Bug 15089 - SMBC_XATTR_FLAG_CREATE used incorrectly
Summary: SMBC_XATTR_FLAG_CREATE used incorrectly
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-06-07 21:32 UTC by Harald Sitter
Modified: 2022-06-07 21:32 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Harald Sitter 2022-06-07 21:32:53 UTC
If I'm reading the code of cacl_set correctly then SMBC_XATTR_FLAG_CREATE's logic is inverted.

> 			for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
> 				if (dom_sid_equal(&sd->dacl->aces[i].trustee,
> 					      &old->dacl->aces[j].trustee)) {
>                                         if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
>                                                 err = EEXIST;

if the new SID and the old SID are equal AND if the CREATE flag is NOT set THEN error.

This surely should error iff the flag is set?

I am also not sure that check is entirely correct. There can be multiple ACEs pertaining to the same trustee but with different types (e.g. an AUDIT and a DENY and an ALLOW entry all affecting the same trustee within the same ACL). i.e. this check probably also needs to take the type into account.