[Adding case mail to cc. Removed dochelp, Incident ID in subject]
Hello Volker,
I am the engineer who will be working with you on this
issue. I am currently researching the problem and will provide you with an
update soon.
Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications
-----Original Message-----
From: Mark Miller (MOD)
Sent: Thursday, May 03, 2012 8:59 AM
To: [email protected]
Cc: [email protected]; [email protected]
Subject: RE: handle based permission checks in SMB1?
Hi Volker,
Thank you for your question. A colleague will contact you to investigate this
issue.
Regards,
Mark Miller | Escalation Engineer | Open Specifications Support Team One
Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com
-----Original Message-----
From: Volker Lendecke [mailto:[email protected]]
Sent: Thursday, May 03, 2012 8:23 AM
To: Interoperability Documentation Help
Cc: [email protected]; [email protected]
Subject: handle based permission checks in SMB1?
Hello, dochelp!
While writing tests for reauth I noticed some behaviour I did not expect. The
attached trace excercises reauth smb1 behaviour and does some operations on an
open file handle.
In frames 17 and 19 you can see that the file descriptor opened with frame 15
is good for writing and querying the secdesc. Frames 20 to 23 reauth the
session in question (user id 16385) to anonymous. In frame 25 you can see that
the file handle is still good for writing. Frame 27 however shows that the
reauth killed the ability to query the security descriptor. Re-authenticating
administrator re-establishes the full permissions on the file handle, see frame
33. Doing the trans2 setfileinfo call to set the delete-on-close flag shows the
same behaviour as reading the security descriptor does. I can easily provide
traces.
My question: How are permission checks for handle-based SMB1 operations
performed? Write operations seem to only look at bits attached to the handle,
other operations seem to also take the current user token into account. Which
SMB1 operations do permission checking in what ways?
Thanks,
Volker Lendecke
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr.
Johannes Loxen http://www.sernet.de, mailto:[email protected]
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
