Export (0) Print
Expand All

2.2 Message Syntax

The security descriptor property adds to the set of WebDAV properties, as specified in [RFC2518] section 13. The WebDAV Protocol Security Extensions use the PROPFIND and PROPPATCH WebDAV methods specified in [RFC2518] sections 8.1 and 8.2 to get and set this property. This property is an XML representation of a security descriptor. The type of this property is specified by using XML schema definition (XSD) grammar, as specified in [XMLSCHEMA1/2]. This property is represented by the descriptor XML element, which extends the security_descriptor element defined in the http://schemas.microsoft.com/security/ XML namespace. The XSD for this property is defined as follows.

<?xml version="1.0" encoding="utf-8" ?>
<xs:schema xmlns:S="http://schemas.microsoft.com/security/"
           xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
           attributeFormDefault="qualified"
           elementFormDefault="qualified"
           targetNamespace="http://schemas.microsoft.com/security/"
           xmlns:xs="http://www.w3.org/2001/XMLSchema">

  <!--  Bool is defined to be either 1 or 0 -->
  <xs:simpleType name="bool">
    <xs:restriction base="xs:boolean">
      <xs:pattern value="0|1" />
    </xs:restriction>
  </xs:simpleType>

  <!--  Globally Unique Identifier [MS-DTYP] -->
  <xs:simpleType name="guid">
    <xs:restriction base="xs:string">
      <xs:pattern value="\{[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}\}" />
    </xs:restriction>
  </xs:simpleType>

  <xs:simpleType name="type_string">
    <xs:restriction base="xs:string">
      <xs:enumeration value="user" />
      <xs:enumeration value="group" />
      <xs:enumeration value="domain" />
      <xs:enumeration value="alias" />
      <xs:enumeration value="well_known_group" />
      <xs:enumeration value="deleted_account" />
      <xs:enumeration value="invalid" />
      <xs:enumeration value="unknown" />
      <xs:enumeration value="computer" />
    </xs:restriction>
  </xs:simpleType>

  <xs:element name="display_name" type="xs:string" />
  <xs:element name="ad_object_guid" type="S:guid" />
  <xs:element name="type" type="S:type_string" />
  <xs:element name="nt4_compatible_name" type="xs:string" />
  <xs:element name="string_sid" type="xs:string" />

  <xs:complexType name="NT_Sid">
    <xs:sequence>
      <xs:element minOccurs="0" ref="S:string_sid" />
      <xs:element minOccurs="0" ref="S:nt4_compatible_name" />
      <xs:element minOccurs="0" ref="S:type" />
      <xs:element minOccurs="0" ref="S:ad_object_guid" />
      <xs:element minOccurs="0" ref="S:display_name" />
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="sid">
    <xs:sequence>
      <xs:element name="sid" type="S:NT_Sid" />
    </xs:sequence>
  </xs:complexType>

  <xs:element name="access_mask">
    <xs:simpleType>
      <xs:restriction base="xs:hexBinary">
        <xs:minLength value="1" />
        <xs:maxLength value="8" />
      </xs:restriction>
    </xs:simpleType>
  </xs:element>

  <xs:complexType name="ace_T">
    <xs:sequence>
      <xs:element ref="S:access_mask" />
      <xs:element name="sid" type="S:NT_Sid" />
    </xs:sequence>
    <xs:attribute name="inherited" type="S:bool" />
  </xs:complexType>

  <xs:complexType name="inheritable_ace_T">
    <xs:complexContent mixed="false">
      <xs:extension base="S:ace_T">
        <xs:attribute name="no_propagate_inherit" type="S:bool" />
      </xs:extension>
    </xs:complexContent>
  </xs:complexType>

  <xs:complexType name="aces">
    <xs:sequence>
      <xs:element minOccurs="0" maxOccurs="unbounded" name="access_allowed_ace" type="S:ace_T" />
      <xs:element minOccurs="0" maxOccurs="unbounded" name="access_denied_ace" type="S:ace_T" />
      <xs:element minOccurs="0" maxOccurs="unbounded" name="system_audit_ace" type="S:ace_T" />
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="inheritable_aces">
    <xs:sequence>
      <xs:element minOccurs="0" maxOccurs="unbounded" name="access_allowed_ace" type="S:inheritable_ace_T" />
      <xs:element minOccurs="0" maxOccurs="unbounded" name="access_denied_ace" type="S:inheritable_ace_T" />
      <xs:element minOccurs="0" maxOccurs="unbounded" name="system_audit_ace" type="S:inheritable_ace_T" />
    </xs:sequence>
  </xs:complexType>

  <xs:element name="revision" type="xs:unsignedInt" />

  <xs:complexType name="acl">
    <xs:all minOccurs="0">
      <xs:element ref="S:revision" />
      <xs:element name="effective_aces" type="S:aces" />
      <xs:element name="subcontainer_inheritable_aces" type="S:inheritable_aces" />
      <xs:element name="subitem_inheritable_aces" type="S:inheritable_aces" />
    </xs:all>
  </xs:complexType>

  <xs:element name="audit_always" type="S:acl" />
  <xs:element name="audit_on_failure" type="S:acl" />
  <xs:element name="audit_on_success" type="S:acl" />

  <xs:element name="sacl">
    <xs:complexType>
      <xs:sequence>
        <xs:element ref="S:revision" />
        <xs:element ref="S:audit_always" />
        <xs:element ref="S:audit_on_failure" />
        <xs:element ref="S:audit_on_success" />
      </xs:sequence>
      <xs:attribute name="defaulted" type="S:bool" />
      <xs:attribute name="protected" type="S:bool" />
      <xs:attribute name="autoinherited" type="S:bool" />
    </xs:complexType>
  </xs:element>

  <xs:element name="dacl">
    <xs:complexType>
      <xs:complexContent mixed="false">
        <xs:extension base="S:acl">
          <xs:attribute name="defaulted" type="S:bool" />
          <xs:attribute name="protected" type="S:bool" />
          <xs:attribute name="autoinherited" type="S:bool" />
        </xs:extension>
      </xs:complexContent>
    </xs:complexType>
  </xs:element>

  <xs:element name="primary_group">
    <xs:complexType>
      <xs:complexContent mixed="false">
        <xs:extension base="S:sid">
          <xs:attribute name="defaulted" type="S:bool" />
        </xs:extension>
      </xs:complexContent>
    </xs:complexType>
  </xs:element>

  <xs:element name="owner">
    <xs:complexType>
      <xs:complexContent mixed="false">
        <xs:extension base="S:sid">
          <xs:attribute name="defaulted" type="S:bool" />
        </xs:extension>
      </xs:complexContent>
    </xs:complexType>
  </xs:element>

  <xs:element name="security_descriptor">
    <xs:complexType>
      <xs:complexContent mixed="false">
        <xs:extension base="D:microsoft.security_descriptor">
          <xs:attribute name="from_mapi_tlh" type="S:bool" />
        </xs:extension>
      </xs:complexContent>
    </xs:complexType>
  </xs:element>
</xs:schema>

<!--  The base microsoft security descriptor -->
<xs:schema xmlns:S="http://schemas.microsoft.com/security/"
           xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
           attributeFormDefault="qualified"
           elementFormDefault="qualified"
           targetNamespace="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
           xmlns:xs="http://www.w3.org/2001/XMLSchema">

  <xs:complexType name="microsoft.security_descriptor">
    <xs:all minOccurs="0">
      <xs:element ref="S:revision" />
      <xs:element ref="S:owner" />
      <xs:element ref="S:primary_group" />
      <xs:element ref="S:dacl" />
      <xs:element ref="S:sacl" />
    </xs:all>
  </xs:complexType>
</xs:schema>

<!--  The schema of the actual descriptor property
      This is the property that can be asked for via WebDAV  -->

<xs:schema xmlns:S="http://schemas.microsoft.com/security/"
           xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
           attributeFormDefault="qualified"
           elementFormDefault="qualified"
           targetNamespace=
              "http://schemas.microsoft.com/exchange/security/"
           xmlns:xs="http://www.w3.org/2001/XMLSchema">

  <xs:element name="descriptor">
    <xs:complexType>
      <xs:sequence>
        <xs:element ref="S:security_descriptor" />
      </xs:sequence>
    </xs:complexType>
  </xs:element>
</xs:schema>
Show:
© 2015 Microsoft