Bug #834: When a group is deleted, ACL rules that match '__ __/@gid __' are cleaned

2025-01-26 10:03:37 +03:00 · 2012-04-16 15:06:06 +02:00 · 2012-04-16 15:06:06 +02:00 · 261461ffb7
commit 261461ffb7
parent 54d00f98c4
2 changed files with 51 additions and 2 deletions
--- a/include/AclManager.h
+++ b/include/AclManager.h
@ -220,6 +220,16 @@ private:
     */
    void del_user_matching_rules(long long user_req);

+    /**
+     * Deletes all rules that match the resource mask
+     *
+     *    @param resource_req 64 bit request, ob. type and group id
+     *    @param resource_mask Mask with ob. type and group flags
+     */
+    void del_resource_matching_rules(
+            long long resource_req,
+            long long resource_mask);
+
    // ----------------------------------------
    // Mutex synchronization
    // ----------------------------------------
--- a/src/acl/AclManager.cc
+++ b/src/acl/AclManager.cc
@ -549,6 +549,8 @@ void AclManager::del_uid_rules(int uid)
 {
    long long user_req = AclRule::INDIVIDUAL_ID | uid;

+    // Delete rules that match
+    // #uid  __/__  __
    del_user_matching_rules(user_req);
 }

@ -557,9 +559,16 @@ void AclManager::del_uid_rules(int uid)

 void AclManager::del_gid_rules(int gid)
 {
-    long long user_req = AclRule::GROUP_ID | gid;
+    long long request = AclRule::GROUP_ID | gid;
+    long long resource_gid_mask = AclRule::GROUP_ID |
+                                  0x00000000FFFFFFFFLL;

-    del_user_matching_rules(user_req);
+    // Delete rules that match
+    // @gid  __/__  __
+    del_user_matching_rules(request);
+
+    // __  __/@gid  __
+    del_resource_matching_rules(request, resource_gid_mask);
 }

 /* -------------------------------------------------------------------------- */
@ -595,6 +604,36 @@ void AclManager::del_user_matching_rules(long long user_req)
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */

+void AclManager::del_resource_matching_rules(long long resource_req,
+                                             long long resource_mask)
+{
+    multimap<long long, AclRule *>::iterator        it;
+
+    vector<int>             oids;
+    vector<int>::iterator   oid_it;
+    string                  error_str;
+
+    lock();
+
+    for ( it = acl_rules.begin(); it != acl_rules.end(); it++ )
+    {
+        if ( ( it->second->resource & resource_mask ) == resource_req )
+        {
+            oids.push_back(it->second->oid);
+        }
+    }
+
+    unlock();
+
+    for ( oid_it = oids.begin() ; oid_it < oids.end(); oid_it++ )
+    {
+        del_rule(*oid_it, error_str);
+    }
+}
+
+/* -------------------------------------------------------------------------- */
+/* -------------------------------------------------------------------------- */
+
 void AclManager::reverse_search(int                       uid,
                                int                       gid,
                                PoolObjectSQL::ObjectType obj_type,