diff options
author | Christof Schmitt <cs@samba.org> | 2019-06-07 12:55:32 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-08-26 10:23:24 +0000 |
commit | 0af50d85f6dd20324cf3a3f75a01a5bcd0c8c715 (patch) | |
tree | a8dbd33032dc799c2c50196c903cd5a09657e68c | |
parent | d2b711ae9bfa83a1f30cc9ca85d8c9cd33e565e4 (diff) | |
download | samba-0af50d85f6dd20324cf3a3f75a01a5bcd0c8c715.tar.gz |
Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH"
This reverts commit 5d4f7bfda579cecb123cfb1d7130688f1d1c98b7.
That patch broke the case with ID_TYPE_BOTH where a file is owned by a
group (e.g. using autorid and having a file owned by
BUILTIN\Administrators). In this case, the ACE entry for the group gets
mapped a to a user ACL entry and the group no longer has access (as in
the user's token the group is not mapped to a uid).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 42bd3a72a2525aa8a918f4bf7067b30ce8e0e197)
-rw-r--r-- | source3/modules/nfs4_acls.c | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 7776caa16d2..6db5a6db6d9 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -723,14 +723,7 @@ static bool smbacl4_fill_ace4( uid_t uid; gid_t gid; - /* - * ID_TYPE_BOTH returns both uid and gid. Explicitly - * check for ownerUID to allow the mapping of the - * owner to a special entry in this idmap config. - */ - if (sid_to_uid(&ace_nt->trustee, &uid) && uid == ownerUID) { - ace_v4->who.uid = uid; - } else if (sid_to_gid(&ace_nt->trustee, &gid)) { + if (sid_to_gid(&ace_nt->trustee, &gid)) { ace_v4->aceFlags |= SMB_ACE4_IDENTIFIER_GROUP; ace_v4->who.gid = gid; } else if (sid_to_uid(&ace_nt->trustee, &uid)) { |