Nadezhda Ivanova nadezhda.ivanova at
Sat Jan 16 17:05:24 MST 2010

This is not about the ACL module, we dont case about access checks here. This test is very basic and it only checks if the object has a security descriptor after creation. And currently there is no check on whether all of the trustees in the SD have the domain SID of the current domain, it was not described as a requirement anywhere in the docs that I could find. If the SID is incorrect, the ACE will simply not have effect during security checks as the trustee will not be recognised. I will have to do some digging. If you like, add the test to knownfail and I'll take a look when I can get to it. I am not working next week unfortunately do if its urgent someone else will have to do it.

----- Original Message -----
> From: tridge at <tridge at>
> To: Nadezhda Ivanova <nadezhda.ivanova at>
> Cc: Zahari Zahariev <zahari.zahariev at>, jelmer at <jelmer at>, samba-technical at <samba-technical at>
> Sent: Sunday, January 17, 2010 1:47:04 AM GMT+0200 Europe;Athens
> Subject: Re: BasicTests.test_security_descriptor_add_neg

> > Hi Nadya,
>  > Strange, I didn't get this failure last time I ran make test...
>  > Do you mean the test actually fails or it was only an error in the 
> python code? 
> The add of the object succeeds, when I suspect it should fail.
> Jelmer has changed the test code so it now passes against Samba, but
> now it fails against windows.
> Where is our ACL module code do we check the SIDs for this test?
> Cheers, Tridge

More information about the samba-technical mailing list