'Re: [cifs-protocol] [EXTERNAL] [MS-DTYP] SDDL conditional ACEs: XU and ZA mixed up? - TrackingID#230'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cifs-protocol
Subject:    Re: [cifs-protocol] [EXTERNAL] [MS-DTYP] SDDL conditional ACEs: XU and ZA mixed up? - TrackingID#230
From:       Tom Jebo via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date:       2023-08-25 17:22:38
Message-ID: DS0PR21MB3906CD772C8E67A4A262DD5EB5E3A () DS0PR21MB3906 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]

[dochelp to bcc]
[support mail to cc]

Hi Douglas, 

Thanks for your request regarding MS-DTYP. One of the Open Specifications team \
members will respond to assist you. In the meantime, we've created case \
2308250010010768 to track this request. Please leave the case number in the subject \
when communicating with our team about this request.

Best regards,
Tom Jebo
Microsoft Open Specifications Support

-----Original Message-----
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Sent: Thursday, August 24, 2023 5:11 PM
To: Interoperability Documentation Help <dochelp@microsoft.com>; \
                cifs-protocol@lists.samba.org
Subject: [EXTERNAL] [MS-DTYP] SDDL conditional ACEs: XU and ZA mixed up?

hi Dochelp,

In 2.5.1.1 Syntax, it says:

  "XU"  Access Allowed Object Callback  0xB
  "ZA"  Audit Callback                  0xD

suggesting that

  D:(XU;;;12345678-1234-1234-1234-123456789012;;WD;(Member_of SID(WD)))

should compile to Access Allowed Object Callback ACE. But it doesn't.
Nor does it compile to an Audit Callback ACE, presumably because it needs to be in a \
SACL not a DACL.

These are the strings that *do* work:

  D:(ZA;;;12345678-1234-1234-1234-123456789012;;WD;(Member_of SID(WD))) this compiles \
to ACE type 11.

  D:(ZA;;;;;WD;(Member_of SID(WD)))
this compiles to ACE type 9 (that is, without a GUID, "ZA" devolves to "XA").

  S:(XU;;;;;WD;(Member_of SID(WD)))
this compiles to ACE type 13.

So I am pretty sure [MS-DTYP] got those 2 mixed up.

Douglas
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

[prev in list] [next in list] [prev in thread] [next in thread] 