object_tree_modify_access explanation
Matthieu Patou
mat at matws.net
Sat Oct 13 16:05:33 MDT 2012
Hello Nadya and Jeremy,
I was wandering the ACL code today and tried to do a deeper dive in it
I'm a bit puzzled by this function in libcli/security/access_check.c:
void object_tree_modify_access(struct object_tree *root,
uint32_t access_mask)
{
root->remaining_access &= ~access_mask;
if (root->num_of_children > 0) {
int i;
for (i = 0; i < root->num_of_children; i++) {
object_tree_modify_access(&root->children[i], access_mask);
}
}
}
My understanding is that we remove the bits set in access_mask in the
remaining_access var of root and all its child.
But i'm still not convinced that it was what we wanted to acheive.
Also I wanted to see if the comments I put in this patch are correct.
Thanks.
Matthieu.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-security-Add-documentation.patch
Type: text/x-diff
Size: 1201 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121013/9e286f97/attachment.patch>
More information about the samba-technical
mailing list