[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1664-g4d30225

Thu, 24 Jan 2008 18:13:51 -0800 

The branch, v3-2-test has been updated
       via  4d302254fdfce2c267cf6b21f662d5aa2dc9c72c (commit)
      from  3df2f7ca782e418703d82f7a1f3c035a365f9589 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 4d302254fdfce2c267cf6b21f662d5aa2dc9c72c
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date:   Thu Jan 24 18:13:22 2008 -0800

    Fix a really subtle old, old bug :-). When canonicalizing the
    NT ACL into a POSIX one, if the group being set is the primary group
    of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP.
    Otherwise we get an extra bogus group entry in the POSIX ACL.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/smbd/posix_acls.c |   12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index 3470643..9c01526 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -1408,12 +1408,12 @@ static bool create_canon_ace_lists(files_struct *fsp, 
SMB_STRUCT_STAT *pst,
 
                                psa1->flags |= (psa2->flags & 
(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
                                psa2->flags &= 
~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-                               
+
                        } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
 
                                psa2->flags |= (psa1->flags & 
(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
                                psa1->flags &= 
~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-                               
+
                        }
                }
        }
@@ -1477,7 +1477,13 @@ static bool create_canon_ace_lists(files_struct *fsp, 
SMB_STRUCT_STAT *pst,
                        current_ace->type = SMB_ACL_USER;
                } else if (sid_to_gid( &current_ace->trustee, 
&current_ace->unix_ug.gid)) {
                        current_ace->owner_type = GID_ACE;
-                       current_ace->type = SMB_ACL_GROUP;
+                       /* If it's the primary group, this is a group_obj, not
+                        * a group. */
+                       if (current_ace->unix_ug.gid == pst->st_gid) {
+                               current_ace->type = SMB_ACL_GROUP_OBJ;
+                       } else {
+                               current_ace->type = SMB_ACL_GROUP;
+                       }
                } else {
                        /*
                         * Silently ignore map failures in non-mappable SIDs 
(NT Authority, BUILTIN etc).


-- 
Samba Shared Repository

Reply via email to