"W2K Traverse DACL set" ?

Ravi Wijayaratne ravi_wija at yahoo.com
Tue Sep 9 22:58:20 GMT 2003

Hi Jeremy,

In posix_acl.c:unpack_canon_ace you have isolated a special
case when dir_ace and file_ace is both NULL and returns True
in such case. In the comments you have stated that that case
should be ignored as it signifies a "W2K Traverse DACL set".

I was wandering whether you know of a case where Windows would
send a Security descriptor with an empty DACL for a case other than
removing all the ACEs in the ACL. 

If a user removes all ACEs in the ACL and selects "Apply" the W2K
client sends a Security Descriptor with an empty DACL but sets the
SEC_DESC_DACL_PRESENT flag in the type field. As it is we cannot handle
this case in Samba as we ignore the above operation. 

May be when the case you mention in the comment i.e "W2K Traverse DACL set"
operation occurs  SEC_DESC_DACL_PRESENT is not set in psd->type flags and
we can distinguish between the two situations.

It would be very helpful if you could give me some insight on trying to capture
a situation where windows 2k client sends a "W2K Traverse DACL set" so that
we can examine the data present and handle the removal of all ACEs appropriately

Thank you very much


Ravi Wijayaratne

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

More information about the samba-technical mailing list