Hello, dochelp! While writing tests for reauth I noticed some behaviour I did not expect. The attached trace excercises reauth smb1 behaviour and does some operations on an open file handle. In frames 17 and 19 you can see that the file descriptor opened with frame 15 is good for writing and querying the secdesc. Frames 20 to 23 reauth the session in question (user id 16385) to anonymous. In frame 25 you can see that the file handle is still good for writing. Frame 27 however shows that the reauth killed the ability to query the security descriptor. Re-authenticating administrator re-establishes the full permissions on the file handle, see frame 33. Doing the trans2 setfileinfo call to set the delete-on-close flag shows the same behaviour as reading the security descriptor does. I can easily provide traces.
My question: How are permission checks for handle-based SMB1 operations performed? Write operations seem to only look at bits attached to the handle, other operations seem to also take the current user token into account. Which SMB1 operations do permission checking in what ways? Thanks, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:[email protected]
reauth_smb1.cap
Description: application/cap
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
