summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/posix_acls.c21
1 files changed, 18 insertions, 3 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index bc96838a09..abfb00c44c 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1273,16 +1273,31 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
if (sid_equal(&group_ace->trustee, &global_sid_World))
return True;
- /* Assume that the current user is in the current group (force group) */
+ /*
+ * if it's the current user, we already have the unix token
+ * and don't need to do the complex user_in_group_sid() call
+ */
+ if (uid_ace->unix_ug.uid == current_user.ut.uid) {
+ size_t i;
- if (uid_ace->unix_ug.uid == current_user.ut.uid && group_ace->unix_ug.gid == current_user.ut.gid)
- return True;
+ if (group_ace->unix_ug.gid == current_user.ut.gid) {
+ return True;
+ }
+
+ for (i=0; i < current_user.ut.ngroups; i++) {
+ if (group_ace->unix_ug.gid == current_user.ut.groups[i]) {
+ return True;
+ }
+ }
+ }
/* u_name talloc'ed off tos. */
u_name = uidtoname(uid_ace->unix_ug.uid);
if (!u_name) {
return False;
}
+
+ /* notice that this is not reliable for users exported by winbindd! */
return user_in_group_sid(u_name, &group_ace->trustee);
}