Don't create SDS entries which aren't needed

ntfsprogs/mkntfs.c

@@ -4710,7 +4710,7 @@ static BOOL mkntfs_create_root_structures(void)
 					return FALSE;
 				init_secure_30(buf_sds_init);
 			} else {
-				buf_sds_first_size = 0x240;
+				buf_sds_first_size = 0xFC;
 				buf_sds_size = 0x40000 + buf_sds_first_size;
 				buf_sds_init = ntfs_calloc(1, buf_sds_first_size);
 				if (!buf_sds_init)

ntfsprogs/sd.c

@@ -1025,272 +1025,6 @@ void init_secure_31(char *sd_val)
 	sid->sub_authority[1] =
 		cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 
-/*
- * security descriptor #3
- */
-	//header
-	sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80 + 0x80);
-	sds->hash = cpu_to_le32(0x0A9F9B62);
-	sds->security_id = cpu_to_le32(0x0102);
-	sds->offset = cpu_to_le64(0x0100);
-	sds->length = cpu_to_le32(0x60);
-
-	//security descriptor relative
-	sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
-		sizeof(SECURITY_DESCRIPTOR_HEADER));
-	sd->revision = 0x01;
-	sd->alignment = 0x00;
-	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
-	sd->owner = cpu_to_le32(0x30);
-	sd->group = cpu_to_le32(0x40);
-	sd->sacl = cpu_to_le32(0x00);
-	sd->dacl = cpu_to_le32(0x14);
-
-	//acl
-	acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
-	acl->revision = 0x02;
-	acl->alignment1 = 0x00;
-	acl->size = cpu_to_le16(0x1C);
-	acl->ace_count = cpu_to_le16(0x01);
-	acl->alignment2 = 0x00;
-
-	//ace1
-	ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
-	ace->type = 0x00;
-	ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
-	ace->size = cpu_to_le16(0x14);
-	ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
-			 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
-			 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
-			 FILE_TRAVERSE | FILE_DELETE_CHILD |
-			 FILE_READ_ATTRIBUTES;
-	ace->sid.revision = 0x01;
-	ace->sid.sub_authority_count = 0x01;
-	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
-	ace->sid.identifier_authority.value[0] = 0;
-	ace->sid.identifier_authority.value[1] = 0;
-	ace->sid.identifier_authority.value[2] = 0;
-	ace->sid.identifier_authority.value[3] = 0;
-	ace->sid.identifier_authority.value[4] = 0;
-	ace->sid.identifier_authority.value[5] = 5;
-	ace->sid.sub_authority[0] =
-		cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
-
-	//owner sid
-	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
-	sid->revision = 0x01;
-	sid->sub_authority_count = 0x02;
-	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
-	sid->identifier_authority.value[0] = 0;
-	sid->identifier_authority.value[1] = 0;
-	sid->identifier_authority.value[2] = 0;
-	sid->identifier_authority.value[3] = 0;
-	sid->identifier_authority.value[4] = 0;
-	sid->identifier_authority.value[5] = 5;
-	sid->sub_authority[0] =
-		cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
-	sid->sub_authority[1] =
-		cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
-
-	//group sid
-	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
-	sid->revision = 0x01;
-	sid->sub_authority_count = 0x01;
-	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
-	sid->identifier_authority.value[0] = 0;
-	sid->identifier_authority.value[1] = 0;
-	sid->identifier_authority.value[2] = 0;
-	sid->identifier_authority.value[3] = 0;
-	sid->identifier_authority.value[4] = 0;
-	sid->identifier_authority.value[5] = 5;
-	sid->sub_authority[0] =
-		cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
-
-/*
- * security descriptor #4
- */
-	//header
-	sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80 + 0x80 + 0x60);
-	sds->hash = cpu_to_le32(0x0A9F9562);
-	sds->security_id = cpu_to_le32(0x0103);
-	sds->offset = cpu_to_le64(0x0160);
-	sds->length = cpu_to_le32(0x60);
-
-	//security descriptor relative
-	sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
-		 sizeof(SECURITY_DESCRIPTOR_HEADER));
-	sd->revision = 0x01;
-	sd->alignment = 0x00;
-	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
-	sd->owner = cpu_to_le32(0x30);
-	sd->group = cpu_to_le32(0x40);
-	sd->sacl = cpu_to_le32(0x00);
-	sd->dacl = cpu_to_le32(0x14);
-
-	//acl
-	acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
-	acl->revision = 0x02;
-	acl->alignment1 = 0x00;
-	acl->size = cpu_to_le16(0x1C);
-	acl->ace_count = cpu_to_le16(0x01);
-	acl->alignment2 = 0x00;
-
-	//ace1
-	ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
-	ace->type = 0x00;
-	ace->flags = 0x00;
-	ace->size = cpu_to_le16(0x14);
-	ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
-			 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
-			 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
-			 FILE_TRAVERSE | FILE_DELETE_CHILD |
-			 FILE_READ_ATTRIBUTES;
-	ace->sid.revision = 0x01;
-	ace->sid.sub_authority_count = 0x01;
-	// SECURITY_NT_SID_AUTHORITY (S-1-5)
-	ace->sid.identifier_authority.value[0] = 0;
-	ace->sid.identifier_authority.value[1] = 0;
-	ace->sid.identifier_authority.value[2] = 0;
-	ace->sid.identifier_authority.value[3] = 0;
-	ace->sid.identifier_authority.value[4] = 0;
-	ace->sid.identifier_authority.value[5] = 5;
-	ace->sid.sub_authority[0] =
-		cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
-
-	//owner sid
-	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
-	sid->revision = 0x01;
-	sid->sub_authority_count = 0x02;
-	// SECURITY_NT_SID_AUTHORITY (S-1-5)
-	sid->identifier_authority.value[0] = 0;
-	sid->identifier_authority.value[1] = 0;
-	sid->identifier_authority.value[2] = 0;
-	sid->identifier_authority.value[3] = 0;
-	sid->identifier_authority.value[4] = 0;
-	sid->identifier_authority.value[5] = 5;
-	sid->sub_authority[0] =
-		cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
-	sid->sub_authority[1] =
-		cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
-	//group sid
-	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
-	sid->revision = 0x01;
-	sid->sub_authority_count = 0x01;
-	// SECURITY_NT_SID_AUTHORITY (S-1-5)
-	sid->identifier_authority.value[0] = 0;
-	sid->identifier_authority.value[1] = 0;
-	sid->identifier_authority.value[2] = 0;
-	sid->identifier_authority.value[3] = 0;
-	sid->identifier_authority.value[4] = 0;
-	sid->identifier_authority.value[5] = 5;
-	sid->sub_authority[0] =
-		cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
-
-/*
- * security descriptor #5
- */
-	//header
-	sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80 + 0x80 +
-		 0x60 + 0x60);
-	sds->hash = cpu_to_le32(0x453F0A2E);
-	sds->security_id = cpu_to_le32(0x0104);
-	sds->offset = cpu_to_le64(0x01C0);
-	sds->length = cpu_to_le32(0x78);
-
-	//security descriptor relative
-	sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
-		 sizeof(SECURITY_DESCRIPTOR_HEADER));
-	sd->revision = 0x01;
-	sd->alignment = 0x00;
-	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
-	sd->owner = cpu_to_le32(0x48);
-	sd->group = cpu_to_le32(0x58);
-	sd->sacl = cpu_to_le32(0x00);
-	sd->dacl = cpu_to_le32(0x14);
-
-	//acl
-	acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
-	acl->revision = 0x02;
-	acl->alignment1 = 0x00;
-	acl->size = cpu_to_le16(0x34);
-	acl->ace_count = cpu_to_le16(0x02);
-	acl->alignment2 = 0x00;
-
-	//ace1
-	ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
-	ace->type = 0x00;
-	ace->flags = 0x00;
-	ace->size = cpu_to_le16(0x18);
-	ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
-			 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
-			 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
-			 FILE_TRAVERSE | FILE_DELETE_CHILD |
-			 FILE_READ_ATTRIBUTES;
-	ace->sid.revision = 0x01;
-	ace->sid.sub_authority_count = 0x02;
-	// SECURITY_NT_SID_AUTHORITY (S-1-5)
-	ace->sid.identifier_authority.value[0] = 0;
-	ace->sid.identifier_authority.value[1] = 0;
-	ace->sid.identifier_authority.value[2] = 0;
-	ace->sid.identifier_authority.value[3] = 0;
-	ace->sid.identifier_authority.value[4] = 0;
-	ace->sid.identifier_authority.value[5] = 5;
-	ace->sid.sub_authority[0] =
-		cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
-	ace->sid.sub_authority[1] =
-		cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
-	//ace2
-	ace = (ACCESS_ALLOWED_ACE*)((char*)ace + ace->size);
-	ace->type = 0x00;
-	ace->flags = 0x00;
-	ace->size = cpu_to_le16(0x14);
-	ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
-			 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
-			 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
-			 FILE_TRAVERSE | FILE_DELETE_CHILD |
-			 FILE_READ_ATTRIBUTES;
-	ace->sid.revision = 0x01;
-	ace->sid.sub_authority_count = 0x01;
-	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
-	ace->sid.identifier_authority.value[0] = 0;
-	ace->sid.identifier_authority.value[1] = 0;
-	ace->sid.identifier_authority.value[2] = 0;
-	ace->sid.identifier_authority.value[3] = 0;
-	ace->sid.identifier_authority.value[4] = 0;
-	ace->sid.identifier_authority.value[5] = 5;
-	ace->sid.sub_authority[0] =
-		cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
-
-	//owner sid
-	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
-	sid->revision = 0x01;
-	sid->sub_authority_count = 0x02;
-	// SECURITY_NT_SID_AUTHORITY (S-1-5)
-	sid->identifier_authority.value[0] = 0;
-	sid->identifier_authority.value[1] = 0;
-	sid->identifier_authority.value[2] = 0;
-	sid->identifier_authority.value[3] = 0;
-	sid->identifier_authority.value[4] = 0;
-	sid->identifier_authority.value[5] = 5;
-	sid->sub_authority[0] =
-		cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
-	sid->sub_authority[1] =
-		cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
-
-	//group sid
-	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
-	sid->revision = 0x01;
-	sid->sub_authority_count = 0x01;
-	// SECURITY_NT_SID_AUTHORITY (S-1-5)
-	sid->identifier_authority.value[0] = 0;
-	sid->identifier_authority.value[1] = 0;
-	sid->identifier_authority.value[2] = 0;
-	sid->identifier_authority.value[3] = 0;
-	sid->identifier_authority.value[4] = 0;
-	sid->identifier_authority.value[5] = 5;
-	sid->sub_authority[0] =
-		cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
-
 	return;
 }