How to convert security_descriptor in samba to SECURITY_DESCRIPTOR in NT

Stefan (metze) Metzmacher metze at
Thu Apr 1 04:59:06 MDT 2010

Ted schrieb:
> Hi, all
> I have read the CIFS Protocol document provided by Microsoft and the samba
> 3.5.0 source code.
> The CIFS Protocol document says that NT_TRANSACT_QUERY_SECURITY_DESC command
> allows a client to retrieve the security descriptor for a file. And the
> security descriptor is returned in the data portion of the transaction
> response.
> The code in samba process NT_TRANSACT_QUERY_SECURITY_DESC command was just
> load the data blob in xattr and pull an xattr_NTACL out of the data blob by
> call ndr_pull_xattr_NTACL. The security_descriptor in xattr_NTACL was
> different from the definition of SECURITY_DESCRIPTOR in NT. So how does this
> work? Or does anybody know how to convert the samba security_descriptor to a

don't we do ndr_pull_xattr_NTACL() followed by a


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list