Observation/Question on use of NTSTATUS in the Samba4 code base
Gerald (Jerry) Carter
jerry at samba.org
Wed Apr 4 02:14:55 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Krishna Ganugapati wrote:
> I guess the general reason is to maintain the access
> rights after you do a security descriptor check the first
> time. But then that information needs to be communicated
> back to the calling client which would need to
> pass it in as a parameter -- which the NetAPIs don't
> provide??
Yup. All the RPC interfaces in Samba (and I assume Windows)
use the handle for peforming the access check on object
open and then maintaining the granted permissions.
In the case of the Samr calls, I believe the Win32 API just
asks for SEC_RIGHT_MAXIMUM_ALLOWED although you can definitely
ask for a specific set of permissions in the Samr RPC calls.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGEwofIR7qMdg1EfYRApdMAKCsnJRdi3+xOxVXGJ5KRQZ8ZVIHBQCgi9NR
DZX9S8O3+cksas27w5/KPK0=
=DBCM
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list