sysvol acl support deny aces (bug #14927)

Review changes
Download
Patches
Plain diff

Björn Jacke requested to merge samba-team/devel/samba:bjacke-sysvol-acl-fixes into master Dec 06, 2021

Overview 6
Commits 5
Pipelines 2
Changes 5

if an admin applies delegation on GPOs and denies access to cerain trustees, then the next samba-tool ntacl sysvolreset will discard the deny ACEs. Next time MMC opend that GPO it will complain that ther permissions don't match and suggests to fix it, which will also work (till sysvolreset strikes again).

https://bugzilla.samba.org/show_bug.cgi?id=14927

Checklist

Commits have Signed-off-by: with name/author being identical to the commit author
(optional) This MR is just one part towards a larger feature.
(optional, if backport required) Bugzilla bug filed and BUG: tag added
Test suite updated with functionality tests
Test suite updated with negative tests
Documentation updated
CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)

Reviewer's checklist:

There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited Jul 31, 2023 by Stefan Metzmacher

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking