[PATCH 1/2] s4-security: Move some auxiliary functions for creation of security descriptors in DS to libcli/security
Stefan (metze) Metzmacher
metze at samba.org
Thu Dec 12 13:37:24 MST 2013
Hi Nadezhda,
> This is a patch that moves a lot of the code used for security descriptor
> creation in libcli/security, so that the code can be reused by the OpenLdap
> overlay. It looks like a lot to review, but in reality there aren't that
> many changes, the code has mostly been moved.
I'm sorry but I have to object exposing this stuff as public library.
Function names like cr_descr_handle_sd_flag() are completely confusing,
I even don't like this for internal usage, but it's not critical in that
case.
If we start to expose something as public library we have to maintain it
relatively stable in future.
The other functions (except map_generic_rights_ds and
create_security_descriptor)
start with structure name they operate on, e.g. security_descriptor_*,
security_ace_*, security_acl_*. This are are good names and functions
which will most likely don't need any future changes.
We should cleanup the other ones before we expose them. For AD specific
functions
we should use something like security_descriptor_ds_* or
security_descriptor_ad_*.
metze
More information about the samba-technical
mailing list