diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c index 51a7e7f5..925bb96d 100644 --- a/libntfs-3g/acls.c +++ b/libntfs-3g/acls.c @@ -4,7 +4,7 @@ * This module is part of ntfs-3g library, but may also be * integrated in tools running over Linux or Windows * - * Copyright (c) 2007-2014 Jean-Pierre Andre + * Copyright (c) 2007-2015 Jean-Pierre Andre * * This program/include file is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as published @@ -2314,10 +2314,21 @@ return (0); mapping,flags,pxace,pset); break; - case POSIX_ACL_GROUP : case POSIX_ACL_GROUP_OBJ : + /* denials and grants for group when needed */ + if (pset->groupowns && !pset->adminowns + && (pset->grpperms == pset->othperms) + && !pset->designates && !pset->withmask) { + ok = TRUE; + } else { + ok = build_group_denials_grant(pacl,gsid, + mapping,flags,pxace,pset); + } + break; - /* denials and grants for groups */ + case POSIX_ACL_GROUP : + + /* denials and grants for designated groups */ ok = build_group_denials_grant(pacl,gsid, mapping,flags,pxace,pset); @@ -2574,7 +2585,6 @@ static int buildacls(char *secattr, int offs, mode_t mode, int isdir, /* this ACE will be inserted after denials for group */ if (adminowns - || groupowns || (((mode >> 3) ^ mode) & 7)) { grants = WORLD_RIGHTS; if (isdir) { diff --git a/src/secaudit.c b/src/secaudit.c index 66e8f4b3..af408878 100644 --- a/src/secaudit.c +++ b/src/secaudit.c @@ -1,7 +1,7 @@ /* * Display and audit security attributes in an NTFS volume * - * Copyright (c) 2007-2014 Jean-Pierre Andre + * Copyright (c) 2007-2015 Jean-Pierre Andre * * Options : * -a auditing security data @@ -215,6 +215,9 @@ * * Dec 2014, version 1.4.3 * - fixed displaying "UserMapping" as a file name + * + * Mar 2015, version 1.4.5 + * - adapted to new NTFS ACLs when owner is same as group */ /* @@ -238,7 +241,7 @@ * General parameters which may have to be adapted to needs */ -#define AUDT_VERSION "1.4.3" +#define AUDT_VERSION "1.4.5" #define GET_FILE_SECURITY "ntfs_get_file_security" #define SET_FILE_SECURITY "ntfs_set_file_security" @@ -3732,14 +3735,14 @@ void basictest(int kind, BOOL isdir, const SID *owner, const SID *group) 24064, 28160, 24064, 28160, 24064, 28160, - 25416, 29512 + 24904, 29000 } ; u32 expecthash[] = { 0x8f80865b, 0x7bc7960, 0x8fd9ecfe, 0xddd4db0, 0xa8b07400, 0xa189c20, 0xc5689a00, 0xb6c09000, - 0x94bfb419, 0xa4311791 + 0xb040e509, 0x4f4db7f7 } ; #if POSIXACLS struct POSIX_SECURITY *pxdesc; @@ -3881,7 +3884,8 @@ void basictest(int kind, BOOL isdir, const SID *owner, const SID *group) (unsigned long)count,(unsigned long)acecount, (unsigned long)acecount/count,acecount*100L/count%100L); if (acecount != expectcnt[kind]) { - printf("** Error : expected ACE count %lu\n", + printf("** Error : ACE count %lu instead of %lu\n", + (unsigned long)acecount, (unsigned long)expectcnt[kind]); errors++; } @@ -3895,7 +3899,8 @@ void basictest(int kind, BOOL isdir, const SID *owner, const SID *group) (unsigned long)pxcount,(unsigned long)pxacecount, (unsigned long)pxacecount/pxcount,pxacecount*100L/pxcount%100L); if (pxacecount != expectcnt[kind]) { - printf("** Error : expected ACE count %lu\n", + printf("** Error : ACE count %lu instead of %lu\n", + (unsigned long)pxacecount, (unsigned long)expectcnt[kind]); errors++; }