nadezhda.ivanova at postpath.com
Sat Jan 16 17:05:24 MST 2010
This is not about the ACL module, we dont case about access checks here. This test is very basic and it only checks if the object has a security descriptor after creation. And currently there is no check on whether all of the trustees in the SD have the domain SID of the current domain, it was not described as a requirement anywhere in the docs that I could find. If the SID is incorrect, the ACE will simply not have effect during security checks as the trustee will not be recognised. I will have to do some digging. If you like, add the test to knownfail and I'll take a look when I can get to it. I am not working next week unfortunately do if its urgent someone else will have to do it.
----- Original Message -----
> From: tridge at samba.org <tridge at samba.org>
> To: Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
> Cc: Zahari Zahariev <zahari.zahariev at postpath.com>, jelmer at samba.org <jelmer at samba.org>, samba-technical at samba.org <samba-technical at samba.org>
> Sent: Sunday, January 17, 2010 1:47:04 AM GMT+0200 Europe;Athens
> Subject: Re: BasicTests.test_security_descriptor_add_neg
> > Hi Nadya,
> > Strange, I didn't get this failure last time I ran make test...
> > Do you mean the test actually fails or it was only an error in the
> python code?
> The add of the object succeeds, when I suspect it should fail.
> Jelmer has changed the test code so it now passes against Samba, but
> now it fails against windows.
> Where is our ACL module code do we check the SIDs for this test?
> Cheers, Tridge
More information about the samba-technical