diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-05-10 11:05:41 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-05-17 03:17:05 +0200 |
| commit | f38638d4511814e2b541665df2f56c7ce357682f (patch) | |
| tree | 3430d57b8b158cf209c54049ebf5c81969386733 | |
| parent | 5b1c42228b8badbc7e7a4446c33f590bd1257f1f (diff) | |
| download | samba-f38638d4511814e2b541665df2f56c7ce357682f.tar.gz samba-f38638d4511814e2b541665df2f56c7ce357682f.tar.bz2 samba-f38638d4511814e2b541665df2f56c7ce357682f.zip | |
s3-smbd: Consider a group with the same SID as sufficient duplication
This code is to ensure that the user does not loose rights when their file
ownership is taken away. If the owner (an IDMAP_BOTH SID) appears as a group
then a duplicate user is not required.
Signed-off-by: Jeremy Allison <jra@samba.org>
| -rw-r--r-- | source3/smbd/posix_acls.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 6e97dcf873..99e915678a 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1525,6 +1525,13 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace pace->unix_ug.gid == pace_user->unix_ug.gid) { /* Already got one. */ got_duplicate_group = true; + } else if ((pace->type == SMB_ACL_GROUP) + && (dom_sid_equal(&pace->trustee, &pace_user->trustee))) { + /* If the SID owning the file appears + * in a group entry, then we have + * enough duplication, they will still + * have access */ + got_duplicate_user = true; } } |