problem with check_posix_acl_group_write return value

James Peach jpeach at samba.org
Fri Aug 12 01:22:13 GMT 2005 

On Thu, 2005-08-11 at 18:13 -0700, Jeremy Allison wrote:
> On Fri, Aug 12, 2005 at 10:59:15AM +1000, James Peach wrote:
> > 
> > Anyway, why are you checking whether ret is 1 or 0? The return value can
> > be the result of SMB_VFS_SYS_ACL_GET_PERM, which is implemented as a
> > bitwise & on some platforms. So a valid return value can be ACL_WRITE
> > (02 on IRIX), which I would expect to cause the user to be able to
> > delete the file ...
> 
> Nope - check the invarients on check_posix_acl_group_write(). It *only*
> returns -1, 0, or 1.

hmmm ...

[2005/08/12 10:32:28, 2, pid=29056060, effective(16347, 20), real(0, 0)] smbd/open.c:(242)
  jpeach opened file jpeach/testfile3 read=Yes write=No (numopen=2)
[2005/08/12 10:32:36, 2, pid=29056060, effective(16347, 20), real(0, 0)] smbd/close.c:(269)
  jpeach closed file jpeach/testfile3 (numopen=1)
[2005/08/12 10:32:36, 10, pid=29056060, effective(16347, 20), real(0, 0)] smbd/posix_acls.c:(3873)
  check_posix_acl_group_write: file jpeach match on group 999 -> can write.
[2005/08/12 10:32:36, 10, pid=29056060, effective(16347, 20), real(0, 0)] smbd/posix_acls.c:(3921)
  check_posix_acl_group_write: file jpeach returning (ret = 2).


> >From the function header :
> 
> /****************************************************************************
>  Check for POSIX group ACLs. If none use stat entry.
>  Return -1 if no match, 0 if match and denied, 1 if match and allowed.
> ****************************************************************************/
> 
> I ran into this exact problem (SMB_VFS_SYS_ACL_GET_PERM returning 2)
> on Solaris, and so check out this code in the check_posix_acl_group_write() function :
> 
>                 /*
>                  * Solaris returns 2 for this if write is available.
>                  * canonicalize to 0 or 1.
>                  */
>                 have_write = (have_write ? 1 : 0);

Yep, that's because SMB_VFS_SYS_ACL_GET_PERM can return ACL_WRITE which
might be 2. I'm looking at the 3.0.14a tree which doesn't have this fix.
I'll backport it and test .. thanks ..

-- 
James Peach | jpeach at samba.org

More information about the samba-technical mailing list