From 1c3c5e2156d9096f60bd53a96b88c2f1001d898a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 10 May 2012 09:19:46 +1000 Subject: s3-smbd: Create a shortcut for building the token of a user by SID for posix_acls When a user owns a file, but does not have specific permissions on that file, we need to make up the user permissions. This change ensures that the first thing that we do is to look up the SID, and confirm it is a user. Then, we avoid the getpwnam() and directly create the token via the SID. Andrew Bartlett Signed-off-by: Jeremy Allison --- source3/smbd/posix_acls.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 59f8e0cd44..3f421061f8 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1310,8 +1310,6 @@ static void apply_default_perms(const struct share_params *params, static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, canon_ace *group_ace ) { - const char *u_name = NULL; - /* "Everyone" always matches every uid. */ if (dom_sid_equal(&group_ace->trustee, &global_sid_World)) @@ -1337,19 +1335,13 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano } } - /* u_name talloc'ed off tos. */ - u_name = uidtoname(uid_ace->unix_ug.uid); - if (!u_name) { - return False; - } - /* - * user_in_group_sid() uses create_token_from_username() + * user_in_group_sid() uses create_token_from_sid() * which creates an artificial NT token given just a username, * so this is not reliable for users from foreign domains * exported by winbindd! */ - return user_in_group_sid(u_name, &group_ace->trustee); + return user_sid_in_group_sid(&uid_ace->trustee, &group_ace->trustee); } /**************************************************************************** -- cgit