diff options
| author | rwatson <rwatson@FreeBSD.org> | 2008-07-13 16:37:51 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2008-07-13 16:37:51 +0000 |
| commit | c57e2fc46aa3da8aaf6e9da061594d141bb48900 (patch) | |
| tree | 3e30ded43324388deae0e80a396569aedcf8308d /lib | |
| parent | 3f393f965c50d79422a6cb41b98aef7d86ecad99 (diff) | |
| download | FreeBSD-src-c57e2fc46aa3da8aaf6e9da061594d141bb48900.zip FreeBSD-src-c57e2fc46aa3da8aaf6e9da061594d141bb48900.tar.gz | |
The libc acl_valid(3) function validates the contents of a POSIX.1e ACL.
This change removes the requirement that an ACL contain no ACL_USER
entries with a uid the same as those of a file, or ACL_GROUP entries
with a gid the same as those of a file. This requirement is not in the
specification, and not enforced by the kernel's ACL implementation.
Reported by: Iustin Pop <iusty at k1024 dot org>
MFC after: 1 week
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/posix1e/acl_support.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/lib/libc/posix1e/acl_support.c b/lib/libc/posix1e/acl_support.c index b49808f..7c1e878 100644 --- a/lib/libc/posix1e/acl_support.c +++ b/lib/libc/posix1e/acl_support.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson + * Copyright (c) 1999-2001, 2008 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -138,7 +138,7 @@ _posix1e_acl_check(acl_t acl) { struct acl *acl_int; struct acl_entry *entry; /* current entry */ - uid_t obj_uid=-1, obj_gid=-1, highest_uid=0, highest_gid=0; + uid_t highest_uid=0, highest_gid=0; int stage = ACL_USER_OBJ; int i = 0; int count_user_obj=0, count_user=0, count_group_obj=0, @@ -162,7 +162,6 @@ _posix1e_acl_check(acl_t acl) return (EINVAL); stage = ACL_USER; count_user_obj++; - obj_uid = entry->ae_id; break; case ACL_USER: @@ -170,8 +169,6 @@ _posix1e_acl_check(acl_t acl) if (stage > ACL_USER) return (EINVAL); stage = ACL_USER; - if (entry->ae_id == obj_uid) - return (EINVAL); if (count_user && (entry->ae_id <= highest_uid)) return (EINVAL); highest_uid = entry->ae_id; @@ -185,7 +182,6 @@ _posix1e_acl_check(acl_t acl) return (EINVAL); stage = ACL_GROUP; count_group_obj++; - obj_gid = entry->ae_id; break; case ACL_GROUP: @@ -193,8 +189,6 @@ _posix1e_acl_check(acl_t acl) if (stage > ACL_GROUP) return (EINVAL); stage = ACL_GROUP; - if (entry->ae_id == obj_gid) - return (EINVAL); if (count_group && (entry->ae_id <= highest_gid)) return (EINVAL); highest_gid = entry->ae_id; |
