Fixed a couple of bugs in displaying a UNIX permission as an NT

ACL. Firstly, UNIX groups should be returned as SID_NAME_ALIAS
not SID_NAME_DOM_GRP. Secondly I was mapping the group entry of
a UNIX permission to a user rid, not a group rid (that was just
dumb :-). Now the full permissions are seen correctly.
Jeremy.

diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index ad1729b33dac05c9820743e5c88d1c9932a31903..9b0e8c21a1503e47e36afafd83df4888b91983a2 100644 (file)
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -1136,7 +1136,7 @@ BOOL lookup_local_rid(uint32 rid, char *name, uint8 *psid_name_use)
                gid_t gid = pdb_user_rid_to_gid(rid);
                struct group *gr = getgrgid(gid);
 
-               *psid_name_use = SID_NAME_DOM_GRP;
+               *psid_name_use = SID_NAME_ALIAS;
 
                DEBUG(5,("lookup_local_rid: looking up gid %u %s\n", (unsigned int)gid,
                        gr ? "succeeded" : "failed" ));
@@ -1193,7 +1193,7 @@ BOOL lookup_local_name(char *domain, char *user, DOM_SID *psid, uint8 *psid_name
                        return False;
 
                sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
-               *psid_name_use = SID_NAME_DOM_GRP;
+               *psid_name_use = SID_NAME_ALIAS;
        } else {
 
                sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));

diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index b5652b62b7bd897005cc8792ceb727245a9bf578..256f58308b06af86d3daacc2e8112c7c635a41cd 100644 (file)
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -396,7 +396,7 @@ static int map_share_mode( char *fname, uint32 desired_access, uint32 share_acce
   if (smb_open_mode == -1) {
     if(desired_access & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|
                               FILE_EXECUTE|FILE_READ_ATTRIBUTES|
-                              FILE_READ_EA|FILE_WRITE_EA|
+                              FILE_READ_EA|FILE_WRITE_EA|SYSTEM_SECURITY_ACCESS|
                               FILE_WRITE_ATTRIBUTES|READ_CONTROL_ACCESS))
       smb_open_mode = DOS_OPEN_RDONLY;
     else {
@@ -1672,7 +1672,7 @@ static size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
     sid_copy(&owner_sid, &global_sam_sid);
     sid_copy(&group_sid, &global_sam_sid);
     sid_append_rid(&owner_sid, pdb_uid_to_user_rid(sbuf.st_uid));
-    sid_append_rid(&group_sid, pdb_uid_to_user_rid(sbuf.st_gid));
+    sid_append_rid(&group_sid, pdb_gid_to_group_rid(sbuf.st_gid));
 
     /*
      * Create the generic 3 element UNIX acl.