git.samba.org / obnox / samba / samba-obnox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6609b20)
r6060: It's not quite accurate to say not having write access causes a group
authorJeremy Allison <jra@samba.org>
Fri, 25 Mar 2005 03:41:02 +0000 (03:41 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 15:56:19 +0000 (10:56 -0500)
entry never to match - it matches but if doesn't grant access is recorded
so the "other" entry isn't subsequently checked.
Fix the algorithm.
Jeremy.

source/smbd/posix_acls.c patch | blob | history

diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index 0b95a03dcb2d0ce97d15ba1cbf3133977f0a864c..87173fca3b96bcae961c8d17780a3d6ae5822984 100644 (file)
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -3860,11 +3860,6 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can
                        goto check_stat;
                }
 
-               /* If we don't have write permission this entry never matches. */
-               if (have_write == 0) {
-                       continue;
-               }
-
                switch(tagtype) {
                        case SMB_ACL_GROUP:
                        {
@@ -3874,11 +3869,17 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can
                                }
                                for (i = 0; i < current_user.ngroups; i++) {
                                        if (current_user.groups[i] == *pgid) {
-                                               /* We're done now we have a gid match. */
-                                               ret = 1;
+                                               ret = have_write;
                                                DEBUG(10,("check_posix_acl_group_write: file %s \
 match on group %u -> can write.\n", fname, (unsigned int)*pgid ));
-                                               goto done;
+
+                                               /* If we don't have write permission this entry doesn't
+                                                       terminate the enumeration of the entries. */
+                                               if (have_write) {
+                                                       goto done;
+                                               }
+                                               /* But does terminate the group iteration. */
+                                               break;
                                        }
                                }
                                break;
Michael's Samba GIT