From b31b4cb124fb3e3991a6b3b8d0891e98995e9211 Mon Sep 17 00:00:00 2001 From: jpandre Date: Wed, 24 Oct 2007 06:37:52 +0000 Subject: [PATCH] Returned the securid and size even if short buffer in security API --- include/ntfs-3g/security.h | 4 +-- libntfs-3g/security.c | 69 +++++++++++++++++++++++++++----------- 2 files changed, 52 insertions(+), 21 deletions(-) diff --git a/include/ntfs-3g/security.h b/include/ntfs-3g/security.h index 23e1b1af..9cf478ec 100644 --- a/include/ntfs-3g/security.h +++ b/include/ntfs-3g/security.h @@ -201,10 +201,10 @@ enum { OWNER_SECURITY_INFORMATION = 1, SACL_SECURITY_INFORMATION = 8 } ; -BOOL ntfs_get_file_security(struct SECURITY_API *scapi, +int ntfs_get_file_security(struct SECURITY_API *scapi, const char *path, u32 selection, char *buf, u32 buflen, u32 *psize); -BOOL ntfs_set_file_security(struct SECURITY_API *scapi, +int ntfs_set_file_security(struct SECURITY_API *scapi, const char *path, u32 selection, const char *attr); BOOL ntfs_read_directory(struct SECURITY_API *scapi, const char *path, ntfs_filldir_t callback, void *context); diff --git a/libntfs-3g/security.c b/libntfs-3g/security.c index 1b6fcaaa..aa0ba08b 100644 --- a/libntfs-3g/security.c +++ b/libntfs-3g/security.c @@ -3279,7 +3279,8 @@ int ntfs_sd_add_everyone(ntfs_inode *ni) /* * Check whether user can access a file in a specific way * - * Returns 1 if user is root or if no user mapping has been defined + * Returns 1 if access is allowed, including user is root or no + * user mapping defined * 2 if sticky and accesstype is S_IWRITE + S_IEXEC + S_ISVTX * 0 and sets errno if there is a problem or if access * is not allowed @@ -3292,8 +3293,13 @@ int ntfs_allowed_access(struct SECURITY_CONTEXT *scx, mode_t perm; int allow; - /* always allow for root (also root group ?) */ - /* also always allow if no mapping has been defined */ + /* + * Always allow for root. From the user's point of view, + * testing X_OK for a file with no x flag should return + * not allowed, but this is checked somewhere else (fuse ?) + * and we need not care about it. + * Also always allow if no mapping has been defined + */ if (!scx->usermapping || !scx->uid) allow = 1; else { @@ -3341,7 +3347,8 @@ int ntfs_allowed_access(struct SECURITY_CONTEXT *scx, * Check whether user can access the parent directory * of a file in a specific way * - * Returns true if user is root or if no user mapping has been defined + * Returns true if access is allowed, including user is root and + * no user mapping defined * * Sets errno if there is a problem or if not allowed */ @@ -4251,9 +4258,12 @@ static BOOL feedsecurityattr(const char *attr, u32 selection, /* * Check whether not requesting unavailable information * and having enough size in destination buffer + * (required size is returned nevertheless so that + * the request can be reissued with adequate size) */ if ((selection & ~avail) || (size > buflen)) { + *psize = size; errno = EINVAL; ok = FALSE; } else { @@ -4430,7 +4440,11 @@ static BOOL mergesecurityattr(ntfs_volume *vol, const char *oldattr, * This is intended to be similar to GetFileSecurity() from Win32 * in order to facilitate the development of portable tools * - * returns NON zero if successful (following Win32 conventions) + * returns zero if unsuccessful (following Win32 conventions) + * -1 if no securid + * the securid if any + * + * The Win32 API is : * * BOOL WINAPI GetFileSecurity( * __in LPCTSTR lpFileName, @@ -4445,31 +4459,37 @@ static BOOL mergesecurityattr(ntfs_volume *vol, const char *oldattr, uid_t getuid(void); gid_t getgid(void); -BOOL ntfs_get_file_security(struct SECURITY_API *scapi, +int ntfs_get_file_security(struct SECURITY_API *scapi, const char *path, u32 selection, char *buf, u32 buflen, u32 *psize) { ntfs_inode *ni; char *attr; - BOOL ok; + int res; - ok = FALSE; /* default return */ + res = 0; /* default return */ if (scapi && (scapi->magic == MAGIC_API)) { ni = ntfs_pathname_to_inode(scapi->security.vol, NULL, path); if (ni) { attr = getsecurityattr(scapi->security.vol, path, ni); if (attr) { - ok = feedsecurityattr(attr,selection, - buf,buflen,psize); + if (feedsecurityattr(attr,selection, + buf,buflen,psize)) { + if (test_nino_flag(ni, v3_Extensions)) + res = le32_to_cpu( + ni->security_id); + else + res = -1; + } free(attr); } ntfs_inode_close(ni); } else errno = ENOENT; - if (!ok) *psize = 0; + if (!res) *psize = 0; } else errno = EINVAL; /* do not clear *psize */ - return (ok); + return (res); } @@ -4478,7 +4498,11 @@ BOOL ntfs_get_file_security(struct SECURITY_API *scapi, * This is intended to be similar to SetFileSecurity() from Win32 * in order to facilitate the development of portable tools * - * returns NON zero if successful (following Win32 conventions) + * returns zero if unsuccessful (following Win32 conventions) + * -1 if no securid + * the securid if any + * + * The Win32 API is : * * BOOL WINAPI SetFileSecurity( * __in LPCTSTR lpFileName, @@ -4487,7 +4511,7 @@ BOOL ntfs_get_file_security(struct SECURITY_API *scapi, * ); */ -BOOL ntfs_set_file_security(struct SECURITY_API *scapi, +int ntfs_set_file_security(struct SECURITY_API *scapi, const char *path, u32 selection, const char *attr) { const SECURITY_DESCRIPTOR_RELATIVE *phead; @@ -4495,9 +4519,9 @@ BOOL ntfs_set_file_security(struct SECURITY_API *scapi, int attrsz; unsigned int provided; char *oldattr; - BOOL ok; + int res; - ok = FALSE; /* default return */ + res = 0; /* default return */ if (scapi && (scapi->magic == MAGIC_API) && attr) { phead = (const SECURITY_DESCRIPTOR_RELATIVE*)attr; attrsz = attr_size(attr); @@ -4515,17 +4539,24 @@ BOOL ntfs_set_file_security(struct SECURITY_API *scapi, oldattr = getsecurityattr(scapi->security.vol, path, ni); if (oldattr) { - ok = mergesecurityattr( + if (mergesecurityattr( scapi->security.vol, oldattr, attr, - selection, ni); + selection, ni)) { + if (test_nino_flag(ni, + v3_Extensions)) + res = le32_to_cpu( + ni->security_id); + else + res = -1; + } free(oldattr); } ntfs_inode_close(ni); } } } - return (ok); + return (res); }