cifs-utils: setcifsacl receives STATUS_INVALID_SECURITY_DESCR reply from custom CIFS implementation

Shirish Pargaonkar shirishpargaonkar at gmail.com
Tue Jun 27 04:40:07 UTC 2017


if you can provide tcpdumpas well as the command you are using of/for
both Windows and Linux way, that would be helpful

On Mon, Jun 26, 2017 at 8:04 AM, Paul van Schayck via samba-technical
<samba-technical at lists.samba.org> wrote:
> Dear samba-technical,
>
> If this list is inappropriate for this question then please redirect
> me to a better one.
>
> I'm working with a HDS HNAS (Hitachi NAS) which has its own
> implementation of the CIFS protocol. Mounting, and interactions all go
> fine using linux-cifs and related tools.
>
> However, when sending a `setcifsacl -a ACE /dir` the response is
> "main: setxattr error: Input/output error". Upon further digging using
> tcpdump/wireshark it became clear that the HNAS is responding with
>
> NT Status: STATUS_INVALID_SECURITY_DESCR (0xc0000079)
>
> Setting the same ACE using a Windows client did work. So further
> examining of the request being sent showed that the only difference
> between the Windows client and setcifsacl was the addition of a lot of
> padding zero bytes at the end of the security descriptor.
>
> Examining the code of setcifsacl.c and the request more it seems like
> the request was not properly trimmed down to the number of aces being
> sent. More buffer was allocated that the number of aces being sent. So
> I made the attached patch to trim down the request. This fixes some of
> the problems with setcifsacl, but for example breaks deleting aces. I
> also think it's most likely an ugly fix, and the problem needs to be
> solved elsewhere most likely.
>
> So my question is if someone can point me at the correct way to fix
> this in setcifsacl, or help me fix it properly. If necessary I can
> provide tcpdump's of Windows and Linux clients performing the request.
>
> Thanks,
>
> Paul van Schayck
>
> diff --git a/setcifsacl.c b/setcifsacl.c
> index 7eeeaa6..4ada3c8 100644
> --- a/setcifsacl.c
> +++ b/setcifsacl.c
> @@ -761,6 +761,20 @@ setacl_action(struct cifs_ntsd *pntsd, struct
> cifs_ntsd **npntsd,
>         return rc;
>  }
>
> +ssize_t
> +trim_request(ssize_t bufsize, struct cifs_ntsd *npntsd) {
> +       int i, len = 0;
> +       char *a = (char *) npntsd;
> +
> +       for( i = 0; i < bufsize; i++) {
> +               if ( a[i] != 0 )
> +                       len = i;
> +       }
> +
> +       return (ssize_t) len + 2;
> +}
> +
> +
>  static void
>  setcifsacl_usage(const char *prog)
>  {
> @@ -902,7 +916,7 @@ cifsacl:
>         if (rc)
>                 goto setcifsacl_action_ret;
>
> -       attrlen = setxattr(filename, ATTRNAME, ntsdptr, bufsize, 0);
> +       attrlen = setxattr(filename, ATTRNAME, ntsdptr,
> trim_request(bufsize, ntsdptr), 0);
>         if (attrlen == -1) {
>                 printf("%s: setxattr error: %s\n", __func__, strerror(errno));
>                 goto setcifsacl_facenum_ret;
>



More information about the samba-technical mailing list