r11780: it turns out that the MxAc tag isn't a security descriptor, its a

request that the server return its own MxAc blob which contains the
maximum allowed access_mask for the returned file handle
(This used to be commit c0288aa8cd46ca384074f89430c226d725c39475)

1 files changed, 1 insertions, 13 deletions

diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c
index 7afce0137f..b39f53d8e1 100644
--- a/source4/torture/smb2/util.c
+++ b/source4/torture/smb2/util.c
@@ -103,7 +103,7 @@ static NTSTATUS smb2_create_complex(struct smb2_tree *tree, const char *fname,
 
 	smb2_util_unlink(tree, fname);
 	ZERO_STRUCT(io);
-	io.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 	io.in.file_attr   = FILE_ATTRIBUTE_NORMAL;
 	io.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
 	io.in.share_access = 
@@ -119,18 +119,6 @@ static NTSTATUS smb2_create_complex(struct smb2_tree *tree, const char *fname,
 		io.in.open_disposition = NTCREATEX_DISP_CREATE;
 	}
 
-	io.in.sd = security_descriptor_create(tmp_ctx,
-					      NULL, NULL,
-					      SID_NT_AUTHENTICATED_USERS,
-					      SEC_ACE_TYPE_ACCESS_ALLOWED,
-					      SEC_RIGHTS_FILE_ALL | SEC_STD_ALL,
-					      0,
-					      SID_WORLD,
-					      SEC_ACE_TYPE_ACCESS_ALLOWED,
-					      SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
-					      0,
-					      NULL);
-
 	if (strchr(fname, ':') == NULL) {
 		/* setup some EAs */
 		io.in.eas.num_eas = 2;