From 6caa1b0bda75afb86f9a6eb8d1be9cd6aafb33e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jpandre@users.sourceforge.net>
Date: Sat, 9 Feb 2013 11:06:39 +0100
Subject: [PATCH] Added directions for getting a user mapping proposal through
 secaudit

The definition of the user mapping needed to interoperate permissions
with Windows is too complex for most users. Even the "usermap" utility
is too complex. This patch adds explanations for using the "-u" option
of secaudit to get a user mapping proposal
---
 src/ntfs-3g.secaudit.8.in | 15 ++++++++-
 src/secaudit.c            | 66 ++++++++++++++++++++++++++++++++++++---
 2 files changed, 76 insertions(+), 5 deletions(-)

diff --git a/src/ntfs-3g.secaudit.8.in b/src/ntfs-3g.secaudit.8.in
index 79c05ac1..669828e5 100644
--- a/src/ntfs-3g.secaudit.8.in
+++ b/src/ntfs-3g.secaudit.8.in
@@ -1,7 +1,7 @@
 .\" Copyright (c) 2007-2009 Jean-Pierre André.
 .\" This file may be copied under the terms of the GNU Public License.
 .\"
-.TH NTFS-3G.SECAUDIT 8 "February 2010" "ntfs-3g.secaudit 1.3.8"
+.TH NTFS-3G.SECAUDIT 8 "February 2010" "ntfs-3g.secaudit 1.4.1"
 .SH NAME
 ntfs-3g.secaudit \- NTFS Security Data Auditing
 .SH SYNOPSIS
@@ -29,6 +29,9 @@ Where \fIoptions\fP is a combination of :
 -s setting backed-up ACLs
 .RE
 .RS
+-u getting a user mapping proposal
+.RE
+.RS
 -v verbose (very verbose if set twice)
 .RE
 .PP
@@ -111,6 +114,16 @@ and its security descriptor if verbose output. This is a special case which
 acts on a mounted file (or directory) and does not require being root. The
 Posix ACL interpretation can only be displayed if the full path to
 \fImounted-file\fP from the root of the global file tree is provided.
+.TP
+\fB-u[v]\fP \fImounted-file\fP
+Displays a proposed contents for a user mapping file, based on the
+ownership parameters set by Windows on \fImounted-file\fP, assuming
+this file was created on Windows by the user who should be mapped to the
+current Linux user. The displayed information has to be copied to the
+file \fB.NTFS-3G/UserMapping\fP where \fB.NTFS-3G\fP is a hidden
+subdirectory of the root of the partition for which the mapping is to
+be defined. This will cause the ownership of files created on that
+partition to be the same as the original \fImounted-file\fP.
 .SH NOTE
 [1] provided the POSIX ACL option was selected at compile time. A Posix ACL
 specification looks like "\fB[d:]{ugmo}:[id]:[perms],...\fP" where id is a
diff --git a/src/secaudit.c b/src/secaudit.c
index a0292154..8c66ae38 100644
--- a/src/secaudit.c
+++ b/src/secaudit.c
@@ -4659,12 +4659,19 @@ BOOL setfull(const char *fullname, int mode, BOOL isdir)
 
 BOOL proposal(const char *name, const char *attr)
 {
+	char fullname[MAXFILENAME];
 	int uoff, goff;
 	int i;
 	u64 uauth, gauth;
 	int ucnt, gcnt;
 	int uid, gid;
 	BOOL err;
+#ifdef WIN32
+	char driveletter;
+#else
+	struct stat st;
+	char *p,*q;
+#endif
 
 	err = FALSE;
 #ifdef WIN32
@@ -4683,7 +4690,8 @@ BOOL proposal(const char *name, const char *attr)
 	if ((ucnt == 5) && (gcnt == 5)
 	    && (uauth == 5) && (gauth == 5)
 	    && (get4l(attr,uoff+8) == 21) && (get4l(attr,goff+8) == 21)) {
-		printf("# User mapping proposal\n");
+		printf("# User mapping proposal :\n");
+		printf("# -------------------- cut here -------------------\n");
 		if (uid)
 			printf("%d::",uid);
 		else
@@ -4705,12 +4713,62 @@ BOOL proposal(const char *name, const char *attr)
 		for (i=0; i<gcnt-1; i++)
 			printf("-%lu",get4l(attr,goff+8+4*i));
 		printf("-10000\n");
+		printf("# -------------------- cut here -------------------\n");
 		if (!uid || !gid) {
-			printf("# Please replace \"user\" and \"group\" by the uid and gid\n");
-			printf("# of the Linux owner and group of ");
+			printf("# Please replace \"user\" and \"group\" above by the uid\n");
+			printf("# and gid of the Linux owner and group of ");
 			printname(stdout,name);
-			printf("\n");
+			printf(", then\n");
+			printf("# insert the modified lines into .NTFS-3G/Usermapping, with .NTFS-3G\n");
+		} else
+			printf("# Insert the above lines into .NTFS-3G/Usermapping, with .NTFS-3G\n");
+#ifdef WIN32
+		printf("# being a directory of the root of the NTFS file system.\n");
+
+		/* Get the drive letter to the file system */
+		driveletter = 0;
+		if ((((name[0] >= 'a') && (name[0] <= 'z'))
+			|| ((name[0] >= 'A') && (name[0] <= 'Z')))
+		    && (name[1] == ':'))
+			driveletter = name[0];
+		else {
+			if (GetCurrentDirectoryA(MAXFILENAME, fullname)
+					&& (fullname[1] == ':'))
+				driveletter = fullname[0];
 		}
+		if (driveletter) {
+			printf("# Example : %c:\\.NTFS-3G\\UserMapping\n",
+				driveletter);
+		}
+#else
+		printf("# being a hidden subdirectory of the root of the NTFS file system.\n");
+
+		/* Get the path to the root of the file system */
+		if (name[0] != '/') {
+			p = getcwd(fullname,MAXFILENAME);
+			if (p) {
+				strcat(fullname,"/");
+				strcat(fullname,name);
+			}
+		} else {
+			strcpy(fullname,name);
+			p = fullname;
+		}
+		if (p) {
+			/* go down the path to inode 5 (fails on symlinks) */
+			do {
+				lstat(fullname,&st);
+				q = strrchr(p,'/');
+				if (q && (st.st_ino != 5))
+					*q = 0;
+			} while (strchr(p,'/') && (st.st_ino != 5));
+		}
+		if (p && (st.st_ino == 5)) {
+			printf("# Example : ");
+			printname(stdout,p);
+			printf("/.NTFS-3G/UserMapping\n");
+		}
+#endif
 	} else {
 		printf("** Not possible : ");
 		printname(stdout,name);