From 46157a65d713530b640103823b6928627508526c Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sun, 29 Apr 2001 19:53:50 +0000
Subject: [PATCH] o As part of the move to not maintaining copies of the vnode
 owning uid   and gid in the ACL, vaccess_acl_posix1e() was changed to accept 
  explicit file_uid and file_gid as arguments.  However, in making the  
 change, I explicitly checked file_gid against cr->cr_groups[0], rather   than
 using groupmember, resulting in ACL_GROUP_OBJ entries being   compared to the
 caller's effective gid only, not the remainder of   its groups.  This was
 recently corrected for the version of the   group call without privilege, but
 the second test (when privilege is   added) was missed.  This change replaces
 an additiona cr->cr_groups[0]   check with groupmember().

Pointed out by:	jedgar
Reviewed by:	jedgar
Obtained from:	TrustedBSD Project
---
 sys/kern/kern_acl.c         | 2 +-
 sys/kern/subr_acl_posix1e.c | 2 +-
 sys/kern/vfs_acl.c          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_acl.c b/sys/kern/kern_acl.c
index 915f12df03df..10d2363060a2 100644
--- a/sys/kern/kern_acl.c
+++ b/sys/kern/kern_acl.c
@@ -276,7 +276,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 		for (i = 0; i < acl->acl_cnt; i++) {
 			switch (acl->acl_entry[i].ae_tag) {
 			case ACL_GROUP_OBJ:
-				if (file_gid != cred->cr_groups[0])
+				if (!groupmember(file_gid, cred))
 					break;
 				dac_granted = 0;
 				if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c
index 915f12df03df..10d2363060a2 100644
--- a/sys/kern/subr_acl_posix1e.c
+++ b/sys/kern/subr_acl_posix1e.c
@@ -276,7 +276,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 		for (i = 0; i < acl->acl_cnt; i++) {
 			switch (acl->acl_entry[i].ae_tag) {
 			case ACL_GROUP_OBJ:
-				if (file_gid != cred->cr_groups[0])
+				if (!groupmember(file_gid, cred))
 					break;
 				dac_granted = 0;
 				if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c
index 915f12df03df..10d2363060a2 100644
--- a/sys/kern/vfs_acl.c
+++ b/sys/kern/vfs_acl.c
@@ -276,7 +276,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 		for (i = 0; i < acl->acl_cnt; i++) {
 			switch (acl->acl_entry[i].ae_tag) {
 			case ACL_GROUP_OBJ:
-				if (file_gid != cred->cr_groups[0])
+				if (!groupmember(file_gid, cred))
 					break;
 				dac_granted = 0;
 				if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)