[Samba] reduce_name and ACL's
jra at samba.org
Fri Mar 11 18:40:54 GMT 2005
On Fri, Mar 11, 2005 at 08:41:05AM -0500, William Jojo wrote:
> AIX 5.2, Samba 3.0.11, OpenLDAP 2.2.23.
> Can someone explain what reduce name is supposed to be checking?
It's supposed to get the real path on the system from the given path,
resolving symlinks etc. This allows us to make an access decision
that a pathname is really "below" the given share pathname (ie. it's
safe to access from this share tid).
> The final debug uses "p" as the "reduced" name, but p is NULL to start and
> only has a value during the code path IF there was no entry found on the
> first call to realpath at which point the last component is removed and we
> try again.
> Now since p points to the character after the last nulled '/' of tmp_fname
> which is then totally reconstructed, the DEBUG-3 at the end will never be
> right as its value is no longer relavent.
> Is it supposed to be the fully qualified name based on the connection of
> the dir or the file in the dir. Or is it supposed to be the "basename" of
> a non-directory object?
Ah. The use of p in that debug looks wrong - I think it should be "resolved_name"
instead. I'll check and fix it.
More information about the samba