summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-05-10 11:05:41 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-05-17 03:17:05 +0200
commitf38638d4511814e2b541665df2f56c7ce357682f (patch)
tree3430d57b8b158cf209c54049ebf5c81969386733
parent5b1c42228b8badbc7e7a4446c33f590bd1257f1f (diff)
downloadsamba-f38638d4511814e2b541665df2f56c7ce357682f.tar.gz
samba-f38638d4511814e2b541665df2f56c7ce357682f.tar.bz2
samba-f38638d4511814e2b541665df2f56c7ce357682f.zip
s3-smbd: Consider a group with the same SID as sufficient duplication
This code is to ensure that the user does not loose rights when their file ownership is taken away. If the owner (an IDMAP_BOTH SID) appears as a group then a duplicate user is not required. Signed-off-by: Jeremy Allison <jra@samba.org>
-rw-r--r--source3/smbd/posix_acls.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 6e97dcf873..99e915678a 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1525,6 +1525,13 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
pace->unix_ug.gid == pace_user->unix_ug.gid) {
/* Already got one. */
got_duplicate_group = true;
+ } else if ((pace->type == SMB_ACL_GROUP)
+ && (dom_sid_equal(&pace->trustee, &pace_user->trustee))) {
+ /* If the SID owning the file appears
+ * in a group entry, then we have
+ * enough duplication, they will still
+ * have access */
+ got_duplicate_user = true;
}
}