Hi Volker: The information you gave is sufficient. We are still working on it. I'll be in touch as soon as I have an answer.
Regards, Obaid Farooqi Escalation Engineer | Microsoft -----Original Message----- From: Volker Lendecke [mailto:[email protected]] Sent: Tuesday, June 28, 2011 10:25 AM To: Obaid Farooqi Cc: [email protected]; [email protected]; MSSolve Case Email Subject: Re: [Pfif] [REG:111052652308584] [[email protected]: Reminder -- share secdesc and smb2 echo?] Hi! Any updates here? Is the information I gave you sufficient, or do you need more? With best regards, Volker Lendecke On Sat, Jun 18, 2011 at 07:29:09PM +0200, Volker Lendecke wrote: > On Fri, Jun 17, 2011 at 08:22:05PM +0000, Obaid Farooqi wrote: > > It looks like we need the trace to properly answer this question. > > I appreciate your help and understanding in this matter. > > Ok. Attached find two screenshots that show the share secdesc on a > German XP box (w2k8 behaves the same in this respect). Also find > corresponding traces. > > fullcontrol.cap shows that given that vl is owner > (S-1-5-21-1757981266-1482476501-515967899-1003 is xp\vl) of the file > but does not have the WRITE_DAC rights from the secdesc in frame 14. > Nevertheless, the owner implicit WRITE_DAC makes the NTCREATE in frame > 15 asking for WRITE_DAC succeed. > > change.cap is similar, this time the share secdesc does not grant > "full control". You can see in frame 16 that asking for WRITE_DAC is > denied. However, setting the secdesc via the NT_TRANSACT_CREATE in > frame 11 works. In frame 12 you can see this file was newly created. > > The question is: Why can I set a security descriptor on a newly > created file although the share secdesc denies WRITE_DAC? > > Are there other exceptions? > > With best regards, > > Volker Lendecke > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, > GF: Dr. Johannes Loxen > _______________________________________________ > Pfif mailing list > [email protected] > http://lists.tridgell.net/cgi-bin/mailman/listinfo/pfif -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
