[cifs-protocol] Behavior explanation on subtree delete control behavior with iscriticalsystemobject

Matthieu Patou mat at samba.org
Tue Aug 9 15:08:01 MDT 2011


I found an interesting problem

In MS-ADTS it is said: Tree-delete Constraints
All regular delete operation constraints apply on each object being 
The tree-delete operation may not be applied to an NC root.
Objects with isCriticalSystemObject attribute equal to true may not be 
deleted by the tree-delete
operation (this also applies to objects in the subtree being deleted). 
This constraint is checked
object-by-object, and deletion stops if some deletion would violate this 
constraint. Because, as
explained in the next section, deleted objects never have children, the 
result after deletion stops
due to this constraint is a tree. The resultant tree may not be the same 
as the original tree
because some objects may have been deleted prior to the failure.

My understanding is that if you try to deleted an object that has the 
isCriticalSystemObject attribute set to TRUE or one of the object bellow 
in its tree then the operation should failed.

Did I get the meaning right ?

If so can you explain me how with this configuration:

./bin/ldbsearch -H ldap:// -U administrator%totoTATA321 -b 
"CN=ARES,OU=Domain Controllers,DC=w2k8r2,DC=home,DC=matws,DC=net" 
# record 1
dn: CN=ARES,OU=Domain Controllers,DC=w2k8r2,DC=home,DC=matws,DC=net
isCriticalSystemObject: TRUE

# record 2
dn: CN=RID Set,CN=ARES,OU=Domain 

The delete with subtree control on the following trace at packet 1848 is 



Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.keytab
Type: application/octet-stream
Size: 75 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20110810/21ce847b/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trace_delete.pcap.gz
Type: application/x-gzip
Size: 236596 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20110810/21ce847b/attachment-0001.bin>

More information about the cifs-protocol mailing list