Test for reproducing Security ace object add to descriptor bug

Zahari Zahariev zahari.zahariev at postpath.com
Thu Apr 2 14:12:56 GMT 2009

Hello Jelmer & Samaba4,

This is a bug that I found when tried to create a custom 
nTScurityDescriptor. To do that I created "security.ace" object which I 
made "Deny read to Administrator" ACE but when it comes to the "trustee" 
property that has to be "security.dom_sid" object something goes wrong 
after assignment. The initial ObjectSID value is not the same any more. 
Therefore when this ACE is added to the descriptor there is most of the 
time "(SID ERR)" instead of the real SID in SDDL representation.

I have prepared a Python unittest that validates the error described above.

Cheers, Zahari
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Security.ace-object-added-to-descriptor-error.patch
Type: text/x-patch
Size: 5627 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090402/d3435aed/0001-Security.ace-object-added-to-descriptor-error.bin

More information about the samba-technical mailing list