| commit | ef0d72513b5404f176186632aab67d7b87039ba2 | |
| author | Stefan Metzmacher <metze@samba.org> | |
| Fri, 8 May 2009 12:33:49 +0000 (8 14:33 +0200) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Wed, 13 May 2009 16:49:18 +0000 (13 18:49 +0200) | ||
| tree | 6488152459733b5085db13dec056acac649841a9 | treesnapshot (tar.gz zip) |
| parent | 07d40da10ac9aab58cb7684dc39f6c1ffeb2d020 | commitdiff |
s3:smbd: fix posix acls when setting an ACL without explicit ACE for the owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
| source/smbd/posix_acls.c | diffblobblamehistory |