summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2003-05-28 20:26:46 +0000
committerJeremy Allison <jra@samba.org>2003-05-28 20:26:46 +0000
commitba06fdbf669dfa8b115b1a0fbe2bf3b7ed5f558c (patch)
tree9865cef510e960ae90cc52fe225c8069a4f2c25c
parentf9807d148912957a244029feedfde941cb3339e3 (diff)
downloadsamba-ba06fdbf669dfa8b115b1a0fbe2bf3b7ed5f558c.tar.gz
samba-ba06fdbf669dfa8b115b1a0fbe2bf3b7ed5f558c.tar.bz2
samba-ba06fdbf669dfa8b115b1a0fbe2bf3b7ed5f558c.zip
Fix bug brought up by Ken Cross that empty ACE's cause existing ACE's to
be applied to new ACE set calls. This is incorrect. Don't think this has a bugzilla id. Jeremy. (This used to be commit 6a4502b03b95703dead4775874ff9ac08ed1a489)
-rw-r--r--source3/smbd/posix_acls.c65
1 files changed, 14 insertions, 51 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index e2cc3af281..a362db7d56 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -605,14 +605,6 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
BOOL got_other = False;
canon_ace *pace_other = NULL;
canon_ace *pace_group = NULL;
- connection_struct *conn = fsp->conn;
- SMB_ACL_T current_posix_acl = NULL;
- mode_t current_user_perms = 0;
- mode_t current_grp_perms = 0;
- mode_t current_other_perms = 0;
- BOOL got_current_user = False;
- BOOL got_current_grp = False;
- BOOL got_current_other = False;
for (pace = *pp_ace; pace; pace = pace->next) {
if (pace->type == SMB_ACL_USER_OBJ) {
@@ -715,18 +707,13 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->attr = ALLOW_ACE;
if (setting_acl) {
- if (got_current_user) {
- pace->perms = current_user_perms;
- } else {
- /* If we only got an "everyone" perm, just use that. */
- if (!got_grp && got_other)
- pace->perms = pace_other->perms;
- else if (got_grp && uid_entry_in_group(pace, pace_group))
- pace->perms = pace_group->perms;
- else
- pace->perms = 0;
-
- }
+ /* If we only got an "everyone" perm, just use that. */
+ if (!got_grp && got_other)
+ pace->perms = pace_other->perms;
+ else if (got_grp && uid_entry_in_group(pace, pace_group))
+ pace->perms = pace_group->perms;
+ else
+ pace->perms = 0;
apply_default_perms(fsp, pace, S_IRUSR);
} else {
@@ -749,15 +736,11 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->trustee = *pfile_grp_sid;
pace->attr = ALLOW_ACE;
if (setting_acl) {
- if (got_current_grp) {
- pace->perms = current_grp_perms;
- } else {
- /* If we only got an "everyone" perm, just use that. */
- if (got_other)
- pace->perms = pace_other->perms;
- else
- pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
- }
+ /* If we only got an "everyone" perm, just use that. */
+ if (got_other)
+ pace->perms = pace_other->perms;
+ else
+ pace->perms = 0;
apply_default_perms(fsp, pace, S_IRGRP);
} else {
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
@@ -779,10 +762,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->trustee = global_sid_World;
pace->attr = ALLOW_ACE;
if (setting_acl) {
- if (got_current_other)
- pace->perms = current_other_perms;
- else
- pace->perms = 0;
+ pace->perms = 0;
apply_default_perms(fsp, pace, S_IROTH);
} else
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH);
@@ -2351,7 +2331,7 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
int nt_acl_type;
int i;
- if (nt4_compatible_acls()) {
+ if (nt4_compatible_acls() && dir_ace) {
/*
* NT 4 chokes if an ACL contains an INHERIT_ONLY entry
* but no non-INHERIT_ONLY entry for one SID. So we only
@@ -2364,9 +2344,6 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
* case will still fail under NT 4.
*/
- if (!dir_ace)
- goto simplify_file_ace_only;
-
ace = canon_ace_entry_for(dir_ace, SMB_ACL_OTHER, NULL);
if (ace && !ace->perms) {
DLIST_REMOVE(dir_ace, ace);
@@ -2413,20 +2390,6 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
DLIST_REMOVE(dir_ace, ace);
SAFE_FREE(ace);
}
-
- simplify_file_ace_only:
-
- ace = canon_ace_entry_for(file_ace, SMB_ACL_OTHER, NULL);
- if (ace && !ace->perms) {
- DLIST_REMOVE(file_ace, ace);
- SAFE_FREE(ace);
- }
-
- ace = canon_ace_entry_for(file_ace, SMB_ACL_GROUP_OBJ, NULL);
- if (ace && !ace->perms) {
- DLIST_REMOVE(file_ace, ace);
- SAFE_FREE(ace);
- }
}
num_acls = count_canon_ace_list(file_ace);