Re: tcon torture test
> > Ah. Bingo. So the context is based on the file handle. Makes sense. > > The same thing is true of the RPC handles for printing. given that win2003 seems to now restrict SMBwriteX to be on the 'correct' tid, it would be interesting to retest the RPC case with a win2003 server. Maybe they fixed this in more than one place?
Re: tcon torture test
On Sat, Mar 29, 2003 at 08:10:03PM -0600, Christopher R. Hertel wrote: > [EMAIL PROTECTED] wrote: > > > > > If two SessionSetups are sent, each resulting in a separate [V]UID, > > > then does Windows apply correct restrictions to each or does it allow > > > the greater set of permissions? That is: > > > > The question doesn't really make sense for SMBwriteX. It is similar to > > the way write() works in posix - a open file handle can be used in any > > security context, it doesn't matter what euid you change to before > > calling write() > > Ah. Bingo. So the context is based on the file handle. Makes sense. The same thing is true of the RPC handles for printing. Jeremy.
Re: tcon torture test
> It turns out that Win2003 RC2 does check these... ok, so win2003 rc2 behaves more like Samba does for this test. If the final of win2003 also does this then we can change the sense of the test, and consider the win2000 behaviour to be a bug.
Re: tcon torture test
On Sun, 2003-03-30 at 12:36, Richard Sharpe wrote: > On Sun, 30 Mar 2003 [EMAIL PROTECTED] wrote: > > > > If two SessionSetups are sent, each resulting in a separate [V]UID, then > > > does Windows apply correct restrictions to each or does it allow the greater > > > set of permissions? That is: > > > > The question doesn't really make sense for SMBwriteX. It is similar to > > the way write() works in posix - a open file handle can be used in any > > security context, it doesn't matter what euid you change to before > > calling write() > > Right. The security checking is done at open time. However, I imagine that > there are problems over NFS. There sure are for another FS I can name > where read/write permission checking is deferred until reading/writing > time. It turns out that Win2003 RC2 does check these... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: tcon torture test
[EMAIL PROTECTED] wrote: > > > If two SessionSetups are sent, each resulting in a separate [V]UID, > > then does Windows apply correct restrictions to each or does it allow > > the greater set of permissions? That is: > > The question doesn't really make sense for SMBwriteX. It is similar to > the way write() works in posix - a open file handle can be used in any > security context, it doesn't matter what euid you change to before > calling write() Ah. Bingo. So the context is based on the file handle. Makes sense. > > I really want to know more about your NTVFS rewrite. :) > > well, it involves rewriting just about every core function in smbd. So > far I have 4 files compiling in the rewrite (server.c, process.c, > negprot.c and request.c). I was hoping I'd have something working to > demo at SambaXP but it may not get done in time. > > see http://samba.org/~tridge/hack/diffs.txt for a patch that shows > what I'm doing. I need to finish this book thing this week, so I will have to catch up later. Perhaps at SambaXP. I'll try not to ask too many questions. :) Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: tcon torture test
On Sun, 30 Mar 2003 [EMAIL PROTECTED] wrote: > > If two SessionSetups are sent, each resulting in a separate [V]UID, then > > does Windows apply correct restrictions to each or does it allow the greater > > set of permissions? That is: > > The question doesn't really make sense for SMBwriteX. It is similar to > the way write() works in posix - a open file handle can be used in any > security context, it doesn't matter what euid you change to before > calling write() Right. The security checking is done at open time. However, I imagine that there are problems over NFS. There sure are for another FS I can name where read/write permission checking is deferred until reading/writing time. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: tcon torture test
> If two SessionSetups are sent, each resulting in a separate [V]UID, then > does Windows apply correct restrictions to each or does it allow the greater > set of permissions? That is: The question doesn't really make sense for SMBwriteX. It is similar to the way write() works in posix - a open file handle can be used in any security context, it doesn't matter what euid you change to before calling write() > I really want to know more about your NTVFS rewrite. :) well, it involves rewriting just about every core function in smbd. So far I have 4 files compiling in the rewrite (server.c, process.c, negprot.c and request.c). I was hoping I'd have something working to demo at SambaXP but it may not get done in time. see http://samba.org/~tridge/hack/diffs.txt for a patch that shows what I'm doing. Cheers, Tridge
Re: tcon torture test
[EMAIL PROTECTED] wrote: > > Richard, > > I've now modified the TCON test to be more useful. It now checks the > following: > > - does the server allow a SMBwriteX with a TID other than the one used > to open the file > - does the server allow a SMBwriteX with a completely invalid TID > - does the server allow a SMBwriteX with a completely invalid VUID > > The answer to all the above is 'yes' for win2000, and 'no' for Samba. > > Interestingly, win98 disallows the first two (like Samba) but allows > the third. I assume that W2K (and W98) are somehow using the fact that a valid TID and UID were negotiated at some point. You wouldn't want an SMBwriteX to succeed if the user had not sent any valid credentials. If two SessionSetups are sent, each resulting in a separate [V]UID, then does Windows apply correct restrictions to each or does it allow the greater set of permissions? That is: - I log on as 'crh' and get back [V]UID 1 and log on again (within the same session) as 'Adminstrator' and get back [V]UID 2. - If I use [V]UID 1 in later SMBs, do I have 'Administrator' privilages or just the 'crh' priviledges I should have? More to the point, can I test these combinations with smbtorture? > This has implications for my NTVFS rewrite. It means we can't hang the > file list off the tcon context. It also means that to be fully win2000 > complient we would need to defer the TID and VUID interpretation to > each of the reply functions, rather than doing it in the general SMB > parse/reply code. I really want to know more about your NTVFS rewrite. :) Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: tcon torture test
Richard, I've now modified the TCON test to be more useful. It now checks the following: - does the server allow a SMBwriteX with a TID other than the one used to open the file - does the server allow a SMBwriteX with a completely invalid TID - does the server allow a SMBwriteX with a completely invalid VUID The answer to all the above is 'yes' for win2000, and 'no' for Samba. Interestingly, win98 disallows the first two (like Samba) but allows the third. This has implications for my NTVFS rewrite. It means we can't hang the file list off the tcon context. It also means that to be fully win2000 complient we would need to defer the TID and VUID interpretation to each of the reply functions, rather than doing it in the general SMB parse/reply code. Cheers, Tridge
tcon torture test
Hi, Herb and I looked at the TCON torture test a bit today. In our testing we found that Windows NT4, Win2K and most Samba versions fail it, so we both wonder which server ever passed this test. We tested NT4 SP3 and NT4 SP6, as well as Win2K server and Win2K workstation. I have also tested NT4 SP1. To refresh your memory, the TCON tests connects to a share and opens a file. It then writes to the file, and then connects to the same share again, and writes to the file that was originally opened and expects the second write to fail. Herb found an interesting case, though. It seems that Pillar Data's CIFS implementation, which is based on Samba 2.2.x, passes this test. This is surprising, because it suggests that Pillar has changed their version to pass this test, when so few other servers pass the test. Does anyone know of any servers pass the test, and why it is there? It is interesting to note that it is in the torture code in Samba 2.2.x as well, so it might be left over from a very early version of NT4. I wonder if it was only Win9X where this test succeeds? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
