smb2.session.reauth4: UID/GID to use as anonymous user when modifying DACL
Stefan Metzmacher
metze at samba.org
Sun Jun 16 07:19:47 UTC 2024
Hi Sachin,
> At the same time, I can also see that getuid()/getgid() returns 0/0 and
> geteuid()/getegid() also returns 0/0. Does the default plugin use
> uid/gid 0/0 while performing this operation?
>
> I have the following questions
> 1) What are we testing for with this smbtorture test?
> 2) Is the anonymous user allowed to modify the DACL of the file as done
> in the test? This would obviously lead to access denied errors as we
> see currently.
It checks the reauthentication has no effect on open file handles
only on new file handles. After the SMB2 Create only fsp->access_mask
matters for access checking.
> 3) What uid/gid should be set when performing this action as the
> anonymous user?
Maybe you need to remember the low level token at open time
and use that.
I guess the result of vfs_ceph_igetf and vfs_ceph_userperm_new
should be remembered in an fsp extension in vfs_ceph_openat.
Otherwise it doesn't simulate a kernel file descriptor.
metze
More information about the samba-technical
mailing list