diff options
author | Gerald Carter <jerry@samba.org> | 2007-08-20 12:56:31 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2007-08-20 12:56:31 +0000 |
commit | ad4be8a01adacd96c5f0fe1bb87a170ab88d2b88 (patch) | |
tree | 50d0f4dee9409348f326810053b91ff76a74bf2e /source/libsmb/libsmbclient.c | |
parent | 1db01e3c95b716201eafca91ce97ba57a3dbc218 (diff) | |
download | samba-ad4be8a01adacd96c5f0fe1bb87a170ab88d2b88.tar.gz samba-ad4be8a01adacd96c5f0fe1bb87a170ab88d2b88.tar.xz samba-ad4be8a01adacd96c5f0fe1bb87a170ab88d2b88.zip |
r24580: Grab last changes for 3.0.25c (in synjc with 3.0.25 branch svn r24571)samba-3.0.25c
Diffstat (limited to 'source/libsmb/libsmbclient.c')
-rw-r--r-- | source/libsmb/libsmbclient.c | 90 |
1 files changed, 72 insertions, 18 deletions
diff --git a/source/libsmb/libsmbclient.c b/source/libsmb/libsmbclient.c index e13b21f1115..2e00a3ca898 100644 --- a/source/libsmb/libsmbclient.c +++ b/source/libsmb/libsmbclient.c @@ -3748,32 +3748,94 @@ smbc_utimes_ctx(SMBCCTX *context, } -/* The MSDN is contradictory over the ordering of ACE entries in an ACL. - However NT4 gives a "The information may have been modified by a - computer running Windows NT 5.0" if denied ACEs do not appear before - allowed ACEs. */ +/* + * Sort ACEs according to the documentation at + * http://support.microsoft.com/kb/269175, at least as far as it defines the + * order. + */ static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2) { - if (sec_ace_equal(ace1, ace2)) + BOOL b1; + BOOL b2; + + /* If the ACEs are equal, we have nothing more to do. */ + if (sec_ace_equal(ace1, ace2)) { return 0; + } - if (ace1->type != ace2->type) + /* Inherited follow non-inherited */ + b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0); + b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0); + if (b1 != b2) { + return (b1 ? 1 : -1); + } + + /* + * What shall we do with AUDITs and ALARMs? It's undefined. We'll + * sort them after DENY and ALLOW. + */ + b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED && + ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT && + ace1->type != SEC_ACE_TYPE_ACCESS_DENIED && + ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT); + b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED && + ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT && + ace2->type != SEC_ACE_TYPE_ACCESS_DENIED && + ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT); + if (b1 != b2) { + return (b1 ? 1 : -1); + } + + /* Allowed ACEs follow denied ACEs */ + b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED || + ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT); + b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED || + ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT); + if (b1 != b2) { + return (b1 ? 1 : -1); + } + + /* + * ACEs applying to an entity's object follow those applying to the + * entity itself + */ + b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || + ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT); + b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || + ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT); + if (b1 != b2) { + return (b1 ? 1 : -1); + } + + /* + * If we get this far, the ACEs are similar as far as the + * characteristics we typically care about (those defined by the + * referenced MS document). We'll now sort by characteristics that + * just seems reasonable. + */ + + if (ace1->type != ace2->type) { return ace2->type - ace1->type; + } - if (sid_compare(&ace1->trustee, &ace2->trustee)) + if (sid_compare(&ace1->trustee, &ace2->trustee)) { return sid_compare(&ace1->trustee, &ace2->trustee); + } - if (ace1->flags != ace2->flags) + if (ace1->flags != ace2->flags) { return ace1->flags - ace2->flags; + } - if (ace1->access_mask != ace2->access_mask) + if (ace1->access_mask != ace2->access_mask) { return ace1->access_mask - ace2->access_mask; + } - if (ace1->size != ace2->size) + if (ace1->size != ace2->size) { return ace1->size - ace2->size; + } return memcmp(ace1, ace2, sizeof(SEC_ACE)); } @@ -5158,9 +5220,6 @@ cacl_set(TALLOC_CTX *ctx, switch (mode) { case SMBC_XATTR_MODE_REMOVE_ALL: old->dacl->num_aces = 0; - prs_mem_free(old->dacl->aces); - prs_mem_free(&old->dacl); - old->dacl = NULL; dacl = old->dacl; break; @@ -5177,11 +5236,6 @@ cacl_set(TALLOC_CTX *ctx, old->dacl->aces[k+1]; } old->dacl->num_aces--; - if (old->dacl->num_aces == 0) { - prs_mem_free(&old->dacl->aces); - prs_mem_free(&old->dacl); - old->dacl = NULL; - } found = True; dacl = old->dacl; break; |