Fix "force unknown ACL user" to strip out foreign SIDs from POSIX ACLs if they can't be mapped.

author: Jeremy Allison <jra@samba.org> 2010-10-15 15:28:23 -0700
committer: Jeremy Allison <jra@samba.org> 2010-10-15 17:38:22 -0700
commit: e031f8ae6aee266c0ebf0b53465906e215ac9561 (patch)
tree: 0091149d08d3f72de11a2b4fb0125b39c3de78cc /source3/smbd/posix_acls.c
parent: f4a9d25cfc70e79f476d01ae3234f2155bbcf39e (diff)
download: samba-e031f8ae6aee266c0ebf0b53465906e215ac9561.tar.gz
samba-e031f8ae6aee266c0ebf0b53465906e215ac9561.tar.bz2
samba-e031f8ae6aee266c0ebf0b53465906e215ac9561.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index fa715fb673..05f6439957 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1753,6 +1753,14 @@ static bool create_canon_ace_lists(files_struct *fsp,
 				continue;
 			}
 
+			if (lp_force_unknown_acl_user(SNUM(fsp->conn))) {
+				DEBUG(10, ("create_canon_ace_lists: ignoring "
+					"unknown or foreign SID %s\n",
+					sid_string_dbg(&psa->trustee)));
+				SAFE_FREE(current_ace);
+				continue;
+			}
+
 			free_canon_ace_list(file_ace);
 			free_canon_ace_list(dir_ace);
 			DEBUG(0, ("create_canon_ace_lists: unable to map SID "
author	Jeremy Allison <jra@samba.org>	2010-10-15 15:28:23 -0700
committer	Jeremy Allison <jra@samba.org>	2010-10-15 17:38:22 -0700
commit	e031f8ae6aee266c0ebf0b53465906e215ac9561 (patch)
tree	0091149d08d3f72de11a2b4fb0125b39c3de78cc /source3/smbd/posix_acls.c
parent	f4a9d25cfc70e79f476d01ae3234f2155bbcf39e (diff)
download	samba-e031f8ae6aee266c0ebf0b53465906e215ac9561.tar.gz samba-e031f8ae6aee266c0ebf0b53465906e215ac9561.tar.bz2 samba-e031f8ae6aee266c0ebf0b53465906e215ac9561.zip