From: Jeremy Allison Date: Fri, 25 Mar 2005 03:41:02 +0000 (+0000) Subject: r6060: It's not quite accurate to say not having write access causes a group X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~5032 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e3c7d08bb68f51bc05768467feb0af896a059e91;p=thirdparty%2Fsamba.git r6060: It's not quite accurate to say not having write access causes a group entry never to match - it matches but if doesn't grant access is recorded so the "other" entry isn't subsequently checked. Fix the algorithm. Jeremy. --- diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 0b95a03dcb2..87173fca3b9 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3860,11 +3860,6 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can goto check_stat; } - /* If we don't have write permission this entry never matches. */ - if (have_write == 0) { - continue; - } - switch(tagtype) { case SMB_ACL_GROUP: { @@ -3874,11 +3869,17 @@ match on user %u -> %s.\n", fname, (unsigned int)*puid, ret ? "can write" : "can } for (i = 0; i < current_user.ngroups; i++) { if (current_user.groups[i] == *pgid) { - /* We're done now we have a gid match. */ - ret = 1; + ret = have_write; DEBUG(10,("check_posix_acl_group_write: file %s \ match on group %u -> can write.\n", fname, (unsigned int)*pgid )); - goto done; + + /* If we don't have write permission this entry doesn't + terminate the enumeration of the entries. */ + if (have_write) { + goto done; + } + /* But does terminate the group iteration. */ + break; } } break;