unpack_nt_owners fails with owner S-1-5-32-544

Peter Somogyi psomogyi at gamax.hu
Tue Oct 24 13:51:23 GMT 2006


When setting an acl (via nfs4_acls module, but it forwards the call to 
posix_acls.c), we've run into the following problem:

[2006/10/24 13:25:40, 5] smbd/posix_acls.c:unpack_nt_owners(924)
  unpack_nt_owners: validating owner_sids.
[2006/10/24 13:25:40, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
  fetch gid from cache 80008 -> S-1-5-32-544
[2006/10/24 13:25:40, 3] smbd/posix_acls.c:unpack_nt_owners(941)
  unpack_nt_owners: unable to validate owner sid for S-1-5-32-544

I've examined the log, smb really receives S-1-5-32-544 in psd->owner_sid, but 
this sid represents a group (Administrators, builtin) on the win$ side.

The problem is that posix_acls.c/unpack_nt_owners wants to treat 
psd->owner_sid always as a _user_ sid, which is not always true:

BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 
security_info_sent, SEC_DESC *psd)
	if (security_info_sent & OWNER_SECURITY_INFORMATION) {
		sid_copy(&owner_sid, psd->owner_sid);
		if (!sid_to_uid(&owner_sid, puser)) {
			<error - see above>

Is it by design, or something we could improve?
Or should we map S-1-5-32-544 (Administrators) to a uid (e.g. root) ??


More information about the samba-technical mailing list