||
((flags & ACE_OWNER) && (uuid == sb->st_uid))
||
- ((flags & ACE_GROUP) && gmem(sb->st_gid))
+ ((flags & ACE_GROUP) && !(uuid == sb->st_uid) && gmem(sb->st_gid))
||
- (flags & ACE_EVERYONE)
+ (flags & ACE_EVERYONE && !(uuid == sb->st_uid) && !gmem(sb->st_gid))
) {
/* Found an applicable ACE */
if (type == ACE_ACCESS_ALLOWED_ACE_TYPE)
gid = NULL;
break;
case ACL_GROUP_OBJ:
- if (gmem(sb->st_gid)) {
+ if (!(sb->st_uid == uuid) && gmem(sb->st_gid)) {
LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid);
rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
}
break;
case ACL_OTHER:
- LOG(log_maxdebug, logtype_afpd, "ACL_OTHER");
- rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ if (!(sb->st_uid == uuid) && !gmem(sb->st_gid)) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_OTHER");
+ rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ }
break;
default:
continue;
struct maccess ma;
accessmode(path->u_name, &ma, curdir, &path->st);
- if ((mode & OPENACC_WR) && !(ma.ma_user & AR_UWRITE))
+
+ LOG(log_debug, logtype_afpd, "file_access(\"%s\"): mapped user mode: 0x%02x",
+ path->u_name, ma.ma_user);
+
+ if ((mode & OPENACC_WR) && !(ma.ma_user & AR_UWRITE)) {
+ LOG(log_debug, logtype_afpd, "file_access(\"%s\"): write access denied", path->u_name);
return -1;
- if ((mode & OPENACC_RD) && !(ma.ma_user & AR_UREAD))
+ }
+ if ((mode & OPENACC_RD) && !(ma.ma_user & AR_UREAD)) {
+ LOG(log_debug, logtype_afpd, "file_access(\"%s\"): read access denied", path->u_name);
return -1;
+ }
return 0;
}