svn commit: samba r24465 - in branches/SAMBA_3_2_0/source/libsmb: .

simo idra at samba.org
Thu Aug 16 00:26:56 GMT 2007


On Wed, 2007-08-15 at 15:59 -0400, Derrell Lipman wrote:
> On 8/15/07, simo <idra at samba.org> wrote:
>         On Wed, 2007-08-15 at 17:40 +0000, derrell at samba.org wrote:
>         > Author: derrell
>         > Date: 2007-08-15 17:40:09 +0000 (Wed, 15 Aug 2007)
>         > New Revision: 24465
>         >
>         > WebSVN:
>         http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24465
>         >
>         > Log:
>         > - Sort ACEs according to
>         http://support.microsoft.com/kb/269175 so that
>         >   Windows Explorer doesn't complain about the order (and so
>         that they get
>         >   interpreted properly).
>         
>         Is this done always by default ?
>         Windows ACLs are order dependent, there are cases where
>         reordering an
>         ALLOW after a DENY is simply wrong (and will deny access where
>         you wante
>         to allow it or vice-versa) if the user did knew what it was
>         doing 
>         according to Windows ACL semantics.
> 
> Yes, this is always done.  The code this replaces already sorted DENY
> before ALLOW and commented that such was required.  The documentation
> I found today also says it's supposed to be like that.  Additionally,
> inherited ACEs are supposed to come after non-inherited ones according
> to the docs. 

Ok, looks reasonable.

> There's no mechanism in libsmbclient for stating that "I know what I'm
> doing so don't sort these for me" but since most users won't know what
> the sort order is supposed to be, we're better off sorting according
> to the docs.  Remember that this is emulating the xsetattr()
> interface.  It's not a native interface to the SMB protocol. 

Right, I was just worrying we were changing something, I agree with you
and Jerry about not letting user shoot themselves by default.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list