[PATCH] Follow-up patch for bug in dealing with "Owner Rights" ACEs when calculating maximum access

Jeremy Allison jra at samba.org
Thu Feb 28 23:44:28 UTC 2019


On Thu, Feb 28, 2019 at 03:42:44PM -0800, Jeremy Allison via samba-technical wrote:
> On Fri, Mar 01, 2019 at 12:38:55AM +0100, David Disseldorp wrote:
> > On Thu, 28 Feb 2019 15:12:56 -0800, Jeremy Allison via samba-technical wrote:
> > 
> > > +				uint32_t already_granted = (granted |
> > > +							owner_rights_allowed);
> > > +
> > > +				owner_rights_denied |= (ace->access_mask &
> > > +							~already_granted);
> > 
> > Wouldn't this now mean that an owner_rights_allowed ACE now takes
> > precedence over an owner_rights_denied ACE if the former comes first?
> > I'll need to take a closer look at the spec tomorrow for this.
> 
> Yes, that's exactly the case. That's what the test shows.
> 
> Check out test_owner_rights_deny1(), it tests this case.

FYI, run bin/smbtorture OWNER-RIGHTS-DENY1 against a Windows server to see the result,



More information about the samba-technical mailing list