summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/lib/util_sid.c3
-rw-r--r--source3/smbd/posix_acls.c21
2 files changed, 13 insertions, 11 deletions
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 032be9aa93..c89abc916f 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -510,6 +510,9 @@ BOOL non_mappable_sid(DOM_SID *sid)
DOM_SID dom;
uint32 rid;
+ if (sid_equal(sid, &global_sid_System))
+ return True;
+
sid_copy(&dom, sid);
sid_split_rid(&dom, &rid);
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 50038dd464..cdb60a23e7 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1347,17 +1347,6 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
SEC_ACE *psa = &dacl->aces[i];
/*
- * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
- */
-
- if (non_mappable_sid(&psa->trustee)) {
- fstring str;
- DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
- sid_to_string(str, &psa->trustee) ));
- continue;
- }
-
- /*
* Create a cannon_ace entry representing this NT DACL ACE.
*/
@@ -1417,6 +1406,16 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
} else {
fstring str;
+ /*
+ * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
+ */
+
+ if (non_mappable_sid(&psa->trustee)) {
+ DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
+ sid_to_string(str, &psa->trustee) ));
+ continue;
+ }
+
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",