object_tree_modify_access explanation

Jeremy Allison jra at samba.org
Sun Oct 14 22:10:38 MDT 2012

On Sat, Oct 13, 2012 at 03:05:33PM -0700, Matthieu Patou wrote:
> Hello Nadya and Jeremy,
> I was wandering the ACL code today and tried to do a deeper dive in it
> I'm a bit puzzled by this function in libcli/security/access_check.c:
> void object_tree_modify_access(struct object_tree *root,
>                                uint32_t access_mask)
> {
>         root->remaining_access &= ~access_mask;
>         if (root->num_of_children > 0) {
>                 int i;
>                 for (i = 0; i < root->num_of_children; i++) {
> object_tree_modify_access(&root->children[i], access_mask);
> }
> }
> }
> My understanding is that we remove the bits set in access_mask in
> the remaining_access var of root and all its child.
> But i'm still not convinced that it was what we wanted to acheive.
> Also I wanted to see if the comments I put in this patch are correct.

I have to admit I have not studies the access control checks
in the AD code, only the file server. I'll take a look at this,
but it might have to wait until I get back from Europe on the
23rd Oct. If you still need review of this after that date
please ping me again.



More information about the samba-technical mailing list