[cifs-protocol] 114082111720309 Filtering SECURITY_INFORMATION flags for SMB* access

Sreekanth Nadendla srenaden at microsoft.com
Wed Aug 20 18:32:41 MDT 2014


Casemail in Cc
Dochelp in Bcc

Hello Stefan Metzmacher,
                                             Thank you for your inquiry about File sharing protocols. We have created incident 114082111720309 to track the investigation for this issue. One of the Open specifications team member will contact you shortly.


Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications



-----Original Message-----
From: Stefan (metze) Metzmacher [mailto:metze at samba.org] 
Sent: Wednesday, August 20, 2014 5:54 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Filtering SECURITY_INFORMATION flags for SMB* access

Hi,

both [MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY and 3.3.5.21.3 Handling SMB2_0_INFO_SECURITY indicate that the client given SECURITY_INFORMATION flags should be filtered before passing them to the [MS-FSA] layer.

Only the following should be passed:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION
ATTRIBUTE_SECURITY_INFORMATION
SCOPE_SECURITY_INFORMATION
BACKUP_SECURITY_INFORMATION

I'm wondering why [MS-SMB] 2.2.7.3 NT_TRANSACT_SET_SECURITY_DESC
(0x0003) Extensions
and 2.2.7.4 NT_TRANSACT_QUERY_SECURITY_DESC (0x0006) Extensions.
specify only:

OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION

[MS-CIFS] 3.3.5.59.3 Receiving an NT_TRANSACT_SET_SECURITY_DESC Request and 3.3.5.59.5 Receiving an NT_TRANSACT_QUERY_SECURITY_DESC Request doesn't say anything about filtering out some flags.

I guess [MS-SMB] and [MS-CIFS] are incomplete and the behavior matches [MS-SMB2], can you confirm that?

Thanks!
metze



More information about the cifs-protocol mailing list