[cifs-protocol] [EXTERNAL] [MS-DTYP] meaning of ACCESS_*_CALLBACK_OBJECT_ACE - TrackingID#2309250040000032
tomjebo at microsoft.com
Mon Sep 25 00:15:26 UTC 2023
[dochelp to bcc]
[support mail to cc]
Thanks for your request regarding MS-DTYP. One of the Open Specifications team members will respond to assist you. In the meantime, we’ve created case 2309250040000032 to track this request. Please leave the case number in the subject when communicating with our team about this request.
Microsoft Open Specifications Support
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Sent: Sunday, September 24, 2023 4:36 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: [EXTERNAL] [MS-DTYP] meaning of ACCESS_*_CALLBACK_OBJECT_ACE
The interpretation of ACCESS_ALLOWED_CALLBACK_OBJECT_ACE and ACCESS_DENIED_CALLBACK_OBJECT_ACE is not really explained in MS-DTYP.
Section 18.104.22.168.3 says what to do for ordinary allow and deny conditional ACEs, but not for the object types.
My current assumption for an allow callback ACE goes like this:
1. Test the condition on the ACE
2a. if it is true, treat the ACE as if it is an ACCESS_ALLOWED_OBJECT_ACE.
2b. if it is unknown/false, ignore the ACE.
and correspondingly in the DENY case, with UNKNOWN being treated as "true".
is that correct?
More information about the cifs-protocol