[cifs-protocol] [MS-DTYP] Conditional ACE SDDL: NOT syntax clarification. - TrackingID#2303150040000163

Hung-Chun Yu HungChun.Yu at microsoft.com
Wed Mar 15 00:46:24 UTC 2023 

[BCC dochelp]
Hi Douglas

Thank you for contacting Microsoft Open Specifications Support. We created SR case - TrackingID#2303150040000163 to track the issue.
And do leave this tag in the subject for future reference.

One our engineers will be contacting you shortly.

Hung-Chun Yu
hunyu at microsoft.com
DevOps Customer Service & Support

My working hours are Monday to Friday 9am-6pm PST
If you need assistance outside of my working hours, please call and request to work with the next available engineer:

Our Premier Support line may be reached 24x7 at 1-800-936- 3100
Our Government Premier Support Number is 1-800-936-3200 
Our Professional Support Number 1-800-936-5800
Providing excellent support is my primary objective. 
Feel free to reach out to my manager to provide feedback:
Stacy Gray, stacygr at microsoft.com

-----Original Message-----
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> 
Sent: Tuesday, March 14, 2023 3:52 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: [EXTERNAL] [MS-DTYP] Conditional ACE SDDL: NOT syntax clarification.

hi Dochelp,

In the ABNF for SDDL, in 2.5.1.1, the only place the NOT operator "!" is mentioned is in the cond-expr line:

       cond-expr = term /                                              \
                   term [wspace] ("||" / "&&" ) [wspace] cond-expr /   \
                   (["!"] [wspace] "(" cond-expr ")")


(We have already established in 2302020040006024 /
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Farchive%2Fcifs-protocol%2F2023-February%2F003947.html&data=05%7C01%7CHungChun.Yu%40microsoft.com%7Cc522a8d1924a435eb82a08db24ded039%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638144311654849856%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=I2xaSLXR2DWUmNeMZ8fhAoOT1XI%2Fs4uVe1PXjWNyoj8%3D&reserved=0 that the second part with the "||" or "&&" is erroneous -- this question is about the third part, with the '["!"]').

So that says the only place a "!" can occur is in front of a parenthetical expression; you can't write "!A", you need to say "!(A)".

That would be OK, and I have been working on that basis, but then in 2.5.1.3 "Parentheses and Order of Precedence", the "!" operator is given a middling precedence, below that of e.g. "==". And that makes me wonder about an expression like

    !(A) == B

Since == has higher precedence than !, it will grab the (A) before the ! can, and the expression is effectively "!(A == B)"; if you mean to do it the other way, you need to write "(!(A)) == B". But that looks silly. It makes me doubt that the semantic meaning is so divorced from the syntactic rule, and leads me to think the ABNF is taking another descriptive short cut.

Does '!' really always need to be followed by '('?

cheers,
Douglas

More information about the cifs-protocol mailing list