ntfs_valid_sid() required that the subauthority count be between 1 and 8
inclusively. However, Windows permits more than 8 subauthorities as well
as 0 subauthorities:
- The install.wim file for the latest Windows 10 build contains a file
whose DACL contains a SID with 10 subauthorities.
ntfs_set_ntfs_acl() was failing on this file.
- The IsValidSid() function on Windows returns true for subauthority
less than or equal to 15, including 0.
There was actually already a another SID validation function that had the
Windows-compatible behavior, so I merged the two together.
---
include/ntfs-3g/security.h | 16 ----------------
libntfs-3g/acls.c | 16 +++++++++-------
libntfs-3g/security.c | 4 ++--
3 files changed, 11 insertions(+), 25 deletions(-)
diff --git a/include/ntfs-3g/security.h b/include/ntfs-3g/security.h
index 8875c9c..9167155 100644
--- a/include/ntfs-3g/security.h
+++ b/include/ntfs-3g/security.h
@@ -222,22 +222,6 @@ enum {
extern BOOL ntfs_guid_is_zero(const GUID *guid);
extern char *ntfs_guid_to_mbs(const GUID *guid, char *guid_str);
-/**
- * ntfs_sid_is_valid - determine if a SID is valid
- * @sid: SID for which to determine if it is valid
- *
- * Determine if the SID pointed to by @sid is valid.
- *
- * Return TRUE if it is valid and FALSE otherwise.
- */
-static __inline__ BOOL ntfs_sid_is_valid(const SID *sid)
-{
- if (!sid || sid->revision != SID_REVISION ||
- sid->sub_authority_count > SID_MAX_SUB_AUTHORITIES)
- return FALSE;
- return TRUE;
-}
-
extern int ntfs_sid_to_mbs_size(const SID *sid);
extern char *ntfs_sid_to_mbs(const SID *sid, char *sid_str,
size_t sid_str_size);
diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c
index 925bb96..500d60f 100644
--- a/libntfs-3g/acls.c
+++ b/libntfs-3g/acls.c
@@ -362,16 +362,18 @@ unsigned int ntfs_attr_size(const char *attr)
return (attrsz);
}
-/*
- * Do sanity checks on a SID read from storage
- * (just check revision and number of authorities)
+/**
+ * ntfs_valid_sid - determine if a SID is valid
+ * @sid: SID for which to determine if it is valid
+ *
+ * Determine if the SID pointed to by @sid is valid.
+ *
+ * Return TRUE if it is valid and FALSE otherwise.
*/
-
BOOL ntfs_valid_sid(const SID *sid)
{
- return ((sid->revision == SID_REVISION)
- && (sid->sub_authority_count >= 1)
- && (sid->sub_authority_count <= 8));
+ return sid && sid->revision == SID_REVISION &&
+ sid->sub_authority_count <= SID_MAX_SUB_AUTHORITIES;
}
/*
diff --git a/libntfs-3g/security.c b/libntfs-3g/security.c
index 3ac4790..e00bcf9 100644
--- a/libntfs-3g/security.c
+++ b/libntfs-3g/security.c
@@ -224,7 +224,7 @@ int ntfs_sid_to_mbs_size(const SID *sid)
{
int size, i;
- if (!ntfs_sid_is_valid(sid)) {
+ if (!ntfs_valid_sid(sid)) {
errno = EINVAL;
return -1;
}
@@ -298,7 +298,7 @@ char *ntfs_sid_to_mbs(const SID *sid, char *sid_str, size_t
sid_str_size)
* No need to check @sid if !@sid_str since ntfs_sid_to_mbs_size() will
* check @sid, too. 8 is the minimum SID string size.
*/
- if (sid_str && (sid_str_size < 8 || !ntfs_sid_is_valid(sid))) {
+ if (sid_str && (sid_str_size < 8 || !ntfs_valid_sid(sid))) {
errno = EINVAL;
return NULL;
}
--
2.4.5
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
ntfs-3g-devel mailing list
ntfs-3g-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
