[cifs-protocol] handle based permission checks in SMB1?

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu May 3 06:22:56 MDT 2012

Hello, dochelp!

While writing tests for reauth I noticed some behaviour I
did not expect. The attached trace excercises reauth smb1
behaviour and does some operations on an open file handle.
In frames 17 and 19 you can see that the file descriptor
opened with frame 15 is good for writing and querying the
secdesc. Frames 20 to 23 reauth the session in question
(user id 16385) to anonymous. In frame 25 you can see that
the file handle is still good for writing. Frame 27 however
shows that the reauth killed the ability to query the
security descriptor. Re-authenticating administrator
re-establishes the full permissions on the file handle, see
frame 33. Doing the trans2 setfileinfo call to set the
delete-on-close flag shows the same behaviour as reading the
security descriptor does. I can easily provide traces.

My question: How are permission checks for handle-based SMB1
operations performed? Write operations seem to only look at
bits attached to the handle, other operations seem to also
take the current user token into account. Which SMB1
operations do permission checking in what ways?


Volker Lendecke

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reauth_smb1.cap
Type: application/cap
Size: 9544 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20120503/b5ef2e69/attachment.cap>

More information about the cifs-protocol mailing list