object_tree_modify_access explanation

Matthieu Patou mat at matws.net
Sat Oct 13 16:05:33 MDT 2012

Hello Nadya and Jeremy,

I was wandering the ACL code today and tried to do a deeper dive in it

I'm a bit puzzled by this function in libcli/security/access_check.c:

void object_tree_modify_access(struct object_tree *root,
                                uint32_t access_mask)
         root->remaining_access &= ~access_mask;
         if (root->num_of_children > 0) {
                 int i;
                 for (i = 0; i < root->num_of_children; i++) {
object_tree_modify_access(&root->children[i], access_mask);

My understanding is that we remove the bits set in access_mask in the 
remaining_access var of root and all its child.
But i'm still not convinced that it was what we wanted to acheive.

Also I wanted to see if the comments I put in this patch are correct.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-security-Add-documentation.patch
Type: text/x-diff
Size: 1201 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121013/9e286f97/attachment.patch>

More information about the samba-technical mailing list