Principal Inheritance Not Working

Briglair · June 13, 2018, 9:15pm

API.ExecuteCommand("add_ace ad1 shit111 allow");
API.ExecuteCommand("add_ace ad1 fuck111 allow");

API.ExecuteCommand("add_ace ad2 bitch1 allow");
API.ExecuteCommand("add_principal ad2 ad1");

API.ExecuteCommand("add_principal identifier.steam:110000101e66d0e ad2");

I am executing the above code. I am checking if my player has permissions for shit111, fuck111, and bitch1. Only bitch1 is returning true (when I am set as ad2).

I have tried different naming conventions for the principals/aces. I have tried adding quotes around the aces and/or principals in various combinations. I have tried reordering how everything is executed.

No matter what I do, I cannot get ad2 to inherit the aces from ad1. When I use list_principals, ad2 is showing that ad1 is a parent.

If I set my identifier principal to ad1 instead of ad2, I then get the aces, of course. So it is not an issue with the aces themselves.

I spoke with @Vespura briefly about this as well, and he said that inheritance doesn’t work for him either.

californium · June 14, 2018, 6:52am

It seems a typo was made in client/citicore/se/Security.cpp where instead of recursively adding the parent principal, the same principal gets recursed on again.

This will be resolved shortly.

thulium · June 14, 2018, 6:53am

cfx> add_ace animal live allow
cfx> add_principal cat mammal
cfx> add_principal mammal animal
cfx> test_ace cat live
cat -> live = true

This fix should make a tad more sense. It’ll be committed shortly!

neodymium · June 14, 2018, 6:58am

terbium · June 14, 2018, 7:12am

Official builds of pipeline ID 651+ should resolve this.

Vespura · June 14, 2018, 4:02pm

Very nice!

Briglair · June 14, 2018, 4:20pm

Indeed.

Thanks!