-----Original Message----- From: Autrijus Tang [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 11:34 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Module submission Win32::Security
> > I look forward to releasing the code when it is in good shape:). > Any estimated time for that, or is there already preliminary > POD/tests/code available for preview? I'm shooting for sometime in the next two weeks. I've had "working" code for close to a month now, but I've been reluctant to release it until the public interfaces settle down. The public interfaces have been through a few massive refactorings as design decisions have proved sub-optimal. For instance, ACLs are built of ACEs, which come in a variety of types: ACCESS_ALLOWED_ACE_TYPE, ACCESS_DENIED_ACE_TYPE, SYSTEM_AUDIT_ACE_TYPE, etc. In addition, how an ACE behaves depends upon the sort of object it is applied to. For instance, an ACE with the mask GENERIC_ALL that gets inherited onto a file or directory gets GENERIC_ALL mapped to STANDARD_RIGHTS_ALL|FILE_GENERIC_READ|FILE_GENERIC_WRITE|FILE_GENERIC_EXECUTE|FILE_DELETE_CHILD. That mapping is different for registry keys, printers, Active Directory objects, etc. So I have a situation with multiple inheritance - all 8 ACE types could apply to 10 different kinds of objects. I only currently support 2 ACE types and 1 kind of object, but the interface has to be architected to support all 80 combinations so that I can provide for future expansion. Initially I made the breakdown by subclassing on object type and glossing over the ACE type variation. However, as I came to understand that the different ACE types have different internal binary structures and different parameters, I realized that it makes more sense to subclass on the ACE type and have an attribute that selects the object type and governs the behavior. That changed all the public interfaces. The consequences of my design decisions only truly become apparent as I attempt to fill in the details, so I'm a little reluctant to increase the weight of backward compatibility by releasing before I'm comfortable with the architecture. --Toby Ovod-Everett
