[PATCH 1/2] s4-security: Move some auxiliary functions for creation of security descriptors in DS to libcli/security

Nadezhda Ivanova nivanova at samba.org
Thu Dec 12 13:51:45 MST 2013

Hi Metze,
I will rename the functions and include better explanations on what they
do, and re-submit, thanks!


On Thu, Dec 12, 2013 at 10:37 PM, Stefan (metze) Metzmacher <metze at samba.org
> wrote:

> Hi Nadezhda,
> > This is a patch that moves a lot of the code used for security descriptor
> > creation in libcli/security, so that the code can be reused by the
> OpenLdap
> > overlay. It looks like a lot to review, but in reality there aren't that
> > many changes, the code has mostly been moved.
> I'm sorry but I have to object exposing this stuff as public library.
> Function names like cr_descr_handle_sd_flag() are completely confusing,
> I even don't like this for internal usage, but it's not critical in that
> case.
> If we start to expose something as public library we have to maintain it
> relatively stable in future.
> The other functions (except map_generic_rights_ds and
> create_security_descriptor)
> start with structure name they operate on, e.g. security_descriptor_*,
> security_ace_*, security_acl_*. This are are good names and functions
> which will most likely don't need any future changes.
> We should cleanup the other ones before we expose them. For AD specific
> functions
> we should use something like security_descriptor_ds_* or
> security_descriptor_ad_*.
> metze

More information about the samba-technical mailing list