diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-05-16 13:07:17 -0700 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-05-17 05:08:44 +0200 |
| commit | 6bafb4ac25989fd5d637db0da4afab5ae36bad1c (patch) | |
| tree | 4dfe6855c8f99320327c90b7e260b2f8e21265be | |
| parent | f38638d4511814e2b541665df2f56c7ce357682f (diff) | |
| download | samba-6bafb4ac25989fd5d637db0da4afab5ae36bad1c.tar.gz samba-6bafb4ac25989fd5d637db0da4afab5ae36bad1c.tar.bz2 samba-6bafb4ac25989fd5d637db0da4afab5ae36bad1c.zip | |
s3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu May 17 05:08:44 CEST 2012 on sn-devel-104
| -rw-r--r-- | source3/smbd/posix_acls.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 99e915678a..e2571ff248 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1535,6 +1535,37 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace } } + /* If the SID is equal for the user and group that we need + to add the duplicate for, add only the group */ + if (!got_duplicate_user && !got_duplicate_group + && dom_sid_equal(&pace_group->trustee, + &pace_user->trustee)) { + /* Add a duplicate SMB_ACL_GROUP entry, this + * will cover the owning SID as well, as it + * will always be mapped to both a uid and + * gid. */ + + if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) { + DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n")); + return false; + } + + ZERO_STRUCTP(pace); + pace->type = SMB_ACL_GROUP;; + pace->owner_type = GID_ACE; + pace->unix_ug.gid = pace_group->unix_ug.gid; + pace->trustee = pace_group->trustee; + pace->attr = pace_group->attr; + pace->perms = pace_group->perms; + + DLIST_ADD(*pp_ace, pace); + + /* We're done here, make sure the + statements below are not executed. */ + got_duplicate_user = true; + got_duplicate_group = true; + } + if (!got_duplicate_user) { /* Add a duplicate SMB_ACL_USER entry. */ if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) { @@ -1551,6 +1582,8 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace pace->perms = pace_user->perms; DLIST_ADD(*pp_ace, pace); + + got_duplicate_user = true; } if (!got_duplicate_group) { @@ -1569,6 +1602,8 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace pace->perms = pace_group->perms; DLIST_ADD(*pp_ace, pace); + + got_duplicate_group = true; } } |