[Samba] reduce_name and ACL's

William Jojo jojowil at hvcc.edu
Fri Mar 11 13:41:05 GMT 2005 


AIX 5.2, Samba 3.0.11, OpenLDAP 2.2.23.


Can someone explain what reduce name is supposed to be checking?

The final debug uses "p" as the "reduced" name, but p is NULL to start and
only has a value during the code path IF there was no entry found on the
first call to realpath at which point the last component is removed and we
try again.

Now since p points to the character after the last nulled '/' of tmp_fname
which is then totally reconstructed, the DEBUG-3 at the end will never be
right as its value is no longer relavent.

Is it supposed to be the fully qualified name based on the connection of
the dir or the file in the dir. Or is it supposed to be the "basename" of
a non-directory object?

---

I'm researching a bug in the ACL's that causes the first entry of a POSIX
ACL in AIX to lose an entry. As you can see the entry for "fogarjoh" is
there then gone.


[2005/03/11 08:29:54, 10] smbd/posix_acls.c:print_canon_ace_list(590)
  print_canon_ace_list: canonicalise_acl: ace entries after arrange
  canon_ace index 0. Type = allow SID =
S-1-5-21-1908802895-3536710745-1580887524-7952 uid 3476 (billtest)
SMB_ACL_USER_OBJ perms rwx
  canon_ace index 1. Type = allow SID =
S-1-5-21-1908802895-3536710745-1580887524-1001 gid 0 (system)
SMB_ACL_GROUP_OBJ perms r-x
  canon_ace index 2. Type = allow SID =
S-1-5-21-1908802895-3536710745-1580887524-1422 uid 211 (schmilor)
SMB_ACL_USER perms r-x
  canon_ace index 3. Type = allow SID =
S-1-5-21-1908802895-3536710745-1580887524-1412 uid 206 (fogarjoh)
SMB_ACL_USER perms r-x
  canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms
r-x
[2005/03/11 08:29:54, 10] smbd/posix_acls.c:canonicalise_acl(2194)
  canonicalise_acl: Default ace entries before arrange :
[2005/03/11 08:29:54, 10] smbd/posix_acls.c:canonicalise_acl(2207)
  canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms
r-x
[2005/03/11 08:29:54, 10] smbd/posix_acls.c:canonicalise_acl(2207)
  canon_ace index 1. Type = allow SID = S-1-3-1 gid 0 (system)
SMB_ACL_GROUP_OBJ perms r-x
[2005/03/11 08:29:54, 10] smbd/posix_acls.c:canonicalise_acl(2207)
  canon_ace index 2. Type = allow SID = S-1-3-0 uid 3476 (billtest)
SMB_ACL_USER_OBJ perms rwx
[2005/03/11 08:29:54, 10] smbd/posix_acls.c:canonicalise_acl(2207)
  canon_ace index 3. Type = allow SID =
S-1-5-21-1908802895-3536710745-1580887524-1422 uid 211 (schmilor)
SMB_ACL_USER perms r-x
[2005/03/11 08:29:54, 10] smbd/posix_acls.c:print_canon_ace_list(590)
  print_canon_ace_list: canonicalise_acl: ace entries after arrange
  canon_ace index 0. Type = allow SID = S-1-3-0 uid 3476 (billtest)
SMB_ACL_USER_OBJ perms rwx
  canon_ace index 1. Type = allow SID = S-1-3-1 gid 0 (system)
SMB_ACL_GROUP_OBJ perms r-x
  canon_ace index 2. Type = allow SID =
S-1-5-21-1908802895-3536710745-1580887524-1422 uid 211 (schmilor)
SMB_ACL_USER perms r-x
  canon_ace index 3. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms
r-x



The ACL from AIX is:

attributes:
base permissions
    owner(billtest):  rwx
    group(system):  r-x
    others:  r-x
extended permissions
    enabled
    specify  r-x     u:fogarjoh
    specify  r-x     u:schmilor



This happens for whomever is at the top of the extended permissions list.
And of course confuses the heck out of XP.


As soon as I have a patch I'll submit for the ACL bug too.




Bill

More information about the samba mailing list