[PATCH] Follow-up patch for bug in dealing with "Owner Rights" ACEs when calculating maximum access
Jeremy Allison
jra at samba.org
Thu Feb 28 23:44:28 UTC 2019
On Thu, Feb 28, 2019 at 03:42:44PM -0800, Jeremy Allison via samba-technical wrote:
> On Fri, Mar 01, 2019 at 12:38:55AM +0100, David Disseldorp wrote:
> > On Thu, 28 Feb 2019 15:12:56 -0800, Jeremy Allison via samba-technical wrote:
> >
> > > + uint32_t already_granted = (granted |
> > > + owner_rights_allowed);
> > > +
> > > + owner_rights_denied |= (ace->access_mask &
> > > + ~already_granted);
> >
> > Wouldn't this now mean that an owner_rights_allowed ACE now takes
> > precedence over an owner_rights_denied ACE if the former comes first?
> > I'll need to take a closer look at the spec tomorrow for this.
>
> Yes, that's exactly the case. That's what the test shows.
>
> Check out test_owner_rights_deny1(), it tests this case.
FYI, run bin/smbtorture OWNER-RIGHTS-DENY1 against a Windows server to see the result,
More information about the samba-technical
mailing list