git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3df2f7c)
Fix a really subtle old, old bug :-). When canonicalizing the
authorJeremy Allison <jra@samba.org>
Fri, 25 Jan 2008 02:13:22 +0000 (18:13 -0800)
committerJeremy Allison <jra@samba.org>
Fri, 25 Jan 2008 02:13:22 +0000 (18:13 -0800)
NT ACL into a POSIX one, if the group being set is the primary group
of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP.
Otherwise we get an extra bogus group entry in the POSIX ACL.
Jeremy.

source/smbd/posix_acls.c patch | blob | history

diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index 347064362d67bb3f3a8a06b1b6e7a8ddabae50c7..9c015261b5f130f4b153763f96915c61a388a494 100644 (file)
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -1408,12 +1408,12 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 
                                psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
                                psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-                               
+
                        } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
 
                                psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
                                psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-                               
+
                        }
                }
        }
@@ -1477,7 +1477,13 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
                        current_ace->type = SMB_ACL_USER;
                } else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid)) {
                        current_ace->owner_type = GID_ACE;
-                       current_ace->type = SMB_ACL_GROUP;
+                       /* If it's the primary group, this is a group_obj, not
+                        * a group. */
+                       if (current_ace->unix_ug.gid == pst->st_gid) {
+                               current_ace->type = SMB_ACL_GROUP_OBJ;
+                       } else {
+                               current_ace->type = SMB_ACL_GROUP;
+                       }
                } else {
                        /*
                         * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
Samba Shared Repository