[cifs-protocol] [EXTERNAL] [MS-DTYP] meaning of ACCESS_*_CALLBACK_OBJECT_ACE
Sreekanth Nadendla
srenaden at microsoft.com
Thu Nov 9 16:37:11 UTC 2023
Hello Douglas, your assumption below is correct. We will be updating the specification in the next release.
Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications
________________________________
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Sent: Sunday, September 24, 2023 7:36 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
Subject: [EXTERNAL] [MS-DTYP] meaning of ACCESS_*_CALLBACK_OBJECT_ACE
hi Dochelp,
The interpretation of ACCESS_ALLOWED_CALLBACK_OBJECT_ACE and
ACCESS_DENIED_CALLBACK_OBJECT_ACE is not really explained in MS-DTYP.
Section 2.4.4.17.3 says what to do for ordinary allow and deny conditional ACEs,
but not for the object types.
My current assumption for an allow callback ACE goes like this:
1. Test the condition on the ACE
2a. if it is true, treat the ACE as if it is an ACCESS_ALLOWED_OBJECT_ACE.
2b. if it is unknown/false, ignore the ACE.
and correspondingly in the DENY case, with UNKNOWN being treated as "true".
is that correct?
cheers,
Douglas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20231109/b3350c6a/attachment.htm>
More information about the cifs-protocol
mailing list