Access control to SAM / _samr_query_sec_obj
abartlet at pcug.org.au
Thu Jun 6 04:06:02 GMT 2002
Kai Krueger wrote:
> ----- Original Message -----
> From: "Jeremy Allison" <jra at samba.org> Sent: Wednesday, June 05, 2002 8:07 PM
> Subject: Re: Access control to SAM / _samr_query_sec_obj
> > Nice patch. I do have one request though. I've (for years)
> > been removing magic numerical constants from Samba (like
> > the "0xf003f" in the patch above). We know what these numbers
> > are in SEC_ACL terms - can you please change the numbers to
> > a list of #defined constants :
> > ie. The 0x20010 above should map to :
> > READ_CONTROL_ACCESS plus a new constant that specifies READ
> > access to a SAMR, probably something like SAMR_READ_ACCESS
> > (as it's a specific right).
> > Thanks,
> > Jeremy.
> Ok, I've removed all the numerical constants and have added them as #defines in rpc_samr.h.
> The names are partly based upon information I got from ACL tools.
> As the SDs contained numerical constants as well, that part is included as well, so it is a patch
> against a fresh samba HEAD cvs from 31.5.02
Firstly, can you update for current CVS? (I suspect there will be
conficts, I made some changes for better NTSTATUS returns recently).
Secondly, I have some further style nit-picks:
- We can't use \\ as a comment in Samba, as many C compilers don't
- Please use 8-space tabs. Samba mainly uses the 'linux' coding style
- which you can
set in emacs. Also make 'if(' -> 'if ('.
On the patch itself, it looks pretty good. In the longer term, I plan
to move the access contols into the passdb - they will take an extra
paramater of 'access_granted'. This will allow us to have a consistant
policy across all access methods (SAMR, RAP, etc) as well as removing
the really weird way the passdb requires become_root() stuff atm.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical