[Samba] Need SDDL Format Security Descriptor (using libsmbclient.so)
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Wed Jan 8 21:32:31 UTC 2025
hi Nirmit,
This kind of question is probably best asked on the Samba Technical mailing list
(https://lists.samba.org/mailman/listinfo/samba-technical), which I will CC.
On 9/01/25 02:04, Nirmit Kansal via samba wrote:
> I am using smbc_getxattr() function (in libsmbclient.so) with the "system.nt_sec_desc" attribute to retrieve the security
descriptor, but this is not providing the descriptor information in SDDL format.
> Also, I am not able to find any attribute in smbc_getxattr() which can provide SDDL format.
>
> I need to use the ACLs information extracted from smbc_getxattr() into windows SDK APIs such as
ConvertStringSecurityDescriptorToSecurityDescriptorW() / ConvertStringSecurityDescriptorToSecurityDescriptorA(), for
which SDDL is required as input.
>
> So, I am struggling to get SDDL format security descriptor using smbc_getxattr() APIs. Is there any known resolution
to this? Do we have any API available in libsmbclient.so which can convert output value received from smbc_getxattr()
into SDDL format?
>
> Any help is highly appreciated.
I don't know much about libsmbclient, but I know we do SDDL encoding in
sddl_encode() in libcli/security/sddl.c. It might not be publicly exposed.
It should also be possible to cast a Samba security descriptor to a Windows
one using the NDR wire format rather than SDDL.
cheers,
Douglas
More information about the samba-technical
mailing list