Fix a bug introduced in the last commit: vaccess_acl_posix1 only checked

the file gid gainst the egid of the accessing process for the ACL_GROUP_OBJ case, and ignored supplementary groups. Approved by: rwatson
2001-04-23 22:52:26 +00:00 · 2001-04-23 22:52:26 +00:00 · e15480f8dd
commit e15480f8dd
parent 3c43ddee02
3 changed files with 3 additions and 3 deletions
--- a/sys/kern/kern_acl.c
+++ b/sys/kern/kern_acl.c
@ -229,7 +229,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 	for (i = 0; i < acl->acl_cnt; i++) {
 		switch (acl->acl_entry[i].ae_tag) {
 		case ACL_GROUP_OBJ:
-			if (file_gid != cred->cr_groups[0])
+			if (!groupmember(file_gid, cred))
 				break;
 			dac_granted = 0;
 			if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
--- a/sys/kern/subr_acl_posix1e.c
+++ b/sys/kern/subr_acl_posix1e.c
@ -229,7 +229,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 	for (i = 0; i < acl->acl_cnt; i++) {
 		switch (acl->acl_entry[i].ae_tag) {
 		case ACL_GROUP_OBJ:
-			if (file_gid != cred->cr_groups[0])
+			if (!groupmember(file_gid, cred))
 				break;
 			dac_granted = 0;
 			if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
--- a/sys/kern/vfs_acl.c
+++ b/sys/kern/vfs_acl.c
@ -229,7 +229,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 	for (i = 0; i < acl->acl_cnt; i++) {
 		switch (acl->acl_entry[i].ae_tag) {
 		case ACL_GROUP_OBJ:
-			if (file_gid != cred->cr_groups[0])
+			if (!groupmember(file_gid, cred))
 				break;
 			dac_granted = 0;
 			if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)