Observation/Question on use of NTSTATUS in the Samba4 code base

Gerald (Jerry) Carter jerry at samba.org
Wed Apr 4 02:14:55 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Krishna Ganugapati wrote:

> I guess the general reason is to maintain the access 
> rights after you do a security descriptor check the first
> time.  But then that information needs to be communicated
> back to the calling client which would need to
> pass it in as a parameter -- which the NetAPIs don't 
> provide??

Yup.  All the RPC interfaces in Samba (and I assume Windows)
use the handle for peforming the access check on object
open and then maintaining the granted permissions.

In the case of the Samr calls, I believe the Win32 API just
asks for SEC_RIGHT_MAXIMUM_ALLOWED although you can definitely
ask for a specific set of permissions in the Samr RPC calls.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGEwofIR7qMdg1EfYRApdMAKCsnJRdi3+xOxVXGJ5KRQZ8ZVIHBQCgi9NR
DZX9S8O3+cksas27w5/KPK0=
=DBCM
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list