[cifs-protocol] [EXTERNAL] [MS-DTYP] 2.5.1.1 another SDDL syntax ABNF inaccuracy - TrackingID#2302020040006024

Jeff McCashland (He/him) jeffm at microsoft.com
Thu Feb 2 15:32:21 UTC 2023 

[DocHelp to BCC, support on CC, SR ID on Subject]

Hi Douglas,

Thanks for your question. One of the Open Specifications team members will respond to assist you. In the meantime, we’ve created case 2302020040006024 to track this request. Please leave the case number in the subject when communicating with our team about this request.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=02%7C01%7Cjeffm%40microsoft.com%7C92c4c7bb8c6d4412e78108d80d79f45f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637274164726698458&sdata=KtEL7V58Q7rscYvr9cPik%2FmYKZIv0rh3E3kBdGywwwI%3D&reserved=0> | Extension 1138300

________________________________
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Sent: Thursday, February 2, 2023 2:24 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
Subject: [EXTERNAL] [MS-DTYP] 2.5.1.1 another SDDL syntax ABNF inaccuracy

hi Dochelp,

I think this bit is wrong in the SDDL ABNF. We have (with irrelevant bits
omitted):

   conditional-ace = ... ";" "(" cond-expr ")" ")"

   cond-expr = term /
               term [wspace] ("||" / "&&" ) [wspace] cond-expr /
               (["!"] [wspace] "(" cond-expr ")")


which says a conditional expression compounded with '&&' or '||' can only
have a simple term on the left hand side. That doesn't seem right, nor is
it in keeping with the text.

Not least of all, examples 2 and 3 in 2.4.4.17.9 have compound expressions
on either side of a central operator, like so:

   (@User.smartcard==1 || @Device.managed==1) && (@Resource.dept
Any_of{"Sales","HR"})

My belief is the example is correct and the ABNF is wrong. It should
probably say something  more like this:

   cond-expr = term /
               cond-expr [wspace] ("||" / "&&" ) [wspace] cond-expr /
               (["!"] [wspace] "(" cond-expr ")")


though that doesn't explain when you need parentheses and when you don't.

Douglas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230202/a0d37120/attachment.htm>

More information about the cifs-protocol mailing list