[PATCH] Fix 'samba-tool ntacl sysvolcheck' failures and remove NT4 compat
Andrew Bartlett
abartlet at samba.org
Sun Nov 11 23:19:39 MST 2012
This patch should fix the issues where an ACL set on sysvol by
samba-tool ntacl sysvolreset cannot be read back, and so sysvolcheck
fails.
The root cause here appears to be not setting fsp->is_directory
correctly.
This patch unifies the get and set code by simply using the same
boilerplate, however another approach would be to call
SMB_VFS_GET_NT_ACL() instead, which only needs a file path.
I'm posting this so as to mark the fact that I've reproduced and fixed
one small part of this SYSVOL issue locally, and am continuing to work
on it.
I have a second patch here, which I feel makes this code more robust -
it removes the NT4 compatibility layer in the posix ACL code. This will
mean that the ACL written by 'samba-tool ntacl sysvolreset' is read by a
windows client. Currently samba-tool appears as RA_UNKNOWN, and so gets
NT4 compatible ACLs, which can break the hash when a windows client
accesses the server.
I need to test more to prove this is strictly required, but I do feel it
is a worthwhile change in any case, given how long dead NT4 clients
changing ACLs with the windows GUI are.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-smbd-Correctly-set-fsp-is_directory-before-dealing-w.patch
Type: text/x-patch
Size: 9597 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121112/07489779/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-smbd-Remove-NT4-compatability-handling-in-posix-NT-A.patch
Type: text/x-patch
Size: 12410 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121112/07489779/attachment-0001.bin>
More information about the samba-technical
mailing list