get_posix_access: Fix primary group handing when multiple ACEs exist

Handle additional ACE for primary group only as another GROUP
	entry if it's an allow ACE.  Deny ACEs don't qualify.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2016-01-28 14:34:11 +01:00
parent 69f4c40291
commit a16ab1751c
1 changed files with 5 additions and 3 deletions

View File

@ -829,11 +829,13 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
else if (type == GROUP_OBJ) else if (type == GROUP_OBJ)
{ {
/* Same for the primary group. */ /* Same for the primary group. */
if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
{
if (saw_group_obj) if (saw_group_obj)
type = GROUP; type = GROUP;
if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
saw_group_obj = true; saw_group_obj = true;
} }
}
if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0) if ((pos = searchace (lacl, MAX_ACL_ENTRIES, type, id)) >= 0)
{ {
getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType, getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType,