diff options
author | Jeremy Allison <jra@samba.org> | 2005-05-10 04:25:11 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:56:52 -0500 |
commit | 34ea46ef8c4d94f59c11a7b1edc79db382970e0c (patch) | |
tree | 35c9a2dee3ca82e88b4950f05509c90b67d16bfb /source3/smbd | |
parent | 90e9f18c2c1de9b159b83de3a46cdbcc7b4f7ed2 (diff) | |
download | samba-34ea46ef8c4d94f59c11a7b1edc79db382970e0c.tar.gz samba-34ea46ef8c4d94f59c11a7b1edc79db382970e0c.tar.bz2 samba-34ea46ef8c4d94f59c11a7b1edc79db382970e0c.zip |
r6696: Another attempt to fix the (unreproducible for me) bug #2346 (read-only
excel files). Ensures that any missing user ACL entry will be generated
from a union of all group permissions that contain the user.
Awaiting feedback from the reporters.
Jeremy.
(This used to be commit 874353e617b314429359e8e9516898f670bbf539)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/posix_acls.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 1e68900bd3..b31e97c76f 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1097,13 +1097,28 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->attr = ALLOW_ACE; if (setting_acl) { + /* See if the owning user is in any of the other groups in + the ACE. If so, OR in the permissions from that group. */ + + BOOL group_matched = False; + canon_ace *pace_iter; + + for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) { + if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { + if (uid_entry_in_group(pace, pace_iter)) { + pace->perms |= pace_iter->perms; + group_matched = True; + } + } + } + /* If we only got an "everyone" perm, just use that. */ - if (!got_grp && got_other) - pace->perms = pace_other->perms; - else if (got_grp && uid_entry_in_group(pace, pace_group)) - pace->perms = pace_group->perms; - else - pace->perms = 0; + if (!group_matched) { + if (got_other) + pace->perms = pace_other->perms; + else + pace->perms = 0; + } apply_default_perms(fsp, pace, S_IRUSR); } else { |