[cifs-protocol] 114082111720309 Filtering SECURITY_INFORMATION flags for SMB* access
Tarun Chopra
Tarun.Chopra at microsoft.com
Wed Aug 20 18:40:51 MDT 2014
Metze - I'm researching this for you and will get back with an update.
Sent from my iPhone
> On Aug 20, 2014, at 2:33 PM, "Sreekanth Nadendla" <srenaden at microsoft.com> wrote:
>
> Casemail in Cc
> Dochelp in Bcc
>
> Hello Stefan Metzmacher,
> Thank you for your inquiry about File sharing protocols. We have created incident 114082111720309 to track the investigation for this issue. One of the Open specifications team member will contact you shortly.
>
>
> Regards,
> Sreekanth Nadendla
> Microsoft Windows Open Specifications
>
>
>
> -----Original Message-----
> From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
> Sent: Wednesday, August 20, 2014 5:54 PM
> To: Interoperability Documentation Help
> Cc: cifs-protocol at samba.org
> Subject: Filtering SECURITY_INFORMATION flags for SMB* access
>
> Hi,
>
> both [MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY and 3.3.5.21.3 Handling SMB2_0_INFO_SECURITY indicate that the client given SECURITY_INFORMATION flags should be filtered before passing them to the [MS-FSA] layer.
>
> Only the following should be passed:
> OWNER_SECURITY_INFORMATION
> GROUP_SECURITY_INFORMATION
> DACL_SECURITY_INFORMATION
> SACL_SECURITY_INFORMATION
> LABEL_SECURITY_INFORMATION
> ATTRIBUTE_SECURITY_INFORMATION
> SCOPE_SECURITY_INFORMATION
> BACKUP_SECURITY_INFORMATION
>
> I'm wondering why [MS-SMB] 2.2.7.3 NT_TRANSACT_SET_SECURITY_DESC
> (0x0003) Extensions
> and 2.2.7.4 NT_TRANSACT_QUERY_SECURITY_DESC (0x0006) Extensions.
> specify only:
>
> OWNER_SECURITY_INFORMATION
> GROUP_SECURITY_INFORMATION
> DACL_SECURITY_INFORMATION
> SACL_SECURITY_INFORMATION
> LABEL_SECURITY_INFORMATION
>
> [MS-CIFS] 3.3.5.59.3 Receiving an NT_TRANSACT_SET_SECURITY_DESC Request and 3.3.5.59.5 Receiving an NT_TRANSACT_QUERY_SECURITY_DESC Request doesn't say anything about filtering out some flags.
>
> I guess [MS-SMB] and [MS-CIFS] are incomplete and the behavior matches [MS-SMB2], can you confirm that?
>
> Thanks!
> metze
>
More information about the cifs-protocol
mailing list