summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-04-23 09:19:35 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:19:38 -0500
commit5e7174a2c831883a23ce17b48e3787855b3bb8ff (patch)
tree789fbe9de42f7bf71416201f9a220f783d6b797c
parent2e0a7fc223cc0df11c1766c103717629cb43aab7 (diff)
downloadsamba-5e7174a2c831883a23ce17b48e3787855b3bb8ff.tar.gz
samba-5e7174a2c831883a23ce17b48e3787855b3bb8ff.tar.bz2
samba-5e7174a2c831883a23ce17b48e3787855b3bb8ff.zip
r22481: Move check for non-mappable SIDs to after sid_to_uid,
sid_to_gid mapping, add LocalSystem to non-mappable list. Jeremy. (This used to be commit 805f01464f3feb30725dbce1f90d4296380dd796)
-rw-r--r--source3/lib/util_sid.c3
-rw-r--r--source3/smbd/posix_acls.c21
2 files changed, 13 insertions, 11 deletions
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 032be9aa93..c89abc916f 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -510,6 +510,9 @@ BOOL non_mappable_sid(DOM_SID *sid)
DOM_SID dom;
uint32 rid;
+ if (sid_equal(sid, &global_sid_System))
+ return True;
+
sid_copy(&dom, sid);
sid_split_rid(&dom, &rid);
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 50038dd464..cdb60a23e7 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1347,17 +1347,6 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
SEC_ACE *psa = &dacl->aces[i];
/*
- * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
- */
-
- if (non_mappable_sid(&psa->trustee)) {
- fstring str;
- DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
- sid_to_string(str, &psa->trustee) ));
- continue;
- }
-
- /*
* Create a cannon_ace entry representing this NT DACL ACE.
*/
@@ -1417,6 +1406,16 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
} else {
fstring str;
+ /*
+ * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
+ */
+
+ if (non_mappable_sid(&psa->trustee)) {
+ DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
+ sid_to_string(str, &psa->trustee) ));
+ continue;
+ }
+
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",