From 984723943e972230d073ec1c0d3f6a82fde04661 Mon Sep 17 00:00:00 2001
From: Arvid Requate <requate@univention.de>
Date: Sat, 10 Nov 2012 09:21:30 -0800
Subject: [PATCH] Fix bug 9376 - ensure_canon_entry_valid generates duplicate
 SMB_ACL_GROUP, acl_valid fails.

s3:smbd: typo in got_duplicate_group check.

Due to a typo in posix_acl.c:ensure_canon_entry_valid_on_set the function
returns invalid ACLs in some cases. Specifically it genereates a SMB_ACL_GROUP
for a SMB_ACL_GROUP_OBJ, where the required SMB_ACL_GROUP ace is already
present. This can result in a failure of acl_valid in vfs_acl_xattr.
---
 source3/smbd/posix_acls.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 503727f..d437b28 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1536,7 +1536,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn,
 				/* Already got one. */
 				got_duplicate_user = true;
 			} else if (pace->type == SMB_ACL_GROUP &&
-					pace->unix_ug.id == pace_user->unix_ug.id) {
+					pace->unix_ug.id == pace_group->unix_ug.id) {
 				/* Already got one. */
 				got_duplicate_group = true;
 			} else if ((pace->type == SMB_ACL_GROUP)
-- 
1.7.10.4