How to convert security_descriptor in samba to SECURITY_DESCRIPTOR in NT

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Apr 1 03:55:13 MDT 2010

On Thu, Apr 01, 2010 at 05:47:00PM +0800, Ted wrote:
> I have read the CIFS Protocol document provided by Microsoft and the samba
> 3.5.0 source code.
> The CIFS Protocol document says that NT_TRANSACT_QUERY_SECURITY_DESC command
> allows a client to retrieve the security descriptor for a file. And the
> security descriptor is returned in the data portion of the transaction
> response.
> The code in samba process NT_TRANSACT_QUERY_SECURITY_DESC command was just
> load the data blob in xattr and pull an xattr_NTACL out of the data blob by
> call ndr_pull_xattr_NTACL. The security_descriptor in xattr_NTACL was
> different from the definition of SECURITY_DESCRIPTOR in NT. So how does this
> work? Or does anybody know how to convert the samba security_descriptor to a

Sorry, I don't fully understand what you mean. We have the
[un]marshall_sec_desc routines that convert between a
byte stream and the Samba internal representations. Are you
saying that the security.NTACL xattr contains invalid data?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <>

More information about the samba-technical mailing list