diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c index 2a276614..8b8c6155 100644 --- a/libntfs-3g/acls.c +++ b/libntfs-3g/acls.c @@ -3123,6 +3123,7 @@ static int build_ownadmin_permissions(const char *securattr, int acecnt; int nace; BOOL firstapply; + int isforeign; le32 special; le32 allowown, allowgrp, allowall; le32 denyown, denygrp, denyall; @@ -3139,6 +3140,7 @@ static int build_ownadmin_permissions(const char *securattr, } else acecnt = 0; firstapply = TRUE; + isforeign = 3; for (nace = 0; nace < acecnt; nace++) { pace = (const ACCESS_ALLOWED_ACE*)&securattr[offace]; if (!(pace->flags & INHERIT_ONLY_ACE)) { @@ -3147,7 +3149,8 @@ static int build_ownadmin_permissions(const char *securattr, && (((pace->mask & WRITE_OWNER) && firstapply))) { if (pace->type == ACCESS_ALLOWED_ACE_TYPE) { allowown |= pace->mask; - else + isforeign &= ~1; + } else if (pace->type == ACCESS_DENIED_ACE_TYPE) denyown |= pace->mask; } else @@ -3155,7 +3158,8 @@ static int build_ownadmin_permissions(const char *securattr, && (!(pace->mask & WRITE_OWNER))) { if (pace->type == ACCESS_ALLOWED_ACE_TYPE) { allowgrp |= pace->mask; - else + isforeign &= ~2; + } else if (pace->type == ACCESS_DENIED_ACE_TYPE) denygrp |= pace->mask; } else if (is_world_sid((const SID*)&pace->sid)) { @@ -3172,6 +3176,10 @@ static int build_ownadmin_permissions(const char *securattr, } offace += le16_to_cpu(pace->size); } + if (isforeign) { + allowown |= (allowgrp | allowall); + allowgrp |= allowall; + } return (merge_permissions(ni, allowown & ~(denyown | denyall), allowgrp & ~(denygrp | denyall),