summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-05-16 13:07:17 -0700
committerAndrew Bartlett <abartlet@samba.org>2012-05-17 05:08:44 +0200
commit6bafb4ac25989fd5d637db0da4afab5ae36bad1c (patch)
tree4dfe6855c8f99320327c90b7e260b2f8e21265be /source3
parentf38638d4511814e2b541665df2f56c7ce357682f (diff)
downloadsamba-6bafb4ac25989fd5d637db0da4afab5ae36bad1c.tar.gz
samba-6bafb4ac25989fd5d637db0da4afab5ae36bad1c.tar.bz2
samba-6bafb4ac25989fd5d637db0da4afab5ae36bad1c.zip
s3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient.
Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu May 17 05:08:44 CEST 2012 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/posix_acls.c35
1 files changed, 35 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 99e915678a..e2571ff248 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1535,6 +1535,37 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
}
}
+ /* If the SID is equal for the user and group that we need
+ to add the duplicate for, add only the group */
+ if (!got_duplicate_user && !got_duplicate_group
+ && dom_sid_equal(&pace_group->trustee,
+ &pace_user->trustee)) {
+ /* Add a duplicate SMB_ACL_GROUP entry, this
+ * will cover the owning SID as well, as it
+ * will always be mapped to both a uid and
+ * gid. */
+
+ if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
+ DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n"));
+ return false;
+ }
+
+ ZERO_STRUCTP(pace);
+ pace->type = SMB_ACL_GROUP;;
+ pace->owner_type = GID_ACE;
+ pace->unix_ug.gid = pace_group->unix_ug.gid;
+ pace->trustee = pace_group->trustee;
+ pace->attr = pace_group->attr;
+ pace->perms = pace_group->perms;
+
+ DLIST_ADD(*pp_ace, pace);
+
+ /* We're done here, make sure the
+ statements below are not executed. */
+ got_duplicate_user = true;
+ got_duplicate_group = true;
+ }
+
if (!got_duplicate_user) {
/* Add a duplicate SMB_ACL_USER entry. */
if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
@@ -1551,6 +1582,8 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
pace->perms = pace_user->perms;
DLIST_ADD(*pp_ace, pace);
+
+ got_duplicate_user = true;
}
if (!got_duplicate_group) {
@@ -1569,6 +1602,8 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
pace->perms = pace_group->perms;
DLIST_ADD(*pp_ace, pace);
+
+ got_duplicate_group = true;
}
}