From: Jeremy Allison Date: Mon, 23 Apr 2007 09:19:35 +0000 (+0000) Subject: r22481: Move check for non-mappable SIDs to after sid_to_uid, X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~622 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=805f01464f3feb30725dbce1f90d4296380dd796;p=thirdparty%2Fsamba.git r22481: Move check for non-mappable SIDs to after sid_to_uid, sid_to_gid mapping, add LocalSystem to non-mappable list. Jeremy. --- diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c index 032be9aa93b..c89abc916f2 100644 --- a/source/lib/util_sid.c +++ b/source/lib/util_sid.c @@ -510,6 +510,9 @@ BOOL non_mappable_sid(DOM_SID *sid) DOM_SID dom; uint32 rid; + if (sid_equal(sid, &global_sid_System)) + return True; + sid_copy(&dom, sid); sid_split_rid(&dom, &rid); diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 50038dd464c..cdb60a23e72 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -1346,17 +1346,6 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, for(i = 0; i < dacl->num_aces; i++) { SEC_ACE *psa = &dacl->aces[i]; - /* - * Ignore non-mappable SIDs (NT Authority, BUILTIN etc). - */ - - if (non_mappable_sid(&psa->trustee)) { - fstring str; - DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n", - sid_to_string(str, &psa->trustee) )); - continue; - } - /* * Create a cannon_ace entry representing this NT DACL ACE. */ @@ -1417,6 +1406,16 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, } else { fstring str; + /* + * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc). + */ + + if (non_mappable_sid(&psa->trustee)) { + DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n", + sid_to_string(str, &psa->trustee) )); + continue; + } + free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",