From 0492effcf36bc1229d0d2e9250b6c6c36af0b117 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 22 Sep 2001 06:45:24 +0000
Subject: Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.
 Jeremy. (This used to be commit bc7963bd643422cce081b6284e3bdd49ae3a02ab)

---
 source3/lib/util_sid.c    | 24 ++++++++++++++++++++++++
 source3/smbd/posix_acls.c | 11 +++++++++++
 2 files changed, 35 insertions(+)

(limited to 'source3')

diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index c89c7c70d9..10813a4605 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -566,3 +566,27 @@ size_t sid_size(DOM_SID *sid)
 
 	return sid->num_auths * sizeof(uint32) + 8;
 }
+
+/*****************************************************************
+ Returns true if SID is internal (and non-mappable).
+*****************************************************************/
+
+BOOL non_mappable_sid(DOM_SID *sid)
+{
+	DOM_SID dom;
+	uint32 rid;
+
+	sid_copy(&dom, sid);
+	sid_split_rid(&dom, &rid);
+
+	if (sid_equal(&dom, &global_sid_Builtin))
+		return True;
+
+    if (sid_equal(&dom, &global_sid_Creator_Owner_Domain))
+		return True;
+ 
+	if (sid_equal(&dom, &global_sid_NT_Authority))
+		return True;
+
+	return False;
+}
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 18a635336c..64dd51f193 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -714,6 +714,17 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
 		enum SID_NAME_USE sid_type;
 		SEC_ACE *psa = &dacl->ace[i];
 
+		/*
+		 * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
+		 */
+
+		if (non_mappable_sid(&psa->sid)) {
+			fstring str;
+			DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
+				sid_to_string(str, &psa->sid) ));
+			continue;
+		}
+
 		/*
 		 * Create a cannon_ace entry representing this NT DACL ACE.
 		 */
-- 
cgit