Expand the comment explaining why user_in_group_sid is

author Jeremy Allison <jra@samba.org>

Fri, 8 May 2009 17:11:38 +0000 (10:11 -0700)

committer Jeremy Allison <jra@samba.org>

Fri, 8 May 2009 17:12:36 +0000 (10:12 -0700)
author Jeremy Allison <jra@samba.org>
Fri, 8 May 2009 17:11:38 +0000 (10:11 -0700)
committer Jeremy Allison <jra@samba.org>
Fri, 8 May 2009 17:12:36 +0000 (10:12 -0700)
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c

index abfb00c44c057f44a34bad789dfa4ce04015a876..8d172e17bd9fcd3e70242a461c7a9371f1eef33d 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1297,7 +1297,12 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
                 return False;
         }
  
-       /* notice that this is not reliable for users exported by winbindd! */
+       /*
+        * user_in_group_sid() uses create_token_from_username()
+        * which creates an artificial NT token given just a username,
+        * so this is not reliable for users from foreign domains
+        * exported by winbindd!
+        */
         return user_in_group_sid(u_name, &group_ace->trustee);
  }
author	Jeremy Allison <jra@samba.org>
	Fri, 8 May 2009 17:11:38 +0000 (10:11 -0700)
committer	Jeremy Allison <jra@samba.org>
	Fri, 8 May 2009 17:12:36 +0000 (10:12 -0700)