150  *		SID for generic creator-group
187  *	Local users group recognized as world
191  *	as a mapped group.)
227  *		Test whether a SID means "some user (or group)"
241  *		Test whether a SID means "some special group"
280 		 * First check group, which is the last field in all descriptors
284 	offgroup = le32_to_cpu(phead->group);
456  *		Find Linux group mapped to a gsid
523  *		Find Linux group mapped to a gsid
630 	 * and owner and group SID are valid
637 	offgroup = le32_to_cpu(phead->group);
660 		&& !(phead->group & const_cpu_to_le32(3))
852 			 * creator-owner (and creator-group)
863 				 * creator-group by owner and group
1006 			 * Reject multiple owner, group or other
1068 		/* do not check owner, group or other are present in */
1425 				/* owning group was missing */
1708 		/* induely get from administrator, group or world */
1709 		/* unless owner is administrator or group */
1846 			/* a grant ACE for group */
1847 			/* unless group-obj has the same rights as world */
1848 			/* but present if group is owner or owner is administrator */
1849 			/* this ACE will be inserted after denials for group */
1895 		 * each group
1900 		 * to some user group
1957 		/* a possible ACE to deny group what it would get from world */
1958 		/* or administrator, unless owner is administrator or group */
1995 			/* now insert grants to group if more than world */
2027  *	1) if root is neither owner nor group up to 7 ACE's are set up :
2028  *	- denials to owner (preventing grants to world or group to apply)
2033  *        + mask denial to group (unless mask allows all)
2034  *	- denials to group (preventing grants to world to apply) 
2035  *	- grants to group (unless group has no more than world rights)
2036  *        + mask denials to designated group (unless mask allows all)
2037  *        + grants to designated group
2038  *        + denials to designated group
2052  *	Note that denials to group are located after grants to owner.
2054  *	has more rights than group and cannot be avoided if owner and other
2055  *	have some common right which is denied to group (eg for mode 745
2056  *	executing has to be denied to group, but not to owner or world).
2059  *	consequence of applying the group denials to the Windows owner.
2062  *	2) if root is either owner or group, two problems arise :
2067  *	  from an administrator group. Hence Linux permissions for owner
2068  *	  would always be similar to permissions to group.
2070  *	as a work-around, up to 5 ACE's are set up if owner or group :
2072  *	- grants to group, always present
2078  *	are redundant (owner, group and administrator are the same,
2082  *	neither grants to group are applied to owner, nor grants to
2083  *	world are applied to owner or group.
2085  *	3) finally a similar situation arises when group is owner (they
2091  *	- grants to group (unless groups has same rights as world)
2097  *	are redundant (as owner and group are the same), but this has
2156 		 * Determine what is allowed to some group or world
2159 		 * Do the same if owner and group appear as designated
2160 		 * user or group
2206 				/* root as designated group is processed apart */
2322 			/* denials and grants for group when needed */
2506 	/* induely get from administrator, group or world */
2507         /* unless owner is administrator or group */
2586 	/* a grant ACE for group */
2587 	/* unless group has the same rights as world */
2588 	/* but present if group is owner or owner is administrator */
2589 	/* this ACE will be inserted after denials for group */
2612 		/* a possible ACE to deny group what it would get from world */
2613 		/* or administrator, unless owner is administrator or group */
2649 				/* now insert grants to group */
2783 	    + 3*(8 + gsidsz)	/* three possible ACE for group and mask */
2830 			pnhead->group =
2882 	    + 2*(8 + gsidsz)	/* two possible ACE for group */
2921 			pnhead->group =
2941  *	from owner, group and world grants as represented in ACEs
2945 		le32 owner, le32 group, le32 world, le32 special)
2975 	/* build group permission */
2976 	if (group) {
2979 			if (group & DIR_GEXEC)
2982 			if (group & DIR_GWRITE)
2985 			if (group & DIR_GREAD)
2989 			if (group & FILE_GEXEC)
2992 			if (group & FILE_GWRITE)
2995 			if (group & FILE_GREAD)
3040  *		(standard case : different owner, group and administrator)
3062 		 * Determine what is granted to some group or world
3196  *		(standard case : different owner, group and administrator)
3268 		 *  Add to owner rights granted to group or world
3269 		 * unless denied personaly, and add to group rights
3283  *		(special case : owner and group are the same,
3365  *		(special case : owner or/and group is administrator)
3473  *		(special case : owner or/and group is administrator)
3727 		 * a group ACE later in access and default ACLs
3759 			 * grants for root as a designated user or group
3774 				 * a group was defined same as owner
3775 				 * or admin was owner or group :
3777 				 * and grants are meant to group
3803 				 * when group owns, late denials for owner
3804 				 * mean group mask
3911 					 * designated user or group
4015 		 * Also duplicate world perms as group perms if they
4016 		 * were converted to mask and not followed by a group entry
4330 	struct MAPPING *group;
4335 		/* do not free SIDs used for group mappings */
4336 		group = mapping[MAPGROUPS];
4337 		while (group && (group->sid != user->sid))
4338 			group = group->next;
4339 		if (!group)
4341 			/* free group list if any */
4348 		/* free group mappings */
4350 		group = mapping[MAPGROUPS];
4351 		free(group->sid);
4353 		mapping[MAPGROUPS] = group->next;
4354 		free(group);
4435  *		Build the group mapping list
4436  *	group identification may be given in symbolic or numeric format
4441  *	! Note ! : does getgrnam() read /etc/group or some other file ?
4452 	struct group *grp;
4476 						ntfs_log_early_error("Invalid group \"%s\"\n",

Indexes created Mon Apr 29 21:28:21 MDT 2024