[cifs-protocol] 112050346749387 handle based permission checks in SMB1?

Sreekanth Nadendla srenaden at microsoft.com
Fri May 4 08:25:11 MDT 2012

[Adding case mail to cc. Removed dochelp, Incident ID in subject]

Hello Volker,
                      I am the engineer who will be working with you on this issue. I am currently researching the problem and will provide you with an update soon. 

Sreekanth Nadendla
Microsoft Windows Open Specifications

-----Original Message-----
From: Mark Miller (MOD) 
Sent: Thursday, May 03, 2012 8:59 AM
To: Volker.Lendecke at SerNet.DE
Cc: cifs-protocol at cifs.org; pfif at tridgell.net
Subject: RE: handle based permission checks in SMB1?

Hi Volker,

Thank you for your question.  A colleague will contact you to investigate this issue.

Mark Miller | Escalation Engineer | Open Specifications Support Team One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com

-----Original Message-----
From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE]
Sent: Thursday, May 03, 2012 8:23 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at cifs.org; pfif at tridgell.net
Subject: handle based permission checks in SMB1?

Hello, dochelp!

While writing tests for reauth I noticed some behaviour I did not expect. The attached trace excercises reauth smb1 behaviour and does some operations on an open file handle.
In frames 17 and 19 you can see that the file descriptor opened with frame 15 is good for writing and querying the secdesc. Frames 20 to 23 reauth the session in question (user id 16385) to anonymous. In frame 25 you can see that the file handle is still good for writing. Frame 27 however shows that the reauth killed the ability to query the security descriptor. Re-authenticating administrator re-establishes the full permissions on the file handle, see frame 33. Doing the trans2 setfileinfo call to set the delete-on-close flag shows the same behaviour as reading the security descriptor does. I can easily provide traces.

My question: How are permission checks for handle-based SMB1 operations performed? Write operations seem to only look at bits attached to the handle, other operations seem to also take the current user token into account. Which SMB1 operations do permission checking in what ways?


Volker Lendecke

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de

More information about the cifs-protocol mailing list