r24462: - Removing all ACEs was causing removal of the DACL entirely. Win2000 ignored

  the request, presumably due to the PROTECTED flag not being set.  Setting
  that flag (in make_sec_desc()) has much wider implications than just to
  libsmbclient, so instead of modifying that, we'll remove security
  descriptors by setting the number of ACEs to zero.  At some point, we might
  want to look into whether we should actually be setting the PROTECTED flag
  in the DACL.

  Reference http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsce_ctl_qxju.mspx?mfr=true

Derrell

diff --git a/source/libsmb/libsmbclient.c b/source/libsmb/libsmbclient.c
index bcbdd5a15adb390b8e7bf1d18a264d88e2b9f26f..8fd18bd99db4c7c7a02f28c75e5668843ab1d716 100644 (file)
--- a/source/libsmb/libsmbclient.c
+++ b/source/libsmb/libsmbclient.c
@@ -5142,7 +5142,6 @@ cacl_set(TALLOC_CTX *ctx,
        switch (mode) {
        case SMBC_XATTR_MODE_REMOVE_ALL:
                 old->dacl->num_aces = 0;
-                old->dacl = NULL;
                 dacl = old->dacl;
                 break;
 
@@ -5159,9 +5158,6 @@ cacl_set(TALLOC_CTX *ctx,
                                                         old->dacl->aces[k+1];
                                        }
                                        old->dacl->num_aces--;
-                                       if (old->dacl->num_aces == 0) {
-                                               old->dacl = NULL;
-                                       }
                                        found = True;
                                         dacl = old->dacl;
                                        break;