[cifs-protocol] Filtering SECURITY_INFORMATION flags for SMB* access
Stefan (metze) Metzmacher
metze at samba.org
Wed Aug 20 15:53:58 MDT 2014
Hi,
both [MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY
and 3.3.5.21.3 Handling SMB2_0_INFO_SECURITY indicate
that the client given SECURITY_INFORMATION flags should be filtered
before passing them to the [MS-FSA] layer.
Only the following should be passed:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION
ATTRIBUTE_SECURITY_INFORMATION
SCOPE_SECURITY_INFORMATION
BACKUP_SECURITY_INFORMATION
I'm wondering why [MS-SMB] 2.2.7.3 NT_TRANSACT_SET_SECURITY_DESC
(0x0003) Extensions
and 2.2.7.4 NT_TRANSACT_QUERY_SECURITY_DESC (0x0006) Extensions.
specify only:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION
[MS-CIFS] 3.3.5.59.3 Receiving an NT_TRANSACT_SET_SECURITY_DESC Request
and 3.3.5.59.5 Receiving an NT_TRANSACT_QUERY_SECURITY_DESC Request
doesn't say anything about filtering out some flags.
I guess [MS-SMB] and [MS-CIFS] are incomplete and the behavior
matches [MS-SMB2], can you confirm that?
Thanks!
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20140820/1bfa3d38/attachment.pgp>
More information about the cifs-protocol
mailing list