problem with check_posix_acl_group_write return value

James Peach jpeach at samba.org
Fri Aug 12 00:59:15 GMT 2005


Hi Jeremy,

Can you give me a rationale for the following checks in posix_acls.c?
  
  6049        jra static int check_posix_acl_group_write(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf)
  5355        jra {
  ...
  6049        jra 	/* Check group or explicit user acl entry write access. */
  5616        jra 	ret = check_posix_acl_group_write(conn, dname, &sbuf);
  5616        jra 	if (ret == 0 || ret == 1) {
  5616        jra 		return ret ? True : False;
  5616        jra 	}
  ...
  6895        jra BOOL can_write_to_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf)
  6049        jra {
  ...

  6049        jra 	/* Check group or explicit user acl entry write access. */
  6895        jra 	ret = check_posix_acl_group_write(conn, fname, psbuf);
  6049        jra 	if (ret == 0 || ret == 1) {
  6049        jra 		return ret ? True : False;
  6049        jra 	}

The svn attribution of this code seems bogus (ie. checking websvn
doesn't give me a patch that touches the ret value checking code).

Anyway, why are you checking whether ret is 1 or 0? The return value can
be the result of SMB_VFS_SYS_ACL_GET_PERM, which is implemented as a
bitwise & on some platforms. So a valid return value can be ACL_WRITE
(02 on IRIX), which I would expect to cause the user to be able to
delete the file ...

-- 
James Peach | jpeach at samba.org



More information about the samba-technical mailing list