summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2005-03-25 03:41:02 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:56:19 -0500
commit9dba95788071d22f90d222f5a2440d0442d55385 (patch)
tree7e5351316dcf6c89df4107d5ab90e0b871f758a3 /source3/smbd
parent83c61f2ace4e07ed83bb4cd32b604e3819a363a8 (diff)
downloadsamba-9dba95788071d22f90d222f5a2440d0442d55385.tar.gz
samba-9dba95788071d22f90d222f5a2440d0442d55385.tar.bz2
samba-9dba95788071d22f90d222f5a2440d0442d55385.zip
r6060: It's not quite accurate to say not having write access causes a group
entry never to match - it matches but if doesn't grant access is recorded so the "other" entry isn't subsequently checked. Fix the algorithm. Jeremy. (This used to be commit e3c7d08bb68f51bc05768467feb0af896a059e91)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/posix_acls.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 0b95a03dcb..87173fca3b 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3860,11 +3860,6 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can
goto check_stat;
}
- /* If we don't have write permission this entry never matches. */
- if (have_write == 0) {
- continue;
- }
-
switch(tagtype) {
case SMB_ACL_GROUP:
{
@@ -3874,11 +3869,17 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can
}
for (i = 0; i < current_user.ngroups; i++) {
if (current_user.groups[i] == *pgid) {
- /* We're done now we have a gid match. */
- ret = 1;
+ ret = have_write;
DEBUG(10,("check_posix_acl_group_write: file %s \
match on group %u -> can write.\n", fname, (unsigned int)*pgid ));
- goto done;
+
+ /* If we don't have write permission this entry doesn't
+ terminate the enumeration of the entries. */
+ if (have_write) {
+ goto done;
+ }
+ /* But does terminate the group iteration. */
+ break;
}
}
break;