diff options
author | Jeremy Allison <jra@samba.org> | 2009-05-08 10:11:38 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2009-05-08 10:12:36 -0700 |
commit | f47b220ce1bd8632205679bbba8f679f4470360b (patch) | |
tree | e4ea61fb5d6589e6de3a804b857633df13808d0f | |
parent | b79eff843be392f3065e912edca1434081d93c44 (diff) | |
download | samba-f47b220ce1bd8632205679bbba8f679f4470360b.tar.gz samba-f47b220ce1bd8632205679bbba8f679f4470360b.tar.bz2 samba-f47b220ce1bd8632205679bbba8f679f4470360b.zip |
Expand the comment explaining why user_in_group_sid is
not reliable for winbindd users from foreign domains.
Jeremy.
-rw-r--r-- | source3/smbd/posix_acls.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index abfb00c44c..8d172e17bd 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1297,7 +1297,12 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) return False; } - /* notice that this is not reliable for users exported by winbindd! */ + /* + * user_in_group_sid() uses create_token_from_username() + * which creates an artificial NT token given just a username, + * so this is not reliable for users from foreign domains + * exported by winbindd! + */ return user_in_group_sid(u_name, &group_ace->trustee); } |