[PATCH] Follow-up patch for bug in dealing with "Owner Rights" ACEs when calculating maximum access
jra at samba.org
Thu Feb 28 23:42:44 UTC 2019
On Fri, Mar 01, 2019 at 12:38:55AM +0100, David Disseldorp wrote:
> On Thu, 28 Feb 2019 15:12:56 -0800, Jeremy Allison via samba-technical wrote:
> > + uint32_t already_granted = (granted |
> > + owner_rights_allowed);
> > +
> > + owner_rights_denied |= (ace->access_mask &
> > + ~already_granted);
> Wouldn't this now mean that an owner_rights_allowed ACE now takes
> precedence over an owner_rights_denied ACE if the former comes first?
> I'll need to take a closer look at the spec tomorrow for this.
Yes, that's exactly the case. That's what the test shows.
Check out test_owner_rights_deny1(), it tests this case.
More information about the samba-technical