diff options
| author | Jeremy Allison <jra@samba.org> | 2005-04-19 07:12:44 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:56:39 -0500 |
| commit | fecdaec41c70916dc8e591c6e98e830c0f5cb0b1 (patch) | |
| tree | e36c60b612a4e79bcb2314ef9b4d7febdc097710 | |
| parent | 7f247f7b4de67b3e0a857b146a186e5eabc79235 (diff) | |
| download | samba-fecdaec41c70916dc8e591c6e98e830c0f5cb0b1.tar.gz samba-fecdaec41c70916dc8e591c6e98e830c0f5cb0b1.tar.bz2 samba-fecdaec41c70916dc8e591c6e98e830c0f5cb0b1.zip | |
r6385: Convert checking of egid and secondary egid list into
iterator functions so it can be used easily in a for loop.
Drops duplicated code from posix_acls.c
Jeremy.
(This used to be commit 81f30bf5985f5c6dc8399c4695dfa6f14140fde1)
| -rw-r--r-- | source3/smbd/posix_acls.c | 49 | ||||
| -rw-r--r-- | source3/smbd/uid.c | 23 |
2 files changed, 40 insertions, 32 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 04429d0456..0abdfdccd9 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3753,6 +3753,7 @@ static int check_posix_acl_group_write(connection_struct *conn, const char *fnam int i; BOOL seen_mask = False; int ret = -1; + gid_t cu_gid; if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS)) == NULL) { goto check_stat; @@ -3866,27 +3867,16 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can goto check_stat; } - /* Does it match the current effective group ? */ - if (current_user.gid == *pgid) { - ret = have_write; - DEBUG(10,("check_posix_acl_group_write: file %s \ -match on group %u -> can write.\n", fname, (unsigned int)*pgid )); - - /* If we don't have write permission this entry doesn't - * prevent the subsequent enumeration of the supplementary - * groups. - */ - if (have_write) { - goto done; - } - } - - /* Continue with the supplementary groups. */ - for (i = 0; i < current_user.ngroups; i++) { - if (current_user.groups[i] == *pgid) { + /* + * Does it match the current effective group + * or supplementary groups ? + */ + for (cu_gid = get_current_user_gid_first(&i); cu_gid != (gid_t)-1; + cu_gid = get_current_user_gid_next(&i)) { + if (cu_gid == *pgid) { ret = have_write; DEBUG(10,("check_posix_acl_group_write: file %s \ -match on group %u -> can write.\n", fname, (unsigned int)*pgid )); +match on group %u -> can write.\n", fname, (unsigned int)cu_gid )); /* If we don't have write permission this entry doesn't terminate the enumeration of the entries. */ @@ -3912,18 +3902,13 @@ match on group %u -> can write.\n", fname, (unsigned int)*pgid )); check_stat: /* Do we match on the owning group entry ? */ - - /* First, does it match the current effective group ? */ - if (current_user.gid == psbuf->st_gid) { - ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0; - DEBUG(10,("check_posix_acl_group_write: file %s \ -match on owning group %u -> %s.\n", fname, (unsigned int)psbuf->st_gid, ret ? "can write" : "cannot write")); - goto done; - } - - /* If not look at the supplementary groups. */ - for (i = 0; i < current_user.ngroups; i++) { - if (current_user.groups[i] == psbuf->st_gid) { + /* + * Does it match the current effective group + * or supplementary groups ? + */ + for (cu_gid = get_current_user_gid_first(&i); cu_gid != (gid_t)-1; + cu_gid = get_current_user_gid_next(&i)) { + if (cu_gid == psbuf->st_gid) { ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0; DEBUG(10,("check_posix_acl_group_write: file %s \ match on owning group %u -> %s.\n", fname, (unsigned int)psbuf->st_gid, ret ? "can write" : "cannot write")); @@ -3931,7 +3916,7 @@ match on owning group %u -> %s.\n", fname, (unsigned int)psbuf->st_gid, ret ? "c } } - if (i == current_user.ngroups) { + if (cu_gid == (gid_t)-1) { DEBUG(10,("check_posix_acl_group_write: file %s \ failed to match on user or group in token (ret = %d).\n", fname, ret )); } diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 77dc19b87b..d1ecaf6625 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -24,6 +24,29 @@ extern struct current_user current_user; /**************************************************************************** + Iterator functions for getting all gid's from current_user. +****************************************************************************/ + +gid_t get_current_user_gid_first(int *piterator) +{ + *piterator = 0; + return current_user.gid; +} + +gid_t get_current_user_gid_next(int *piterator) +{ + gid_t ret; + + if (!current_user.groups || *piterator >= current_user.ngroups) { + return (gid_t)-1; + } + + ret = current_user.groups[*piterator]; + (*piterator) += 1; + return ret; +} + +/**************************************************************************** Become the guest user without changing the security context stack. ****************************************************************************/ |