-/* At the start of each type of access control entry. */
-typedef struct {
- /* enum ace_type, specifies what type of ACE this is. */
- u8 type;
-
- /* bitwise OR of the inherit ACE flags #defined above */
- u8 flags;
-
- /* Size of the access control entry. */
- u8 size;
-} ACEHeader;
-
-/* Grants rights to a user or group */
-typedef struct {
- ACEHeader hdr;
- u32 mask;
- u32 sid_start;
-} AccessAllowedACE;
-
-/* Denies rights to a user or group */
-typedef struct {
- ACEHeader hdr;
- u32 mask;
- u32 sid_start;
-} AccessDeniedACE;
-
-typedef struct {
- ACEHeader hdr;
- u32 mask;
- u32 sid_start;
-} SystemAuditACE;
-
-
-/* Header of an access control list. */
-typedef struct {
- /* ACL_REVISION or ACL_REVISION_DS */
- u8 revision;
-
- /* padding */
- u8 sbz1;
-
- /* Total size of the ACL, including all access control entries */
- u16 acl_size;
-
- /* Number of access control entry structures that follow the ACL
- * structure. */
- u16 ace_count;
-
- /* padding */
- u16 sbz2;
-} ACL;
-
-/* A structure used to identify users or groups. */
-typedef struct {
-
- /* example: 0x1 */
- u8 revision;
- u8 sub_authority_count;
-
- /* Identifies the authority that issued the SID. Can be, but does not
- * have to be, one of enum sid_authority_value */
- u8 identifier_authority[6];
-
- u32 sub_authority[0];
-} SID;
-
-
-typedef struct {
- /* Example: 0x1 */
- u8 revision;
- /* Example: 0x0 */
- u8 sbz1;
- /* Example: 0x4149 */
- u16 security_descriptor_control;
-
- /* Offset of a SID structure in the security descriptor. */
- /* Example: 0x14 */
- u32 owner_offset;
-
- /* Offset of a SID structure in the security descriptor. */
- /* Example: 0x24 */
- u32 group_offset;
-
- /* Offset of an ACL structure in the security descriptor. */
- /* System ACL. */
- /* Example: 0x00 */
- u32 sacl_offset;
-
- /* Offset of an ACL structure in the security descriptor. */
- /* Discretionary ACL. */
- /* Example: 0x34 */
- u32 dacl_offset;
-} SecurityDescriptor;
-
-/*
- * This is a hack to work around a problem in libntfs-3g. libntfs-3g validates
- * security descriptors with a function named ntfs_valid_descr().
- * ntfs_valid_descr() considers a security descriptor that ends in a SACL
- * (Sysetm Access Control List) with no ACE's (Access Control Entries) to be
- * invalid. However, a security descriptor like this exists in the Windows 7
- * install.wim. Here, security descriptors matching this pattern are modified
- * to have no SACL. This should make no difference since the SACL had no
- * entries anyway; however this ensures that that the security descriptors pass
- * the validation in libntfs-3g.
- */
-static void
-empty_sacl_fixup(u8 *descr, u64 *size_p)
-{
- /* No-op if no NTFS-3g support, or if NTFS-3g is version 2013 or later
- * */
-#if defined(WITH_NTFS_3G) && !defined(HAVE_NTFS_MNT_RDONLY)
- if (*size_p >= sizeof(SecurityDescriptor)) {
- SecurityDescriptor *sd = (SecurityDescriptor*)descr;
- u32 sacl_offset = le32_to_cpu(sd->sacl_offset);
- if (sacl_offset == *size_p - sizeof(ACL)) {
- sd->sacl_offset = cpu_to_le32(0);
- *size_p -= sizeof(ACL);
- }
- }
-#endif
-}