[cifs-protocol] [EXTERNAL] [MS-DTYP] SDDL conditional ACEs: XU and ZA mixed up? - TrackingID#2308250010010768
Tom Jebo
tomjebo at microsoft.com
Fri Aug 25 17:22:38 UTC 2023
[dochelp to bcc]
[support mail to cc]
Hi Douglas,
Thanks for your request regarding MS-DTYP. One of the Open Specifications team members will respond to assist you. In the meantime, we’ve created case 2308250010010768 to track this request. Please leave the case number in the subject when communicating with our team about this request.
Best regards,
Tom Jebo
Microsoft Open Specifications Support
-----Original Message-----
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Sent: Thursday, August 24, 2023 5:11 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: [EXTERNAL] [MS-DTYP] SDDL conditional ACEs: XU and ZA mixed up?
hi Dochelp,
In 2.5.1.1 Syntax, it says:
"XU" Access Allowed Object Callback 0xB
"ZA" Audit Callback 0xD
suggesting that
D:(XU;;;12345678-1234-1234-1234-123456789012;;WD;(Member_of SID(WD)))
should compile to Access Allowed Object Callback ACE. But it doesn't.
Nor does it compile to an Audit Callback ACE, presumably because it needs to be in a SACL not a DACL.
These are the strings that *do* work:
D:(ZA;;;12345678-1234-1234-1234-123456789012;;WD;(Member_of SID(WD))) this compiles to ACE type 11.
D:(ZA;;;;;WD;(Member_of SID(WD)))
this compiles to ACE type 9 (that is, without a GUID, "ZA" devolves to "XA").
S:(XU;;;;;WD;(Member_of SID(WD)))
this compiles to ACE type 13.
So I am pretty sure [MS-DTYP] got those 2 mixed up.
Douglas
More information about the cifs-protocol
mailing list