[PATCH] security descriptor stuff for HEAD

Nigel Williams nigel at veritas.com
Wed Jan 16 15:44:01 GMT 2002 

Thanks Matt,

It's certainly concise but I'm not sure it's usable for humans.  I'm
beginning to think we need two formats and a function to convert between the
two.  SDDL for programs and a less concise format for users.

nigel

> -----Original Message-----
> From: samba-technical-admin at lists.samba.org
> [mailto:samba-technical-admin at lists.samba.org]On Behalf Of
> ZINKEVICIUS,MATT (HP-Loveland,ex1)
> Sent: 16 January 2002 15:00
> To: 'Tim Potter'; Nigel Williams
> Cc: Alexey Kotovich; samba-technical at lists.samba.org; tridge at samba.org;
> abartlet at samba.org
> Subject: RE: [PATCH] security descriptor stuff for HEAD
>
>
> Security Descriptor Definition Languange
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/s
ecurity/ac
cctrl_2kac.asp

I wrote a quick'n'dirty SDDL parser a while back that does SDDL
strings->Samba SEC_DESC's and back again. I've attached it in case somebody
is interested.

Matt Zinkevicius
Software Engineer
Network Storage Array Solutions
Hewlett-Packard

> -----Original Message-----
> From: Tim Potter [mailto:tpot at samba.org]
> Sent: Wednesday, January 16, 2002 2:55 PM
> To: Nigel Williams
> Cc: Alexey Kotovich; samba-technical at lists.samba.org;
> tridge at samba.org;
> abartlet at samba.org
> Subject: Re: [PATCH] security descriptor stuff for HEAD
>
>
> On Tue, Jan 15, 2002 at 01:29:18PM -0800, Nigel Williams wrote:
>
> > We need a concise external format for the sec desc and its
> internals so that
> > we can convert to/from a text representation.  This text
> representation can
> > then be used as input to smbcacls or other utilities.  I'd
> prefer it if any
> > display function wrote its output to a string before
> outputting on a stream.
> > The display function could then be paired with a parse
> function to convert
> > the output back to an internal sec desc.
>
> Any ideas on a good text format?  It's a pretty complicated
> data structure..
> I invented a semi-usable one in smbcacls but I'm sure there's a nicer
> way to do it.
>
>
> Tim.
>

More information about the samba-technical mailing list