From: Christof Schmitt Date: Fri, 7 Jun 2019 19:55:32 +0000 (-0700) Subject: Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH" X-Git-Tag: samba-4.9.12~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0af50d85f6dd20324cf3a3f75a01a5bcd0c8c715;p=thirdparty%2Fsamba.git Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH" This reverts commit 5d4f7bfda579cecb123cfb1d7130688f1d1c98b7. That patch broke the case with ID_TYPE_BOTH where a file is owned by a group (e.g. using autorid and having a file owned by BUILTIN\Administrators). In this case, the ACE entry for the group gets mapped a to a user ACL entry and the group no longer has access (as in the user's token the group is not mapped to a uid). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme (cherry picked from commit 42bd3a72a2525aa8a918f4bf7067b30ce8e0e197) --- diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 7776caa16d2..6db5a6db6d9 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -723,14 +723,7 @@ static bool smbacl4_fill_ace4( uid_t uid; gid_t gid; - /* - * ID_TYPE_BOTH returns both uid and gid. Explicitly - * check for ownerUID to allow the mapping of the - * owner to a special entry in this idmap config. - */ - if (sid_to_uid(&ace_nt->trustee, &uid) && uid == ownerUID) { - ace_v4->who.uid = uid; - } else if (sid_to_gid(&ace_nt->trustee, &gid)) { + if (sid_to_gid(&ace_nt->trustee, &gid)) { ace_v4->aceFlags |= SMB_ACE4_IDENTIFIER_GROUP; ace_v4->who.gid = gid; } else if (sid_to_uid(&ace_nt->trustee, &uid)) {