[PATCH] security descriptor stuff for HEAD

Nigel Williams nigel at veritas.com
Wed Jan 16 13:45:04 GMT 2002


We need a concise external format for the sec desc and its internals so that
we can convert to/from a text representation.  This text representation can
then be used as input to smbcacls or other utilities.  I'd prefer it if any
display function wrote its output to a string before outputting on a stream.
The display function could then be paired with a parse function to convert
the output back to an internal sec desc.


> -----Original Message-----
> From: samba-technical-admin at lists.samba.org
> [mailto:samba-technical-admin at lists.samba.org]On Behalf Of Alexey Kotovich
> Sent: 16 January 2002 11:59
> To: samba-technical at lists.samba.org
> Cc: tridge at samba.org; abartlet at samba.org
> Subject: [PATCH] security descriptor stuff for HEAD
> Hi all!
> Let me explain my position regard to subj.
> Makefile.in:
> I've decided to stick ads_disp_* functions to ADS because they
> cannot be used w/o one.
> It means that we have some differences between existing function
> for displaying security
> descriptor (we've got another 2 implementations of it) and these.
> As far as I understand,
> they are used for different cases: display_sec_* from
> rpcclient/display_sec.c are used for
> displaying permissions which connect to security descriptor got
> by RPC call, another funs
> (from rpcclient/display.c) work with file stream instead of
> stdout and parse NT4 permissions
> flags which overlaping ADS flags. Besides, display.c contains a
> lot of functions unused by ADS.
> New functions display permissions of ADS object only.
> ldap.c:
> There is a problem there. Need we either create new or modify
> existing security descriptor?
> Andrew Bartlet and me ;) guess that it would be better to go the
> second way.
> At least, it can allow us to use right SD's and ACL's header.
> Alexey Kotovich.

More information about the samba-technical mailing list