[cifs-protocol] [EXTERNAL] [MS-DTYP] Conditional ACE SDDL: NOT syntax clarification.

Kristian Smith Kristian.Smith at microsoft.com
Tue Mar 14 23:26:24 UTC 2023 

SL, please create a case and assign to me.


Kristian Smith

Support Escalation Engineer

Microsoft Azure DevOps &

Windows Open Spec Protocols

Office: (425) 421-4442

kristian.smith at microsoft.com<mailto:kristian.smith at microsoft.com>



________________________________
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Sent: Tuesday, March 14, 2023 3:52 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
Subject: [EXTERNAL] [MS-DTYP] Conditional ACE SDDL: NOT syntax clarification.

hi Dochelp,

In the ABNF for SDDL, in 2.5.1.1, the only place the NOT operator "!" is
mentioned is in the cond-expr line:

       cond-expr = term /                                              \
                   term [wspace] ("||" / "&&" ) [wspace] cond-expr /   \
                   (["!"] [wspace] "(" cond-expr ")")


(We have already established in 2302020040006024 /
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Farchive%2Fcifs-protocol%2F2023-February%2F003947.html&data=05%7C01%7CKristian.Smith%40microsoft.com%7Cc522a8d1924a435eb82a08db24ded039%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638144311655006729%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=msh6QonzlXvn3yRIltnawc0iDgXOKYWKeblvNYePzik%3D&reserved=0 that the
second part with the "||" or "&&" is erroneous -- this question is about the
third part, with the '["!"]').

So that says the only place a "!" can occur is in front of a parenthetical
expression; you can't write "!A", you need to say "!(A)".

That would be OK, and I have been working on that basis, but then in 2.5.1.3
"Parentheses and Order of Precedence", the "!" operator is given a middling
precedence, below that of e.g. "==". And that makes me wonder about an
expression like

    !(A) == B

Since == has higher precedence than !, it will grab the (A) before the ! can,
and the expression is effectively "!(A == B)"; if you mean to do it the other
way, you need to write "(!(A)) == B". But that looks silly. It makes me doubt
that the semantic meaning is so divorced from the syntactic rule, and leads me
to think the ABNF is taking another descriptive short cut.

Does '!' really always need to be followed by '('?

cheers,
Douglas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230314/e612a913/attachment.htm>

More information about the cifs-protocol mailing list