[PATCH 0/13] add SMB2 server-side copy support - V2

David Disseldorp ddiss at suse.de
Thu Dec 6 14:24:19 MST 2012


Hi Jeremy,

On Thu, 6 Dec 2012 09:53:52 -0800
Jeremy Allison <jra at samba.org> wrote:

> > Strangely Windows servers do not appear to check the open-time granted
> > access on the source file. This behaviour matches what is documented in
> > [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request, where
> > only the destination file is checked for open-time granted read and
> > write access.
> > 
> > I'll drop the src_fsp check for now, dest_fsp will be checked for read
> > and write access. New round of patches with a bunch more torture tests
> > is on its way.  
> 
> I don't think we can do that can we ?
> 
> Imagine the following, a "super-secure" file is opened with READ_ATTRIBUTES
> only, then used as a copychunk source handle to copy data from it into a
> "non-secure" file.

Wouldn't the super-secure file ACL block the read at IO time anyway?
The copychunk default VFS hooks still uses regular read/write to perform
the offloaded IO.

Here's the test case written to exercise this behaviour:
https://git.samba.org/?p=ddiss/samba.git;a=blob;f=source4/torture/smb2/ioctl.c;h=273ac36fd0d995459eee38bf7f00a4f432c212a0;hb=ec757abee90c0ed350cf97130535dba59b6171bc#l1124

> I think we have to have the read check on the source file.

I'm fine with adding the read check, but it means we will diverge from
(strange) Windows behaviour in this case.

Cheers, David


More information about the samba-technical mailing list