summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-01-24 18:13:22 -0800
committerJeremy Allison <jra@samba.org>2008-01-24 18:13:22 -0800
commitfccae57310dcd9b625c4f41be9548d2ed6d81427 (patch)
treec40f57c27ee7a570880e24a2a28bb9c3b9dc4750 /source3
parentdd67913a999323188f4d8c877ab761ce9d53883d (diff)
downloadsamba-fccae57310dcd9b625c4f41be9548d2ed6d81427.tar.gz
samba-fccae57310dcd9b625c4f41be9548d2ed6d81427.tar.bz2
samba-fccae57310dcd9b625c4f41be9548d2ed6d81427.zip
Fix a really subtle old, old bug :-). When canonicalizing the
NT ACL into a POSIX one, if the group being set is the primary group of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP. Otherwise we get an extra bogus group entry in the POSIX ACL. Jeremy. (This used to be commit 4d302254fdfce2c267cf6b21f662d5aa2dc9c72c)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/posix_acls.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 347064362d..9c015261b5 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1408,12 +1408,12 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-
+
} else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-
+
}
}
}
@@ -1477,7 +1477,13 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
current_ace->type = SMB_ACL_USER;
} else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid)) {
current_ace->owner_type = GID_ACE;
- current_ace->type = SMB_ACL_GROUP;
+ /* If it's the primary group, this is a group_obj, not
+ * a group. */
+ if (current_ace->unix_ug.gid == pst->st_gid) {
+ current_ace->type = SMB_ACL_GROUP_OBJ;
+ } else {
+ current_ace->type = SMB_ACL_GROUP;
+ }
} else {
/*
* Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).