[cifs-protocol] [Pfif] [REG:111052652308584] [ttalpey at microsoft.com: Reminder -- share secdesc and smb2 echo?]

Volker Lendecke Volker.Lendecke at SerNet.DE
Sat Jun 18 11:29:09 MDT 2011 

On Fri, Jun 17, 2011 at 08:22:05PM +0000, Obaid Farooqi wrote:
> It looks like we need the trace to properly answer this question. 
> I appreciate your help and understanding in this matter.

Ok. Attached find two screenshots that show the share
secdesc on a German XP box (w2k8 behaves the same in this
respect). Also find corresponding traces.

fullcontrol.cap shows that given that vl is owner
(S-1-5-21-1757981266-1482476501-515967899-1003 is xp\vl) of
the file but does not have the WRITE_DAC rights from the
secdesc in frame 14. Nevertheless, the owner implicit
WRITE_DAC makes the NTCREATE in frame 15 asking for
WRITE_DAC succeed.

change.cap is similar, this time the share secdesc does not
grant "full control". You can see in frame 16 that asking
for WRITE_DAC is denied. However, setting the secdesc via
the NT_TRANSACT_CREATE in frame 11 works. In frame 12 you
can see this file was newly created.

The question is: Why can I set a security descriptor on a
newly created file although the share secdesc denies
WRITE_DAC?

Are there other exceptions?

With best regards,

Volker Lendecke

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fullcontrol.cap
Type: application/cap
Size: 3802 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20110618/7b56cb62/attachment-0002.cap>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fullcontrol.png
Type: image/png
Size: 25648 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20110618/7b56cb62/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: change.cap
Type: application/cap
Size: 3734 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20110618/7b56cb62/attachment-0003.cap>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: change.png
Type: image/png
Size: 25606 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20110618/7b56cb62/attachment-0003.png>

More information about the cifs-protocol mailing list