[PATCH] Fix bug #9932 - Currently the maximum number of aces in an SD is limited to 1000, but Microsoft supports around 1800

Andrew Bartlett abartlet at samba.org
Fri Jun 7 17:42:59 MDT 2013

On Fri, 2013-06-07 at 19:40 -0400, Scott Lovenberg wrote:
> On Jun 7, 2013, at 7:33 PM, Jeremy Allison <jra at samba.org> wrote:
> > Richard, please review and push if you're ok with it.
> > 
> > Jeremy.
> > <0001-Fix-bug-9932-Currently-the-maximum-number-of-aces-in.patch>
> I had a bit of a side bar with Richard about this a while ago. IIRC, I thought it depends on the size of the ACEs in the ACL?  That is, the aggregate size of the ACL. :/

The limit in the IDL was added as an attempt to avoid allocating
infinite amounts of memory attempting to parse structures that are not
plausible.  Changing it a little shouldn't hurt, but I agree this might
not be how windows enforces this.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list