summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-05-10 11:05:41 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-05-17 03:17:05 +0200
commitf38638d4511814e2b541665df2f56c7ce357682f (patch)
tree3430d57b8b158cf209c54049ebf5c81969386733 /source3/smbd
parent5b1c42228b8badbc7e7a4446c33f590bd1257f1f (diff)
downloadsamba-f38638d4511814e2b541665df2f56c7ce357682f.tar.gz
samba-f38638d4511814e2b541665df2f56c7ce357682f.tar.bz2
samba-f38638d4511814e2b541665df2f56c7ce357682f.zip
s3-smbd: Consider a group with the same SID as sufficient duplication
This code is to ensure that the user does not loose rights when their file ownership is taken away. If the owner (an IDMAP_BOTH SID) appears as a group then a duplicate user is not required. Signed-off-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/posix_acls.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 6e97dcf873..99e915678a 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1525,6 +1525,13 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
pace->unix_ug.gid == pace_user->unix_ug.gid) {
/* Already got one. */
got_duplicate_group = true;
+ } else if ((pace->type == SMB_ACL_GROUP)
+ && (dom_sid_equal(&pace->trustee, &pace_user->trustee))) {
+ /* If the SID owning the file appears
+ * in a group entry, then we have
+ * enough duplication, they will still
+ * have access */
+ got_duplicate_user = true;
}
}