samba.smb.SMB:set_acl seems to generate a bad nttrans:SET_SD request
mat at samba.org
Sun Mar 25 17:58:49 MDT 2012
On 03/25/2012 07:22 AM, Richard Sharpe wrote:
> Hi folks,
> I was playing with set_acl and was getting:
> RuntimeError: (-1073741811, 'Unexpected information received')
> When I look at the on-the-wire traffic I see that the SD is there but
> that the Security Info field is zero.
> So, then I looked at source4/libcli/pysmb.c and see this:
> fio.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
> fio.set_secdesc.in.file.fnum = fnum;
> fio.set_secdesc.in.secinfo_flags = 0;
> fio.set_secdesc.in.sd = sd;
> status = smb_raw_set_secdesc(spdata->tree,&fio);
> It seems that we are setting the seconfo to 0. Perhaps we should be
> passing secinfo into set_acl, or perhaps it should scan the SD, or
> maybe I am just doing something wrong.
> Here is the code I am using:
> if sd_sddl.find("S-1-3-4")< 0:
> sd_sddl = sd_sddl + "(A;OICIIO;0x00060000;;;S-1-3-4)"
Although most of ACLs have only DACL and no SACL it's much safer to
split the sddl in different chuncks.
You have the chunck_sddl function for that purpose.
More information about the samba-technical