How to convert security_descriptor in samba to SECURITY_DESCRIPTOR in NT
Ted
zgk_1208 at yahoo.com.cn
Thu Apr 1 08:36:17 MDT 2010
Thanks for your reply. I am developing some code to parse the data stored in "security.NTACL".
When it comes to the code, I can't find how samba decode the data sent by NT_TRANSACT_QUERY_SECURITY_DESC, but now I find it. Thank you very much.
> -----Original Message-----
> From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
> Sent: Thursday, April 01, 2010 9:29 PM
> To: Ted
> Cc: samba-technical at lists.samba.org
> Subject: Re: How to convert security_descriptor in samba to
> SECURITY_DESCRIPTOR in NT
>
> Ted schrieb:
> > So, you mean that ndr_pull_xattr_NTACL just pull a samba defined security
> descriptor from the data blob(NT format SECURITY_DESCRIPTOR), and
> ndr_push_xattr_NTACL push the samba defined security descriptor into the
> data blob(NT format SECURITY_DESCRIPTOR)? If you process the command
> NT_TRANSACT_QUERY_SECURITY_DESC, you should first call
> ndr_pull_xattr_NTACL and then ndr_push_xattr_NTACL.
>
> Can you clarify what you're are exactly doing and what fails for you.
> Are developing some code or do you think you've found a bug in existing code?
>
> The blob's stored are not 100% the NT_TRANSACT_QUERY_SECURITY_DESC
> returns (at least it should not).
>
> We store a version number and an optional hash too, so we store a
> xattr_NTACL marshalled into a blob and
> NT_TRANSACT_QUERY_SECURITY_DESC should return a marshalled
> security_descriptor.
>
> »·······const char *XATTR_NTACL_NAME = "security.NTACL";
>
> »·······const int XATTR_SD_HASH_SIZE = 64; »·······const int
> XATTR_SD_HASH_TYPE_NONE = 0x0; »·······const int
> XATTR_SD_HASH_TYPE_SHA256 = 0x1;
>
> »·······typedef [public] struct {
> »·······»·······security_descriptor *sd;
> »·······»·······uint8 hash[16];
> »·······} security_descriptor_hash_v2; /* Hash never used in this version. */
>
> »·······typedef [public] struct {
> »·······»·······security_descriptor *sd;
> »·······»·······uint16 hash_type;
> »·······»·······uint8 hash[64]; /* 64 bytes hash. */ »·······}
> security_descriptor_hash_v3;
>
> »·······typedef [switch_type(uint16)] union { »·······»·······[case(1)]
> security_descriptor *sd; »·······»·······[case(2)]
> security_descriptor_hash_v2 *sd_hs2; »·······»·······[case(3)]
> security_descriptor_hash_v3 *sd_hs3; »·······} xattr_NTACL_Info;
>
> »·······typedef [public] struct {
> »·······»·······uint16 version;
> »·······»·······[switch_is(version)] xattr_NTACL_Info info; »·······}
> xattr_NTACL;
>
> metze
> >> -----Original Message-----
> >> From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
> >> Sent: Thursday, April 01, 2010 6:59 PM
> >> To: Ted
> >> Cc: samba-technical at lists.samba.org
> >> Subject: Re: How to convert security_descriptor in samba to
> >> SECURITY_DESCRIPTOR in NT
> >>
> >> Ted schrieb:
> >>> Hi, all
> >>>
> >>> I have read the CIFS Protocol document provided by Microsoft and the
> >>> samba 3.5.0 source code.
> >>>
> >>> The CIFS Protocol document says that
> >> NT_TRANSACT_QUERY_SECURITY_DESC
> >>> command allows a client to retrieve the security descriptor for a
> >>> file. And the security descriptor is returned in the data portion of
> >>> the transaction response.
> >>>
> >>> The code in samba process NT_TRANSACT_QUERY_SECURITY_DESC
> >> command was
> >>> just load the data blob in xattr and pull an xattr_NTACL out of the
> >>> data blob by call ndr_pull_xattr_NTACL. The security_descriptor in
> >>> xattr_NTACL was different from the definition of SECURITY_DESCRIPTOR
> >>> in NT. So how does this work? Or does anybody know how to convert
> >>> the samba security_descriptor to a NT SECURITY_DESCRIPTOR?
> >> don't we do ndr_pull_xattr_NTACL() followed by a
> >> ndr_push_security_descriptor()?
> >>
> >> metze
> >>
> >
> >
> > __________________________________________________
> > Ï¿ ×¢ Å» ?
> > http://cn.mail.yahoo.com
> >
>
__________________________________________________
¸Ï¿ì×¢²áÑÅ»¢³¬´óÈÝÁ¿Ãâ·ÑÓÊÏä?
http://cn.mail.yahoo.com
More information about the samba-technical
mailing list