On Mon, Mar 23, 2015 at 01:10:31AM +0000, Bryan Burgin wrote:
> Hi Andrew.
>
> I know you're out of the office hiking around. We hope you had a wonderful
> time (assuming you're reading this in a few weeks).
>
> We worked out what is causing this. We are sending a [MS-SRVS]
> NetShareGetInfo packet for Level 502 information. In the response, we're
> receiving a SECURITY_DESCRIPTOR that has a NULL Owner SID (OffsetOwner).
>
> We can argue if that's permissible or not. In [MS-DTYP] 2.4.6
> SECURITY_DESCRIPTOR it discusses: "OffsetOwner (4 bytes): An unsigned 32-bit
> integer that specifies the offset to the SID. This SID specifies the owner of
> the object to which the security descriptor is associated. This must be a
> valid offset if the OD flag is not set. If this field is set to zero, the
> OwnerSid field MUST not be present."
>
> Thus, if the OD flag (Owner Defaulted: "Set when the owner was established by
> default means") is cleared (not set) then the Owner SID must be valid, and
> NULL is not valid. That notwithstanding, as for this user interface, it
> doesn't recognize a NULL Owner SID event even if the OD flag is set.
>
> We are pursuing a fix for this in Windows 8.1/2012R2 and for Windows 10 (in
> the user-mode code that is behind this user request). But, I'm holding off
> on requesting a fix for Windows 8/2012 unless we have a strong business
> justification to do so. This can also be mitigated in Samba code by
> supplying the Owner SID in level 502 queries.
>
> Bryan
Thanks Bryan, that's an interesting one. If an owner
wasn't stored in the share security descriptor db when
it was created/set, then we'll not return one on get.
Or if the share was created by smb.conf, and not
separately created then we'll return a 'default'
security descriptor that doesn't contain an owner.
I'll see if I can create a Samba patch you can
test for this.
Cheers,
Jeremy.
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
