AW: APW is missing

Gerald (Jerry) Carter jerry at samba.org
Wed May 21 16:05:38 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 21 May 2003, Ronan Waide wrote:

> On May 21, jerry at samba.org said:
> > 2 questions:
> > 
> >   1)  Have you ever seen a windows client send 
> >       MAXIMUM_ALLOWED_ACCESS without including
> >       SERVER_ALL_ACCESS ?  rpcclient doesn't count 
> >       here.  I know we don't do this exactly like NT
> >       but it has never matter against real windows 
> >       clients 
> 
> Hmm. As documented in the quoted post, NT4SP6 talking to Samba sends
> MAXIMUM_ALLOWED_ACCESS without any of the printer admin access bits,
> but I don't recall if it had SERVER_ALL_ACCESS set.

>From 
  http://marc.theaimsgroup.com/?l=samba-technical&m=104686736620605&w=2

- ------------original mail--------------------------

NT4 SP6 to Samba HEAD (Opening the Printers folder)
* First request is for
  Write Owner | Write DAC | Read Control | Delete
  Server Enum | Server Admin

- --------end original mail--------------------------

SERVER_ALL_ACCESS == Server Enum | Server Admin

This is what is used to determine whether the APW shows up.
We basically only allow a 'printer admin' to have this.

Just to make sure we are on the same thread here,
I have never seen a instance where we really needed to 
map MAXIMUM_ALLOWED_ACCESS to anything.  Windows
clients always include the specific bits in the desired_access
mask in my experience.

So my question is: Have you seen any behavior that indicates
not mapping the MAXIMUM_ALLOWED_ACCESS mask to some specific 
bits is a problem?

My understanding is that you have not, but were just noting 
a difference in behavior when testing with rpcclient.  Right?




cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
                            --John Cusack - "Grosse Point Blank" (1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+y6PSIR7qMdg1EfYRAoNZAKDlWzgBJvTtQ5wgbZhEo4tpDPpZbgCfcJHc
f/IywDnl7rIvGMrH2qhbPYE=
=21N2
-----END PGP SIGNATURE-----




More information about the samba-technical mailing list