Commit Graph

165 Commits

Author SHA1 Message Date
Jean-Pierre André
fdefd8feba Fixed bad indentations (cosmetic) 2017-02-11 08:53:20 +01:00
Jean-Pierre André
32587b485c Improved opening/closing $Secure when un/mounting NTFS volume
Call ntfs_close_secure() earlier, check for error, and other cleanups

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-09-02 08:30:07 +02:00
Jean-Pierre André
2840e84a97 Always opened $Secure when mounting NTFS volume
Currently, applications that wish to access security descriptors have to
explicitly open the volume's security descriptor index ("$Secure") using
ntfs_open_secure().  Applications are also responsible for closing the
index when done with it.  However, the cleanup function for doing,
ntfs_close_secure(), cannot be called easily by all applications because
it requires a SECURITY_CONTEXT argument, not simply the ntfs_volume.
Some applications therefore have to close the inode and index contexts
manually in order to clean up properly.

This proposal updates libntfs-3g to open $Secure unconditonally as part
of ntfs_mount(), so that applications do not have to worry about it.

This proposal updates libntfs-3g to open $Secure unconditonally as part
of ntfs_mount(), so that applications do not have to worry about it.

ntfs_close_secure() is updated to take in a ntfs_volume for internal use,
and ntfs_destroy_security_context() is now the function to call to free
memory associated with a SECURITY_CONTEXT rather than a ntfs_volume.

Some memory leaks in error paths of ntfs_open_secure() are also fixed.

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-07-28 16:22:16 +02:00
Jean-Pierre André
043b0e6e73 Allowed using full library API on systems without extended attributes support
A number of functions in libntfs-3g are generally useful, but are tied to
extended attributes support and are not included when the library is
built on platforms without extended attributes support.

This proposal updates libntfs-3g to always include these functions.

The only tricky part is dealing with the XATTR_CREATE and XATTR_REPLACE
flags.  These flags are defined in <sys/xattr.h>, so they must be
redefined on platforms without extended attributes support.

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-07-28 16:13:59 +02:00
Jean-Pierre André
2c11aaa2aa Fixed the range of valid subauthority counts in a SID
ntfs_valid_sid() required that the subauthority count be between 1 and 8
inclusively.  However, Windows permits more than 8 subauthorities as well
as 0 subauthorities:

  - The install.wim file for the latest Windows 10 build contains a file
    whose DACL contains a SID with 10 subauthorities.
    ntfs_set_ntfs_acl() was failing on this file.

  - The IsValidSid() function on Windows returns true for subauthority
    less than or equal to 15, including 0.

There was actually already a another SID validation function that had the
Windows-compatible behavior, so I merged the two together.

Contributed by Eric Biggers
2015-07-14 08:37:01 +02:00
Jean-Pierre André
8fb58de762 Updated the read-only flag even when the security attribute was cached
When chmod'ing a file, no new ACL has to be created if the one needed
is already present in the cache. However the read-only flag may have
to be updated, so that it is kept as the opposite of S_IWUSR.
2015-04-17 10:35:26 +02:00
Jean-Pierre André
3a8d923c13 Fixed accessing security attributes the old way on ntfs 3.x
When the security attribute is present, chkdsk may set a null security id
in the standard attributes, and this should not be considered as an error.
(this partially reverts commit [70e5b1])
2014-11-10 08:43:32 +01:00
Jean-Pierre André
ab8f021861 Fixed checking permissions when Posix ACLs are compiled in but not enabled
When the Posix ACLs are not enabled in the mount options, the permission
checks should not take into account the extra owners and groups of the
file.
2014-06-23 11:26:00 +02:00
Jean-Pierre André
bfc5f3dd3d Fixed processing umask when Posix ACLs are compiled in but not enabled
When Posix ACLs are used, the umask is ignored and the initial permissions
of created files are taken for the parent directory. However the umask
should still be used when the Posix ACLs are not enabled in the mount
options.
2014-06-23 11:20:21 +02:00
Jean-Pierre André
973949964c Fixed ownership of files created by root with no user mapping
Ownership of files should always represent the creator of files.
This fixes a situation, currently disabled, where there is no user
mapping and the owner of the parent directory is used as the owner
of the created file.
2014-06-23 11:11:07 +02:00
Jean-Pierre André
37862daf83 Fixed getting inherited security ids from cache
When using Windows inheritance, the cacheing of ACLs for files created
within a directory only depended on the directory. Actually it also
depends on the user who creates the file. With the patch, only the ACLs
created by the owner of the directory are cached.
2014-05-22 09:52:42 +02:00
Jean-Pierre André
e8c43f434b Fixed checking static groups against process owner
When grouping of users are determined from /etc/group (a compile-time
option not currently used), the groups examined for checking access rights
to a file were wrongly derived from the uid of the file instead of the
uid of the current process.
2014-05-22 09:38:47 +02:00
Jean-Pierre André
38dcb707ef Improved the ownership definition when inheriting and user mapping fails
When using the Windows permission inheritance mode and the current user
has not been mapped, try to derive a reasonable user from the parent
directory.
2014-05-22 09:19:52 +02:00
Jean-Pierre André
70e5b1b250 Fixed inserting a new ACL after they have been wiped out by chkdsk
chkdsk deletes the ACLs when they are bad or when they are not used any
more. This fixes inserting a new ACL after the previously last ACL (or
even all of them) was deleted.
2014-04-23 09:53:13 +02:00
Jean-Pierre André
2737f9cbd0 Initialize the random generator for the internal guid generator
When uuid/uuid.h is not available, mkntfs uses a home-made guid
generator. Better initialize the random generator to get a random guid.
2013-02-09 15:12:56 +01:00
Jean-Pierre André
3103a6c383 Extended Windows-type ACL inheritance, as needed by Windows 8
Windows 8 uses "Authenticated user" principals which needs to be replaced
by the actual owner when inheriting
2012-08-20 12:36:45 +02:00
Jean-Pierre André
0f8ef123ea Added inheritance of the set-group-id flag
So far the set-group-id flag could be set in a chmod. This patch enables
the inheritance of the group to files and subdirectories, and the
inheritance of the set-group-id flag to subdirectories.
2012-06-18 12:53:25 +02:00
Jean-Pierre André
464a9156cd Fixed a wrong computation of ACL size (minor issue) 2012-06-18 12:26:36 +02:00
Jean-Pierre André
1c93e2a97d Avoided setuid/setgid removal by chown on OpenIndiana
On OpenIndiana, it is not customary to remove the setuid/setgid flags
when doing a chown, so comply with the local rules.
2012-03-21 18:52:07 +01:00
Jean-Pierre André
f78cc45208 Implemented supplementary group checks for OpenIndiana
Checking supplementary groups permissions to access a file relies on
a supplementary group list available in /proc/PID. This patch adds a
variant to implement the checks based on the specific format used
by OpenIndiana.
2012-03-21 18:34:48 +01:00
Jean-Pierre André
d06ee35332 Used ENOENT instead of ENODATA when the latter is not defined (Robert Millan)
ENODATA is not defined by Posix and is lacking on FreeBSD
2012-01-23 16:50:25 +01:00
Jean-Pierre André
4dd63e0fd1 Fixed the setting of attributes by secaudit
The setting of attributes was done in the "standard information",
it must also be propagated to the indexes in parent directories.
2011-09-12 18:41:25 +02:00
Jean-Pierre André
35ad185ade cosmetic : Removed a pointless variable initialization in upgrade_secur_desc() (Fabian Keil) 2011-08-04 15:49:36 +02:00
Jean-Pierre André
12e54df513 cosmetic : Removed more unneeded variables warned by gcc 4.6 2011-08-04 15:49:35 +02:00
Jean-Pierre André
5cd49257b0 Removed unneeded variables as warned by gcc 4.6 2011-07-05 12:17:29 +02:00
Jean-Pierre André
f219d2e07e Fixed inconsistent interface to ntfs_initialize_file_security()
The "flags" argument of ntfs_initialize_file_security() is intended to
feed the one to ntfs_mount(). Having the same type for both may avoid
future problems.
2011-03-23 09:20:10 +01:00
Jean-Pierre André
351aec3f7a Enabled renaming of system extended attributes 2010-10-26 08:59:52 +02:00
Jean-Pierre André
e40c942f3a Checked Posix ACL versions 2010-10-01 10:41:32 +02:00
Jean-Pierre André
41d23fba05 removed unneeded synchronizations 2010-05-25 10:14:15 +02:00
Jean-Pierre André
2e86428fc0 redefined a default user mapping (a few changes in mount options) 2010-05-25 10:05:10 +02:00
Jean-Pierre André
c9d40485b4 fixed a possible index block with no key in 2010-04-19 11:10:30 +02:00
Jean-Pierre André
984be554e3 fixed a bad condition for security descriptor upgrade 2010-04-19 11:09:31 +02:00
Jean-Pierre André
3e4826f758 fixed modifying the read-only flag on a directory 2010-04-19 11:03:54 +02:00
jpandre
05ead49d4e Avoid a compiler warning 2010-01-04 08:04:30 +00:00
jpandre
6271663b4e Skip extended attribute related functions when not supported locally 2009-12-19 09:20:59 +00:00
jpandre
1bbb7b8861 Avoid a compiler warning (opensolaris) 2009-12-19 07:44:35 +00:00
jpandre
9dd9daeb6d Implemented low-level interface to fuse 2009-12-18 08:43:45 +00:00
jpandre
41a371f4a7 Redesigned caches for indexing cached entries 2009-12-17 17:36:06 +00:00
jpandre
7c88ccb95b Grouped parameters affecting the global behavior in a specific file 2009-12-17 15:24:02 +00:00
jpandre
c5c51ec1fe Simplified interfaces for checking permissions 2009-12-14 17:23:12 +00:00
jpandre
3c323eecf1 Avoided checking group membership when group and other have same permissions 2009-12-11 14:39:59 +00:00
jpandre
22ecdf8298 Fixed synchronization of attribs and timestamps to parent directory 2009-11-25 14:37:00 +00:00
jpandre
9b987fb923 Disabled ownership checking when permissions are disabled 2009-11-25 14:15:52 +00:00
jpandre
ad25d7a0ac Applied patches for Mac OS X (Erik Larsson) 2009-11-18 16:37:15 +00:00
jpandre
af4f6a406a fix format breaking new lines in error messages 2009-11-05 11:43:36 +00:00
jpandre
06e553b04d Fixed permissions of created files when parent directory has a default ACL 2009-07-04 19:14:56 +00:00
jpandre
9a4672ca65 Developped getting and setting DOS names (short 8+3 names) 2009-07-01 19:45:59 +00:00
jpandre
c453008681 Fixed native NTFS inheritance 2009-05-17 19:54:08 +00:00
jpandre
3615874502 Fixed execution access by root when Posix ACLs are enabled on kernel >= 2.6.29 2009-04-21 13:00:24 +00:00
jpandre
d898b64a04 Changed interface for translating permissions to avoid a version dependency 2009-04-10 07:10:04 +00:00