[Samba] still ACL bug in 3.0.14a
Jeremy Allison
jra at samba.org
Mon Apr 18 22:48:59 GMT 2005
On Mon, Apr 18, 2005 at 06:35:12PM +0200, Peter Kruse wrote:
> Hello,
>
> bad news, my problem is not fixed with 3.0.14a
The log file helped. Try this patch (applies against
raw 3.0.14a). Problem was Solaris was returning 2 in a
place I expected a 1....
Jeremy.
-------------- next part --------------
Index: smbd/posix_acls.c
===================================================================
--- smbd/posix_acls.c (revision 6363)
+++ smbd/posix_acls.c (working copy)
@@ -3756,6 +3756,7 @@
/****************************************************************************
Check for POSIX group ACLs. If none use stat entry.
+ Return -1 if no match, 0 if match and denied, 1 if match and allowed.
****************************************************************************/
static int check_posix_acl_group_write(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf)
@@ -3797,6 +3798,12 @@
goto check_stat;
}
+ /*
+ * Solaris returns 2 for this if write is available.
+ * canonicalize to 0 or 1.
+ */
+ have_write = (have_write ? 1 : 0);
+
switch(tagtype) {
case SMB_ACL_MASK:
if (!have_write) {
@@ -3860,6 +3867,12 @@
goto check_stat;
}
+ /*
+ * Solaris returns 2 for this if write is available.
+ * canonicalize to 0 or 1.
+ */
+ have_write = (have_write ? 1 : 0);
+
switch(tagtype) {
case SMB_ACL_GROUP:
{
@@ -3867,6 +3880,23 @@
if (pgid == NULL) {
goto check_stat;
}
+
+ /* Does it match the current effective group ? */
+ if (current_user.gid == *pgid) {
+ ret = have_write;
+ DEBUG(10,("check_posix_acl_group_write: file %s \
+match on group %u -> can write.\n", fname, (unsigned int)*pgid ));
+
+ /* If we don't have write permission this entry doesn't
+ * prevent the subsequent enumeration of the supplementary
+ * groups.
+ */
+ if (have_write) {
+ goto done;
+ }
+ }
+
+ /* Continue with the supplementary groups. */
for (i = 0; i < current_user.ngroups; i++) {
if (current_user.groups[i] == *pgid) {
ret = have_write;
@@ -3898,6 +3928,15 @@
/* Do we match on the owning group entry ? */
+ /* First, does it match the current effective group ? */
+ if (current_user.gid == psbuf->st_gid) {
+ ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0;
+ DEBUG(10,("check_posix_acl_group_write: file %s \
+match on owning group %u -> %s.\n", fname, (unsigned int)psbuf->st_gid, ret ? "can write" : "cannot write"));
+ goto done;
+ }
+
+ /* If not look at the supplementary groups. */
for (i = 0; i < current_user.ngroups; i++) {
if (current_user.groups[i] == psbuf->st_gid) {
ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0;
More information about the samba
mailing list