object_tree_modify_access explanation
Jeremy Allison
jra at samba.org
Sun Oct 14 22:10:38 MDT 2012
On Sat, Oct 13, 2012 at 03:05:33PM -0700, Matthieu Patou wrote:
> Hello Nadya and Jeremy,
>
> I was wandering the ACL code today and tried to do a deeper dive in it
>
> I'm a bit puzzled by this function in libcli/security/access_check.c:
>
> void object_tree_modify_access(struct object_tree *root,
> uint32_t access_mask)
> {
> root->remaining_access &= ~access_mask;
> if (root->num_of_children > 0) {
> int i;
> for (i = 0; i < root->num_of_children; i++) {
> object_tree_modify_access(&root->children[i], access_mask);
> }
> }
> }
>
> My understanding is that we remove the bits set in access_mask in
> the remaining_access var of root and all its child.
> But i'm still not convinced that it was what we wanted to acheive.
>
>
> Also I wanted to see if the comments I put in this patch are correct.
I have to admit I have not studies the access control checks
in the AD code, only the file server. I'll take a look at this,
but it might have to wait until I get back from Europe on the
23rd Oct. If you still need review of this after that date
please ping me again.
Cheers,
Jeremy.
More information about the samba-technical
mailing list