Patches bug #10773 (SECINFO_PROTECTED_DACL is not ignored)
jra at samba.org
Thu Aug 21 17:34:22 MDT 2014
On Wed, Aug 20, 2014 at 04:35:47PM +0200, Stefan (metze) Metzmacher wrote:
> here're some patches for
> It seems we need to ignore flags like SECINFO_PROTECTED_DACL.
> Otherwise we get unexpected behaviours from the Windows
> MoveSecurityAttributes() function.
> Please review.
> Jeremy, do you think we should keep the SECINFO_PROTECTED_DACL
> logic in posix_get_nt_acl_common()?
Great catch - thanks ! Pushed. The interaction between
get_sd() and the code in smbd/posix_acls.c was really
toxic and hadn't been noticed at all :-(.
It was added in commit 9251afe35bc402bbab816d7c33673d4ef3fb0351
when I added the parameter "map acl inheritance" and I know I
*certainly* didn't understand the relationship between
SECINFO_PROTECTED_DACL flag sent in the incoming set_sd
request and the SEC_DESC_DACL_PROTECTED flags in the sd
So I think the following additional patch would certainly clean
up this code.
Review welcome !
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1188 bytes
Desc: not available
More information about the samba-technical