[jcifs] Re: Share permissions

Michael B Allen mba2000 at ioplex.com
Tue Jan 2 19:41:23 GMT 2007


On Tue, 02 Jan 2007 13:08:41 -0500
Karl Wright <kwright at metacarta.com> wrote:

> Karl Wright wrote:
> > Thanks, Mike.
> > 
> > I already sent the remote query to you (or, rather, a TCPDUMP of the 
> > entire session where I opened the properties panel for the dir7share 
> > from a remote Windows machine).  Windows *did* let me into the 
> > "properties" panel, but before it did it said that I could not access 
> > security for that share remotely, and when I got in sure enough the 
> > security display was grey'd.  I've reattached them.  What interested me 
> > was that you said that you saw "Access denied" in that dump for at least 
> > one transaction.  If that transaction had anything to do with dir7share 
> > I'd love to know which transaction that was, and what Windows seemed to 
> > be asking for at that time.
> > 
> > Karl
> > 
> 
> After looking at these with ethereal, I found two interesting issues in 
> the tcpdump.out.2 trace, which is the one where I tried to access dir7share.
> 
> First, there's a protocol error!  Look for a SMB NT_Trans_Request packet 
> that is a NT_QUERY_SECURITY_DESC request.  One of them comes back with 
> "Buffer too small".  Not sure why Windows would fail in this way - 
> although it could well be that there is a version difference between the 
> client and the server.

That's not a protocol error. That's just the client's way of determining
how big of a buffer it needs. Not optimal but there's a lot of stuff in
Windows protocols that isn't optimal.

> Second, there's a NetrShareGetInfo request that goes out to 
> wxp-ie-65-201 for dir7share.  Do you have any idea what this request 
> might be for, and would Jcifs submit a similar request at any point?

That doesn't contain any security descriptor information. It's basic
non-interesting stuff.

Mike

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/


More information about the jcifs mailing list