1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
From 6dfe0d58bd27ee1b3668831b59a14218a441c3bd Mon Sep 17 00:00:00 2001
From: "J. Bruce Fields" <bfields@citi.umich.edu>
Date: Tue, 18 Sep 2007 15:28:34 -0400
Subject: [PATCH 17/17] fix calculation of group bits
With the current code allowing bits to a group can result in those bits
also being allowed to other groups. This is unnecessary, as posix group
permissions already accumulate in most cases.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
---
libacl/acl_n4tp_acl_trans.c | 39 +++++++++++++++++++++++++++------------
1 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c
index 52972c7..3b0563f 100644
--- a/libacl/acl_n4tp_acl_trans.c
+++ b/libacl/acl_n4tp_acl_trans.c
@@ -218,18 +218,36 @@ static inline void deny_bits(struct posix_ace_state *astate, u32 mask)
astate->deny |= mask & ~astate->allow;
}
-static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid)
+static int find_uid(struct posix_acl_state *state, uid_t uid)
{
int i;
+ struct posix_ace_state_array *users = state->users;
- for (i = 0; i < a->n; i++)
- if (a->aces[i].uid == uid)
+ for (i = 0; i < users->n; i++)
+ if (users->aces[i].uid == uid)
return i;
/* Not found: */
- a->n++;
- a->aces[i].uid = uid;
- a->aces[i].perms.allow = state->everyone.allow;
- a->aces[i].perms.deny = state->everyone.deny;
+ users->n++;
+ users->aces[i].uid = uid;
+ users->aces[i].perms.allow = state->everyone.allow;
+ users->aces[i].perms.deny = state->everyone.deny;
+
+ return i;
+}
+
+static int find_gid(struct posix_acl_state *state, uid_t uid)
+{
+ int i;
+ struct posix_ace_state_array *groups = state->groups;
+
+ for (i = 0; i < groups->n; i++)
+ if (groups->aces[i].uid == uid)
+ return i;
+ /* Not found: */
+ groups->n++;
+ groups->aces[i].uid = uid;
+ groups->aces[i].perms.allow = state->other.allow;
+ groups->aces[i].perms.deny = state->other.deny;
return i;
}
@@ -295,7 +313,7 @@ static int process_one_v4_ace(struct posix_acl_state *state,
case ACL_USER:
if (nfs4_name_to_uid(ace->who, &id))
return -1;
- i = find_uid(state, state->users, id);
+ i = find_uid(state, id);
if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
allow_bits(&state->users->aces[i].perms, mask);
mask = state->users->aces[i].perms.allow;
@@ -311,7 +329,6 @@ static int process_one_v4_ace(struct posix_acl_state *state,
allow_bits(&state->owner, mask);
allow_bits(&state->everyone, mask);
allow_bits_array(state->users, mask);
- allow_bits_array(state->groups, mask);
} else {
deny_bits(&state->group, mask);
}
@@ -319,15 +336,13 @@ static int process_one_v4_ace(struct posix_acl_state *state,
case ACL_GROUP:
if (nfs4_name_to_gid(ace->who, &id))
return -1;
- i = find_uid(state, state->groups, id);
+ i = find_gid(state, id);
if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
allow_bits(&state->groups->aces[i].perms, mask);
mask = state->groups->aces[i].perms.allow;
allow_bits(&state->owner, mask);
- allow_bits(&state->group, mask);
allow_bits(&state->everyone, mask);
allow_bits_array(state->users, mask);
- allow_bits_array(state->groups, mask);
} else {
deny_bits(&state->groups->aces[i].perms, mask);
}
--
1.7.8.1
|
GitWeb