r22481: Move check for non-mappable SIDs to after sid_to_uid,

author Jeremy Allison <jra@samba.org>

Mon, 23 Apr 2007 09:19:35 +0000 (09:19 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 17:19:38 +0000 (12:19 -0500)
author Jeremy Allison <jra@samba.org>
Mon, 23 Apr 2007 09:19:35 +0000 (09:19 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:19:38 +0000 (12:19 -0500)
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c

index 032be9aa93b9d01791c9aa1612520e50dcbca0a9..c89abc916f2df73799099614c3e7d9b21bed3f8f 100644 (file)
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -510,6 +510,9 @@ BOOL non_mappable_sid(DOM_SID *sid)
         DOM_SID dom;
         uint32 rid;
  
+       if (sid_equal(sid, &global_sid_System))
+               return True;
+
         sid_copy(&dom, sid);
         sid_split_rid(&dom, &rid);
  
diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c

index 50038dd464c4b7bcd2ec12f611738384287ba0ae..cdb60a23e725421350da764eda334217aa048c40 100644 (file)
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -1346,17 +1346,6 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
         for(i = 0; i < dacl->num_aces; i++) {
                 SEC_ACE *psa = &dacl->aces[i];
  
-               /*
-                * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
-                */
-
-               if (non_mappable_sid(&psa->trustee)) {
-                       fstring str;
-                       DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
-                               sid_to_string(str, &psa->trustee) ));
-                       continue;
-               }
-
                 /*
                  * Create a cannon_ace entry representing this NT DACL ACE.
                  */
@@ -1417,6 +1406,16 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
                 } else {
                         fstring str;
  
+                       /*
+                        * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
+                        */
+
+                       if (non_mappable_sid(&psa->trustee)) {
+                               DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
+                                       sid_to_string(str, &psa->trustee) ));
+                               continue;
+                       }
+
                         free_canon_ace_list(file_ace);
                         free_canon_ace_list(dir_ace);
                         DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",
author	Jeremy Allison <jra@samba.org>
	Mon, 23 Apr 2007 09:19:35 +0000 (09:19 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 17:19:38 +0000 (12:19 -0500)
source/lib/util_sid.c		patch \| blob \| blame \| history
source/smbd/posix_acls.c		patch \| blob \| blame \| history