[cifs-protocol] Extended rights as LDIF, 117112017192160
Andrew Bartlett
abartlet at samba.org
Mon Dec 11 04:14:22 UTC 2017
On Fri, 2017-12-08 at 15:10 +1300, Garming Sam wrote:
> Hi Edgar,
>
> I've been looking at the usage of validAccesses a bit further and I
> found some statements in MS-ADTS which mention its protocol relevance.
> In particular I notice that there is a statement mentioning what values
> it must have in the case for control access rights.
>
> [MS-ADTS] 5.1.3.2.1 Control Access Rights
>
> https://msdn.microsoft.com/en-us/library/cc223512.aspx
>
> "validAccesses: The type of access right bits in the ACCESS_MASK field
> of an ACE with which the control access right can be associated. The
> only permitted access right for control access rights is
> RIGHT_DS_CONTROL_ACCESS (CR)."
>
> It appears that section 5.1.3 contains some of the information we were
> seeking in regards to this attribute (and how the set of rights are
> divided into the different classes). There also appears to be another
> section on property sets which mentions which are under this category.
> However the corresponding validAccesses value required for these rights
> appears to only be mentioned in a non-normative document:
>
> https://msdn.microsoft.com/en-us/library/ms675747(v=vs.85).aspx
>
> Given the disparate set of information, it would be useful to have
> validAccesses documented for each extended-right collected with the
> other attributes given in 6.1.1.2.7 Extended Rights, and the reference
> in 6.1.1.2.7.1 controlAccessRight objects removed which asserts that the
> information is implementation specific. While a full set of published
> ldif would be most helpful, getting the existing information collated
> would be a definite improvement.
>
G'Day Edgar,
Given the various bits of info above and in the public
WindowsServerDocs github repo, we have constructed the attached. It
isn't perfect, but it shows that this is actually essentially covered
in the docs.
You mentioned on or last call that you are happy to take suggestions
for improving the docs, and this is certainly an area we would like
improved. That is, we would like to have something like this file
provided, just as the Display Specifiers and Schema have been provided,
as LDIF.
(As I'm sure you know for full interoperability our standard is that we
need to be able to have the full set of matching objects.)
Otherwise, would it be possible to add a reference, informative or
normative to resources like:
https://technet.microsoft.com/library/dd378876.aspx
https://technet.microsoft.com/en-us/library/cc730930(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/dd378828(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/ms683985(v=vs.85).aspx
That would allow this existing content to be captured under the license
for our use, which would be very helpful.
Thanks!
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: extended-rights.ldif
Type: text/x-ldif
Size: 31465 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20171211/ba6cd715/extended-rights-0001.bin>
More information about the cifs-protocol
mailing list