s3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ID_TYPE_BOTH...

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu May 17 05:08:44 CEST 2012 on sn-devel-104

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 99e915678ab1d27d616a1bbc826097e194365e7d..e2571ff24828f785aa7819fa4edbf3b175dc7189 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1535,6 +1535,37 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
                        }
                }
 
+               /* If the SID is equal for the user and group that we need
+                  to add the duplicate for, add only the group */
+               if (!got_duplicate_user && !got_duplicate_group
+                               && dom_sid_equal(&pace_group->trustee,
+                                               &pace_user->trustee)) {
+                       /* Add a duplicate SMB_ACL_GROUP entry, this
+                        * will cover the owning SID as well, as it
+                        * will always be mapped to both a uid and
+                        * gid. */
+
+                       if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
+                               DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n"));
+                               return false;
+                       }
+
+                       ZERO_STRUCTP(pace);
+                       pace->type = SMB_ACL_GROUP;;
+                       pace->owner_type = GID_ACE;
+                       pace->unix_ug.gid = pace_group->unix_ug.gid;
+                       pace->trustee = pace_group->trustee;
+                       pace->attr = pace_group->attr;
+                       pace->perms = pace_group->perms;
+
+                       DLIST_ADD(*pp_ace, pace);
+
+                       /* We're done here, make sure the
+                          statements below are not executed. */
+                       got_duplicate_user = true;
+                       got_duplicate_group = true;
+               }
+
                if (!got_duplicate_user) {
                        /* Add a duplicate SMB_ACL_USER entry. */
                        if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
@@ -1551,6 +1582,8 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
                        pace->perms = pace_user->perms;
 
                        DLIST_ADD(*pp_ace, pace);
+
+                       got_duplicate_user = true;
                }
 
                if (!got_duplicate_group) {
@@ -1569,6 +1602,8 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
                        pace->perms = pace_group->perms;
 
                        DLIST_ADD(*pp_ace, pace);
+
+                       got_duplicate_group = true;
                }
 
        }