From: Volker Lendecke <vl@samba.org>
Date: Thu, 18 Dec 2025 10:58:41 +0000 (+0100)
Subject: smbd: Simplify map_nt_perms
X-Git-Tag: tdb-1.4.15~180
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4921f8b9c314ad06c3ee6cf7edce5bb224e1d5b6;p=thirdparty%2Fsamba.git

smbd: Simplify map_nt_perms

Factor out the repeated if-conditions

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
---

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 82a70f82ea6..a229a96f5fc 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1036,40 +1036,42 @@ uint32_t map_canon_ace_perms(int snum,
  Map NT perms to a UNIX mode_t.
 ****************************************************************************/
 
-#define FILE_SPECIFIC_READ_BITS (FILE_READ_DATA|FILE_READ_EA)
-#define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA)
-#define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
-
-static mode_t map_nt_perms( uint32_t *mask, int type)
+static mode_t map_nt_perms(uint32_t mask, int type)
 {
 	mode_t mode = 0;
+	bool have_all = (mask & GENERIC_ALL_ACCESS);
+	bool have_r = (mask &
+		       (GENERIC_READ_ACCESS | FILE_READ_DATA | FILE_READ_EA));
+	bool have_w = (mask & (GENERIC_WRITE_ACCESS | FILE_WRITE_DATA |
+			       FILE_APPEND_DATA | FILE_WRITE_EA));
+	bool have_x = (mask & (GENERIC_EXECUTE_ACCESS | FILE_EXECUTE));
 
 	switch(type) {
 	case S_IRUSR:
-		if((*mask) & GENERIC_ALL_ACCESS)
-			mode = S_IRUSR|S_IWUSR|S_IXUSR;
-		else {
-			mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
-			mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
-			mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
+		if (have_all) {
+			mode = S_IRWXU;
+		} else {
+			mode |= have_r ? S_IRUSR : 0;
+			mode |= have_w ? S_IWUSR : 0;
+			mode |= have_x ? S_IXUSR : 0;
 		}
 		break;
 	case S_IRGRP:
-		if((*mask) & GENERIC_ALL_ACCESS)
-			mode = S_IRGRP|S_IWGRP|S_IXGRP;
-		else {
-			mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
-			mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
-			mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
+		if (mask & GENERIC_ALL_ACCESS) {
+			mode = S_IRWXG;
+		} else {
+			mode |= have_r ? S_IRGRP : 0;
+			mode |= have_w ? S_IWGRP : 0;
+			mode |= have_x ? S_IXGRP : 0;
 		}
 		break;
 	case S_IROTH:
-		if((*mask) & GENERIC_ALL_ACCESS)
-			mode = S_IROTH|S_IWOTH|S_IXOTH;
-		else {
-			mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
-			mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
-			mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
+		if (mask & GENERIC_ALL_ACCESS) {
+			mode = S_IRWXO;
+		} else {
+			mode |= have_r ? S_IROTH : 0;
+			mode |= have_w ? S_IWOTH : 0;
+			mode |= have_x ? S_IXOTH : 0;
 		}
 		break;
 	}
@@ -1605,7 +1607,7 @@ static bool add_current_ace_to_acl(files_struct *fsp, struct security_ace *psa,
 	 * S_I(R|W|X)USR bits.
 	 */
 
-	current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR);
+	current_ace->perms |= map_nt_perms(psa->access_mask, S_IRUSR);
 	current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
 
 	/* Store the ace_flag. */