Fix "force unknown ACL user" to strip out foreign SIDs from POSIX ACLs if they can...

author Jeremy Allison <jra@samba.org>

Sat, 23 Oct 2010 00:23:13 +0000 (17:23 -0700)

committer Karolin Seeger <kseeger@samba.org>

Wed, 24 Nov 2010 17:10:59 +0000 (18:10 +0100)
author Jeremy Allison <jra@samba.org>
Sat, 23 Oct 2010 00:23:13 +0000 (17:23 -0700)
committer Karolin Seeger <kseeger@samba.org>
Wed, 24 Nov 2010 17:10:59 +0000 (18:10 +0100)
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c

index 78708a70d9f1a9e4b676bd4f2f5f6d7348f21eab..6d12b3cddaeeff51f9bd4a00fa1e1af93af0fedb 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1748,6 +1748,14 @@ static bool create_canon_ace_lists(files_struct *fsp,
                                 continue;
                         }
  
+                       if (lp_force_unknown_acl_user(SNUM(fsp->conn))) {
+                               DEBUG(10, ("create_canon_ace_lists: ignoring "
+                                       "unknown or foreign SID %s\n",
+                                       sid_string_dbg(&psa->trustee)));
+                                       SAFE_FREE(current_ace);
+                               continue;
+                       }
+
                         free_canon_ace_list(file_ace);
                         free_canon_ace_list(dir_ace);
                         DEBUG(0, ("create_canon_ace_lists: unable to map SID "
author	Jeremy Allison <jra@samba.org>
	Sat, 23 Oct 2010 00:23:13 +0000 (17:23 -0700)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 24 Nov 2010 17:10:59 +0000 (18:10 +0100)