X-Git-Url: https://wimlib.net/git/?a=blobdiff_plain;f=src%2Fsecurity.c;h=fef6043af2fdc0f5910f2c816aaf68b16ffe9c42;hb=d64b441bfbf69eee70e3e228d03f50b98945126a;hp=2e83d0e966199aa44b3a14606ee9e38b781cb9c9;hpb=b6fa6d370a09247a608e6a46a3d9e761d10a8a39;p=wimlib diff --git a/src/security.c b/src/security.c index 2e83d0e9..fef6043a 100644 --- a/src/security.c +++ b/src/security.c @@ -1,8 +1,9 @@ /* * security.c * - * Read the security data from the WIM. Doing anything with the security data - * is not yet implemented other than printing some information about it. + * Read and write the WIM security data. The security data is a table of + * security descriptors. Each WIM image has its own security data, but it's + * possible that an image's security data have no security descriptors. */ /* @@ -11,16 +12,16 @@ * This file is part of wimlib, a library for working with WIM files. * * wimlib is free software; you can redistribute it and/or modify it under the - * terms of the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 2.1 of the License, or (at your option) + * terms of the GNU General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your option) * any later version. * * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - * A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * - * You should have received a copy of the GNU Lesser General Public License + * You should have received a copy of the GNU General Public License * along with wimlib; if not, see http://www.gnu.org/licenses/. */ @@ -28,6 +29,29 @@ #include "io.h" #include "security.h" +/* + * This is a hack to work around a problem in libntfs-3g. libntfs-3g validates + * security descriptors with a function named ntfs_valid_descr(). + * ntfs_valid_descr() considers a security descriptor that ends in a SACL + * (Sysetm Access Control List) with no ACE's (Access Control Entries) to be + * invalid. However, a security descriptor like this exists in the Windows 7 + * install.wim. Here, security descriptors matching this pattern are modified + * to have no SACL. This should make no difference since the SACL had no + * entries anyway; however his ensures that that the security descriptors pass + * the validation in libntfs-3g. + */ +static void empty_sacl_fixup(char *descr, u64 *size_p) +{ + if (*size_p >= sizeof(SecurityDescriptor)) { + SecurityDescriptor *sd = (SecurityDescriptor*)descr; + u32 sacl_offset = le32_to_cpu(sd->sacl_offset); + if (sacl_offset == *size_p - sizeof(ACL)) { + sd->sacl_offset = to_le32(0); + *size_p -= sizeof(ACL); + } + } +} + /* * Reads the security data from the metadata resource. * @@ -61,7 +85,7 @@ int read_security_data(const u8 metadata_resource[], u64 metadata_resource_len, p = metadata_resource; p = get_u32(p, &sd->total_length); - p = get_u32(p, &sd->num_entries); + p = get_u32(p, (u32*)&sd->num_entries); if (sd->num_entries > 0x7fffffff) { ERROR("Security data has too many entries!"); @@ -150,6 +174,7 @@ int read_security_data(const u8 metadata_resource[], u64 metadata_resource_len, goto out_free_sd; } p = get_bytes(p, sd->sizes[i], sd->descriptors[i]); + empty_sacl_fixup(sd->descriptors[i], &sd->sizes[i]); } out: sd->total_length = (u32)total_len;