Is there any requirement when handling an NT_TRANSACT_SET_SECURITY_DESCRIPTOR to store the DACL exactly as presented on the wire?

[Tom Jebo]

Hi Richard, 

Thanks for your question regarding NT_TRANSACT_SET_SECURITY_DESCRIPTOR, one of the Open Specification team members will contact you to begin working on this. 

Best regards,
Tom Jebo
Escalation Engineer 
Microsoft Open Specifications

-----Original Message-----
From: Richard Sharpe [mailto:realrichardsharpe at gmail.com] 
Sent: Tuesday, April 03, 2012 5:51 PM
To: Interoperability Documentation Help
Cc: samba-technical
Subject: Is there any requirement when handling an NT_TRANSACT_SET_SECURITY_DESCRIPTOR to store the DACL exactly as presented on the wire?

Hi,

NetApp authored a test called aclfunc.exe that has an ACL Resize Test.

This test creates a directory, then retrieves the DACL on the directory, pads the DACL up to approximately 1000 bytes with zeros, and stores it back on the directory with an NT_TRANACT_SET_SECURITY_DESCRITOR request.

It then retrieves the DACL again and expects to see the exact same size DACL, possibly even with the extraneous zeros.

Samba stores the DACL in the least space possible by removing the zero padding which the ACL Resize Test claims constitutes a failure of the test.

Is there any requirement anywhere that the zero padding the test supplies must be stored?

If needed I can supply a capture of the behavior of the test to show you what it does.

(I note that W2K3 passes the test, so it does seem to store the DACL as presented.)

--
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)