NT owner, ACL info?

[Jeremy Allison]

Luke Kenneth Casson Leighton wrote:
> 
> On Thu, 16 Apr 1998, Rob Riggs wrote:
> 
> > Does the SMB (or CIFS) protocol define some way of
> > querying an NT server on the owner and ACLs of a
> > particular file?
> 
> no it does not.  the "source code" of NT and Win95 microsoft see as the
> definitive "spec".  that is not to say that we can't stare at network
> traces and work it out.
> 
> we (any samba team member) just haven't done this yet :-)
> 

Yes I have, I just haven't written or coded it up yet :-).

Seriously, if you want to know what Security descriptors
(which is the data structure that contains the ACLs in
NT) looks like, check out the functions to put a SD in
'self relative' format in the Win32 SDK docs. The format
of SDs on the wire is just this structure linearized.

The reason I haven't persued this strongly yet is to
make any use of it you need 2 other things.

1). NT SMB support (without this you can't even
send SDs).

2). Some of the domain controller functions - particularly
the LSA functions (as these do the mapping between SIDs
and names). Without these functions you could send
back SDs containing ACLs containing SIDs but the
receiving machine would just print 'unknown user'
'cos it couldn't translate back into the user name.

This code is on my list of things to add - however,
my guess would be it might not be in the next (1.9.19)
major release, but in the one after that (samba-2 ?).

Jeremy.


-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------