summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2005-05-10 04:25:11 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:56:52 -0500
commit34ea46ef8c4d94f59c11a7b1edc79db382970e0c (patch)
tree35c9a2dee3ca82e88b4950f05509c90b67d16bfb /source3
parent90e9f18c2c1de9b159b83de3a46cdbcc7b4f7ed2 (diff)
downloadsamba-34ea46ef8c4d94f59c11a7b1edc79db382970e0c.tar.gz
samba-34ea46ef8c4d94f59c11a7b1edc79db382970e0c.tar.bz2
samba-34ea46ef8c4d94f59c11a7b1edc79db382970e0c.zip
r6696: Another attempt to fix the (unreproducible for me) bug #2346 (read-only
excel files). Ensures that any missing user ACL entry will be generated from a union of all group permissions that contain the user. Awaiting feedback from the reporters. Jeremy. (This used to be commit 874353e617b314429359e8e9516898f670bbf539)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/posix_acls.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 1e68900bd3..b31e97c76f 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1097,13 +1097,28 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->attr = ALLOW_ACE;
if (setting_acl) {
+ /* See if the owning user is in any of the other groups in
+ the ACE. If so, OR in the permissions from that group. */
+
+ BOOL group_matched = False;
+ canon_ace *pace_iter;
+
+ for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) {
+ if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) {
+ if (uid_entry_in_group(pace, pace_iter)) {
+ pace->perms |= pace_iter->perms;
+ group_matched = True;
+ }
+ }
+ }
+
/* If we only got an "everyone" perm, just use that. */
- if (!got_grp && got_other)
- pace->perms = pace_other->perms;
- else if (got_grp && uid_entry_in_group(pace, pace_group))
- pace->perms = pace_group->perms;
- else
- pace->perms = 0;
+ if (!group_matched) {
+ if (got_other)
+ pace->perms = pace_other->perms;
+ else
+ pace->perms = 0;
+ }
apply_default_perms(fsp, pace, S_IRUSR);
} else {