From f47b220ce1bd8632205679bbba8f679f4470360b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 8 May 2009 10:11:38 -0700
Subject: Expand the comment explaining why user_in_group_sid is not reliable
 for winbindd users from foreign domains. Jeremy.

---
 source3/smbd/posix_acls.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'source3/smbd')

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index abfb00c44c..8d172e17bd 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1297,7 +1297,12 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
 		return False;
 	}
 
-	/* notice that this is not reliable for users exported by winbindd! */
+	/*
+	 * user_in_group_sid() uses create_token_from_username()
+	 * which creates an artificial NT token given just a username,
+	 * so this is not reliable for users from foreign domains
+	 * exported by winbindd!
+	 */
 	return user_in_group_sid(u_name, &group_ace->trustee);
 }
 
-- 
cgit