[cifs-protocol] handle based permission checks in SMB1?

[Mark Miller (MOD)]

Hi Volker,

Thank you for your question.  A colleague will contact you to investigate this issue.

Regards,
Mark Miller | Escalation Engineer | Open Specifications Support Team
One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com

-----Original Message-----
From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] 
Sent: Thursday, May 03, 2012 8:23 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at cifs.org; pfif at tridgell.net
Subject: handle based permission checks in SMB1?

Hello, dochelp!

While writing tests for reauth I noticed some behaviour I did not expect. The attached trace excercises reauth smb1 behaviour and does some operations on an open file handle.
In frames 17 and 19 you can see that the file descriptor opened with frame 15 is good for writing and querying the secdesc. Frames 20 to 23 reauth the session in question (user id 16385) to anonymous. In frame 25 you can see that the file handle is still good for writing. Frame 27 however shows that the reauth killed the ability to query the security descriptor. Re-authenticating administrator re-establishes the full permissions on the file handle, see frame 33. Doing the trans2 setfileinfo call to set the delete-on-close flag shows the same behaviour as reading the security descriptor does. I can easily provide traces.

My question: How are permission checks for handle-based SMB1 operations performed? Write operations seem to only look at bits attached to the handle, other operations seem to also take the current user token into account. Which SMB1 operations do permission checking in what ways?

Thanks,

Volker Lendecke

--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de