problem with check_posix_acl_group_write return value
Jeremy Allison
jra at samba.org
Fri Aug 12 01:13:18 GMT 2005
On Fri, Aug 12, 2005 at 10:59:15AM +1000, James Peach wrote:
>
> Anyway, why are you checking whether ret is 1 or 0? The return value can
> be the result of SMB_VFS_SYS_ACL_GET_PERM, which is implemented as a
> bitwise & on some platforms. So a valid return value can be ACL_WRITE
> (02 on IRIX), which I would expect to cause the user to be able to
> delete the file ...
Nope - check the invarients on check_posix_acl_group_write(). It *only*
returns -1, 0, or 1.
>From the function header :
/****************************************************************************
Check for POSIX group ACLs. If none use stat entry.
Return -1 if no match, 0 if match and denied, 1 if match and allowed.
****************************************************************************/
I ran into this exact problem (SMB_VFS_SYS_ACL_GET_PERM returning 2)
on Solaris, and so check out this code in the check_posix_acl_group_write() function :
/*
* Solaris returns 2 for this if write is available.
* canonicalize to 0 or 1.
*/
have_write = (have_write ? 1 : 0);
Please don't change it unless you can show me :-) a gdb backtrace
with this code failing.
Jeremy.
More information about the samba-technical
mailing list