[Patch] add a function to get a SD object from the default security descriptor text value

Jelmer Vernooij jelmer at samba.org
Fri Sep 18 12:33:44 MDT 2009

Hi Matthieu,

Matthieu Patou wrote:
> Find attach a patch that create a function for the python bindings
> that allow to get a SD from a the textual version of the
> defaultSecurityDescriptor.
> This function is needed for the upgradeprovision script so that we can
> work out wether the SD has changed from its default value.
Thanks! The patch is ok in general, but some minor issues below:

+    secdesc->owner_sid = session->security_token->user_sid;
+        secdesc->group_sid = session->security_token->group_sid;
While I don't mind adding convenience functions to the library, I don't
think we strictly need this to do what you want. It should be possible
to change the owner/group sid of a security descriptor from within
Python as well.

> +static PyTypeObject *PyAuthSession = NULL;
Please keep this (as well as the logic whether or not it's found yet) in
py_get_pyauthsession_type(). Are you sure this optimization is really
necessary? Import statements, especially trivial ones like this one
should be pretty quick in Python.
> +	{ "ntsd_from_defaultsd", (PyCFunction)py_descriptor_ntsd_from_defaultsd, METH_VARARGS|METH_CLASS|METH_CLASS,
There's no need for METH_CLASS twice :-)

Please drop the "ntsd_" bit - this is a method on the SecurityDescriptor
class, so it's implied that it concerns a security descriptor.

Stylistically (and I realize we haven't always been doing this for older
code) please add whitespace after a comma in argument lists. E.g.
"self.assertEquals(1, bar)" rather than "self.assertEquals(1,bar)"



More information about the samba-technical mailing list