summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2012-05-14 12:34:39 -0700
committerAndrew Bartlett <abartlet@samba.org>2012-05-17 03:17:05 +0200
commit173f818a294d89cc97ba22856c334c451772fbe5 (patch)
tree65231fa57780b789ab4e9995c5d7bb825540e367 /source3/smbd
parent59106473d37044adf5f1edde24221e1f70f15972 (diff)
downloadsamba-173f818a294d89cc97ba22856c334c451772fbe5.tar.gz
samba-173f818a294d89cc97ba22856c334c451772fbe5.tar.bz2
samba-173f818a294d89cc97ba22856c334c451772fbe5.zip
This covers a case where an ID_TYPE_BOTH mapping creates group permissions, but must own the file. Based on an original patch by Andrew Bartlett.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/posix_acls.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index a313190fd2..d58c7c0b8b 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1420,7 +1420,8 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
if (setting_acl) {
/* See if the owning user is in any of the other groups in
- the ACE, or if there's a matching user entry.
+ the ACE, or if there's a matching user entry (by uid
+ or in the case of ID_TYPE_BOTH by SID).
If so, OR in the permissions from that entry. */
canon_ace *pace_iter;
@@ -1430,7 +1431,9 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
pace_iter->unix_ug.uid == pace->unix_ug.uid) {
pace->perms |= pace_iter->perms;
} else if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) {
- if (uid_entry_in_group(conn, pace, pace_iter)) {
+ if (dom_sid_equal(&pace->trustee, &pace_iter->trustee)) {
+ pace->perms |= pace_iter->perms;
+ } else if (uid_entry_in_group(conn, pace, pace_iter)) {
pace->perms |= pace_iter->perms;
}
}