From 9dba95788071d22f90d222f5a2440d0442d55385 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 25 Mar 2005 03:41:02 +0000 Subject: r6060: It's not quite accurate to say not having write access causes a group entry never to match - it matches but if doesn't grant access is recorded so the "other" entry isn't subsequently checked. Fix the algorithm. Jeremy. (This used to be commit e3c7d08bb68f51bc05768467feb0af896a059e91) --- source3/smbd/posix_acls.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 0b95a03dcb..87173fca3b 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3860,11 +3860,6 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can goto check_stat; } - /* If we don't have write permission this entry never matches. */ - if (have_write == 0) { - continue; - } - switch(tagtype) { case SMB_ACL_GROUP: { @@ -3874,11 +3869,17 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can } for (i = 0; i < current_user.ngroups; i++) { if (current_user.groups[i] == *pgid) { - /* We're done now we have a gid match. */ - ret = 1; + ret = have_write; DEBUG(10,("check_posix_acl_group_write: file %s \ match on group %u -> can write.\n", fname, (unsigned int)*pgid )); - goto done; + + /* If we don't have write permission this entry doesn't + terminate the enumeration of the entries. */ + if (have_write) { + goto done; + } + /* But does terminate the group iteration. */ + break; } } break; -- cgit