[PATCH] Follow-up patch for bug in dealing with "Owner Rights" ACEs when calculating maximum access
Ralph Böhme
slow at samba.org
Fri Mar 1 12:10:14 UTC 2019
> Am 01.03.2019 um 13:02 schrieb David Disseldorp via samba-technical <samba-technical at lists.samba.org>:
>
> On Thu, 28 Feb 2019 15:42:44 -0800, Jeremy Allison via samba-technical wrote:
>
>>> Wouldn't this now mean that an owner_rights_allowed ACE now takes
>>> precedence over an owner_rights_denied ACE if the former comes first?
>>> I'll need to take a closer look at the spec tomorrow for this.
>>
>> Yes, that's exactly the case. That's what the test shows.
>
> The reason why I'm struggling to get my head around this is that the
> behaviour is inconsistent with how regular ACEs are handled - we
> just do a simple (granted & ~denied), instead of giving special
> precendence to allow ACEs.
fyi, I'm currently looking into this.
It seems our algo is completely screwed, I'M working on algining the functions with MS-DTYP 2.5.3.2, but that is a *big* can of worms.
I can push what I have in a few minutes if you'd like to take a look...
-slow
More information about the samba-technical
mailing list