[cifs-protocol] 112050346749387 handle based permission checks in SMB1?

Sreekanth Nadendla srenaden at microsoft.com
Thu May 24 15:29:12 MDT 2012


Hello Volker,
                         Our product group is investigating this issue closely.  I will provide you an update as soon as we conclude our review. Thank you for being patient.

Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications

-----Original Message-----
From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] 
Sent: Tuesday, May 22, 2012 4:39 AM
To: Sreekanth Nadendla
Cc: MSSolve Case Email; cifs-protocol at cifs.org; pfif at tridgell.net
Subject: Re: 112050346749387 handle based permission checks in SMB1?

Hello!

Have you been able to make any progress on this issue?

Thanks,

Volker Lendecke

On Fri, May 04, 2012 at 02:25:11PM +0000, Sreekanth Nadendla wrote:
> [Adding case mail to cc. Removed dochelp, Incident ID in subject]
> 
> Hello Volker,
>                       I am the engineer who will be working with you on this issue. I am currently researching the problem and will provide you with an update soon. 
> 
> 
> Regards,
> Sreekanth Nadendla
> Microsoft Windows Open Specifications
> 
> 
> -----Original Message-----
> From: Mark Miller (MOD)
> Sent: Thursday, May 03, 2012 8:59 AM
> To: Volker.Lendecke at SerNet.DE
> Cc: cifs-protocol at cifs.org; pfif at tridgell.net
> Subject: RE: handle based permission checks in SMB1?
> 
> Hi Volker,
> 
> Thank you for your question.  A colleague will contact you to investigate this issue.
> 
> Regards,
> Mark Miller | Escalation Engineer | Open Specifications Support Team 
> One Microsoft Way, 98052, Redmond, WA, USA 
> http://support.microsoft.com
> 
> -----Original Message-----
> From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE]
> Sent: Thursday, May 03, 2012 8:23 AM
> To: Interoperability Documentation Help
> Cc: cifs-protocol at cifs.org; pfif at tridgell.net
> Subject: handle based permission checks in SMB1?
> 
> Hello, dochelp!
> 
> While writing tests for reauth I noticed some behaviour I did not expect. The attached trace excercises reauth smb1 behaviour and does some operations on an open file handle.
> In frames 17 and 19 you can see that the file descriptor opened with frame 15 is good for writing and querying the secdesc. Frames 20 to 23 reauth the session in question (user id 16385) to anonymous. In frame 25 you can see that the file handle is still good for writing. Frame 27 however shows that the reauth killed the ability to query the security descriptor. Re-authenticating administrator re-establishes the full permissions on the file handle, see frame 33. Doing the trans2 setfileinfo call to set the delete-on-close flag shows the same behaviour as reading the security descriptor does. I can easily provide traces.
> 
> My question: How are permission checks for handle-based SMB1 operations performed? Write operations seem to only look at bits attached to the handle, other operations seem to also take the current user token into account. Which SMB1 operations do permission checking in what ways?
> 
> Thanks,
> 
> Volker Lendecke
> 
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, 
> GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de
> 
> 

--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de




More information about the cifs-protocol mailing list