svn commit: samba r6385 - in branches/SAMBA_3_0/source/smbd: .

jra at samba.org jra at samba.org
Tue Apr 19 07:12:44 GMT 2005


Author: jra
Date: 2005-04-19 07:12:44 +0000 (Tue, 19 Apr 2005)
New Revision: 6385

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6385

Log:
Convert checking of egid and secondary egid list into
iterator functions so it can be used easily in a for loop.
Drops duplicated code from posix_acls.c
Jeremy.

Modified:
   branches/SAMBA_3_0/source/smbd/posix_acls.c
   branches/SAMBA_3_0/source/smbd/uid.c


Changeset:
Modified: branches/SAMBA_3_0/source/smbd/posix_acls.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/posix_acls.c	2005-04-19 03:57:57 UTC (rev 6384)
+++ branches/SAMBA_3_0/source/smbd/posix_acls.c	2005-04-19 07:12:44 UTC (rev 6385)
@@ -3753,6 +3753,7 @@
 	int i;
 	BOOL seen_mask = False;
 	int ret = -1;
+	gid_t cu_gid;
 
 	if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS)) == NULL) {
 		goto check_stat;
@@ -3866,27 +3867,16 @@
 					goto check_stat;
 				}
 
-				/* Does it match the current effective group ? */
-				if (current_user.gid == *pgid) {
-					ret = have_write;
-					DEBUG(10,("check_posix_acl_group_write: file %s \
-match on group %u -> can write.\n", fname, (unsigned int)*pgid ));
-
-					/* If we don't have write permission this entry doesn't
-					 * prevent the subsequent enumeration of the supplementary
-					 * groups.
-					 */
-					if (have_write) {
-						goto done;
-					}
-				}
-
-				/* Continue with the supplementary groups. */
-				for (i = 0; i < current_user.ngroups; i++) {
-					if (current_user.groups[i] == *pgid) {
+				/*
+				 * Does it match the current effective group
+				 * or supplementary groups ?
+				 */
+				for (cu_gid = get_current_user_gid_first(&i); cu_gid != (gid_t)-1;
+							cu_gid = get_current_user_gid_next(&i)) {
+					if (cu_gid == *pgid) {
 						ret = have_write;
 						DEBUG(10,("check_posix_acl_group_write: file %s \
-match on group %u -> can write.\n", fname, (unsigned int)*pgid ));
+match on group %u -> can write.\n", fname, (unsigned int)cu_gid ));
 
 						/* If we don't have write permission this entry doesn't
 							terminate the enumeration of the entries. */
@@ -3912,18 +3902,13 @@
   check_stat:
 
 	/* Do we match on the owning group entry ? */
-
-	/* First, does it match the current effective group ? */
-	if (current_user.gid == psbuf->st_gid) {
-		ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0;
-		DEBUG(10,("check_posix_acl_group_write: file %s \
-match on owning group %u -> %s.\n", fname, (unsigned int)psbuf->st_gid, ret ? "can write" : "cannot write"));
-		goto done;
-	}
-
-	/* If not look at the supplementary groups. */
-	for (i = 0; i < current_user.ngroups; i++) {
-		if (current_user.groups[i] == psbuf->st_gid) {
+	/*
+	 * Does it match the current effective group
+	 * or supplementary groups ?
+	 */
+	for (cu_gid = get_current_user_gid_first(&i); cu_gid != (gid_t)-1;
+					cu_gid = get_current_user_gid_next(&i)) {
+		if (cu_gid == psbuf->st_gid) {
 			ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0;
 			DEBUG(10,("check_posix_acl_group_write: file %s \
 match on owning group %u -> %s.\n", fname, (unsigned int)psbuf->st_gid, ret ? "can write" : "cannot write"));
@@ -3931,7 +3916,7 @@
 		}
 	}
 
-	if (i == current_user.ngroups) {
+	if (cu_gid == (gid_t)-1) {
 		DEBUG(10,("check_posix_acl_group_write: file %s \
 failed to match on user or group in token (ret = %d).\n", fname, ret ));
 	}

Modified: branches/SAMBA_3_0/source/smbd/uid.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/uid.c	2005-04-19 03:57:57 UTC (rev 6384)
+++ branches/SAMBA_3_0/source/smbd/uid.c	2005-04-19 07:12:44 UTC (rev 6385)
@@ -24,6 +24,29 @@
 extern struct current_user current_user;
 
 /****************************************************************************
+ Iterator functions for getting all gid's from current_user.
+****************************************************************************/
+
+gid_t get_current_user_gid_first(int *piterator)
+{
+	*piterator = 0;
+	return current_user.gid;
+}
+
+gid_t get_current_user_gid_next(int *piterator)
+{
+	gid_t ret;
+
+	if (!current_user.groups || *piterator >= current_user.ngroups) {
+		return (gid_t)-1;
+	}
+
+	ret = current_user.groups[*piterator];
+	(*piterator) += 1;
+	return ret;
+}
+
+/****************************************************************************
  Become the guest user without changing the security context stack.
 ****************************************************************************/
 



More information about the samba-cvs mailing list