opengnsys
/
ntfs-3g
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implemented access control to extended attributes

N2009_11_14_FIXES
jpandre 2008-09-01 16:16:11 +00:00
parent 92985f750c
commit d142d8539f
1 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/ntfs-3g.c
View File

@ -1716,9 +1716,19 @@ static int ntfs_fuse_listxattr(const char *path, char *list, size_t size)
ntfs_inode *ni; ntfs_inode *ni;
char *to = list; char *to = list;
int ret = 0; int ret = 0;
#if POSIXACLS
struct SECURITY_CONTEXT security;
#endif
if (ctx->streams != NF_STREAMS_INTERFACE_XATTR) if (ctx->streams != NF_STREAMS_INTERFACE_XATTR)
return -EOPNOTSUPP; return -EOPNOTSUPP;
#if POSIXACLS
/* parent directory must be executable */
if (ntfs_fuse_fill_security_context(&security)
&& !ntfs_allowed_dir_access(&security,path,S_IEXEC)) {
return (-errno);
}
#endif
ni = ntfs_pathname_to_inode(ctx->vol, NULL, path); ni = ntfs_pathname_to_inode(ctx->vol, NULL, path);
if (!ni) if (!ni)
return -errno; return -errno;
@ -1776,9 +1786,19 @@ static int ntfs_fuse_getxattr_windows(const char *path, const char *name,
ntfs_inode *ni; ntfs_inode *ni;
char *to = value; char *to = value;
int ret = 0; int ret = 0;
#if POSIXACLS
struct SECURITY_CONTEXT security;
#endif
if (strcmp(name, "ntfs.streams.list")) if (strcmp(name, "ntfs.streams.list"))
return -EOPNOTSUPP; return -EOPNOTSUPP;
#if POSIXACLS
/* parent directory must be executable */
if (ntfs_fuse_fill_security_context(&security)
&& !ntfs_allowed_dir_access(&security,path,S_IEXEC)) {
return (-errno);
}
#endif
ni = ntfs_pathname_to_inode(ctx->vol, NULL, path); ni = ntfs_pathname_to_inode(ctx->vol, NULL, path);
if (!ni) if (!ni)
return -errno; return -errno;
@ -1955,9 +1975,23 @@ static int ntfs_fuse_setxattr(const char *path, const char *name,
if (strncmp(name, nf_ns_xattr_preffix, nf_ns_xattr_preffix_len) || if (strncmp(name, nf_ns_xattr_preffix, nf_ns_xattr_preffix_len) ||
strlen(name) == (size_t)nf_ns_xattr_preffix_len) strlen(name) == (size_t)nf_ns_xattr_preffix_len)
return -EACCES; return -EACCES;
#if POSIXACLS
/* parent directory must be executable */
if (ntfs_fuse_fill_security_context(&security)
&& !ntfs_allowed_dir_access(&security,path,S_IEXEC)) {
return (-errno);
}
#endif
ni = ntfs_pathname_to_inode(ctx->vol, NULL, path); ni = ntfs_pathname_to_inode(ctx->vol, NULL, path);
if (!ni) if (!ni)
return -errno; return -errno;
#if POSIXACLS
if (!ntfs_allowed_as_owner(&security,path,ni)) {
res = -errno;
ntfs_inode_close(ni);
return (res);
}
#endif
lename_len = ntfs_mbstoucs(name + nf_ns_xattr_preffix_len, &lename); lename_len = ntfs_mbstoucs(name + nf_ns_xattr_preffix_len, &lename);
if (lename_len == -1) { if (lename_len == -1) {
res = -errno; res = -errno;
@ -2043,6 +2077,13 @@ static int ntfs_fuse_removexattr(const char *path, const char *name)
ni = ntfs_pathname_to_inode(ctx->vol, NULL, path); ni = ntfs_pathname_to_inode(ctx->vol, NULL, path);
if (!ni) if (!ni)
return -errno; return -errno;
#if POSIXACLS
if (!ntfs_allowed_as_owner(&security,path,ni)) {
res = -errno;
ntfs_inode_close(ni);
return (res);
}
#endif
lename_len = ntfs_mbstoucs(name + nf_ns_xattr_preffix_len, &lename); lename_len = ntfs_mbstoucs(name + nf_ns_xattr_preffix_len, &lename);
if (lename_len == -1) { if (lename_len == -1) {
res = -errno; res = -errno;
@ -2061,6 +2102,10 @@ exit:
return res; return res;
} }
#else
#if POSIXACLS
#error "Option inconsistency : POSIXACLS requires SETXATTR"
#endif
#endif /* HAVE_SETXATTR */ #endif /* HAVE_SETXATTR */
static void ntfs_close(void) static void ntfs_close(void)