[PATCH] s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_ds (was: [PATCH] s4-dsacl: Removed unnecessary privilege checks from sec_access_check_ds)
nivanova at samba.org
Mon Oct 21 05:36:18 MDT 2013
Attached is a re-worked version of the patch that fixes handling of
Administrator privileges in access_check. The test in ldap.py is wrong, it
also fails against windows, and with good reason - the test breaks the
inheritance and changes the owner and group to an unexisting SID, therefore
cutting read access for everyone in the domain, it only passed before
because of the incorrect use of restore privilege. The new patch fixes that
problem, and adds correct use of the TakeOwnership privilege as described
in MS-DTYP 184.108.40.206 Access Check Algorithm Pseudocode.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4443 bytes
Desc: not available
More information about the samba-technical