diff options
author | Jeremy Allison <jra@samba.org> | 2008-01-24 18:13:22 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-01-24 18:13:22 -0800 |
commit | fccae57310dcd9b625c4f41be9548d2ed6d81427 (patch) | |
tree | c40f57c27ee7a570880e24a2a28bb9c3b9dc4750 /source3 | |
parent | dd67913a999323188f4d8c877ab761ce9d53883d (diff) | |
download | samba-fccae57310dcd9b625c4f41be9548d2ed6d81427.tar.gz samba-fccae57310dcd9b625c4f41be9548d2ed6d81427.tar.bz2 samba-fccae57310dcd9b625c4f41be9548d2ed6d81427.zip |
Fix a really subtle old, old bug :-). When canonicalizing the
NT ACL into a POSIX one, if the group being set is the primary group
of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP.
Otherwise we get an extra bogus group entry in the POSIX ACL.
Jeremy.
(This used to be commit 4d302254fdfce2c267cf6b21f662d5aa2dc9c72c)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/posix_acls.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 347064362d..9c015261b5 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1408,12 +1408,12 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); - + } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) { psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); - + } } } @@ -1477,7 +1477,13 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, current_ace->type = SMB_ACL_USER; } else if (sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid)) { current_ace->owner_type = GID_ACE; - current_ace->type = SMB_ACL_GROUP; + /* If it's the primary group, this is a group_obj, not + * a group. */ + if (current_ace->unix_ug.gid == pst->st_gid) { + current_ace->type = SMB_ACL_GROUP_OBJ; + } else { + current_ace->type = SMB_ACL_GROUP; + } } else { /* * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc). |