decode security information in security.NTACL
Jeremy Allison
jra at samba.org
Fri Mar 26 10:38:11 MDT 2010
On Fri, Mar 26, 2010 at 12:02:23PM +0800, Ted wrote:
> Hi, all
>
> Recently I was developing a client software on Windows for a distributed
> network file system.
>
> The server of the distributed network file system is linux. We want to
> implement Windows acl for our file system, and our goal is compatible with
> samba4 acl. I downloaded the samba code and found that samba store the
> security descriptor in the file's xattr. So we made a design that the server
> just send the data blob of the file's xattr to the client, and the client
> parse the data in the data blob, then convert to the nt security descriptor.
>
> The problem was that I found that samba uses many ndr_xxx functions to
> pull/push the datablob/security descriptor. And the ndr lib is a bit
> complex. Our system was based on oncrpc. We don't have the ndr lib. I just
> wondering is there a simple way to decode the data in xattr?
Yes, if I had my way I'd marshall in ONC/RPC as well :-).
The problem is we need to marshall into NDR for on the wire
transfer to Windows, so it's just too convenient to use
the same functions to marshall for disk storage too.
There isn't a *simple*, hand written library for unmarshalling
I'm afraid, it's bloody NDR, which is a disaster :-(.
Jeremy.
More information about the samba-technical
mailing list