ACL formats used by sharesec in 4.2
Jeremy Allison
jra at samba.org
Thu Apr 23 14:28:30 MDT 2015
On Thu, Apr 23, 2015 at 09:44:20AM -0700, Christof Schmitt wrote:
> Hi,
>
> i noticed that the ACL output printed by sharesec has been changed
> through this commit:
>
> commit 4a9d64e37a72cd1384c1e8db54532b8e850715cd
> Author: David Disseldorp <ddiss at samba.org>
> Date: Mon May 26 14:38:24 2014 +0200
>
> sharesec: use NDR security descriptor print fns
>
> Signed-off-by: David Disseldorp <ddiss at samba.org>
> Reviewed-by: Jeremy Allison <jra at samba.org>
> Reviewed-by: Volker Lendecke <vl at samba.org>
>
> While i understand the goal to share code, now the input format of
> sharesec is different than the output format:
>
> Setting a share-level ACL uses the old format:
> # sharesec test -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
>
> Quering it returns the NDR dump:
> # sharesec test -v
> : struct security_descriptor
> revision : SECURITY_DESCRIPTOR_REVISION_1 (1)
> type : 0x8004 (32772)
> 0: SEC_DESC_OWNER_DEFAULTED
> 0: SEC_DESC_GROUP_DEFAULTED
> 1: SEC_DESC_DACL_PRESENT
> 0: SEC_DESC_DACL_DEFAULTED
> 0: SEC_DESC_SACL_PRESENT
> 0: SEC_DESC_SACL_DEFAULTED
> 0: SEC_DESC_DACL_TRUSTED
> ...
>
> This is probably not very useful. Should we revert the patches to return
> to the old output format?
Yeah, the old code to do this now exists in source3/utils/smbcacls.c
only. Maybe we should move it to a common file source3/lib/util_sdprint.c
or something and just share it between sharesec and smbcacls.
More information about the samba-technical
mailing list