[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1664-g4d30225

Jeremy Allison jra at samba.org
Fri Jan 25 02:14:08 GMT 2008 

The branch, v3-2-test has been updated
       via  4d302254fdfce2c267cf6b21f662d5aa2dc9c72c (commit)
      from  3df2f7ca782e418703d82f7a1f3c035a365f9589 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 4d302254fdfce2c267cf6b21f662d5aa2dc9c72c
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Jan 24 18:13:22 2008 -0800

    Fix a really subtle old, old bug :-). When canonicalizing the
    NT ACL into a POSIX one, if the group being set is the primary group
    of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP.
    Otherwise we get an extra bogus group entry in the POSIX ACL.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/smbd/posix_acls.c |   12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index 3470643..9c01526 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -1408,12 +1408,12 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 
 				psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
 				psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-				
+
 			} else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
 
 				psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
 				psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-				
+
 			}
 		}
 	}
@@ -1477,7 +1477,13 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 			current_ace->type = SMB_ACL_USER;
 		} else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid)) {
 			current_ace->owner_type = GID_ACE;
-			current_ace->type = SMB_ACL_GROUP;
+			/* If it's the primary group, this is a group_obj, not
+			 * a group. */
+			if (current_ace->unix_ug.gid == pst->st_gid) {
+				current_ace->type = SMB_ACL_GROUP_OBJ;
+			} else {
+				current_ace->type = SMB_ACL_GROUP;
+			}
 		} else {
 			/*
 			 * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).


-- 
Samba Shared Repository

More information about the samba-cvs mailing list