From cf60338ada9b1685aaa49a41cefbe1e14040a283 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 29 Nov 2012 12:33:22 +0100
Subject: libcli/security: remove duplicate aces in se_create_child_secdesc()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---
 libcli/security/secdesc.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'libcli/security/secdesc.c')

diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index a3db1b6729..d2c5833492 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -679,6 +679,40 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
 	talloc_free(frame);
 
+	/*
+	 * remove duplicates
+	 */
+	for (i=1; i < new_ace_list_ndx;) {
+		struct security_ace *ai = &new_ace_list[i];
+		unsigned int remaining, j;
+		bool remove = false;
+
+		for (j=0; j < i; j++) {
+			struct security_ace *aj = &new_ace_list[j];
+
+			if (!sec_ace_equal(ai, aj)) {
+				continue;
+			}
+
+			remove = true;
+			break;
+		}
+
+		if (!remove) {
+			i++;
+			continue;
+		}
+
+		new_ace_list_ndx--;
+		remaining = new_ace_list_ndx - i;
+		if (remaining == 0) {
+			ZERO_STRUCT(new_ace_list[i]);
+			continue;
+		}
+		memmove(&new_ace_list[i], &new_ace_list[i+1],
+			sizeof(new_ace_list[i]) * remaining);
+	}
+
 	/* Create child security descriptor to return */
 	if (new_ace_list_ndx) {
 		new_dacl = make_sec_acl(ctx,
-- 
cgit