samba.smb.SMB:set_acl seems to generate a bad nttrans:SET_SD request
Matthieu Patou
mat at samba.org
Sun Mar 25 17:58:49 MDT 2012
On 03/25/2012 07:22 AM, Richard Sharpe wrote:
> Hi folks,
>
> I was playing with set_acl and was getting:
>
> RuntimeError: (-1073741811, 'Unexpected information received')
>
> When I look at the on-the-wire traffic I see that the SD is there but
> that the Security Info field is zero.
>
> So, then I looked at source4/libcli/pysmb.c and see this:
>
> fio.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
> fio.set_secdesc.in.file.fnum = fnum;
> fio.set_secdesc.in.secinfo_flags = 0;
> fio.set_secdesc.in.sd = sd;
>
> status = smb_raw_set_secdesc(spdata->tree,&fio);
>
> It seems that we are setting the seconfo to 0. Perhaps we should be
> passing secinfo into set_acl, or perhaps it should scan the SD, or
> maybe I am just doing something wrong.
>
> Here is the code I am using:
>
> if sd_sddl.find("S-1-3-4")< 0:
> sd_sddl = sd_sddl + "(A;OICIIO;0x00060000;;;S-1-3-4)"
Although most of ACLs have only DACL and no SACL it's much safer to
split the sddl in different chuncks.
You have the chunck_sddl function for that purpose.
Matthieu
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list