[cifs-protocol] [EXTERNAL] [MS-DTYP] 2.5.1.1 another SDDL syntax ABNF inaccuracy - TrackingID#2302020040006024

Kristian Smith Kristian.Smith at microsoft.com
Fri Feb 3 22:22:55 UTC 2023


Hi Douglas,

With regards to the "term" actually being a "cond-expr", you are correct. I will submit a document change, and you'll see it propagate in a future release.

As far as the parentheses are concerned, are you curious why the they are required at the end at the end but nowhere else? Just hoping to confirm the question.

cond-expr = term /
               cond-expr [wspace] ("||" / "&&" ) [wspace] cond-expr /
               (["!"] [wspace] "(" cond-expr ")")

Regards,
Kristian

Kristian Smith
Support Escalation Engineer
Windows Open Spec Protocols
Office: (425) 421-4442
kristian.smith at microsoft.com<mailto:kristian.smith at microsoft.com>

From: Kristian Smith
Sent: Thursday, February 2, 2023 9:58 AM
To: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>; cifs-protocol at lists.samba.org
Cc: Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] [MS-DTYP] 2.5.1.1 another SDDL syntax ABNF inaccuracy - TrackingID#2302020040006024

[Jeff to Bcc]

Hi Douglas,

Thanks for reaching out. I'll be looking into this ABNF issue you've presented. I'll get back to you once I have more information.

Thanks,
Kristian

Kristian Smith
Support Escalation Engineer
Windows Open Spec Protocols
Office: (425) 421-4442
kristian.smith at microsoft.com<mailto:kristian.smith at microsoft.com>

From: Jeff McCashland (He/him) <jeffm at microsoft.com<mailto:jeffm at microsoft.com>>
Sent: Thursday, February 2, 2023 7:32 AM
To: Douglas Bagnall <douglas.bagnall at catalyst.net.nz<mailto:douglas.bagnall at catalyst.net.nz>>; cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>
Cc: Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>
Subject: Re: [EXTERNAL] [MS-DTYP] 2.5.1.1 another SDDL syntax ABNF inaccuracy - TrackingID#2302020040006024

[DocHelp to BCC, support on CC, SR ID on Subject]

Hi Douglas,

Thanks for your question. One of the Open Specifications team members will respond to assist you. In the meantime, we've created case 2302020040006024 to track this request. Please leave the case number in the subject when communicating with our team about this request.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C01%7CKristian.Smith%40microsoft.com%7C10226e9b5bc6436f700a08db0532afea%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638109487490218295%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jD7dQrK0Ckt32mraa2JTWZsBuhZb2Kmzq8R3%2BOlLhn0%3D&reserved=0> | Extension 1138300

________________________________
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz<mailto:douglas.bagnall at catalyst.net.nz>>
Sent: Thursday, February 2, 2023 2:24 AM
To: Interoperability Documentation Help <dochelp at microsoft.com<mailto:dochelp at microsoft.com>>; cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org> <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>
Subject: [EXTERNAL] [MS-DTYP] 2.5.1.1 another SDDL syntax ABNF inaccuracy

hi Dochelp,

I think this bit is wrong in the SDDL ABNF. We have (with irrelevant bits
omitted):

   conditional-ace = ... ";" "(" cond-expr ")" ")"

   cond-expr = term /
               term [wspace] ("||" / "&&" ) [wspace] cond-expr /
               (["!"] [wspace] "(" cond-expr ")")


which says a conditional expression compounded with '&&' or '||' can only
have a simple term on the left hand side. That doesn't seem right, nor is
it in keeping with the text.

Not least of all, examples 2 and 3 in 2.4.4.17.9 have compound expressions
on either side of a central operator, like so:

   (@User.smartcard==1 || @Device.managed==1) && (@Resource.dept
Any_of{"Sales","HR"})

My belief is the example is correct and the ABNF is wrong. It should
probably say something  more like this:

   cond-expr = term /
               cond-expr [wspace] ("||" / "&&" ) [wspace] cond-expr /
               (["!"] [wspace] "(" cond-expr ")")


though that doesn't explain when you need parentheses and when you don't.

Douglas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230203/8ed56806/attachment.htm>


More information about the cifs-protocol mailing list