libcli/security: remove duplicate aces in se_create_child_secdesc()

Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2012-11-29 12:33:22 +0100
committer: Michael Adam <obnox@samba.org> 2012-12-02 22:42:20 +0100
commit: cf60338ada9b1685aaa49a41cefbe1e14040a283 (patch)
tree: 94ac3de11e972e1e574b9fbb00fbd7403398732b /libcli/security
parent: 8fbe39d5134e136101425f9fc8d3d5080cbe25ba (diff)
download: samba-cf60338ada9b1685aaa49a41cefbe1e14040a283.tar.gz
1 files changed, 34 insertions, 0 deletions
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index a3db1b67293..d2c58334927 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -679,6 +679,40 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
 	talloc_free(frame);
 
+	/*
+	 * remove duplicates
+	 */
+	for (i=1; i < new_ace_list_ndx;) {
+		struct security_ace *ai = &new_ace_list[i];
+		unsigned int remaining, j;
+		bool remove = false;
+
+		for (j=0; j < i; j++) {
+			struct security_ace *aj = &new_ace_list[j];
+
+			if (!sec_ace_equal(ai, aj)) {
+				continue;
+			}
+
+			remove = true;
+			break;
+		}
+
+		if (!remove) {
+			i++;
+			continue;
+		}
+
+		new_ace_list_ndx--;
+		remaining = new_ace_list_ndx - i;
+		if (remaining == 0) {
+			ZERO_STRUCT(new_ace_list[i]);
+			continue;
+		}
+		memmove(&new_ace_list[i], &new_ace_list[i+1],
+			sizeof(new_ace_list[i]) * remaining);
+	}
+
 	/* Create child security descriptor to return */
 	if (new_ace_list_ndx) {
 		new_dacl = make_sec_acl(ctx,
author	Stefan Metzmacher <metze@samba.org>	2012-11-29 12:33:22 +0100
committer	Michael Adam <obnox@samba.org>	2012-12-02 22:42:20 +0100
commit	cf60338ada9b1685aaa49a41cefbe1e14040a283 (patch)
tree	94ac3de11e972e1e574b9fbb00fbd7403398732b /libcli/security
parent	8fbe39d5134e136101425f9fc8d3d5080cbe25ba (diff)
download	samba-cf60338ada9b1685aaa49a41cefbe1e14040a283.tar.gz