Fix ACL permission mapping

author Frank Lahm <franklahm@googlemail.com>

Wed, 23 Mar 2011 15:26:38 +0000 (16:26 +0100)

committer Frank Lahm <franklahm@googlemail.com>

Wed, 23 Mar 2011 15:26:38 +0000 (16:26 +0100)
author Frank Lahm <franklahm@googlemail.com>
Wed, 23 Mar 2011 15:26:38 +0000 (16:26 +0100)
committer Frank Lahm <franklahm@googlemail.com>
Wed, 23 Mar 2011 15:26:38 +0000 (16:26 +0100)
diff --git a/etc/afpd/acls.c b/etc/afpd/acls.c

index 206f2d9f2f774f58c46b4c90e5067ebfd3da7abb..43e91042f10e0ee3850a2d3cc312b7b51ee7a038 100644 (file)
--- a/etc/afpd/acls.c
+++ b/etc/afpd/acls.c
@@ -128,9 +128,9 @@ static int solaris_acl_rights(const char *path,
              ||
              ((flags & ACE_OWNER) && (uuid == sb->st_uid))
              ||
-            ((flags & ACE_GROUP) && gmem(sb->st_gid))
+            ((flags & ACE_GROUP) && !(uuid == sb->st_uid) && gmem(sb->st_gid))
              ||
-            (flags & ACE_EVERYONE)
+            (flags & ACE_EVERYONE && !(uuid == sb->st_uid) && !gmem(sb->st_gid))
              ) {
              /* Found an applicable ACE */
              if (type == ACE_ACCESS_ALLOWED_ACE_TYPE)
@@ -438,14 +438,16 @@ static int posix_acl_rights(const char *path,
              gid = NULL;
              break;
          case ACL_GROUP_OBJ:
-            if (gmem(sb->st_gid)) {
+            if (!(sb->st_uid == uuid) && gmem(sb->st_gid)) {
                  LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid);
                  rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));            
              }
              break;
          case ACL_OTHER:
-            LOG(log_maxdebug, logtype_afpd, "ACL_OTHER");
-            rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+            if (!(sb->st_uid == uuid) && !gmem(sb->st_gid)) {
+                LOG(log_maxdebug, logtype_afpd, "ACL_OTHER");
+                rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+            }
              break;
          default:
              continue;
diff --git a/etc/afpd/directory.c b/etc/afpd/directory.c

index 50cdcef7c75b8772f6533c52c69a69bc4296645c..c90ebe1bedf56f8574d17549a640c2f74858fb97 100644 (file)
--- a/etc/afpd/directory.c
+++ b/etc/afpd/directory.c
@@ -1328,10 +1328,18 @@ int file_access(struct path *path, int mode)
      struct maccess ma;
  
      accessmode(path->u_name, &ma, curdir, &path->st);
-    if ((mode & OPENACC_WR) && !(ma.ma_user & AR_UWRITE))
+
+    LOG(log_debug, logtype_afpd, "file_access(\"%s\"): mapped user mode: 0x%02x",
+        path->u_name, ma.ma_user);
+
+    if ((mode & OPENACC_WR) && !(ma.ma_user & AR_UWRITE)) {
+        LOG(log_debug, logtype_afpd, "file_access(\"%s\"): write access denied", path->u_name);
          return -1;
-    if ((mode & OPENACC_RD) && !(ma.ma_user & AR_UREAD))
+    }
+    if ((mode & OPENACC_RD) && !(ma.ma_user & AR_UREAD)) {
+        LOG(log_debug, logtype_afpd, "file_access(\"%s\"): read access denied", path->u_name);
          return -1;
+    }
      return 0;
  
  }
diff --git a/etc/afpd/unix.c b/etc/afpd/unix.c

index 9b68c3d47d922f90086d7c12ee4c7f3a951ea8fc..f604d79b8258a44ccdb5b228d18c543f40bda77c 100644 (file)
--- a/etc/afpd/unix.c
+++ b/etc/afpd/unix.c
@@ -157,6 +157,7 @@ mode_t mode;
  }
  
  #ifdef accessmode
+
  #undef accessmode
  #endif
  /*
author	Frank Lahm <franklahm@googlemail.com>
	Wed, 23 Mar 2011 15:26:38 +0000 (16:26 +0100)
committer	Frank Lahm <franklahm@googlemail.com>
	Wed, 23 Mar 2011 15:26:38 +0000 (16:26 +0100)
etc/afpd/acls.c		patch \| blob \| history
etc/afpd/directory.c		patch \| blob \| history
etc/afpd/unix.c		patch \| blob \| history