Fix bug 9376 - ensure_canon_entry_valid generates duplicate SMB_ACL_GROUP, acl_valid...

s3:smbd: typo in got_duplicate_group check.

Due to a typo in posix_acl.c:ensure_canon_entry_valid_on_set the function
returns invalid ACLs in some cases. Specifically it genereates a SMB_ACL_GROUP
for a SMB_ACL_GROUP_OBJ, where the required SMB_ACL_GROUP ace is already
present. This can result in a failure of acl_valid in vfs_acl_xattr.

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 503727fb9998033d6e0b9804d6a402a315751f77..d437b288da2b6496e583090821f6a0cfebe37067 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1536,7 +1536,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn,
                                /* Already got one. */
                                got_duplicate_user = true;
                        } else if (pace->type == SMB_ACL_GROUP &&
-                                       pace->unix_ug.id == pace_user->unix_ug.id) {
+                                       pace->unix_ug.id == pace_group->unix_ug.id) {
                                /* Already got one. */
                                got_duplicate_group = true;
                        } else if ((pace->type == SMB_ACL_GROUP)