acl_t acl = NULL;
uid_t *uid;
gid_t *gid;
+ uid_t whoami = geteuid();
u_char group_rights = 0x00;
u_char acl_rights = 0x00;
case ACL_USER:
EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(entry));
- if (*uid == uuid) {
+ if (*uid == uuid && !(whoami == sb->st_uid)) {
LOG(log_maxdebug, logtype_afpd, "ACL_USER: %u", *uid);
acl_rights |= acl_permset_to_uarights(entry);
}
group_rights = acl_permset_to_uarights(entry);
LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid);
- if (gmem(sb->st_gid))
+ if (gmem(sb->st_gid) && !(whoami == sb->st_uid))
acl_rights |= group_rights;
break;
case ACL_GROUP:
EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(entry));
- if (gmem(*gid)) {
+ if (gmem(*gid) && !(whoami == sb->st_uid)) {
LOG(log_maxdebug, logtype_afpd, "ACL_GROUP: %u", *gid);
acl_rights |= acl_permset_to_uarights(entry);
}
EC_INIT;
int mapped_aces = 0;
int dirflag;
- uint32_t *darwin_ace_count = (u_int32_t *)rbuf;
+ uint32_t *darwin_ace_count = (uint32_t *)rbuf;
#ifdef HAVE_SOLARIS_ACLS
int ace_count = 0;
ace_t *aces = NULL;
if (allowed_rights & DARWIN_ACE_ADD_SUBDIRECTORY)
allowed_rights |= DARWIN_ACE_DELETE;
- dir->d_rights_cache = allowed_rights;
+ curdir->d_rights_cache = allowed_rights;
}
LOG(log_debug, logtype_afpd, "allowed rights: 0x%08x", allowed_rights);
}
* This is the magic function that makes ACLs usable by calculating
* the access granted by ACEs to the logged in user.
*/
-int acltoownermode(char *path, struct stat *st, struct maccess *ma)
+int acltoownermode(const struct vol *vol, char *path, struct stat *st, struct maccess *ma)
{
EC_INIT;
uint32_t rights = 0;
if ( ! (AFPobj->options.flags & OPTION_ACL2MACCESS)
- || (current_vol == NULL)
- || ! (current_vol->v_flags & AFPVOL_ACLS))
+ || ! (vol->v_flags & AFPVOL_ACLS))
return 0;
LOG(log_maxdebug, logtype_afpd, "acltoownermode(\"%s/%s\", 0x%02x)",
projects / netatalk.git / blobdiff