From e15480f8dd497defc0e355f08a0cbba1697ffe4e Mon Sep 17 00:00:00 2001 From: Thomas Moestl Date: Mon, 23 Apr 2001 22:52:26 +0000 Subject: [PATCH] Fix a bug introduced in the last commit: vaccess_acl_posix1 only checked the file gid gainst the egid of the accessing process for the ACL_GROUP_OBJ case, and ignored supplementary groups. Approved by: rwatson --- sys/kern/kern_acl.c | 2 +- sys/kern/subr_acl_posix1e.c | 2 +- sys/kern/vfs_acl.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/kern/kern_acl.c b/sys/kern/kern_acl.c index 2ae39e06932..915f12df03d 100644 --- a/sys/kern/kern_acl.c +++ b/sys/kern/kern_acl.c @@ -229,7 +229,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, for (i = 0; i < acl->acl_cnt; i++) { switch (acl->acl_entry[i].ae_tag) { case ACL_GROUP_OBJ: - if (file_gid != cred->cr_groups[0]) + if (!groupmember(file_gid, cred)) break; dac_granted = 0; if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c index 2ae39e06932..915f12df03d 100644 --- a/sys/kern/subr_acl_posix1e.c +++ b/sys/kern/subr_acl_posix1e.c @@ -229,7 +229,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, for (i = 0; i < acl->acl_cnt; i++) { switch (acl->acl_entry[i].ae_tag) { case ACL_GROUP_OBJ: - if (file_gid != cred->cr_groups[0]) + if (!groupmember(file_gid, cred)) break; dac_granted = 0; if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c index 2ae39e06932..915f12df03d 100644 --- a/sys/kern/vfs_acl.c +++ b/sys/kern/vfs_acl.c @@ -229,7 +229,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, for (i = 0; i < acl->acl_cnt; i++) { switch (acl->acl_entry[i].ae_tag) { case ACL_GROUP_OBJ: - if (file_gid != cred->cr_groups[0]) + if (!groupmember(file_gid, cred)) break; dac_granted = 0; if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)