[cifs-protocol] [EXTERNAL] Querying SD of a stream - TrackingID#2408130040006466
Kristian Smith
Kristian.Smith at microsoft.com
Tue Sep 3 21:36:10 UTC 2024
Hi Slow,
I have completed my research on this issue regarding querying the SD of an alternate data stream. I have confirmed that the document incorrectly suggests that querying the SD of an alternate data stream must fail with STATUS_INVALID_PARAMETER. In Windows, it actually succeeds by treating the request as a SD request on the main stream. I confirmed this with a similar test to the one that you conducted by directly querying the SD. I also opened an alternate data stream for editing and the SD check also succeeds.
I have submitted a request to have this sentence removed from MS-FSA 2.1.5.14 and 2.1.5.17. Please let me know if you have any additional questions. If I don't hear back from you by Friday, I'll assume you don't have additional concerns and I'll move forward with closing the case.
Thanks again for raising this issue and helping us improve the accuracy of MS-FSA. Have a great week!
Regards,
Kristian Smith
Support Escalation Engineer | Microsoft® Corporation
Office phone: +1 425-421-4442
Email: kristian.smith at microsoft.com
-----Original Message-----
From: Kristian Smith
Sent: Thursday, August 15, 2024 9:31 AM
To: Ralph Boehme <slow at samba.org>
Cc: cifs-protocol at lists.samba.org
Subject: RE: [EXTERNAL] Querying SD of a stream - TrackingID#2408130040006466
Hi Slow,
I was able to successfully repro the issue you're seeing. Based on the fact that alternate data streams do not have their own Security Descriptors, this is probably intentional; hence the document would be incorrect. I'm currently researching the code to determine any necessary documentation changes. I'll update you when I know what these changes are.
Thanks for bringing this to our attention.
Regards,
Kristian Smith
Support Escalation Engineer | Microsoft® Corporation Office phone: +1 425-421-4442
Email: kristian.smith at microsoft.com
-----Original Message-----
From: Kristian Smith
Sent: Tuesday, August 13, 2024 8:22 AM
To: Ralph Boehme <slow at samba.org>
Cc: cifs-protocol at lists.samba.org
Subject: RE: [EXTERNAL] Querying SD of a stream - TrackingID#2408130040006466
[DocHelp to Bcc]
Hi Slow,
Thanks for your request. The case number 2408130040006466 has been created for this inquiry. One of our team members will follow up with you soon.
Regards,
Kristian Smith
Support Escalation Engineer | Microsoft® Corporation Office phone: +1 425-421-4442
Email: kristian.smith at microsoft.com
-----Original Message-----
From: Ralph Boehme <slow at samba.org>
Sent: Tuesday, August 13, 2024 2:37 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] Querying SD of a stream
Hello dochelp,
according to MS-FSA 2.1.5.14 "Server Requests a Query of Security Information" when querying the SD of a stream the request should be failed:
* If Open.Stream.StreamType is DataStream and Open.Stream.Name
is not empty, the operation MUST be failed with
STATUS_INVALID_PARAMETER; security information can be may
only be queried on a file or directory handle, not on a
stream handle.
But if I query an SD of a stream via SMB3 against a Windows server (Windows Server 2022) I get back the current SD of open.file, network trace attached.
MS-FSA 2.1.5.17 "Server Requests Setting of Security Information" has the same clause and setting an SD also works.
Is this a doc or product bug? Or am I missing something?
Can you please check and clarify?
Thanks!
-slow
More information about the cifs-protocol
mailing list