diff options
author | Jeremy Allison <jra@samba.org> | 2005-03-25 03:41:02 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:56:19 -0500 |
commit | 9dba95788071d22f90d222f5a2440d0442d55385 (patch) | |
tree | 7e5351316dcf6c89df4107d5ab90e0b871f758a3 /source3/smbd | |
parent | 83c61f2ace4e07ed83bb4cd32b604e3819a363a8 (diff) | |
download | samba-9dba95788071d22f90d222f5a2440d0442d55385.tar.gz samba-9dba95788071d22f90d222f5a2440d0442d55385.tar.bz2 samba-9dba95788071d22f90d222f5a2440d0442d55385.zip |
r6060: It's not quite accurate to say not having write access causes a group
entry never to match - it matches but if doesn't grant access is recorded
so the "other" entry isn't subsequently checked.
Fix the algorithm.
Jeremy.
(This used to be commit e3c7d08bb68f51bc05768467feb0af896a059e91)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/posix_acls.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 0b95a03dcb..87173fca3b 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3860,11 +3860,6 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can goto check_stat; } - /* If we don't have write permission this entry never matches. */ - if (have_write == 0) { - continue; - } - switch(tagtype) { case SMB_ACL_GROUP: { @@ -3874,11 +3869,17 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can } for (i = 0; i < current_user.ngroups; i++) { if (current_user.groups[i] == *pgid) { - /* We're done now we have a gid match. */ - ret = 1; + ret = have_write; DEBUG(10,("check_posix_acl_group_write: file %s \ match on group %u -> can write.\n", fname, (unsigned int)*pgid )); - goto done; + + /* If we don't have write permission this entry doesn't + terminate the enumeration of the entries. */ + if (have_write) { + goto done; + } + /* But does terminate the group iteration. */ + break; } } break; |