summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2009-05-08 10:11:38 -0700
committerJeremy Allison <jra@samba.org>2009-05-08 10:12:36 -0700
commitf47b220ce1bd8632205679bbba8f679f4470360b (patch)
treee4ea61fb5d6589e6de3a804b857633df13808d0f
parentb79eff843be392f3065e912edca1434081d93c44 (diff)
downloadsamba-f47b220ce1bd8632205679bbba8f679f4470360b.tar.gz
samba-f47b220ce1bd8632205679bbba8f679f4470360b.tar.bz2
samba-f47b220ce1bd8632205679bbba8f679f4470360b.zip
Expand the comment explaining why user_in_group_sid is
not reliable for winbindd users from foreign domains. Jeremy.
-rw-r--r--source3/smbd/posix_acls.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index abfb00c44c..8d172e17bd 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1297,7 +1297,12 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
return False;
}
- /* notice that this is not reliable for users exported by winbindd! */
+ /*
+ * user_in_group_sid() uses create_token_from_username()
+ * which creates an artificial NT token given just a username,
+ * so this is not reliable for users from foreign domains
+ * exported by winbindd!
+ */
return user_in_group_sid(u_name, &group_ace->trustee);
}