Author: jra Date: 2007-02-07 19:43:44 +0000 (Wed, 07 Feb 2007) New Revision: 21223
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21223 Log: Try and fix bug #4361 - Vista backup fails. Based on work from Joe Meadows <[EMAIL PROTECTED]>. One for the Vista patchset. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/posix_acls.c branches/SAMBA_3_0_25/source/smbd/posix_acls.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/posix_acls.c =================================================================== --- branches/SAMBA_3_0/source/smbd/posix_acls.c 2007-02-07 19:03:19 UTC (rev 21222) +++ branches/SAMBA_3_0/source/smbd/posix_acls.c 2007-02-07 19:43:44 UTC (rev 21223) @@ -658,6 +658,7 @@ } return 0; } + /**************************************************************************** Function to create owner and group SIDs from a SMB_STRUCT_STAT. ****************************************************************************/ @@ -669,6 +670,27 @@ } /**************************************************************************** + Is the identity in two ACEs equal ? Check both SID and uid/gid. +****************************************************************************/ + +static BOOL identity_in_ace_equal(canon_ace *ace1, canon_ace *ace2) +{ + if (sid_equal(&ace1->trustee, &ace2->trustee)) { + return True; + } + if (ace1->owner_type == ace2->owner_type) { + if (ace1->owner_type == UID_ACE && + ace1->unix_ug.uid == ace2->unix_ug.uid) { + return True; + } else if (ace1->owner_type == GID_ACE && + ace1->unix_ug.gid == ace2->unix_ug.gid) { + return True; + } + } + return False; +} + +/**************************************************************************** Merge aces with a common sid - if both are allow or deny, OR the permissions together and delete the second one. If the first is deny, mask the permissions off and delete the allow if the permissions become zero, delete the deny if the permissions are non zero. @@ -695,7 +717,7 @@ curr_ace_next = curr_ace->next; /* Save the link in case of delete. */ - if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + if (identity_in_ace_equal(curr_ace, curr_ace_outer) && (curr_ace->attr == curr_ace_outer->attr)) { if( DEBUGLVL( 10 )) { @@ -735,7 +757,7 @@ * we've put on the ACL, we know the deny must be the first one. */ - if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + if (identity_in_ace_equal(curr_ace, curr_ace_outer) && (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) { if( DEBUGLVL( 10 )) { Modified: branches/SAMBA_3_0_25/source/smbd/posix_acls.c =================================================================== --- branches/SAMBA_3_0_25/source/smbd/posix_acls.c 2007-02-07 19:03:19 UTC (rev 21222) +++ branches/SAMBA_3_0_25/source/smbd/posix_acls.c 2007-02-07 19:43:44 UTC (rev 21223) @@ -658,6 +658,7 @@ } return 0; } + /**************************************************************************** Function to create owner and group SIDs from a SMB_STRUCT_STAT. ****************************************************************************/ @@ -669,6 +670,27 @@ } /**************************************************************************** + Is the identity in two ACEs equal ? Check both SID and uid/gid. +****************************************************************************/ + +static BOOL identity_in_ace_equal(canon_ace *ace1, canon_ace *ace2) +{ + if (sid_equal(&ace1->trustee, &ace2->trustee)) { + return True; + } + if (ace1->owner_type == ace2->owner_type) { + if (ace1->owner_type == UID_ACE && + ace1->unix_ug.uid == ace2->unix_ug.uid) { + return True; + } else if (ace1->owner_type == GID_ACE && + ace1->unix_ug.gid == ace2->unix_ug.gid) { + return True; + } + } + return False; +} + +/**************************************************************************** Merge aces with a common sid - if both are allow or deny, OR the permissions together and delete the second one. If the first is deny, mask the permissions off and delete the allow if the permissions become zero, delete the deny if the permissions are non zero. @@ -695,7 +717,7 @@ curr_ace_next = curr_ace->next; /* Save the link in case of delete. */ - if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + if (identity_in_ace_equal(curr_ace, curr_ace_outer) && (curr_ace->attr == curr_ace_outer->attr)) { if( DEBUGLVL( 10 )) { @@ -735,7 +757,7 @@ * we've put on the ACL, we know the deny must be the first one. */ - if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + if (identity_in_ace_equal(curr_ace, curr_ace_outer) && (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) { if( DEBUGLVL( 10 )) {