[PATCH] security descriptor stuff for HEAD

ZINKEVICIUS,MATT (HP-Loveland,ex1) matt_zinkevicius at hp.com
Wed Jan 16 15:52:25 GMT 2002 

SDDL is like The Matrix, after looking at it enough you just sort of
understand it ;-)

Anyway, my 2 cents is that security descriptors can be very complex, and
therefore I don't see there being any concise string'able mechanism that
won't be as well. Note that in the code I attached earlier there is a
output_sec_info() call that outputs a VERY human readable version of a
security descriptor, but it is not concise at all.

--Matt

> -----Original Message-----
> From: Nigel Williams [mailto:nigel at veritas.com]
> Sent: Wednesday, January 16, 2002 4:37 PM
> To: ZINKEVICIUS,MATT (HP-Loveland,ex1); 'Tim Potter'; Nigel Williams
> Cc: Alexey Kotovich; samba-technical at lists.samba.org; 
> tridge at samba.org;
> abartlet at samba.org
> Subject: RE: [PATCH] security descriptor stuff for HEAD
> 
> 
> Thanks Matt,
> 
> It's certainly concise but I'm not sure it's usable for humans.  I'm
> beginning to think we need two formats and a function to 
> convert between the
> two.  SDDL for programs and a less concise format for users.
> 
> nigel
> 
> > -----Original Message-----
> > From: samba-technical-admin at lists.samba.org
> > [mailto:samba-technical-admin at lists.samba.org]On Behalf Of
> > ZINKEVICIUS,MATT (HP-Loveland,ex1)
> > Sent: 16 January 2002 15:00
> > To: 'Tim Potter'; Nigel Williams
> > Cc: Alexey Kotovich; samba-technical at lists.samba.org; 
> tridge at samba.org;
> > abartlet at samba.org
> > Subject: RE: [PATCH] security descriptor stuff for HEAD
> >
> >
> > Security Descriptor Definition Languange
> > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/s
> ecurity/ac
> cctrl_2kac.asp
> 
> I wrote a quick'n'dirty SDDL parser a while back that does SDDL
> strings->Samba SEC_DESC's and back again. I've attached it in 
> case somebody
> is interested.
> 
> Matt Zinkevicius
> Software Engineer
> Network Storage Array Solutions
> Hewlett-Packard
> 
> > -----Original Message-----
> > From: Tim Potter [mailto:tpot at samba.org]
> > Sent: Wednesday, January 16, 2002 2:55 PM
> > To: Nigel Williams
> > Cc: Alexey Kotovich; samba-technical at lists.samba.org;
> > tridge at samba.org;
> > abartlet at samba.org
> > Subject: Re: [PATCH] security descriptor stuff for HEAD
> >
> >
> > On Tue, Jan 15, 2002 at 01:29:18PM -0800, Nigel Williams wrote:
> >
> > > We need a concise external format for the sec desc and its
> > internals so that
> > > we can convert to/from a text representation.  This text
> > representation can
> > > then be used as input to smbcacls or other utilities.  I'd
> > prefer it if any
> > > display function wrote its output to a string before
> > outputting on a stream.
> > > The display function could then be paired with a parse
> > function to convert
> > > the output back to an internal sec desc.
> >
> > Any ideas on a good text format?  It's a pretty complicated
> > data structure..
> > I invented a semi-usable one in smbcacls but I'm sure 
> there's a nicer
> > way to do it.
> >
> >
> > Tim.
> >
> 
> 
>

More information about the samba-technical mailing list