[PATCH] smbcacls revision fix

Neil Bortnak nbortnak at cisco.com
Sat Aug 14 06:43:33 GMT 2004

Jeremy Allison wrote:
> On Thu, Jul 29, 2004 at 01:30:06PM +0900, Neil Bortnak wrote:
>>Hi everyone,
>>I started using smbcacls and it worked great for everything except the 
>>set (-S) feature.
>>After some time spent with the code and a packet sniffer I found that 
>>all of the other functions read in the existing dacl, modify it and 
>>write it back. The set function creates a new one.
>>The revision number on the dacl that gets read from the server is 2, 
>>while the version number in set's created dacl is 3. I changed the 
>>created dacl to 2 and it works perfectly now.
>>It may or may not be relevant, but I am using and testing this against a 
>>NetApp Filer, and not a standard NT/2000 system. I also popped in a few 
>>extra snippets of code.
> Ok, I'll test this against a NT/2000 system as well. That's (unfortunately)
> the standard by which all other implementations are judged.
> Jeremy.

Hi Jeremy,

I did some more testing on a W2K server we have lying about. Here are 
the results:

Action						Sniffed ACL
1. Made file					N/A
2. Read ACL (always with normal smbcacls)	2
3. Changed file ACL from windows		N/A
4. Read ACL					2
5. Changed file ACL using patched smbcacls	2
6. Read ACL					2
7. Changed file ACL using normal smbcacls	3
8. Read ACL					3
9. Changed file ACL from windows		N/A
10. Read ACL					2

It would appear that a revision of 3 is not correct and the only reason 
the bug hasn't shown up until now is that the microsoft stack is not too 
picky about it.

In any case, the windows utilities set it to 2 on their own, so we 
should probably follow suit.



More information about the samba-technical mailing list