuid && ( gid != scx->gid )
|
|
&& !groupmember( scx, scx->uid, gid ) )
|
|
mode &= ~S_ISGID;
|
|
#if POSIXACLS
|
|
if ( newpxdesc )
|
|
{
|
|
newpxdesc->mode = mode;
|
|
res = ntfs_set_owner_mode( scx, ni, uid, gid,
|
|
mode, newpxdesc );
|
|
}
|
|
else
|
|
res = ntfs_set_owner_mode( scx, ni, uid, gid,
|
|
mode, newpxdesc );
|
|
#else
|
|
res = ntfs_set_owner_mode( scx, ni, uid, gid, mode );
|
|
#endif
|
|
}
|
|
else
|
|
{
|
|
errno = EPERM;
|
|
res = -1; /* neither owner nor root */
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* Should not happen : a default descriptor is generated
|
|
* by getsecurityattr() when there are none
|
|
*/
|
|
ntfs_log_error( "File has no security descriptor\n" );
|
|
res = -1;
|
|
errno = EIO;
|
|
}
|
|
#if POSIXACLS
|
|
if ( newpxdesc ) free( newpxdesc );
|
|
#endif
|
|
return ( res ? -1 : 0 );
|
|
}
|
|
|
|
/*
|
|
* Create a default security descriptor for files whose descriptor
|
|
* cannot be inherited
|
|
*/
|
|
|
|
int ntfs_sd_add_everyone( ntfs_inode *ni )
|
|
{
|
|
/* JPA SECURITY_DESCRIPTOR_ATTR *sd; */
|
|
SECURITY_DESCRIPTOR_RELATIVE *sd;
|
|
ACL *acl;
|
|
ACCESS_ALLOWED_ACE *ace;
|
|
SID *sid;
|
|
int ret, sd_len;
|
|
|
|
/* Create SECURITY_DESCRIPTOR attribute (everyone has full access). */
|
|
/*
|
|
* Calculate security descriptor length. We have 2 sub-authorities in
|
|
* owner and group SIDs, but structure SID contain only one, so add
|
|
* 4 bytes to every SID.
|
|
*/
|
|
sd_len = sizeof( SECURITY_DESCRIPTOR_ATTR ) + 2 * ( sizeof( SID ) + 4 ) +
|
|
sizeof( ACL ) + sizeof( ACCESS_ALLOWED_ACE );
|
|
sd = ( SECURITY_DESCRIPTOR_RELATIVE* )ntfs_calloc( sd_len );
|
|
if ( !sd )
|
|
return -1;
|
|
|
|
sd->revision = SECURITY_DESCRIPTOR_REVISION;
|
|
sd->control = SE_DACL_PRESENT | SE_SELF_RELATIVE;
|
|
|
|
sid = ( SID* )( ( u8* )sd + sizeof( SECURITY_DESCRIPTOR_ATTR ) );
|
|
sid->revision = SID_REVISION;
|
|
sid->sub_authority_count = 2;
|
|
sid->sub_authority[0] = const_cpu_to_le32( SECURITY_BUILTIN_DOMAIN_RID );
|
|
sid->sub_authority[1] = const_cpu_to_le32( DOMAIN_ALIAS_RID_ADMINS );
|
|
sid->identifier_authority.value[5] = 5;
|
|
sd->owner = cpu_to_le32( ( u8* )sid - ( u8* )sd );
|
|
|
|
sid = ( SID* )( ( u8* )sid + sizeof( SID ) + 4 );
|
|
sid->revision = SID_REVISION;
|
|
sid->sub_authority_count = 2;
|
|
sid->sub_authority[0] = const_cpu_to_le32( SECURITY_BUILTIN_DOMAIN_RID );
|
|
sid->sub_authority[1] = const_cpu_to_le32( DOMAIN_ALIAS_RID_ADMINS );
|
|
sid->identifier_authority.value[5] = 5;
|
|
sd->group = cpu_to_le32( ( u8* )sid - ( u8* )sd );
|
|
|
|
acl = ( ACL* )( ( u8* )sid + sizeof( SID ) + 4 );
|
|
acl->revision = ACL_REVISION;
|
|
acl->size = const_cpu_to_le16( sizeof( ACL ) + sizeof( ACCESS_ALLOWED_ACE ) );
|
|
acl->ace_count = const_cpu_to_le16( 1 );
|
|
sd->dacl = cpu_to_le32( ( u8* )acl - ( u8* )sd );
|
|
|
|
ace = ( ACCESS_ALLOWED_ACE* )( ( u8* )acl + sizeof( ACL ) );
|
|
ace->type = ACCESS_ALLOWED_ACE_TYPE;
|
|
ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
|
|
ace->size = const_cpu_to_le16( sizeof( ACCESS_ALLOWED_ACE ) );
|
|
ace->mask = const_cpu_to_le32( 0x1f01ff ); /* FIXME */
|
|
ace->sid.revision = SID_REVISION;
|
|
ace->sid.sub_authority_count = 1;
|
|
ace->sid.sub_authority[0] = const_cpu_to_le32( 0 );
|
|
ace->sid.identifier_authority.value[5] = 1;
|
|
|
|
ret = ntfs_attr_add( ni, AT_SECURITY_DESCRIPTOR, AT_UNNAMED, 0, ( u8* )sd,
|
|
sd_len );
|
|
if ( ret )
|
|
ntfs_log_perror( "Failed to add initial SECURITY_DESCRIPTOR" );
|
|
|
|
free( sd );
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Check whether user can access a file in a specific way
|
|
*
|
|
* Returns 1 if access is allowed, including user is root or no
|
|
* user mapping defined
|
|
* 2 if sticky and accesstype is S_IWRITE + S_IEXEC + S_ISVTX
|
|
* 0 and sets errno if there is a problem or if access
|
|
* is not allowed
|
|
*
|
|
* This is used for Posix ACL and checking creation of DOS file names
|
|
*/
|
|
|
|
int ntfs_allowed_access( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode *ni,
|
|
int accesstype ) /* access type required (S_Ixxx values) */
|
|
{
|
|
int perm;
|
|
int res;
|
|
int allow;
|
|
struct stat stbuf;
|
|
|
|
/*
|
|
* Always allow for root unless execution is requested.
|
|
* (was checked by fuse until kernel 2.6.29)
|
|
* Also always allow if no mapping has been defined
|
|
*/
|
|
if ( !scx->mapping[MAPUSERS]
|
|
|| ( !scx->uid
|
|
&& ( !( accesstype & S_IEXEC )
|
|
|| ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY ) ) ) )
|
|
allow = 1;
|
|
else
|
|
{
|
|
perm = ntfs_get_perm( scx, ni, accesstype );
|
|
if ( perm >= 0 )
|
|
{
|
|
res = EACCES;
|
|
switch ( accesstype )
|
|
{
|
|
case S_IEXEC:
|
|
allow = ( perm & ( S_IXUSR | S_IXGRP | S_IXOTH ) ) != 0;
|
|
break;
|
|
case S_IWRITE:
|
|
allow = ( perm & ( S_IWUSR | S_IWGRP | S_IWOTH ) ) != 0;
|
|
break;
|
|
case S_IWRITE + S_IEXEC:
|
|
allow = ( ( perm & ( S_IWUSR | S_IWGRP | S_IWOTH ) ) != 0 )
|
|
&& ( ( perm & ( S_IXUSR | S_IXGRP | S_IXOTH ) ) != 0 );
|
|
break;
|
|
case S_IREAD:
|
|
allow = ( perm & ( S_IRUSR | S_IRGRP | S_IROTH ) ) != 0;
|
|
break;
|
|
case S_IREAD + S_IEXEC:
|
|
allow = ( ( perm & ( S_IRUSR | S_IRGRP | S_IROTH ) ) != 0 )
|
|
&& ( ( perm & ( S_IXUSR | S_IXGRP | S_IXOTH ) ) != 0 );
|
|
break;
|
|
case S_IREAD + S_IWRITE:
|
|
allow = ( ( perm & ( S_IRUSR | S_IRGRP | S_IROTH ) ) != 0 )
|
|
&& ( ( perm & ( S_IWUSR | S_IWGRP | S_IWOTH ) ) != 0 );
|
|
break;
|
|
case S_IWRITE + S_IEXEC + S_ISVTX:
|
|
if ( perm & S_ISVTX )
|
|
{
|
|
if ( ( ntfs_get_owner_mode( scx, ni, &stbuf ) >= 0 )
|
|
&& ( stbuf.st_uid == scx->uid ) )
|
|
allow = 1;
|
|
else
|
|
allow = 2;
|
|
}
|
|
else
|
|
allow = ( ( perm & ( S_IWUSR | S_IWGRP | S_IWOTH ) ) != 0 )
|
|
&& ( ( perm & ( S_IXUSR | S_IXGRP | S_IXOTH ) ) != 0 );
|
|
break;
|
|
case S_IREAD + S_IWRITE + S_IEXEC:
|
|
allow = ( ( perm & ( S_IRUSR | S_IRGRP | S_IROTH ) ) != 0 )
|
|
&& ( ( perm & ( S_IWUSR | S_IWGRP | S_IWOTH ) ) != 0 )
|
|
&& ( ( perm & ( S_IXUSR | S_IXGRP | S_IXOTH ) ) != 0 );
|
|
break;
|
|
default :
|
|
res = EINVAL;
|
|
allow = 0;
|
|
break;
|
|
}
|
|
if ( !allow )
|
|
errno = res;
|
|
}
|
|
else
|
|
allow = 0;
|
|
}
|
|
return ( allow );
|
|
}
|
|
|
|
#if 0 /* not needed any more */
|
|
|
|
/*
|
|
* Check whether user can access the parent directory
|
|
* of a file in a specific way
|
|
*
|
|
* Returns true if access is allowed, including user is root and
|
|
* no user mapping defined
|
|
*
|
|
* Sets errno if there is a problem or if not allowed
|
|
*
|
|
* This is used for Posix ACL and checking creation of DOS file names
|
|
*/
|
|
|
|
BOOL old_ntfs_allowed_dir_access( struct SECURITY_CONTEXT *scx,
|
|
const char *path, int accesstype )
|
|
{
|
|
int allow;
|
|
char *dirpath;
|
|
char *name;
|
|
ntfs_inode *ni;
|
|
ntfs_inode *dir_ni;
|
|
struct stat stbuf;
|
|
|
|
allow = 0;
|
|
dirpath = strdup( path );
|
|
if ( dirpath )
|
|
{
|
|
/* the root of file system is seen as a parent of itself */
|
|
/* is that correct ? */
|
|
name = strrchr( dirpath, '/' );
|
|
*name = 0;
|
|
dir_ni = ntfs_pathname_to_inode( scx->vol, NULL, dirpath );
|
|
if ( dir_ni )
|
|
{
|
|
allow = ntfs_allowed_access( scx,
|
|
dir_ni, accesstype );
|
|
ntfs_inode_close( dir_ni );
|
|
/*
|
|
* for an not-owned sticky directory, have to
|
|
* check whether file itself is owned
|
|
*/
|
|
if ( ( accesstype == ( S_IWRITE + S_IEXEC + S_ISVTX ) )
|
|
&& ( allow == 2 ) )
|
|
{
|
|
ni = ntfs_pathname_to_inode( scx->vol, NULL,
|
|
path );
|
|
allow = FALSE;
|
|
if ( ni )
|
|
{
|
|
allow = ( ntfs_get_owner_mode( scx, ni, &stbuf ) >= 0 )
|
|
&& ( stbuf.st_uid == scx->uid );
|
|
ntfs_inode_close( ni );
|
|
}
|
|
}
|
|
}
|
|
free( dirpath );
|
|
}
|
|
return ( allow ); /* errno is set if not allowed */
|
|
}
|
|
|
|
#endif
|
|
|
|
/*
|
|
* Define a new owner/group to a file
|
|
*
|
|
* returns zero if successful
|
|
*/
|
|
|
|
int ntfs_set_owner( struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
|
|
uid_t uid, gid_t gid )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
char *oldattr;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
uid_t fileuid;
|
|
uid_t filegid;
|
|
mode_t mode;
|
|
int perm;
|
|
BOOL isdir;
|
|
int res;
|
|
#if POSIXACLS
|
|
struct POSIX_SECURITY *pxdesc;
|
|
BOOL pxdescbuilt = FALSE;
|
|
#endif
|
|
|
|
res = 0;
|
|
/* get the current owner and mode from cache or security attributes */
|
|
oldattr = ( char* )NULL;
|
|
cached = fetch_cache( scx, ni );
|
|
if ( cached )
|
|
{
|
|
fileuid = cached->uid;
|
|
filegid = cached->gid;
|
|
mode = cached->mode;
|
|
#if POSIXACLS
|
|
pxdesc = cached->pxdesc;
|
|
if ( !pxdesc )
|
|
res = -1;
|
|
#endif
|
|
}
|
|
else
|
|
{
|
|
fileuid = 0;
|
|
filegid = 0;
|
|
mode = 0;
|
|
oldattr = getsecurityattr( scx->vol, ni );
|
|
if ( oldattr )
|
|
{
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
!= const_cpu_to_le16( 0 );
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )
|
|
oldattr;
|
|
gsid = ( const SID* )
|
|
& oldattr[le32_to_cpu( phead->group )];
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( oldattr );
|
|
#else
|
|
usid = ( const SID* )
|
|
& oldattr[le32_to_cpu( phead->owner )];
|
|
#endif
|
|
#if POSIXACLS
|
|
pxdesc = ntfs_build_permissions_posix( scx->mapping, oldattr,
|
|
usid, gsid, isdir );
|
|
if ( pxdesc )
|
|
{
|
|
pxdescbuilt = TRUE;
|
|
fileuid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
filegid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
mode = perm = pxdesc->mode;
|
|
}
|
|
else
|
|
res = -1;
|
|
#else
|
|
mode = perm = ntfs_build_permissions( oldattr,
|
|
usid, gsid, isdir );
|
|
if ( perm >= 0 )
|
|
{
|
|
fileuid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
filegid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
}
|
|
else
|
|
res = -1;
|
|
#endif
|
|
free( oldattr );
|
|
}
|
|
else
|
|
res = -1;
|
|
}
|
|
if ( !res )
|
|
{
|
|
/* check requested by root */
|
|
/* or chgrp requested by owner to an owned group */
|
|
if ( !scx->uid
|
|
|| ( ( ( ( int )uid < 0 ) || ( uid == fileuid ) )
|
|
&& ( ( gid == scx->gid ) || groupmember( scx, scx->uid, gid ) )
|
|
&& ( fileuid == scx->uid ) ) )
|
|
{
|
|
/* replace by the new usid and gsid */
|
|
/* or reuse old gid and sid for cacheing */
|
|
if ( ( int )uid < 0 )
|
|
uid = fileuid;
|
|
if ( ( int )gid < 0 )
|
|
gid = filegid;
|
|
/* clear setuid and setgid if owner has changed */
|
|
/* unless request originated by root */
|
|
if ( uid && ( fileuid != uid ) )
|
|
mode &= 01777;
|
|
#if POSIXACLS
|
|
res = ntfs_set_owner_mode( scx, ni, uid, gid,
|
|
mode, pxdesc );
|
|
#else
|
|
res = ntfs_set_owner_mode( scx, ni, uid, gid, mode );
|
|
#endif
|
|
}
|
|
else
|
|
{
|
|
res = -1; /* neither owner nor root */
|
|
errno = EPERM;
|
|
}
|
|
#if POSIXACLS
|
|
if ( pxdescbuilt )
|
|
free( pxdesc );
|
|
#endif
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* Should not happen : a default descriptor is generated
|
|
* by getsecurityattr() when there are none
|
|
*/
|
|
ntfs_log_error( "File has no security descriptor\n" );
|
|
res = -1;
|
|
errno = EIO;
|
|
}
|
|
return ( res ? -1 : 0 );
|
|
}
|
|
|
|
/*
|
|
* Define new owner/group and mode to a file
|
|
*
|
|
* returns zero if successful
|
|
*/
|
|
|
|
int ntfs_set_ownmod( struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
|
|
uid_t uid, gid_t gid, const mode_t mode )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
const struct CACHED_PERMISSIONS *cached;
|
|
char *oldattr;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
uid_t fileuid;
|
|
uid_t filegid;
|
|
BOOL isdir;
|
|
int res;
|
|
#if POSIXACLS
|
|
const struct POSIX_SECURITY *oldpxdesc;
|
|
struct POSIX_SECURITY *newpxdesc = ( struct POSIX_SECURITY* )NULL;
|
|
int pxsize;
|
|
#endif
|
|
|
|
res = 0;
|
|
/* get the current owner and mode from cache or security attributes */
|
|
oldattr = ( char* )NULL;
|
|
cached = fetch_cache( scx, ni );
|
|
if ( cached )
|
|
{
|
|
fileuid = cached->uid;
|
|
filegid = cached->gid;
|
|
#if POSIXACLS
|
|
oldpxdesc = cached->pxdesc;
|
|
if ( oldpxdesc )
|
|
{
|
|
/* must copy before merging */
|
|
pxsize = sizeof( struct POSIX_SECURITY )
|
|
+ ( oldpxdesc->acccnt + oldpxdesc->defcnt ) * sizeof( struct POSIX_ACE );
|
|
newpxdesc = ( struct POSIX_SECURITY* )malloc( pxsize );
|
|
if ( newpxdesc )
|
|
{
|
|
memcpy( newpxdesc, oldpxdesc, pxsize );
|
|
if ( ntfs_merge_mode_posix( newpxdesc, mode ) )
|
|
res = -1;
|
|
}
|
|
else
|
|
res = -1;
|
|
}
|
|
#endif
|
|
}
|
|
else
|
|
{
|
|
fileuid = 0;
|
|
filegid = 0;
|
|
oldattr = getsecurityattr( scx->vol, ni );
|
|
if ( oldattr )
|
|
{
|
|
isdir = ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
!= const_cpu_to_le16( 0 );
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )
|
|
oldattr;
|
|
gsid = ( const SID* )
|
|
& oldattr[le32_to_cpu( phead->group )];
|
|
#if OWNERFROMACL
|
|
usid = ntfs_acl_owner( oldattr );
|
|
#else
|
|
usid = ( const SID* )
|
|
& oldattr[le32_to_cpu( phead->owner )];
|
|
#endif
|
|
#if POSIXACLS
|
|
newpxdesc = ntfs_build_permissions_posix( scx->mapping, oldattr,
|
|
usid, gsid, isdir );
|
|
if ( !newpxdesc || ntfs_merge_mode_posix( newpxdesc, mode ) )
|
|
res = -1;
|
|
else
|
|
{
|
|
fileuid = ntfs_find_user( scx->mapping[MAPUSERS], usid );
|
|
filegid = ntfs_find_group( scx->mapping[MAPGROUPS], gsid );
|
|
}
|
|
#endif
|
|
free( oldattr );
|
|
}
|
|
else
|
|
res = -1;
|
|
}
|
|
if ( !res )
|
|
{
|
|
/* check requested by root */
|
|
/* or chgrp requested by owner to an owned group */
|
|
if ( !scx->uid
|
|
|| ( ( ( ( int )uid < 0 ) || ( uid == fileuid ) )
|
|
&& ( ( gid == scx->gid ) || groupmember( scx, scx->uid, gid ) )
|
|
&& ( fileuid == scx->uid ) ) )
|
|
{
|
|
/* replace by the new usid and gsid */
|
|
/* or reuse old gid and sid for cacheing */
|
|
if ( ( int )uid < 0 )
|
|
uid = fileuid;
|
|
if ( ( int )gid < 0 )
|
|
gid = filegid;
|
|
#if POSIXACLS
|
|
res = ntfs_set_owner_mode( scx, ni, uid, gid,
|
|
mode, newpxdesc );
|
|
#else
|
|
res = ntfs_set_owner_mode( scx, ni, uid, gid, mode );
|
|
#endif
|
|
}
|
|
else
|
|
{
|
|
res = -1; /* neither owner nor root */
|
|
errno = EPERM;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* Should not happen : a default descriptor is generated
|
|
* by getsecurityattr() when there are none
|
|
*/
|
|
ntfs_log_error( "File has no security descriptor\n" );
|
|
res = -1;
|
|
errno = EIO;
|
|
}
|
|
#if POSIXACLS
|
|
free( newpxdesc );
|
|
#endif
|
|
return ( res ? -1 : 0 );
|
|
}
|
|
|
|
/*
|
|
* Build a security id for a descriptor inherited from
|
|
* parent directory the Windows way
|
|
*/
|
|
|
|
static le32 build_inherited_id( struct SECURITY_CONTEXT *scx,
|
|
const char *parentattr, BOOL fordir )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *pphead;
|
|
const ACL *ppacl;
|
|
const SID *usid;
|
|
const SID *gsid;
|
|
BIGSID defusid;
|
|
BIGSID defgsid;
|
|
int offpacl;
|
|
int offowner;
|
|
int offgroup;
|
|
SECURITY_DESCRIPTOR_RELATIVE *pnhead;
|
|
ACL *pnacl;
|
|
int parentattrsz;
|
|
char *newattr;
|
|
int newattrsz;
|
|
int aclsz;
|
|
int usidsz;
|
|
int gsidsz;
|
|
int pos;
|
|
le32 securid;
|
|
|
|
parentattrsz = ntfs_attr_size( parentattr );
|
|
pphead = ( const SECURITY_DESCRIPTOR_RELATIVE* )parentattr;
|
|
if ( scx->mapping[MAPUSERS] )
|
|
{
|
|
usid = ntfs_find_usid( scx->mapping[MAPUSERS], scx->uid, ( SID* ) & defusid );
|
|
gsid = ntfs_find_gsid( scx->mapping[MAPGROUPS], scx->gid, ( SID* ) & defgsid );
|
|
if ( !usid )
|
|
usid = adminsid;
|
|
if ( !gsid )
|
|
gsid = adminsid;
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* If there is no user mapping, we have to copy owner
|
|
* and group from parent directory.
|
|
* Windows never has to do that, because it can always
|
|
* rely on a user mapping
|
|
*/
|
|
offowner = le32_to_cpu( pphead->owner );
|
|
usid = ( const SID* ) & parentattr[offowner];
|
|
offgroup = le32_to_cpu( pphead->group );
|
|
gsid = ( const SID* ) & parentattr[offgroup];
|
|
}
|
|
/*
|
|
* new attribute is smaller than parent's
|
|
* except for differences in SIDs which appear in
|
|
* owner, group and possible grants and denials in
|
|
* generic creator-owner and creator-group ACEs.
|
|
* For directories, an ACE may be duplicated for
|
|
* access and inheritance, so we double the count.
|
|
*/
|
|
usidsz = ntfs_sid_size( usid );
|
|
gsidsz = ntfs_sid_size( gsid );
|
|
newattrsz = parentattrsz + 3 * usidsz + 3 * gsidsz;
|
|
if ( fordir )
|
|
newattrsz *= 2;
|
|
newattr = ( char* )ntfs_malloc( newattrsz );
|
|
if ( newattr )
|
|
{
|
|
pnhead = ( SECURITY_DESCRIPTOR_RELATIVE* )newattr;
|
|
pnhead->revision = SECURITY_DESCRIPTOR_REVISION;
|
|
pnhead->alignment = 0;
|
|
pnhead->control = SE_SELF_RELATIVE;
|
|
pos = sizeof( SECURITY_DESCRIPTOR_RELATIVE );
|
|
/*
|
|
* locate and inherit DACL
|
|
* do not test SE_DACL_PRESENT (wrong for "DR Watson")
|
|
*/
|
|
pnhead->dacl = const_cpu_to_le32( 0 );
|
|
if ( pphead->dacl )
|
|
{
|
|
offpacl = le32_to_cpu( pphead->dacl );
|
|
ppacl = ( const ACL* ) & parentattr[offpacl];
|
|
pnacl = ( ACL* ) & newattr[pos];
|
|
aclsz = ntfs_inherit_acl( ppacl, pnacl, usid, gsid, fordir );
|
|
if ( aclsz )
|
|
{
|
|
pnhead->dacl = cpu_to_le32( pos );
|
|
pos += aclsz;
|
|
pnhead->control |= SE_DACL_PRESENT;
|
|
}
|
|
}
|
|
/*
|
|
* locate and inherit SACL
|
|
*/
|
|
pnhead->sacl = const_cpu_to_le32( 0 );
|
|
if ( pphead->sacl )
|
|
{
|
|
offpacl = le32_to_cpu( pphead->sacl );
|
|
ppacl = ( const ACL* ) & parentattr[offpacl];
|
|
pnacl = ( ACL* ) & newattr[pos];
|
|
aclsz = ntfs_inherit_acl( ppacl, pnacl, usid, gsid, fordir );
|
|
if ( aclsz )
|
|
{
|
|
pnhead->sacl = cpu_to_le32( pos );
|
|
pos += aclsz;
|
|
pnhead->control |= SE_SACL_PRESENT;
|
|
}
|
|
}
|
|
/*
|
|
* inherit or redefine owner
|
|
*/
|
|
memcpy( &newattr[pos], usid, usidsz );
|
|
pnhead->owner = cpu_to_le32( pos );
|
|
pos += usidsz;
|
|
/*
|
|
* inherit or redefine group
|
|
*/
|
|
memcpy( &newattr[pos], gsid, gsidsz );
|
|
pnhead->group = cpu_to_le32( pos );
|
|
pos += usidsz;
|
|
securid = setsecurityattr( scx->vol,
|
|
( SECURITY_DESCRIPTOR_RELATIVE* )newattr, pos );
|
|
free( newattr );
|
|
}
|
|
else
|
|
securid = const_cpu_to_le32( 0 );
|
|
return ( securid );
|
|
}
|
|
|
|
/*
|
|
* Get an inherited security id
|
|
*
|
|
* For Windows compatibility, the normal initial permission setting
|
|
* may be inherited from the parent directory instead of being
|
|
* defined by the creation arguments.
|
|
*
|
|
* The following creates an inherited id for that purpose.
|
|
*
|
|
* Note : the owner and group of parent directory are also
|
|
* inherited (which is not the case on Windows) if no user mapping
|
|
* is defined.
|
|
*
|
|
* Returns the inherited id, or zero if not possible (eg on NTFS 1.x)
|
|
*/
|
|
|
|
le32 ntfs_inherited_id( struct SECURITY_CONTEXT *scx,
|
|
ntfs_inode *dir_ni, BOOL fordir )
|
|
{
|
|
struct CACHED_PERMISSIONS *cached;
|
|
char *parentattr;
|
|
le32 securid;
|
|
|
|
securid = const_cpu_to_le32( 0 );
|
|
cached = ( struct CACHED_PERMISSIONS* )NULL;
|
|
/*
|
|
* Try to get inherited id from cache
|
|
*/
|
|
if ( test_nino_flag( dir_ni, v3_Extensions )
|
|
&& dir_ni->security_id )
|
|
{
|
|
cached = fetch_cache( scx, dir_ni );
|
|
if ( cached )
|
|
securid = ( fordir ? cached->inh_dirid
|
|
: cached->inh_fileid );
|
|
}
|
|
/*
|
|
* Not cached or not available in cache, compute it all
|
|
* Note : if parent directory has no id, it is not cacheable
|
|
*/
|
|
if ( !securid )
|
|
{
|
|
parentattr = getsecurityattr( scx->vol, dir_ni );
|
|
if ( parentattr )
|
|
{
|
|
securid = build_inherited_id( scx,
|
|
parentattr, fordir );
|
|
free( parentattr );
|
|
/*
|
|
* Store the result into cache for further use
|
|
*/
|
|
if ( securid )
|
|
{
|
|
cached = fetch_cache( scx, dir_ni );
|
|
if ( cached )
|
|
{
|
|
if ( fordir )
|
|
cached->inh_dirid = securid;
|
|
else
|
|
cached->inh_fileid = securid;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return ( securid );
|
|
}
|
|
|
|
/*
|
|
* Link a group to a member of group
|
|
*
|
|
* Returns 0 if OK, -1 (and errno set) if error
|
|
*/
|
|
|
|
static int link_single_group( struct MAPPING *usermapping, struct passwd *user,
|
|
gid_t gid )
|
|
{
|
|
struct group *group;
|
|
char **grmem;
|
|
int grcnt;
|
|
gid_t *groups;
|
|
int res;
|
|
|
|
res = 0;
|
|
group = getgrgid( gid );
|
|
if ( group && group->gr_mem )
|
|
{
|
|
grcnt = usermapping->grcnt;
|
|
groups = usermapping->groups;
|
|
grmem = group->gr_mem;
|
|
while ( *grmem && strcmp( user->pw_name, *grmem ) )
|
|
grmem++;
|
|
if ( *grmem )
|
|
{
|
|
if ( !grcnt )
|
|
groups = ( gid_t* )malloc( sizeof( gid_t ) );
|
|
else
|
|
groups = ( gid_t* )realloc( groups,
|
|
( grcnt + 1 ) * sizeof( gid_t ) );
|
|
if ( groups )
|
|
groups[grcnt++] = gid;
|
|
else
|
|
{
|
|
res = -1;
|
|
errno = ENOMEM;
|
|
}
|
|
}
|
|
usermapping->grcnt = grcnt;
|
|
usermapping->groups = groups;
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
|
|
/*
|
|
* Statically link group to users
|
|
* This is based on groups defined in /etc/group and does not take
|
|
* the groups dynamically set by setgroups() nor any changes in
|
|
* /etc/group into account
|
|
*
|
|
* Only mapped groups and root group are linked to mapped users
|
|
*
|
|
* Returns 0 if OK, -1 (and errno set) if error
|
|
*
|
|
*/
|
|
|
|
static int link_group_members( struct SECURITY_CONTEXT *scx )
|
|
{
|
|
struct MAPPING *usermapping;
|
|
struct MAPPING *groupmapping;
|
|
struct passwd *user;
|
|
int res;
|
|
|
|
res = 0;
|
|
for ( usermapping = scx->mapping[MAPUSERS]; usermapping && !res;
|
|
usermapping = usermapping->next )
|
|
{
|
|
usermapping->grcnt = 0;
|
|
usermapping->groups = ( gid_t* )NULL;
|
|
user = getpwuid( usermapping->xid );
|
|
if ( user && user->pw_name )
|
|
{
|
|
for ( groupmapping = scx->mapping[MAPGROUPS];
|
|
groupmapping && !res;
|
|
groupmapping = groupmapping->next )
|
|
{
|
|
if ( link_single_group( usermapping, user,
|
|
groupmapping->xid ) )
|
|
res = -1;
|
|
}
|
|
if ( !res && link_single_group( usermapping,
|
|
user, ( gid_t )0 ) )
|
|
res = -1;
|
|
}
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
/*
|
|
* Apply default single user mapping
|
|
* returns zero if successful
|
|
*/
|
|
|
|
static int ntfs_do_default_mapping( struct SECURITY_CONTEXT *scx,
|
|
uid_t uid, gid_t gid, const SID *usid )
|
|
{
|
|
struct MAPPING *usermapping;
|
|
struct MAPPING *groupmapping;
|
|
SID *sid;
|
|
int sidsz;
|
|
int res;
|
|
|
|
res = -1;
|
|
sidsz = ntfs_sid_size( usid );
|
|
sid = ( SID* )ntfs_malloc( sidsz );
|
|
if ( sid )
|
|
{
|
|
memcpy( sid, usid, sidsz );
|
|
usermapping = ( struct MAPPING* )ntfs_malloc( sizeof( struct MAPPING ) );
|
|
if ( usermapping )
|
|
{
|
|
groupmapping = ( struct MAPPING* )ntfs_malloc( sizeof( struct MAPPING ) );
|
|
if ( groupmapping )
|
|
{
|
|
usermapping->sid = sid;
|
|
usermapping->xid = uid;
|
|
usermapping->next = ( struct MAPPING* )NULL;
|
|
groupmapping->sid = sid;
|
|
groupmapping->xid = gid;
|
|
groupmapping->next = ( struct MAPPING* )NULL;
|
|
scx->mapping[MAPUSERS] = usermapping;
|
|
scx->mapping[MAPGROUPS] = groupmapping;
|
|
res = 0;
|
|
}
|
|
}
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
/*
|
|
* Make sure there are no ambiguous mapping
|
|
* Ambiguous mapping may lead to undesired configurations and
|
|
* we had rather be safe until the consequences are understood
|
|
*/
|
|
|
|
#if 0 /* not activated for now */
|
|
|
|
static BOOL check_mapping( const struct MAPPING *usermapping,
|
|
const struct MAPPING *groupmapping )
|
|
{
|
|
const struct MAPPING *mapping1;
|
|
const struct MAPPING *mapping2;
|
|
BOOL ambiguous;
|
|
|
|
ambiguous = FALSE;
|
|
for ( mapping1 = usermapping; mapping1; mapping1 = mapping1->next )
|
|
for ( mapping2 = mapping1->next; mapping2; mapping1 = mapping2->next )
|
|
if ( ntfs_same_sid( mapping1->sid, mapping2->sid ) )
|
|
{
|
|
if ( mapping1->xid != mapping2->xid )
|
|
ambiguous = TRUE;
|
|
}
|
|
else
|
|
{
|
|
if ( mapping1->xid == mapping2->xid )
|
|
ambiguous = TRUE;
|
|
}
|
|
for ( mapping1 = groupmapping; mapping1; mapping1 = mapping1->next )
|
|
for ( mapping2 = mapping1->next; mapping2; mapping1 = mapping2->next )
|
|
if ( ntfs_same_sid( mapping1->sid, mapping2->sid ) )
|
|
{
|
|
if ( mapping1->xid != mapping2->xid )
|
|
ambiguous = TRUE;
|
|
}
|
|
else
|
|
{
|
|
if ( mapping1->xid == mapping2->xid )
|
|
ambiguous = TRUE;
|
|
}
|
|
return ( ambiguous );
|
|
}
|
|
|
|
#endif
|
|
|
|
#if 0 /* not used any more */
|
|
|
|
/*
|
|
* Try and apply default single user mapping
|
|
* returns zero if successful
|
|
*/
|
|
|
|
static int ntfs_default_mapping( struct SECURITY_CONTEXT *scx )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
ntfs_inode *ni;
|
|
char *securattr;
|
|
const SID *usid;
|
|
int res;
|
|
|
|
res = -1;
|
|
ni = ntfs_pathname_to_inode( scx->vol, NULL, "/." );
|
|
if ( ni )
|
|
{
|
|
securattr = getsecurityattr( scx->vol, ni );
|
|
if ( securattr )
|
|
{
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )securattr;
|
|
usid = ( SID* ) & securattr[le32_to_cpu( phead->owner )];
|
|
if ( ntfs_is_user_sid( usid ) )
|
|
res = ntfs_do_default_mapping( scx,
|
|
scx->uid, scx->gid, usid );
|
|
free( securattr );
|
|
}
|
|
ntfs_inode_close( ni );
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
#endif
|
|
|
|
/*
|
|
* Basic read from a user mapping file on another volume
|
|
*/
|
|
|
|
static int basicread( void *fileid, char *buf, size_t size, off_t offs __attribute__( ( unused ) ) )
|
|
{
|
|
return ( read( *( int* )fileid, buf, size ) );
|
|
}
|
|
|
|
|
|
/*
|
|
* Read from a user mapping file on current NTFS partition
|
|
*/
|
|
|
|
static int localread( void *fileid, char *buf, size_t size, off_t offs )
|
|
{
|
|
return ( ntfs_local_read( ( ntfs_inode* )fileid,
|
|
AT_UNNAMED, 0, buf, size, offs ) );
|
|
}
|
|
|
|
/*
|
|
* Build the user mapping
|
|
* - according to a mapping file if defined (or default present),
|
|
* - or try default single user mapping if possible
|
|
*
|
|
* The mapping is specific to a mounted device
|
|
* No locking done, mounting assumed non multithreaded
|
|
*
|
|
* returns zero if mapping is successful
|
|
* (failure should not be interpreted as an error)
|
|
*/
|
|
|
|
int ntfs_build_mapping( struct SECURITY_CONTEXT *scx, const char *usermap_path,
|
|
BOOL allowdef )
|
|
{
|
|
struct MAPLIST *item;
|
|
struct MAPLIST *firstitem;
|
|
struct MAPPING *usermapping;
|
|
struct MAPPING *groupmapping;
|
|
ntfs_inode *ni;
|
|
int fd;
|
|
static struct
|
|
{
|
|
u8 revision;
|
|
u8 levels;
|
|
be16 highbase;
|
|
be32 lowbase;
|
|
le32 level1;
|
|
le32 level2;
|
|
le32 level3;
|
|
le32 level4;
|
|
le32 level5;
|
|
} defmap =
|
|
{
|
|
1, 5, const_cpu_to_be16( 0 ), const_cpu_to_be32( 5 ),
|
|
const_cpu_to_le32( 21 ),
|
|
const_cpu_to_le32( DEFSECAUTH1 ), const_cpu_to_le32( DEFSECAUTH2 ),
|
|
const_cpu_to_le32( DEFSECAUTH3 ), const_cpu_to_le32( DEFSECBASE )
|
|
} ;
|
|
|
|
/* be sure not to map anything until done */
|
|
scx->mapping[MAPUSERS] = ( struct MAPPING* )NULL;
|
|
scx->mapping[MAPGROUPS] = ( struct MAPPING* )NULL;
|
|
|
|
if ( !usermap_path ) usermap_path = MAPPINGFILE;
|
|
if ( usermap_path[0] == '/' )
|
|
{
|
|
fd = open( usermap_path, O_RDONLY );
|
|
if ( fd > 0 )
|
|
{
|
|
firstitem = ntfs_read_mapping( basicread, ( void* ) & fd );
|
|
close( fd );
|
|
}
|
|
else
|
|
firstitem = ( struct MAPLIST* )NULL;
|
|
}
|
|
else
|
|
{
|
|
ni = ntfs_pathname_to_inode( scx->vol, NULL, usermap_path );
|
|
if ( ni )
|
|
{
|
|
firstitem = ntfs_read_mapping( localread, ni );
|
|
ntfs_inode_close( ni );
|
|
}
|
|
else
|
|
firstitem = ( struct MAPLIST* )NULL;
|
|
}
|
|
|
|
|
|
if ( firstitem )
|
|
{
|
|
usermapping = ntfs_do_user_mapping( firstitem );
|
|
groupmapping = ntfs_do_group_mapping( firstitem );
|
|
if ( usermapping && groupmapping )
|
|
{
|
|
scx->mapping[MAPUSERS] = usermapping;
|
|
scx->mapping[MAPGROUPS] = groupmapping;
|
|
}
|
|
else
|
|
ntfs_log_error( "There were no valid user or no valid group\n" );
|
|
/* now we can free the memory copy of input text */
|
|
/* and rely on internal representation */
|
|
while ( firstitem )
|
|
{
|
|
item = firstitem->next;
|
|
free( firstitem );
|
|
firstitem = item;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/* no mapping file, try a default mapping */
|
|
if ( allowdef )
|
|
{
|
|
if ( !ntfs_do_default_mapping( scx,
|
|
0, 0, ( const SID* )&defmap ) )
|
|
ntfs_log_info( "Using default user mapping\n" );
|
|
}
|
|
}
|
|
return ( !scx->mapping[MAPUSERS] || link_group_members( scx ) );
|
|
}
|
|
|
|
#ifdef HAVE_SETXATTR /* extended attributes interface required */
|
|
|
|
/*
|
|
* Get the ntfs attribute into an extended attribute
|
|
* The attribute is returned according to cpu endianness
|
|
*/
|
|
|
|
int ntfs_get_ntfs_attrib( ntfs_inode *ni, char *value, size_t size )
|
|
{
|
|
u32 attrib;
|
|
size_t outsize;
|
|
|
|
outsize = 0; /* default to no data and no error */
|
|
if ( ni )
|
|
{
|
|
attrib = le32_to_cpu( ni->flags );
|
|
if ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
attrib |= const_le32_to_cpu( FILE_ATTR_DIRECTORY );
|
|
else
|
|
attrib &= ~const_le32_to_cpu( FILE_ATTR_DIRECTORY );
|
|
if ( !attrib )
|
|
attrib |= const_le32_to_cpu( FILE_ATTR_NORMAL );
|
|
outsize = sizeof( FILE_ATTR_FLAGS );
|
|
if ( size >= outsize )
|
|
{
|
|
if ( value )
|
|
memcpy( value, &attrib, outsize );
|
|
else
|
|
errno = EINVAL;
|
|
}
|
|
}
|
|
return ( outsize ? ( int )outsize : -errno );
|
|
}
|
|
|
|
/*
|
|
* Return the ntfs attribute into an extended attribute
|
|
* The attribute is expected according to cpu endianness
|
|
*
|
|
* Returns 0, or -1 if there is a problem
|
|
*/
|
|
|
|
int ntfs_set_ntfs_attrib( ntfs_inode *ni,
|
|
const char *value, size_t size, int flags )
|
|
{
|
|
u32 attrib;
|
|
le32 settable;
|
|
ATTR_FLAGS dirflags;
|
|
int res;
|
|
|
|
res = -1;
|
|
if ( ni && value && ( size >= sizeof( FILE_ATTR_FLAGS ) ) )
|
|
{
|
|
if ( !( flags & XATTR_CREATE ) )
|
|
{
|
|
/* copy to avoid alignment problems */
|
|
memcpy( &attrib, value, sizeof( FILE_ATTR_FLAGS ) );
|
|
settable = FILE_ATTR_SETTABLE;
|
|
res = 0;
|
|
if ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
{
|
|
/*
|
|
* Accept changing compression for a directory
|
|
* and set index root accordingly
|
|
*/
|
|
settable |= FILE_ATTR_COMPRESSED;
|
|
if ( ( ni->flags ^ cpu_to_le32( attrib ) )
|
|
& FILE_ATTR_COMPRESSED )
|
|
{
|
|
if ( ni->flags & FILE_ATTR_COMPRESSED )
|
|
dirflags = const_cpu_to_le16( 0 );
|
|
else
|
|
dirflags = ATTR_IS_COMPRESSED;
|
|
res = ntfs_attr_set_flags( ni,
|
|
AT_INDEX_ROOT,
|
|
NTFS_INDEX_I30, 4,
|
|
dirflags,
|
|
ATTR_COMPRESSION_MASK );
|
|
}
|
|
}
|
|
if ( !res )
|
|
{
|
|
ni->flags = ( ni->flags & ~settable )
|
|
| ( cpu_to_le32( attrib ) & settable );
|
|
NInoFileNameSetDirty( ni );
|
|
NInoSetDirty( ni );
|
|
}
|
|
}
|
|
else
|
|
errno = EEXIST;
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( res ? -1 : 0 );
|
|
}
|
|
|
|
#endif /* HAVE_SETXATTR */
|
|
|
|
/*
|
|
* Open $Secure once for all
|
|
* returns zero if it succeeds
|
|
* non-zero if it fails. This is not an error (on NTFS v1.x)
|
|
*/
|
|
|
|
|
|
int ntfs_open_secure( ntfs_volume *vol )
|
|
{
|
|
ntfs_inode *ni;
|
|
int res;
|
|
|
|
res = -1;
|
|
vol->secure_ni = ( ntfs_inode* )NULL;
|
|
vol->secure_xsii = ( ntfs_index_context* )NULL;
|
|
vol->secure_xsdh = ( ntfs_index_context* )NULL;
|
|
if ( vol->major_ver >= 3 )
|
|
{
|
|
/* make sure this is a genuine $Secure inode 9 */
|
|
ni = ntfs_pathname_to_inode( vol, NULL, "$Secure" );
|
|
if ( ni && ( ni->mft_no == 9 ) )
|
|
{
|
|
vol->secure_reentry = 0;
|
|
vol->secure_xsii = ntfs_index_ctx_get( ni,
|
|
sii_stream, 4 );
|
|
vol->secure_xsdh = ntfs_index_ctx_get( ni,
|
|
sdh_stream, 4 );
|
|
if ( ni && vol->secure_xsii && vol->secure_xsdh )
|
|
{
|
|
vol->secure_ni = ni;
|
|
res = 0;
|
|
}
|
|
}
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
/*
|
|
* Final cleaning
|
|
* Allocated memory is freed to facilitate the detection of memory leaks
|
|
*/
|
|
|
|
void ntfs_close_secure( struct SECURITY_CONTEXT *scx )
|
|
{
|
|
ntfs_volume *vol;
|
|
|
|
vol = scx->vol;
|
|
if ( vol->secure_ni )
|
|
{
|
|
ntfs_index_ctx_put( vol->secure_xsii );
|
|
ntfs_index_ctx_put( vol->secure_xsdh );
|
|
ntfs_inode_close( vol->secure_ni );
|
|
|
|
}
|
|
ntfs_free_mapping( scx->mapping );
|
|
free_caches( scx );
|
|
}
|
|
|
|
/*
|
|
* API for direct access to security descriptors
|
|
* based on Win32 API
|
|
*/
|
|
|
|
|
|
/*
|
|
* Selective feeding of a security descriptor into user buffer
|
|
*
|
|
* Returns TRUE if successful
|
|
*/
|
|
|
|
static BOOL feedsecurityattr( const char *attr, u32 selection,
|
|
char *buf, u32 buflen, u32 *psize )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
SECURITY_DESCRIPTOR_RELATIVE *pnhead;
|
|
const ACL *pdacl;
|
|
const ACL *psacl;
|
|
const SID *pusid;
|
|
const SID *pgsid;
|
|
unsigned int offdacl;
|
|
unsigned int offsacl;
|
|
unsigned int offowner;
|
|
unsigned int offgroup;
|
|
unsigned int daclsz;
|
|
unsigned int saclsz;
|
|
unsigned int usidsz;
|
|
unsigned int gsidsz;
|
|
unsigned int size; /* size of requested attributes */
|
|
BOOL ok;
|
|
unsigned int pos;
|
|
unsigned int avail;
|
|
le16 control;
|
|
|
|
avail = 0;
|
|
control = SE_SELF_RELATIVE;
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )attr;
|
|
size = sizeof( SECURITY_DESCRIPTOR_RELATIVE );
|
|
|
|
/* locate DACL if requested and available */
|
|
if ( phead->dacl && ( selection & DACL_SECURITY_INFORMATION ) )
|
|
{
|
|
offdacl = le32_to_cpu( phead->dacl );
|
|
pdacl = ( const ACL* ) & attr[offdacl];
|
|
daclsz = le16_to_cpu( pdacl->size );
|
|
size += daclsz;
|
|
avail |= DACL_SECURITY_INFORMATION;
|
|
}
|
|
else
|
|
offdacl = daclsz = 0;
|
|
|
|
/* locate owner if requested and available */
|
|
offowner = le32_to_cpu( phead->owner );
|
|
if ( offowner && ( selection & OWNER_SECURITY_INFORMATION ) )
|
|
{
|
|
/* find end of USID */
|
|
pusid = ( const SID* ) & attr[offowner];
|
|
usidsz = ntfs_sid_size( pusid );
|
|
size += usidsz;
|
|
avail |= OWNER_SECURITY_INFORMATION;
|
|
}
|
|
else
|
|
offowner = usidsz = 0;
|
|
|
|
/* locate group if requested and available */
|
|
offgroup = le32_to_cpu( phead->group );
|
|
if ( offgroup && ( selection & GROUP_SECURITY_INFORMATION ) )
|
|
{
|
|
/* find end of GSID */
|
|
pgsid = ( const SID* ) & attr[offgroup];
|
|
gsidsz = ntfs_sid_size( pgsid );
|
|
size += gsidsz;
|
|
avail |= GROUP_SECURITY_INFORMATION;
|
|
}
|
|
else
|
|
offgroup = gsidsz = 0;
|
|
|
|
/* locate SACL if requested and available */
|
|
if ( phead->sacl && ( selection & SACL_SECURITY_INFORMATION ) )
|
|
{
|
|
/* find end of SACL */
|
|
offsacl = le32_to_cpu( phead->sacl );
|
|
psacl = ( const ACL* ) & attr[offsacl];
|
|
saclsz = le16_to_cpu( psacl->size );
|
|
size += saclsz;
|
|
avail |= SACL_SECURITY_INFORMATION;
|
|
}
|
|
else
|
|
offsacl = saclsz = 0;
|
|
|
|
/*
|
|
* Check having enough size in destination buffer
|
|
* (required size is returned nevertheless so that
|
|
* the request can be reissued with adequate size)
|
|
*/
|
|
if ( size > buflen )
|
|
{
|
|
*psize = size;
|
|
errno = EINVAL;
|
|
ok = FALSE;
|
|
}
|
|
else
|
|
{
|
|
if ( selection & OWNER_SECURITY_INFORMATION )
|
|
control |= phead->control & SE_OWNER_DEFAULTED;
|
|
if ( selection & GROUP_SECURITY_INFORMATION )
|
|
control |= phead->control & SE_GROUP_DEFAULTED;
|
|
if ( selection & DACL_SECURITY_INFORMATION )
|
|
control |= phead->control
|
|
& ( SE_DACL_PRESENT
|
|
| SE_DACL_DEFAULTED
|
|
| SE_DACL_AUTO_INHERITED
|
|
| SE_DACL_PROTECTED );
|
|
if ( selection & SACL_SECURITY_INFORMATION )
|
|
control |= phead->control
|
|
& ( SE_SACL_PRESENT
|
|
| SE_SACL_DEFAULTED
|
|
| SE_SACL_AUTO_INHERITED
|
|
| SE_SACL_PROTECTED );
|
|
/*
|
|
* copy header and feed new flags, even if no detailed data
|
|
*/
|
|
memcpy( buf, attr, sizeof( SECURITY_DESCRIPTOR_RELATIVE ) );
|
|
pnhead = ( SECURITY_DESCRIPTOR_RELATIVE* )buf;
|
|
pnhead->control = control;
|
|
pos = sizeof( SECURITY_DESCRIPTOR_RELATIVE );
|
|
|
|
/* copy DACL if requested and available */
|
|
if ( selection & avail & DACL_SECURITY_INFORMATION )
|
|
{
|
|
pnhead->dacl = cpu_to_le32( pos );
|
|
memcpy( &buf[pos], &attr[offdacl], daclsz );
|
|
pos += daclsz;
|
|
}
|
|
else
|
|
pnhead->dacl = const_cpu_to_le32( 0 );
|
|
|
|
/* copy SACL if requested and available */
|
|
if ( selection & avail & SACL_SECURITY_INFORMATION )
|
|
{
|
|
pnhead->sacl = cpu_to_le32( pos );
|
|
memcpy( &buf[pos], &attr[offsacl], saclsz );
|
|
pos += saclsz;
|
|
}
|
|
else
|
|
pnhead->sacl = const_cpu_to_le32( 0 );
|
|
|
|
/* copy owner if requested and available */
|
|
if ( selection & avail & OWNER_SECURITY_INFORMATION )
|
|
{
|
|
pnhead->owner = cpu_to_le32( pos );
|
|
memcpy( &buf[pos], &attr[offowner], usidsz );
|
|
pos += usidsz;
|
|
}
|
|
else
|
|
pnhead->owner = const_cpu_to_le32( 0 );
|
|
|
|
/* copy group if requested and available */
|
|
if ( selection & avail & GROUP_SECURITY_INFORMATION )
|
|
{
|
|
pnhead->group = cpu_to_le32( pos );
|
|
memcpy( &buf[pos], &attr[offgroup], gsidsz );
|
|
pos += gsidsz;
|
|
}
|
|
else
|
|
pnhead->group = const_cpu_to_le32( 0 );
|
|
if ( pos != size )
|
|
ntfs_log_error( "Error in security descriptor size\n" );
|
|
*psize = size;
|
|
ok = TRUE;
|
|
}
|
|
|
|
return ( ok );
|
|
}
|
|
|
|
/*
|
|
* Merge a new security descriptor into the old one
|
|
* and assign to designated file
|
|
*
|
|
* Returns TRUE if successful
|
|
*/
|
|
|
|
static BOOL mergesecurityattr( ntfs_volume *vol, const char *oldattr,
|
|
const char *newattr, u32 selection, ntfs_inode *ni )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *oldhead;
|
|
const SECURITY_DESCRIPTOR_RELATIVE *newhead;
|
|
SECURITY_DESCRIPTOR_RELATIVE *targhead;
|
|
const ACL *pdacl;
|
|
const ACL *psacl;
|
|
const SID *powner;
|
|
const SID *pgroup;
|
|
int offdacl;
|
|
int offsacl;
|
|
int offowner;
|
|
int offgroup;
|
|
unsigned int size;
|
|
le16 control;
|
|
char *target;
|
|
int pos;
|
|
int oldattrsz;
|
|
int newattrsz;
|
|
BOOL ok;
|
|
|
|
ok = FALSE; /* default return */
|
|
oldhead = ( const SECURITY_DESCRIPTOR_RELATIVE* )oldattr;
|
|
newhead = ( const SECURITY_DESCRIPTOR_RELATIVE* )newattr;
|
|
oldattrsz = ntfs_attr_size( oldattr );
|
|
newattrsz = ntfs_attr_size( newattr );
|
|
target = ( char* )ntfs_malloc( oldattrsz + newattrsz );
|
|
if ( target )
|
|
{
|
|
targhead = ( SECURITY_DESCRIPTOR_RELATIVE* )target;
|
|
pos = sizeof( SECURITY_DESCRIPTOR_RELATIVE );
|
|
control = SE_SELF_RELATIVE;
|
|
/*
|
|
* copy new DACL if selected
|
|
* or keep old DACL if any
|
|
*/
|
|
if ( ( selection & DACL_SECURITY_INFORMATION ) ?
|
|
newhead->dacl : oldhead->dacl )
|
|
{
|
|
if ( selection & DACL_SECURITY_INFORMATION )
|
|
{
|
|
offdacl = le32_to_cpu( newhead->dacl );
|
|
pdacl = ( const ACL* ) & newattr[offdacl];
|
|
}
|
|
else
|
|
{
|
|
offdacl = le32_to_cpu( oldhead->dacl );
|
|
pdacl = ( const ACL* ) & oldattr[offdacl];
|
|
}
|
|
size = le16_to_cpu( pdacl->size );
|
|
memcpy( &target[pos], pdacl, size );
|
|
targhead->dacl = cpu_to_le32( pos );
|
|
pos += size;
|
|
}
|
|
else
|
|
targhead->dacl = const_cpu_to_le32( 0 );
|
|
if ( selection & DACL_SECURITY_INFORMATION )
|
|
{
|
|
control |= newhead->control
|
|
& ( SE_DACL_PRESENT
|
|
| SE_DACL_DEFAULTED
|
|
| SE_DACL_PROTECTED );
|
|
if ( newhead->control & SE_DACL_AUTO_INHERIT_REQ )
|
|
control |= SE_DACL_AUTO_INHERITED;
|
|
}
|
|
else
|
|
control |= oldhead->control
|
|
& ( SE_DACL_PRESENT
|
|
| SE_DACL_DEFAULTED
|
|
| SE_DACL_AUTO_INHERITED
|
|
| SE_DACL_PROTECTED );
|
|
/*
|
|
* copy new SACL if selected
|
|
* or keep old SACL if any
|
|
*/
|
|
if ( ( selection & SACL_SECURITY_INFORMATION ) ?
|
|
newhead->sacl : oldhead->sacl )
|
|
{
|
|
if ( selection & SACL_SECURITY_INFORMATION )
|
|
{
|
|
offsacl = le32_to_cpu( newhead->sacl );
|
|
psacl = ( const ACL* ) & newattr[offsacl];
|
|
}
|
|
else
|
|
{
|
|
offsacl = le32_to_cpu( oldhead->sacl );
|
|
psacl = ( const ACL* ) & oldattr[offsacl];
|
|
}
|
|
size = le16_to_cpu( psacl->size );
|
|
memcpy( &target[pos], psacl, size );
|
|
targhead->sacl = cpu_to_le32( pos );
|
|
pos += size;
|
|
}
|
|
else
|
|
targhead->sacl = const_cpu_to_le32( 0 );
|
|
if ( selection & SACL_SECURITY_INFORMATION )
|
|
{
|
|
control |= newhead->control
|
|
& ( SE_SACL_PRESENT
|
|
| SE_SACL_DEFAULTED
|
|
| SE_SACL_PROTECTED );
|
|
if ( newhead->control & SE_SACL_AUTO_INHERIT_REQ )
|
|
control |= SE_SACL_AUTO_INHERITED;
|
|
}
|
|
else
|
|
control |= oldhead->control
|
|
& ( SE_SACL_PRESENT
|
|
| SE_SACL_DEFAULTED
|
|
| SE_SACL_AUTO_INHERITED
|
|
| SE_SACL_PROTECTED );
|
|
/*
|
|
* copy new OWNER if selected
|
|
* or keep old OWNER if any
|
|
*/
|
|
if ( ( selection & OWNER_SECURITY_INFORMATION ) ?
|
|
newhead->owner : oldhead->owner )
|
|
{
|
|
if ( selection & OWNER_SECURITY_INFORMATION )
|
|
{
|
|
offowner = le32_to_cpu( newhead->owner );
|
|
powner = ( const SID* ) & newattr[offowner];
|
|
}
|
|
else
|
|
{
|
|
offowner = le32_to_cpu( oldhead->owner );
|
|
powner = ( const SID* ) & oldattr[offowner];
|
|
}
|
|
size = ntfs_sid_size( powner );
|
|
memcpy( &target[pos], powner, size );
|
|
targhead->owner = cpu_to_le32( pos );
|
|
pos += size;
|
|
}
|
|
else
|
|
targhead->owner = const_cpu_to_le32( 0 );
|
|
if ( selection & OWNER_SECURITY_INFORMATION )
|
|
control |= newhead->control & SE_OWNER_DEFAULTED;
|
|
else
|
|
control |= oldhead->control & SE_OWNER_DEFAULTED;
|
|
/*
|
|
* copy new GROUP if selected
|
|
* or keep old GROUP if any
|
|
*/
|
|
if ( ( selection & GROUP_SECURITY_INFORMATION ) ?
|
|
newhead->group : oldhead->group )
|
|
{
|
|
if ( selection & GROUP_SECURITY_INFORMATION )
|
|
{
|
|
offgroup = le32_to_cpu( newhead->group );
|
|
pgroup = ( const SID* ) & newattr[offgroup];
|
|
control |= newhead->control
|
|
& SE_GROUP_DEFAULTED;
|
|
}
|
|
else
|
|
{
|
|
offgroup = le32_to_cpu( oldhead->group );
|
|
pgroup = ( const SID* ) & oldattr[offgroup];
|
|
control |= oldhead->control
|
|
& SE_GROUP_DEFAULTED;
|
|
}
|
|
size = ntfs_sid_size( pgroup );
|
|
memcpy( &target[pos], pgroup, size );
|
|
targhead->group = cpu_to_le32( pos );
|
|
pos += size;
|
|
}
|
|
else
|
|
targhead->group = const_cpu_to_le32( 0 );
|
|
if ( selection & GROUP_SECURITY_INFORMATION )
|
|
control |= newhead->control & SE_GROUP_DEFAULTED;
|
|
else
|
|
control |= oldhead->control & SE_GROUP_DEFAULTED;
|
|
targhead->revision = SECURITY_DESCRIPTOR_REVISION;
|
|
targhead->alignment = 0;
|
|
targhead->control = control;
|
|
ok = !update_secur_descr( vol, target, ni );
|
|
free( target );
|
|
}
|
|
return ( ok );
|
|
}
|
|
|
|
/*
|
|
* Return the security descriptor of a file
|
|
* This is intended to be similar to GetFileSecurity() from Win32
|
|
* in order to facilitate the development of portable tools
|
|
*
|
|
* returns zero if unsuccessful (following Win32 conventions)
|
|
* -1 if no securid
|
|
* the securid if any
|
|
*
|
|
* The Win32 API is :
|
|
*
|
|
* BOOL WINAPI GetFileSecurity(
|
|
* __in LPCTSTR lpFileName,
|
|
* __in SECURITY_INFORMATION RequestedInformation,
|
|
* __out_opt PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|
* __in DWORD nLength,
|
|
* __out LPDWORD lpnLengthNeeded
|
|
* );
|
|
*
|
|
*/
|
|
|
|
int ntfs_get_file_security( struct SECURITY_API *scapi,
|
|
const char *path, u32 selection,
|
|
char *buf, u32 buflen, u32 *psize )
|
|
{
|
|
ntfs_inode *ni;
|
|
char *attr;
|
|
int res;
|
|
|
|
res = 0; /* default return */
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) )
|
|
{
|
|
ni = ntfs_pathname_to_inode( scapi->security.vol, NULL, path );
|
|
if ( ni )
|
|
{
|
|
attr = getsecurityattr( scapi->security.vol, ni );
|
|
if ( attr )
|
|
{
|
|
if ( feedsecurityattr( attr, selection,
|
|
buf, buflen, psize ) )
|
|
{
|
|
if ( test_nino_flag( ni, v3_Extensions )
|
|
&& ni->security_id )
|
|
res = le32_to_cpu(
|
|
ni->security_id );
|
|
else
|
|
res = -1;
|
|
}
|
|
free( attr );
|
|
}
|
|
ntfs_inode_close( ni );
|
|
}
|
|
else
|
|
errno = ENOENT;
|
|
if ( !res ) *psize = 0;
|
|
}
|
|
else
|
|
errno = EINVAL; /* do not clear *psize */
|
|
return ( res );
|
|
}
|
|
|
|
|
|
/*
|
|
* Set the security descriptor of a file or directory
|
|
* This is intended to be similar to SetFileSecurity() from Win32
|
|
* in order to facilitate the development of portable tools
|
|
*
|
|
* returns zero if unsuccessful (following Win32 conventions)
|
|
* -1 if no securid
|
|
* the securid if any
|
|
*
|
|
* The Win32 API is :
|
|
*
|
|
* BOOL WINAPI SetFileSecurity(
|
|
* __in LPCTSTR lpFileName,
|
|
* __in SECURITY_INFORMATION SecurityInformation,
|
|
* __in PSECURITY_DESCRIPTOR pSecurityDescriptor
|
|
* );
|
|
*/
|
|
|
|
int ntfs_set_file_security( struct SECURITY_API *scapi,
|
|
const char *path, u32 selection, const char *attr )
|
|
{
|
|
const SECURITY_DESCRIPTOR_RELATIVE *phead;
|
|
ntfs_inode *ni;
|
|
int attrsz;
|
|
BOOL missing;
|
|
char *oldattr;
|
|
int res;
|
|
|
|
res = 0; /* default return */
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) && attr )
|
|
{
|
|
phead = ( const SECURITY_DESCRIPTOR_RELATIVE* )attr;
|
|
attrsz = ntfs_attr_size( attr );
|
|
/* if selected, owner and group must be present or defaulted */
|
|
missing = ( ( selection & OWNER_SECURITY_INFORMATION )
|
|
&& !phead->owner
|
|
&& !( phead->control & SE_OWNER_DEFAULTED ) )
|
|
|| ( ( selection & GROUP_SECURITY_INFORMATION )
|
|
&& !phead->group
|
|
&& !( phead->control & SE_GROUP_DEFAULTED ) );
|
|
if ( !missing
|
|
&& ( phead->control & SE_SELF_RELATIVE )
|
|
&& ntfs_valid_descr( attr, attrsz ) )
|
|
{
|
|
ni = ntfs_pathname_to_inode( scapi->security.vol,
|
|
NULL, path );
|
|
if ( ni )
|
|
{
|
|
oldattr = getsecurityattr( scapi->security.vol,
|
|
ni );
|
|
if ( oldattr )
|
|
{
|
|
if ( mergesecurityattr(
|
|
scapi->security.vol,
|
|
oldattr, attr,
|
|
selection, ni ) )
|
|
{
|
|
if ( test_nino_flag( ni,
|
|
v3_Extensions ) )
|
|
res = le32_to_cpu(
|
|
ni->security_id );
|
|
else
|
|
res = -1;
|
|
}
|
|
free( oldattr );
|
|
}
|
|
ntfs_inode_close( ni );
|
|
}
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( res );
|
|
}
|
|
|
|
|
|
/*
|
|
* Return the attributes of a file
|
|
* This is intended to be similar to GetFileAttributes() from Win32
|
|
* in order to facilitate the development of portable tools
|
|
*
|
|
* returns -1 if unsuccessful (Win32 : INVALID_FILE_ATTRIBUTES)
|
|
*
|
|
* The Win32 API is :
|
|
*
|
|
* DWORD WINAPI GetFileAttributes(
|
|
* __in LPCTSTR lpFileName
|
|
* );
|
|
*/
|
|
|
|
int ntfs_get_file_attributes( struct SECURITY_API *scapi, const char *path )
|
|
{
|
|
ntfs_inode *ni;
|
|
s32 attrib;
|
|
|
|
attrib = -1; /* default return */
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) && path )
|
|
{
|
|
ni = ntfs_pathname_to_inode( scapi->security.vol, NULL, path );
|
|
if ( ni )
|
|
{
|
|
attrib = le32_to_cpu( ni->flags );
|
|
if ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
attrib |= const_le32_to_cpu( FILE_ATTR_DIRECTORY );
|
|
else
|
|
attrib &= ~const_le32_to_cpu( FILE_ATTR_DIRECTORY );
|
|
if ( !attrib )
|
|
attrib |= const_le32_to_cpu( FILE_ATTR_NORMAL );
|
|
|
|
ntfs_inode_close( ni );
|
|
}
|
|
else
|
|
errno = ENOENT;
|
|
}
|
|
else
|
|
errno = EINVAL; /* do not clear *psize */
|
|
return ( attrib );
|
|
}
|
|
|
|
|
|
/*
|
|
* Set attributes to a file or directory
|
|
* This is intended to be similar to SetFileAttributes() from Win32
|
|
* in order to facilitate the development of portable tools
|
|
*
|
|
* Only a few flags can be set (same list as Win32)
|
|
*
|
|
* returns zero if unsuccessful (following Win32 conventions)
|
|
* nonzero if successful
|
|
*
|
|
* The Win32 API is :
|
|
*
|
|
* BOOL WINAPI SetFileAttributes(
|
|
* __in LPCTSTR lpFileName,
|
|
* __in DWORD dwFileAttributes
|
|
* );
|
|
*/
|
|
|
|
BOOL ntfs_set_file_attributes( struct SECURITY_API *scapi,
|
|
const char *path, s32 attrib )
|
|
{
|
|
ntfs_inode *ni;
|
|
le32 settable;
|
|
ATTR_FLAGS dirflags;
|
|
int res;
|
|
|
|
res = 0; /* default return */
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) && path )
|
|
{
|
|
ni = ntfs_pathname_to_inode( scapi->security.vol, NULL, path );
|
|
if ( ni )
|
|
{
|
|
settable = FILE_ATTR_SETTABLE;
|
|
if ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
{
|
|
/*
|
|
* Accept changing compression for a directory
|
|
* and set index root accordingly
|
|
*/
|
|
settable |= FILE_ATTR_COMPRESSED;
|
|
if ( ( ni->flags ^ cpu_to_le32( attrib ) )
|
|
& FILE_ATTR_COMPRESSED )
|
|
{
|
|
if ( ni->flags & FILE_ATTR_COMPRESSED )
|
|
dirflags = const_cpu_to_le16( 0 );
|
|
else
|
|
dirflags = ATTR_IS_COMPRESSED;
|
|
res = ntfs_attr_set_flags( ni,
|
|
AT_INDEX_ROOT,
|
|
NTFS_INDEX_I30, 4,
|
|
dirflags,
|
|
ATTR_COMPRESSION_MASK );
|
|
}
|
|
}
|
|
if ( !res )
|
|
{
|
|
ni->flags = ( ni->flags & ~settable )
|
|
| ( cpu_to_le32( attrib ) & settable );
|
|
NInoSetDirty( ni );
|
|
}
|
|
if ( !ntfs_inode_close( ni ) )
|
|
res = -1;
|
|
}
|
|
else
|
|
errno = ENOENT;
|
|
}
|
|
return ( res );
|
|
}
|
|
|
|
|
|
BOOL ntfs_read_directory( struct SECURITY_API *scapi,
|
|
const char *path, ntfs_filldir_t callback, void *context )
|
|
{
|
|
ntfs_inode *ni;
|
|
BOOL ok;
|
|
s64 pos;
|
|
|
|
ok = FALSE; /* default return */
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) && callback )
|
|
{
|
|
ni = ntfs_pathname_to_inode( scapi->security.vol, NULL, path );
|
|
if ( ni )
|
|
{
|
|
if ( ni->mrec->flags & MFT_RECORD_IS_DIRECTORY )
|
|
{
|
|
pos = 0;
|
|
ntfs_readdir( ni, &pos, context, callback );
|
|
ok = !ntfs_inode_close( ni );
|
|
}
|
|
else
|
|
{
|
|
ntfs_inode_close( ni );
|
|
errno = ENOTDIR;
|
|
}
|
|
}
|
|
else
|
|
errno = ENOENT;
|
|
}
|
|
else
|
|
errno = EINVAL; /* do not clear *psize */
|
|
return ( ok );
|
|
}
|
|
|
|
/*
|
|
* read $SDS (for auditing security data)
|
|
*
|
|
* Returns the number or read bytes, or -1 if there is an error
|
|
*/
|
|
|
|
int ntfs_read_sds( struct SECURITY_API *scapi,
|
|
char *buf, u32 size, u32 offset )
|
|
{
|
|
int got;
|
|
|
|
got = -1; /* default return */
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) )
|
|
{
|
|
if ( scapi->security.vol->secure_ni )
|
|
got = ntfs_local_read( scapi->security.vol->secure_ni,
|
|
STREAM_SDS, 4, buf, size, offset );
|
|
else
|
|
errno = EOPNOTSUPP;
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( got );
|
|
}
|
|
|
|
/*
|
|
* read $SII (for auditing security data)
|
|
*
|
|
* Returns next entry, or NULL if there is an error
|
|
*/
|
|
|
|
INDEX_ENTRY *ntfs_read_sii( struct SECURITY_API *scapi,
|
|
INDEX_ENTRY *entry )
|
|
{
|
|
SII_INDEX_KEY key;
|
|
INDEX_ENTRY *ret;
|
|
BOOL found;
|
|
ntfs_index_context *xsii;
|
|
|
|
ret = ( INDEX_ENTRY* )NULL; /* default return */
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) )
|
|
{
|
|
xsii = scapi->security.vol->secure_xsii;
|
|
if ( xsii )
|
|
{
|
|
if ( !entry )
|
|
{
|
|
key.security_id = const_cpu_to_le32( 0 );
|
|
found = !ntfs_index_lookup( ( char* ) & key,
|
|
sizeof( SII_INDEX_KEY ), xsii );
|
|
/* not supposed to find */
|
|
if ( !found && ( errno == ENOENT ) )
|
|
ret = xsii->entry;
|
|
}
|
|
else
|
|
ret = ntfs_index_next( entry, xsii );
|
|
if ( !ret )
|
|
errno = ENODATA;
|
|
}
|
|
else
|
|
errno = EOPNOTSUPP;
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( ret );
|
|
}
|
|
|
|
/*
|
|
* read $SDH (for auditing security data)
|
|
*
|
|
* Returns next entry, or NULL if there is an error
|
|
*/
|
|
|
|
INDEX_ENTRY *ntfs_read_sdh( struct SECURITY_API *scapi,
|
|
INDEX_ENTRY *entry )
|
|
{
|
|
SDH_INDEX_KEY key;
|
|
INDEX_ENTRY *ret;
|
|
BOOL found;
|
|
ntfs_index_context *xsdh;
|
|
|
|
ret = ( INDEX_ENTRY* )NULL; /* default return */
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) )
|
|
{
|
|
xsdh = scapi->security.vol->secure_xsdh;
|
|
if ( xsdh )
|
|
{
|
|
if ( !entry )
|
|
{
|
|
key.hash = const_cpu_to_le32( 0 );
|
|
key.security_id = const_cpu_to_le32( 0 );
|
|
found = !ntfs_index_lookup( ( char* ) & key,
|
|
sizeof( SDH_INDEX_KEY ), xsdh );
|
|
/* not supposed to find */
|
|
if ( !found && ( errno == ENOENT ) )
|
|
ret = xsdh->entry;
|
|
}
|
|
else
|
|
ret = ntfs_index_next( entry, xsdh );
|
|
if ( !ret )
|
|
errno = ENODATA;
|
|
}
|
|
else errno = ENOTSUP;
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( ret );
|
|
}
|
|
|
|
/*
|
|
* Get the mapped user SID
|
|
* A buffer of 40 bytes has to be supplied
|
|
*
|
|
* returns the size of the SID, or zero and errno set if not found
|
|
*/
|
|
|
|
int ntfs_get_usid( struct SECURITY_API *scapi, uid_t uid, char *buf )
|
|
{
|
|
const SID *usid;
|
|
BIGSID defusid;
|
|
int size;
|
|
|
|
size = 0;
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) )
|
|
{
|
|
usid = ntfs_find_usid( scapi->security.mapping[MAPUSERS], uid, ( SID* ) & defusid );
|
|
if ( usid )
|
|
{
|
|
size = ntfs_sid_size( usid );
|
|
memcpy( buf, usid, size );
|
|
}
|
|
else
|
|
errno = ENODATA;
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( size );
|
|
}
|
|
|
|
/*
|
|
* Get the mapped group SID
|
|
* A buffer of 40 bytes has to be supplied
|
|
*
|
|
* returns the size of the SID, or zero and errno set if not found
|
|
*/
|
|
|
|
int ntfs_get_gsid( struct SECURITY_API *scapi, gid_t gid, char *buf )
|
|
{
|
|
const SID *gsid;
|
|
BIGSID defgsid;
|
|
int size;
|
|
|
|
size = 0;
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) )
|
|
{
|
|
gsid = ntfs_find_gsid( scapi->security.mapping[MAPGROUPS], gid, ( SID* ) & defgsid );
|
|
if ( gsid )
|
|
{
|
|
size = ntfs_sid_size( gsid );
|
|
memcpy( buf, gsid, size );
|
|
}
|
|
else
|
|
errno = ENODATA;
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( size );
|
|
}
|
|
|
|
/*
|
|
* Get the user mapped to a SID
|
|
*
|
|
* returns the uid, or -1 if not found
|
|
*/
|
|
|
|
int ntfs_get_user( struct SECURITY_API *scapi, const SID *usid )
|
|
{
|
|
int uid;
|
|
|
|
uid = -1;
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) && ntfs_valid_sid( usid ) )
|
|
{
|
|
if ( ntfs_same_sid( usid, adminsid ) )
|
|
uid = 0;
|
|
else
|
|
{
|
|
uid = ntfs_find_user( scapi->security.mapping[MAPUSERS], usid );
|
|
if ( !uid )
|
|
{
|
|
uid = -1;
|
|
errno = ENODATA;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( uid );
|
|
}
|
|
|
|
/*
|
|
* Get the group mapped to a SID
|
|
*
|
|
* returns the uid, or -1 if not found
|
|
*/
|
|
|
|
int ntfs_get_group( struct SECURITY_API *scapi, const SID *gsid )
|
|
{
|
|
int gid;
|
|
|
|
gid = -1;
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) && ntfs_valid_sid( gsid ) )
|
|
{
|
|
if ( ntfs_same_sid( gsid, adminsid ) )
|
|
gid = 0;
|
|
else
|
|
{
|
|
gid = ntfs_find_group( scapi->security.mapping[MAPGROUPS], gsid );
|
|
if ( !gid )
|
|
{
|
|
gid = -1;
|
|
errno = ENODATA;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
errno = EINVAL;
|
|
return ( gid );
|
|
}
|
|
|
|
/*
|
|
* Initializations before calling ntfs_get_file_security()
|
|
* ntfs_set_file_security() and ntfs_read_directory()
|
|
*
|
|
* Only allowed for root
|
|
*
|
|
* Returns an (obscured) struct SECURITY_API* needed for further calls
|
|
* NULL if not root (EPERM) or device is mounted (EBUSY)
|
|
*/
|
|
|
|
struct SECURITY_API *ntfs_initialize_file_security( const char *device,
|
|
int flags )
|
|
{
|
|
ntfs_volume *vol;
|
|
unsigned long mntflag;
|
|
int mnt;
|
|
struct SECURITY_API *scapi;
|
|
struct SECURITY_CONTEXT *scx;
|
|
|
|
scapi = ( struct SECURITY_API* )NULL;
|
|
mnt = ntfs_check_if_mounted( device, &mntflag );
|
|
if ( !mnt && !( mntflag & NTFS_MF_MOUNTED ) && !getuid() )
|
|
{
|
|
vol = ntfs_mount( device, flags );
|
|
if ( vol )
|
|
{
|
|
scapi = ( struct SECURITY_API* )
|
|
ntfs_malloc( sizeof( struct SECURITY_API ) );
|
|
if ( !ntfs_volume_get_free_space( vol )
|
|
&& scapi )
|
|
{
|
|
scapi->magic = MAGIC_API;
|
|
scapi->seccache = ( struct PERMISSIONS_CACHE* )NULL;
|
|
scx = &scapi->security;
|
|
scx->vol = vol;
|
|
scx->uid = getuid();
|
|
scx->gid = getgid();
|
|
scx->pseccache = &scapi->seccache;
|
|
scx->vol->secure_flags = 0;
|
|
/* accept no mapping and no $Secure */
|
|
ntfs_build_mapping( scx, ( const char* )NULL, TRUE );
|
|
ntfs_open_secure( vol );
|
|
}
|
|
else
|
|
{
|
|
if ( scapi )
|
|
free( scapi );
|
|
else
|
|
errno = ENOMEM;
|
|
mnt = ntfs_umount( vol, FALSE );
|
|
scapi = ( struct SECURITY_API* )NULL;
|
|
}
|
|
}
|
|
}
|
|
else if ( getuid() )
|
|
errno = EPERM;
|
|
else
|
|
errno = EBUSY;
|
|
return ( scapi );
|
|
}
|
|
|
|
/*
|
|
* Leaving after ntfs_initialize_file_security()
|
|
*
|
|
* Returns FALSE if FAILED
|
|
*/
|
|
|
|
BOOL ntfs_leave_file_security( struct SECURITY_API *scapi )
|
|
{
|
|
int ok;
|
|
ntfs_volume *vol;
|
|
|
|
ok = FALSE;
|
|
if ( scapi && ( scapi->magic == MAGIC_API ) && scapi->security.vol )
|
|
{
|
|
vol = scapi->security.vol;
|
|
ntfs_close_secure( &scapi->security );
|
|
free( scapi );
|
|
if ( !ntfs_umount( vol, 0 ) )
|
|
ok = TRUE;
|
|
}
|
|
return ( ok );
|
|
}
|
|
|