svn commit: samba r6364 - in trunk/source/smbd: .

jra at samba.org jra at samba.org
Sun Apr 17 07:57:39 GMT 2005 

Author: jra
Date: 2005-04-17 07:57:39 +0000 (Sun, 17 Apr 2005)
New Revision: 6364

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6364

Log:
Wow, how much worse does this get. From info provided by
Eric Stewart <eric at lib.usf.edu> I realised we weren't checking
against the current effective groupid (set by force group) as
well as the group list. Fix this.
Jeremy.

Modified:
   trunk/source/smbd/posix_acls.c


Changeset:
Modified: trunk/source/smbd/posix_acls.c
===================================================================
--- trunk/source/smbd/posix_acls.c	2005-04-17 04:21:15 UTC (rev 6363)
+++ trunk/source/smbd/posix_acls.c	2005-04-17 07:57:39 UTC (rev 6364)
@@ -3856,6 +3856,23 @@
 				if (pgid == NULL) {
 					goto check_stat;
 				}
+
+				/* Does it match the current effective group ? */
+				if (current_user.gid == *pgid) {
+					ret = have_write;
+					DEBUG(10,("check_posix_acl_group_write: file %s \
+match on group %u -> can write.\n", fname, (unsigned int)*pgid ));
+
+					/* If we don't have write permission this entry doesn't
+					 * prevent the subsequent enumeration of the supplementary
+					 * groups.
+					 */
+					if (have_write) {
+						goto done;
+					}
+				}
+
+				/* Continue with the supplementary groups. */
 				for (i = 0; i < current_user.ngroups; i++) {
 					if (current_user.groups[i] == *pgid) {
 						ret = have_write;
@@ -3887,6 +3904,15 @@
 
 	/* Do we match on the owning group entry ? */
 
+	/* First, does it match the current effective group ? */
+	if (current_user.gid == psbuf->st_gid) {
+		ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0;
+		DEBUG(10,("check_posix_acl_group_write: file %s \
+match on owning group %u -> %s.\n", fname, (unsigned int)psbuf->st_gid, ret ? "can write" : "cannot write"));
+		goto done;
+	}
+
+	/* If not look at the supplementary groups. */
 	for (i = 0; i < current_user.ngroups; i++) {
 		if (current_user.groups[i] == psbuf->st_gid) {
 			ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0;

More information about the samba-cvs mailing list