[PATCH 1/2] s4-security: Move some auxiliary functions for creation of security descriptors in DS to libcli/security

Stefan (metze) Metzmacher metze at samba.org
Thu Dec 12 13:37:24 MST 2013

Hi Nadezhda,

> This is a patch that moves a lot of the code used for security descriptor
> creation in libcli/security, so that the code can be reused by the OpenLdap
> overlay. It looks like a lot to review, but in reality there aren't that
> many changes, the code has mostly been moved.

I'm sorry but I have to object exposing this stuff as public library.

Function names like cr_descr_handle_sd_flag() are completely confusing,
I even don't like this for internal usage, but it's not critical in that

If we start to expose something as public library we have to maintain it
relatively stable in future.

The other functions (except map_generic_rights_ds and
start with structure name they operate on, e.g. security_descriptor_*,
security_ace_*, security_acl_*. This are are good names and functions
which will most likely don't need any future changes.

We should cleanup the other ones before we expose them. For AD specific
we should use something like security_descriptor_ds_* or


More information about the samba-technical mailing list