Hi Jean-Pierre,
to ease my work, I did some code cleanup, see attachment.
Maybe you like it.
-Ulf
# HG changeset patch
# User Ulf Zibis
# Date 1454804657 -3600
# Sun Feb 07 01:24:17 2016 +0100
# Node ID 9d650af7157881ef015cfa5a6e2b94d108bc4c79
# Parent 08179df8a3fb0196d92100f80ad44995dc4034fd
Corrected indentations
diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c
--- a/libntfs-3g/acls.c
+++ b/libntfs-3g/acls.c
@@ -714,8 +714,7 @@
*/
int ntfs_inherit_acl(const ACL *oldacl, ACL *newacl,
- const SID *usid, const SID *gsid, BOOL fordir,
- le16 inherited)
+ const SID *usid, const SID *gsid, BOOL fordir, le16 inherited)
{
unsigned int src;
unsigned int dst;
@@ -2427,7 +2426,7 @@
#endif /* POSIXACLS */
static int buildacls(char *secattr, int offs, mode_t mode, int isdir,
- const SID * usid, const SID * gsid)
+ const SID * usid, const SID * gsid)
{
ACL *pacl;
ACCESS_ALLOWED_ACE *pgace;
@@ -2842,7 +2841,7 @@
*/
char *ntfs_build_descr(mode_t mode,
- int isdir, const SID * usid, const SID * gsid)
+ int isdir, const SID * usid, const SID * gsid)
{
int newattrsz;
SECURITY_DESCRIPTOR_RELATIVE *pnhead;
@@ -3215,15 +3214,15 @@
pace = (const ACCESS_ALLOWED_ACE*)&securattr[offace];
if (!(pace->flags & INHERIT_ONLY_ACE)) {
if (ntfs_same_sid(usid, &pace->sid)
- || ntfs_same_sid(ownersid, &pace->sid)) {
+ || ntfs_same_sid(ownersid, &pace->sid)) {
noown = FALSE;
if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
allowown |= pace->mask;
else if (pace->type == ACCESS_DENIED_ACE_TYPE)
denyown |= pace->mask;
- } else
+ } else
if (ntfs_same_sid(gsid, &pace->sid)
- && !(pace->mask & WRITE_OWNER)) {
+ && !(pace->mask & WRITE_OWNER)) {
if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
allowgrp |= pace->mask;
else if (pace->type == ACCESS_DENIED_ACE_TYPE)
@@ -3237,17 +3236,17 @@
denyall |= pace->mask;
} else
if ((ntfs_same_sid((const SID*)&pace->sid,nullsid))
- && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
+ && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
special |= pace->mask;
- }
- offace += le16_to_cpu(pace->size);
}
- /*
- * No indication about owner's rights : grant basic rights
- * This happens for files created by Windows in directories
- * created by Linux and owned by root, because Windows
- * merges the admin ACEs
- */
+ offace += le16_to_cpu(pace->size);
+ }
+ /*
+ * No indication about owner's rights : grant basic rights
+ * This happens for files created by Windows in directories
+ * created by Linux and owned by root, because Windows
+ * merges the admin ACEs
+ */
if (noown)
allowown = (FILE_READ_DATA | FILE_WRITE_DATA | FILE_EXECUTE);
/*
@@ -3255,13 +3254,12 @@
* unless denied personaly, and add to group rights
* granted to world unless denied specifically
*/
- allowown |= (allowgrp | allowall);
- allowgrp |= allowall;
+ allowown |= (allowgrp |= allowall);
return (merge_permissions(isdir,
- allowown & ~(denyown | denyall),
- allowgrp & ~(denygrp | denyall),
- allowall & ~denyall,
- special));
+ allowown & ~(denyown | denyall),
+ allowgrp & ~(denygrp | denyall),
+ allowall & ~denyall,
+ special));
}
/*
@@ -3271,7 +3269,7 @@
*/
static int build_owngrp_permissions(const char *securattr,
- const SID *usid, BOOL isdir)
+ const SID *usid, BOOL isdir)
{
const SECURITY_DESCRIPTOR_RELATIVE *phead;
const ACL *pacl;
@@ -3305,15 +3303,15 @@
pace = (const ACCESS_ALLOWED_ACE*)&securattr[offace];
if (!(pace->flags & INHERIT_ONLY_ACE)) {
if ((ntfs_same_sid(usid, &pace->sid)
- || ntfs_same_sid(ownersid, &pace->sid))
- && (pace->mask & WRITE_OWNER)) {
+ || ntfs_same_sid(ownersid, &pace->sid))
+ && (pace->mask & WRITE_OWNER)) {
if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
allowown |= pace->mask;
ownpresent = TRUE;
}
} else
if (ntfs_same_sid(usid, &pace->sid)
- && (!(pace->mask & WRITE_OWNER))) {
+ && (!(pace->mask & WRITE_OWNER))) {
if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
allowgrp |= pace->mask;
grppresent = TRUE;
@@ -3327,20 +3325,20 @@
denyall |= pace->mask;
} else
if ((ntfs_same_sid((const SID*)&pace->sid,nullsid))
- && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
+ && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
special |= pace->mask;
- }
- offace += le16_to_cpu(pace->size);
}
+ offace += le16_to_cpu(pace->size);
+ }
if (!ownpresent)
allowown = allowall;
if (!grppresent)
allowgrp = allowall;
return (merge_permissions(isdir,
- allowown & ~(denyown | denyall),
- allowgrp & ~(denygrp | denyall),
- allowall & ~denyall,
- special));
+ allowown & ~(denyown | denyall),
+ allowgrp & ~(denygrp | denyall),
+ allowall & ~denyall,
+ special));
}
#if POSIXACLS
@@ -3459,9 +3457,8 @@
* (special case : owner or/and group is administrator)
*/
-
static int build_ownadmin_permissions(const char *securattr,
- const SID *usid, const SID *gsid, BOOL isdir)
+ const SID *usid, const SID *gsid, BOOL isdir)
{
const SECURITY_DESCRIPTOR_RELATIVE *phead;
const ACL *pacl;
@@ -3494,26 +3491,27 @@
for (nace = 0; nace < acecnt; nace++) {
pace = (const ACCESS_ALLOWED_ACE*)&securattr[offace];
if (!(pace->flags & INHERIT_ONLY_ACE)
- && !(~pace->mask & (ROOT_OWNER_UNMARK | ROOT_GROUP_UNMARK))) {
+ && !(~pace->mask & (ROOT_OWNER_UNMARK | ROOT_GROUP_UNMARK))) {
if ((ntfs_same_sid(usid, &pace->sid)
- || ntfs_same_sid(ownersid, &pace->sid))
- && (((pace->mask & WRITE_OWNER) && firstapply))) {
+ || ntfs_same_sid(ownersid, &pace->sid))
+ && (((pace->mask & WRITE_OWNER) && firstapply))) {
if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
allowown |= pace->mask;
isforeign &= ~1;
} else
if (pace->type == ACCESS_DENIED_ACE_TYPE)
denyown |= pace->mask;
+ } else
+ if (ntfs_same_sid(gsid, &pace->sid)
+ && (!(pace->mask & WRITE_OWNER))) {
+ if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
+ allowgrp |= pace->mask;
+ isforeign &= ~2;
+ } else
+ if (pace->type == ACCESS_DENIED_ACE_TYPE)
+ denygrp |= pace->mask;
} else
- if (ntfs_same_sid(gsid, &pace->sid)
- && (!(pace->mask & WRITE_OWNER))) {
- if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
- allowgrp |= pace->mask;
- isforeign &= ~2;
- } else
- if (pace->type == ACCESS_DENIED_ACE_TYPE)
- denygrp |= pace->mask;
- } else if (is_world_sid((const SID*)&pace->sid)) {
+ if (is_world_sid((const SID*)&pace->sid)) {
if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
allowall |= pace->mask;
else
@@ -3521,22 +3519,20 @@
denyall |= pace->mask;
}
firstapply = FALSE;
- } else
- if (!(pace->flags & INHERIT_ONLY_ACE))
- if ((ntfs_same_sid((const SID*)&pace->sid,nullsid))
- && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
- special |= pace->mask;
- offace += le16_to_cpu(pace->size);
- }
- if (isforeign) {
- allowown |= (allowgrp | allowall);
- allowgrp |= allowall;
+ } else
+ if (!(pace->flags & INHERIT_ONLY_ACE))
+ if ((ntfs_same_sid((const SID*)&pace->sid,nullsid))
+ && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
+ special |= pace->mask;
+ offace += le16_to_cpu(pace->size);
}
+ if (isforeign)
+ allowown |= (allowgrp |= allowall);
return (merge_permissions(isdir,
- allowown & ~(denyown | denyall),
- allowgrp & ~(denygrp | denyall),
- allowall & ~denyall,
- special));
+ allowown & ~(denyown | denyall),
+ allowgrp & ~(denygrp | denyall),
+ allowall & ~denyall,
+ special));
}
#if OWNERFROMACL
@@ -4104,14 +4100,14 @@
*/
int ntfs_build_permissions(const char *securattr,
- const SID *usid, const SID *gsid, BOOL isdir)
+ const SID *usid, const SID *gsid, BOOL isdir)
{
int perm;
BOOL adminowns;
BOOL groupowns;
adminowns = ntfs_same_sid(usid,adminsid)
- || ntfs_same_sid(gsid,adminsid);
+ || ntfs_same_sid(gsid,adminsid);
groupowns = !adminowns && ntfs_same_sid(gsid,usid);
if (adminowns)
perm = build_ownadmin_permissions(securattr, usid, gsid, isdir);
diff --git a/libntfs-3g/security.c b/libntfs-3g/security.c
--- a/libntfs-3g/security.c
+++ b/libntfs-3g/security.c
@@ -2332,18 +2332,18 @@
phead = (const SECURITY_DESCRIPTOR_RELATIVE*)
securattr;
gsid = (const SID*)&
- securattr[le32_to_cpu(phead->group)];
+ securattr[le32_to_cpu(phead->group)];
gid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
#if OWNERFROMACL
usid = ntfs_acl_owner(securattr);
perm = ntfs_build_permissions(securattr,
- usid, gsid, isdir);
+ usid, gsid, isdir);
uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
#else
usid = (const SID*)&
- securattr[le32_to_cpu(phead->owner)];
+ securattr[le32_to_cpu(phead->owner)];
perm = ntfs_build_permissions(securattr,
- usid, gsid, isdir);
+ usid, gsid, isdir);
if (!perm && ntfs_same_sid(usid, adminsid)) {
uid = find_tenant(scx, securattr);
if (uid)
@@ -2500,7 +2500,7 @@
perm = -1;
#else
perm = ntfs_build_permissions(securattr,
- usid, gsid, isdir);
+ usid, gsid, isdir);
#endif
/*
* fetch owner and group for cacheing
@@ -3684,7 +3684,7 @@
res = -1;
#else
mode = perm = ntfs_build_permissions(oldattr,
- usid, gsid, isdir);
+ usid, gsid, isdir);
if (perm >= 0) {
fileuid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
filegid = ntfs_find_group(scx->mapping[MAPGROUPS],gsid);
diff --git a/src/secaudit.c b/src/secaudit.c
--- a/src/secaudit.c
+++ b/src/secaudit.c
@@ -590,20 +590,21 @@
1, /* auth count */
0, 0, 0, 0, 0, 1, /* base */
0, 0, 0, 0 /* 1st level */
-} ;
+};
+
static const SID *worldsid = (const SID*)worldsidbytes;
/*
* SID for authenticated user (S-1-5-11)
*/
-
+
static const char authsidbytes[] = {
1, /* revision */
1, /* auth count */
0, 0, 0, 0, 0, 5, /* base */
11, 0, 0, 0 /* 1st level */
};
-
+
static const SID *authsid = (const SID*)authsidbytes;
/*
@@ -644,7 +645,7 @@
0, 0, 0, 0, 0, 5, /* base */
18, 0, 0, 0 /* 1st level */
};
-
+
static const SID *systemsid = (const SID*)systemsidbytes;
#endif
# HG changeset patch
# User Ulf Zibis
# Date 1454805432 -3600
# Sun Feb 07 01:37:12 2016 +0100
# Node ID 14beeca1efa62e8bb575828f74112581700f150d
# Parent 9d650af7157881ef015cfa5a6e2b94d108bc4c79
Refactored merge_permissions()
diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c
--- a/libntfs-3g/acls.c
+++ b/libntfs-3g/acls.c
@@ -2926,13 +2926,25 @@
* from owner, group and world grants as represented in ACEs
*/
-static int merge_permissions(BOOL isdir,
- le32 owner, le32 group, le32 world, le32 special)
-
+static int merge_permissions(BOOL isdir, le32 special,
+ le32 allowown, le32 allowgrp, le32 allowoth,
+ le32 denyown, le32 denygrp, le32 denyoth)
{
- int perm;
-
- perm = 0;
+ le32 owner = allowown & ~(denyown | denyoth);
+ le32 group = allowgrp & ~(denygrp | denyoth);
+ le32 other = allowoth & ~denyoth;
+
+ int perm = 0;
+
+ /* build special permission flags */
+ if (special) {
+ if (special & FILE_APPEND_DATA)
+ perm |= S_ISUID;
+ if (special & FILE_WRITE_DATA)
+ perm |= S_ISGID;
+ if (special & FILE_READ_DATA)
+ perm |= S_ISVTX;
+ }
/* build owner permission */
if (owner) {
if (isdir) {
@@ -2981,39 +2993,30 @@
perm |= S_IRGRP;
}
}
- /* build world permission */
- if (world) {
+ /* build other permission */
+ if (other) {
if (isdir) {
/* exec if any of list, traverse */
- if (world & DIR_GEXEC)
+ if (other & DIR_GEXEC)
perm |= S_IXOTH;
/* write if any of addfile, adddir, delchild */
- if (world & DIR_GWRITE)
+ if (other & DIR_GWRITE)
perm |= S_IWOTH;
/* read if any of list */
- if (world & DIR_GREAD)
+ if (other & DIR_GREAD)
perm |= S_IROTH;
} else {
/* exec if execute */
- if (world & FILE_GEXEC)
+ if (other & FILE_GEXEC)
perm |= S_IXOTH;
/* write if any of writedata, appenddata */
- if (world & FILE_GWRITE)
+ if (other & FILE_GWRITE)
perm |= S_IWOTH;
/* read if any of readdata */
- if (world & FILE_GREAD)
+ if (other & FILE_GREAD)
perm |= S_IROTH;
}
}
- /* build special permission flags */
- if (special) {
- if (special & FILE_APPEND_DATA)
- perm |= S_ISUID;
- if (special & FILE_WRITE_DATA)
- perm |= S_ISGID;
- if (special & FILE_READ_DATA)
- perm |= S_ISVTX;
- }
return (perm);
}
@@ -3255,11 +3258,9 @@
* granted to world unless denied specifically
*/
allowown |= (allowgrp |= allowall);
- return (merge_permissions(isdir,
- allowown & ~(denyown | denyall),
- allowgrp & ~(denygrp | denyall),
- allowall & ~denyall,
- special));
+ return (merge_permissions(isdir, special,
+ allowown, allowgrp, allowall,
+ denyown, denygrp, denyall));
}
/*
@@ -3334,11 +3335,9 @@
allowown = allowall;
if (!grppresent)
allowgrp = allowall;
- return (merge_permissions(isdir,
- allowown & ~(denyown | denyall),
- allowgrp & ~(denygrp | denyall),
- allowall & ~denyall,
- special));
+ return (merge_permissions(isdir, special,
+ allowown, allowgrp, allowall,
+ denyown, denygrp, denyall));
}
#if POSIXACLS
@@ -3528,11 +3527,9 @@
}
if (isforeign)
allowown |= (allowgrp |= allowall);
- return (merge_permissions(isdir,
- allowown & ~(denyown | denyall),
- allowgrp & ~(denygrp | denyall),
- allowall & ~denyall,
- special));
+ return (merge_permissions(isdir, special,
+ allowown, allowgrp, allowall,
+ denyown, denygrp, denyall));
}
#if OWNERFROMACL
# HG changeset patch
# User Ulf Zibis
# Date 1454888109 -3600
# Mon Feb 08 00:35:09 2016 +0100
# Node ID 58b95dae98a7b2d89a47ea5dd8f06adf1bf76fb9
# Parent 14beeca1efa62e8bb575828f74112581700f150d
Reduced redundancy in merge_permissions()
diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c
--- a/libntfs-3g/acls.c
+++ b/libntfs-3g/acls.c
@@ -2922,100 +2922,68 @@
}
/*
+ * Create a mode_t permissions part
+ * from owner grants as represented in ACEs
+ */
+
+static int merge_own_permissions(BOOL isdir, le32 ntfs_perm)
+{
+ int perm = 0;
+
+ /* build owner permission flags */
+ if (ntfs_perm) {
+ /*
+ * Because the NTFS permission masks for DIR and FILE are identical,
+ * theoretically isDir switch is superfluous. (Ulf Zibis)
+ */
+ if (isdir) {
+ /* read if any of list */
+ if (ntfs_perm & DIR_GREAD)
+ perm |= __S_IREAD;
+ /* write if any of addfile, adddir, delchild */
+ if (ntfs_perm & DIR_GWRITE)
+ perm |= __S_IWRITE;
+ /* exec if any of list, traverse */
+ if (ntfs_perm & DIR_GEXEC)
+ perm |= __S_IEXEC;
+ } else {
+ /* read if any of readdata or generic read */
+ if (ntfs_perm & FILE_GREAD)
+ perm |= __S_IREAD;
+ /* write if any of writedata or generic write */
+ if (ntfs_perm & FILE_GWRITE)
+ perm |= __S_IWRITE;
+ /* exec if execute or generic execute */
+ if (ntfs_perm & FILE_GEXEC)
+ perm |= __S_IEXEC;
+ }
+ }
+ return (perm);
+}
+
+/*
* Create a mode_t permission set
- * from owner, group and world grants as represented in ACEs
+ * from owner, group, world and special grants as represented in ACEs
*/
static int merge_permissions(BOOL isdir, le32 special,
le32 allowown, le32 allowgrp, le32 allowoth,
le32 denyown, le32 denygrp, le32 denyoth)
{
- le32 owner = allowown & ~(denyown | denyoth);
- le32 group = allowgrp & ~(denygrp | denyoth);
- le32 other = allowoth & ~denyoth;
-
- int perm = 0;
+ /* build standard permission flags */
+ int perm =
+ merge_own_permissions(isdir, allowoth & ~denyoth) >> 3 |
+ merge_own_permissions(isdir, allowgrp & ~(denygrp | denyoth)) >> 3 |
+ merge_own_permissions(isdir, allowown & ~(denyown | denyoth));
/* build special permission flags */
if (special) {
if (special & FILE_APPEND_DATA)
- perm |= S_ISUID;
+ perm |= __S_ISUID;
if (special & FILE_WRITE_DATA)
- perm |= S_ISGID;
+ perm |= __S_ISGID;
if (special & FILE_READ_DATA)
- perm |= S_ISVTX;
- }
- /* build owner permission */
- if (owner) {
- if (isdir) {
- /* exec if any of list, traverse */
- if (owner & DIR_GEXEC)
- perm |= S_IXUSR;
- /* write if any of addfile, adddir, delchild */
- if (owner & DIR_GWRITE)
- perm |= S_IWUSR;
- /* read if any of list */
- if (owner & DIR_GREAD)
- perm |= S_IRUSR;
- } else {
- /* exec if execute or generic execute */
- if (owner & FILE_GEXEC)
- perm |= S_IXUSR;
- /* write if any of writedata or generic write */
- if (owner & FILE_GWRITE)
- perm |= S_IWUSR;
- /* read if any of readdata or generic read */
- if (owner & FILE_GREAD)
- perm |= S_IRUSR;
- }
- }
- /* build group permission */
- if (group) {
- if (isdir) {
- /* exec if any of list, traverse */
- if (group & DIR_GEXEC)
- perm |= S_IXGRP;
- /* write if any of addfile, adddir, delchild */
- if (group & DIR_GWRITE)
- perm |= S_IWGRP;
- /* read if any of list */
- if (group & DIR_GREAD)
- perm |= S_IRGRP;
- } else {
- /* exec if execute */
- if (group & FILE_GEXEC)
- perm |= S_IXGRP;
- /* write if any of writedata, appenddata */
- if (group & FILE_GWRITE)
- perm |= S_IWGRP;
- /* read if any of readdata */
- if (group & FILE_GREAD)
- perm |= S_IRGRP;
- }
- }
- /* build other permission */
- if (other) {
- if (isdir) {
- /* exec if any of list, traverse */
- if (other & DIR_GEXEC)
- perm |= S_IXOTH;
- /* write if any of addfile, adddir, delchild */
- if (other & DIR_GWRITE)
- perm |= S_IWOTH;
- /* read if any of list */
- if (other & DIR_GREAD)
- perm |= S_IROTH;
- } else {
- /* exec if execute */
- if (other & FILE_GEXEC)
- perm |= S_IXOTH;
- /* write if any of writedata, appenddata */
- if (other & FILE_GWRITE)
- perm |= S_IWOTH;
- /* read if any of readdata */
- if (other & FILE_GREAD)
- perm |= S_IROTH;
- }
+ perm |= __S_ISVTX;
}
return (perm);
}
@@ -3527,6 +3495,7 @@
}
if (isforeign)
allowown |= (allowgrp |= allowall);
+ /* What about denyxxx in case of foreign? */
return (merge_permissions(isdir, special,
allowown, allowgrp, allowall,
denyown, denygrp, denyall));
# HG changeset patch
# User Ulf Zibis
# Date 1454935832 -3600
# Mon Feb 08 13:50:32 2016 +0100
# Node ID 10cfc76fccb0e0880b5af16041aeaa9350b290ec
# Parent 58b95dae98a7b2d89a47ea5dd8f06adf1bf76fb9
build_xxx_permissions(): Better readable and comparable
build_ownadmin_permissions(): Removed little redundancy
diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c
--- a/libntfs-3g/acls.c
+++ b/libntfs-3g/acls.c
@@ -2963,7 +2963,7 @@
/*
* Create a mode_t permission set
- * from owner, group, world and special grants as represented in ACEs
+ * from special, owner, group and world grants as represented in ACEs
*/
static int merge_permissions(BOOL isdir, le32 special,
@@ -3162,10 +3162,10 @@
int offace;
int acecnt;
int nace;
- BOOL noown;
le32 special;
le32 allowown, allowgrp, allowall;
le32 denyown, denygrp, denyall;
+ BOOL noown;
phead = (const SECURITY_DESCRIPTOR_RELATIVE*)securattr;
offdacl = le32_to_cpu(phead->dacl);
@@ -3173,7 +3173,6 @@
special = const_cpu_to_le32(0);
allowown = allowgrp = allowall = const_cpu_to_le32(0);
denyown = denygrp = denyall = const_cpu_to_le32(0);
- noown = TRUE;
if (offdacl) {
acecnt = le16_to_cpu(pacl->ace_count);
offace = offdacl + sizeof(ACL);
@@ -3181,36 +3180,32 @@
acecnt = 0;
offace = 0;
}
- for (nace = 0; nace < acecnt; nace++) {
+ noown = TRUE;
+ for (nace=0; nace<acecnt; nace++, offace+=le16_to_cpu(pace->size)) {
pace = (const ACCESS_ALLOWED_ACE*)&securattr[offace];
if (!(pace->flags & INHERIT_ONLY_ACE)) {
if (ntfs_same_sid(usid, &pace->sid)
|| ntfs_same_sid(ownersid, &pace->sid)) {
- noown = FALSE;
if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
allowown |= pace->mask;
else if (pace->type == ACCESS_DENIED_ACE_TYPE)
denyown |= pace->mask;
- } else
- if (ntfs_same_sid(gsid, &pace->sid)
- && !(pace->mask & WRITE_OWNER)) {
- if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
- allowgrp |= pace->mask;
- else if (pace->type == ACCESS_DENIED_ACE_TYPE)
- denygrp |= pace->mask;
- } else
- if (is_world_sid((const SID*)&pace->sid)) {
- if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
- allowall |= pace->mask;
- else
- if (pace->type == ACCESS_DENIED_ACE_TYPE)
- denyall |= pace->mask;
- } else
- if ((ntfs_same_sid((const SID*)&pace->sid,nullsid))
- && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
- special |= pace->mask;
+ noown = FALSE;
+ } else if (ntfs_same_sid(gsid, &pace->sid)
+ && !(pace->mask & WRITE_OWNER)) {
+ if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
+ allowgrp |= pace->mask;
+ else if (pace->type == ACCESS_DENIED_ACE_TYPE)
+ denygrp |= pace->mask;
+ } else if (is_world_sid((const SID*)&pace->sid)) {
+ if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
+ allowall |= pace->mask;
+ else if (pace->type == ACCESS_DENIED_ACE_TYPE)
+ denyall |= pace->mask;
+ } else if ((ntfs_same_sid((const SID*)&pace->sid,nullsid))
+ && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
+ special |= pace->mask;
}
- offace += le16_to_cpu(pace->size);
}
/*
* No indication about owner's rights : grant basic rights
@@ -3220,11 +3215,12 @@
*/
if (noown)
allowown = (FILE_READ_DATA | FILE_WRITE_DATA | FILE_EXECUTE);
- /*
- * Add to owner rights granted to group or world
- * unless denied personaly, and add to group rights
- * granted to world unless denied specifically
- */
+ /* What about denyxxx in case of noown? */
+ /*
+ * Add to owner rights granted to group or world
+ * unless denied personaly, and add to group rights
+ * granted to world unless denied specifically
+ */
allowown |= (allowgrp |= allowall);
return (merge_permissions(isdir, special,
allowown, allowgrp, allowall,
@@ -3248,10 +3244,10 @@
int acecnt;
int nace;
le32 special;
- BOOL grppresent;
- BOOL ownpresent;
le32 allowown, allowgrp, allowall;
le32 denyown, denygrp, denyall;
+ BOOL noown;
+ BOOL nogrp;
phead = (const SECURITY_DESCRIPTOR_RELATIVE*)securattr;
offdacl = le32_to_cpu(phead->dacl);
@@ -3259,8 +3255,6 @@
special = const_cpu_to_le32(0);
allowown = allowgrp = allowall = const_cpu_to_le32(0);
denyown = denygrp = denyall = const_cpu_to_le32(0);
- ownpresent = FALSE;
- grppresent = FALSE;
if (offdacl) {
acecnt = le16_to_cpu(pacl->ace_count);
offace = offdacl + sizeof(ACL);
@@ -3268,7 +3262,9 @@
acecnt = 0;
offace = 0;
}
- for (nace = 0; nace < acecnt; nace++) {
+ noown = TRUE;
+ nogrp = TRUE;
+ for (nace=0; nace<acecnt; nace++, offace+=le16_to_cpu(pace->size)) {
pace = (const ACCESS_ALLOWED_ACE*)&securattr[offace];
if (!(pace->flags & INHERIT_ONLY_ACE)) {
if ((ntfs_same_sid(usid, &pace->sid)
@@ -3276,32 +3272,27 @@
&& (pace->mask & WRITE_OWNER)) {
if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
allowown |= pace->mask;
- ownpresent = TRUE;
+ noown = FALSE;
}
- } else
- if (ntfs_same_sid(usid, &pace->sid)
- && (!(pace->mask & WRITE_OWNER))) {
- if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
- allowgrp |= pace->mask;
- grppresent = TRUE;
- }
- } else
- if (is_world_sid((const SID*)&pace->sid)) {
- if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
- allowall |= pace->mask;
- else
- if (pace->type == ACCESS_DENIED_ACE_TYPE)
- denyall |= pace->mask;
- } else
- if ((ntfs_same_sid((const SID*)&pace->sid,nullsid))
- && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
- special |= pace->mask;
+ } else if (ntfs_same_sid(usid, &pace->sid)
+ && (!(pace->mask & WRITE_OWNER))) {
+ if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
+ allowgrp |= pace->mask;
+ nogrp = FALSE;
+ }
+ } else if (is_world_sid((const SID*)&pace->sid)) {
+ if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
+ allowall |= pace->mask;
+ else if (pace->type == ACCESS_DENIED_ACE_TYPE)
+ denyall |= pace->mask;
+ } else if ((ntfs_same_sid((const SID*)&pace->sid,nullsid))
+ && (pace->type == ACCESS_ALLOWED_ACE_TYPE))
+ special |= pace->mask;
}
- offace += le16_to_cpu(pace->size);
}
- if (!ownpresent)
+ if (noown)
allowown = allowall;
- if (!grppresent)
+ if (nogrp)
allowgrp = allowall;
return (merge_permissions(isdir, special,
allowown, allowgrp, allowall,
@@ -3434,11 +3425,11 @@
int offace;
int acecnt;
int nace;
- BOOL firstapply;
- int isforeign;
le32 special;
le32 allowown, allowgrp, allowall;
le32 denyown, denygrp, denyall;
+ BOOL firstapply;
+ int isforeign;
phead = (const SECURITY_DESCRIPTOR_RELATIVE*)securattr;
offdacl = le32_to_cpu(phead->dacl);
@@ -3455,43 +3446,36 @@
}
firstapply = TRUE;
isforeign = 3;
- for (nace = 0; nace < acecnt; nace++) {
+ for (nace=0; nace<acecnt; nace++, offace+=le16_to_cpu(pace->size)) {
pace = (const ACCESS_ALLOWED_ACE*)&securattr[offace];
- if (!(pace->flags & INHERIT_ONLY_ACE)
- && !(~pace->mask & (ROOT_OWNER_UNMARK | ROOT_GROUP_UNMARK))) {
- if ((ntfs_same_sid(usid, &pace->sid)
- || ntfs_same_sid(ownersid, &pace->sid))
- && (((pace->mask & WRITE_OWNER) && firstapply))) {
- if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
- allowown |= pace->mask;
- isforeign &= ~1;
- } else
- if (pace->type == ACCESS_DENIED_ACE_TYPE)
+ if (!(pace->flags & INHERIT_ONLY_ACE))
+ if (!(~pace->mask & (ROOT_OWNER_UNMARK | ROOT_GROUP_UNMARK))) {
+ if ((ntfs_same_sid(usid, &pace->sid)
+ || ntfs_same_sid(ownersid, &pace->sid))
+ && (pace->mask & WRITE_OWNER) && firstapply) {
+ if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
+ allowown |= pace->mask;
+ isforeign &= ~1;
+ } else if (pace->type == ACCESS_DENIED_ACE_TYPE)
denyown |= pace->mask;
- } else
- if (ntfs_same_sid(gsid, &pace->sid)
+ } else if (ntfs_same_sid(gsid, &pace->sid)
&& (!(pace->mask & WRITE_OWNER))) {
if (pace->type == ACCESS_ALLOWED_ACE_TYPE) {
allowgrp |= pace->mask;
isforeign &= ~2;
- } else
- if (pace->type == ACCESS_DENIED_ACE_TYPE)
- denygrp |= pace->mask;
- } else
- if (is_world_sid((const SID*)&pace->sid)) {
- if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
- allowall |= pace->mask;
- else
- if (pace->type == ACCESS_DENIED_ACE_TYPE)
- denyall |= pace->mask;
- }
- firstapply = FALSE;
- } else
- if (!(pace->flags & INHERIT_ONLY_ACE))
+ } else if (pace->type == ACCESS_DENIED_ACE_TYPE)
+ denygrp |= pace->mask;
+ } else if (is_world_sid((const SID*)&pace->sid)) {
+ if (pace->type == ACCESS_ALLOWED_ACE_TYPE)
+ allowall |= pace->mask;
+ else if (pace->type == ACCESS_DENIED_ACE_TYPE)
+ denyall |= pace->mask;
+ }
+ firstapply = FALSE;
+ } else
if ((ntfs_same_sid((const SID*)&pace->sid,nullsid))
&& (pace->type == ACCESS_ALLOWED_ACE_TYPE))
special |= pace->mask;
- offace += le16_to_cpu(pace->size);
}
if (isforeign)
allowown |= (allowgrp |= allowall);
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
ntfs-3g-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
