From f1b915439efef197e01392aa2b4e5439d8e268ff Mon Sep 17 00:00:00 2001
From: Frank Lahm <franklahm@googlemail.com>
Date: Wed, 23 Mar 2011 16:26:38 +0100
Subject: [PATCH] Fix ACL permission mapping

---
 etc/afpd/acls.c      | 12 +++++++-----
 etc/afpd/directory.c | 12 ++++++++++--
 etc/afpd/unix.c      |  1 +
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/etc/afpd/acls.c b/etc/afpd/acls.c
index 206f2d9f..43e91042 100644
--- a/etc/afpd/acls.c
+++ b/etc/afpd/acls.c
@@ -128,9 +128,9 @@ static int solaris_acl_rights(const char *path,
             ||
             ((flags & ACE_OWNER) && (uuid == sb->st_uid))
             ||
-            ((flags & ACE_GROUP) && gmem(sb->st_gid))
+            ((flags & ACE_GROUP) && !(uuid == sb->st_uid) && gmem(sb->st_gid))
             ||
-            (flags & ACE_EVERYONE)
+            (flags & ACE_EVERYONE && !(uuid == sb->st_uid) && !gmem(sb->st_gid))
             ) {
             /* Found an applicable ACE */
             if (type == ACE_ACCESS_ALLOWED_ACE_TYPE)
@@ -438,14 +438,16 @@ static int posix_acl_rights(const char *path,
             gid = NULL;
             break;
         case ACL_GROUP_OBJ:
-            if (gmem(sb->st_gid)) {
+            if (!(sb->st_uid == uuid) && gmem(sb->st_gid)) {
                 LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid);
                 rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));            
             }
             break;
         case ACL_OTHER:
-            LOG(log_maxdebug, logtype_afpd, "ACL_OTHER");
-            rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+            if (!(sb->st_uid == uuid) && !gmem(sb->st_gid)) {
+                LOG(log_maxdebug, logtype_afpd, "ACL_OTHER");
+                rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+            }
             break;
         default:
             continue;
diff --git a/etc/afpd/directory.c b/etc/afpd/directory.c
index 50cdcef7..c90ebe1b 100644
--- a/etc/afpd/directory.c
+++ b/etc/afpd/directory.c
@@ -1328,10 +1328,18 @@ int file_access(struct path *path, int mode)
     struct maccess ma;
 
     accessmode(path->u_name, &ma, curdir, &path->st);
-    if ((mode & OPENACC_WR) && !(ma.ma_user & AR_UWRITE))
+
+    LOG(log_debug, logtype_afpd, "file_access(\"%s\"): mapped user mode: 0x%02x",
+        path->u_name, ma.ma_user);
+
+    if ((mode & OPENACC_WR) && !(ma.ma_user & AR_UWRITE)) {
+        LOG(log_debug, logtype_afpd, "file_access(\"%s\"): write access denied", path->u_name);
         return -1;
-    if ((mode & OPENACC_RD) && !(ma.ma_user & AR_UREAD))
+    }
+    if ((mode & OPENACC_RD) && !(ma.ma_user & AR_UREAD)) {
+        LOG(log_debug, logtype_afpd, "file_access(\"%s\"): read access denied", path->u_name);
         return -1;
+    }
     return 0;
 
 }
diff --git a/etc/afpd/unix.c b/etc/afpd/unix.c
index 9b68c3d4..f604d79b 100644
--- a/etc/afpd/unix.c
+++ b/etc/afpd/unix.c
@@ -157,6 +157,7 @@ mode_t mode;
 }
 
 #ifdef accessmode
+
 #undef accessmode
 #endif
 /*
-- 
2.39.2