unpack_nt_owners fails with owner S-1-5-32-544
Peter Somogyi
psomogyi at gamax.hu
Tue Oct 24 13:51:23 GMT 2006
Hi,
When setting an acl (via nfs4_acls module, but it forwards the call to
posix_acls.c), we've run into the following problem:
...
[2006/10/24 13:25:40, 5] smbd/posix_acls.c:unpack_nt_owners(924)
unpack_nt_owners: validating owner_sids.
[2006/10/24 13:25:40, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
fetch gid from cache 80008 -> S-1-5-32-544
[2006/10/24 13:25:40, 3] smbd/posix_acls.c:unpack_nt_owners(941)
unpack_nt_owners: unable to validate owner sid for S-1-5-32-544
I've examined the log, smb really receives S-1-5-32-544 in psd->owner_sid, but
this sid represents a group (Administrators, builtin) on the win$ side.
The problem is that posix_acls.c/unpack_nt_owners wants to treat
psd->owner_sid always as a _user_ sid, which is not always true:
BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32
security_info_sent, SEC_DESC *psd)
...
if (security_info_sent & OWNER_SECURITY_INFORMATION) {
sid_copy(&owner_sid, psd->owner_sid);
if (!sid_to_uid(&owner_sid, puser)) {
<error - see above>
...
Is it by design, or something we could improve?
Or should we map S-1-5-32-544 (Administrators) to a uid (e.g. root) ??
Peter
More information about the samba-technical
mailing list