diff options
| -rw-r--r-- | source3/lib/util_sid.c | 24 | ||||
| -rw-r--r-- | source3/smbd/posix_acls.c | 11 |
2 files changed, 35 insertions, 0 deletions
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index c89c7c70d9..10813a4605 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -566,3 +566,27 @@ size_t sid_size(DOM_SID *sid) return sid->num_auths * sizeof(uint32) + 8; } + +/***************************************************************** + Returns true if SID is internal (and non-mappable). +*****************************************************************/ + +BOOL non_mappable_sid(DOM_SID *sid) +{ + DOM_SID dom; + uint32 rid; + + sid_copy(&dom, sid); + sid_split_rid(&dom, &rid); + + if (sid_equal(&dom, &global_sid_Builtin)) + return True; + + if (sid_equal(&dom, &global_sid_Creator_Owner_Domain)) + return True; + + if (sid_equal(&dom, &global_sid_NT_Authority)) + return True; + + return False; +} diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 18a635336c..64dd51f193 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -715,6 +715,17 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SEC_ACE *psa = &dacl->ace[i]; /* + * Ignore non-mappable SIDs (NT Authority, BUILTIN etc). + */ + + if (non_mappable_sid(&psa->sid)) { + fstring str; + DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n", + sid_to_string(str, &psa->sid) )); + continue; + } + + /* * Create a cannon_ace entry representing this NT DACL ACE. */ |