none
SMB2 create access masks RRS feed

  • Question

  • Quite a few possible values of access mask for SMB2 create aren't shown in 2.2.13.1. In my tests I found that any access mask bits in the set 0x0df0fe00 give STATUS_ACCESS_DENIED. Shouldn't that be
    STATUS_INVALID_PARAMETER? Or does this mean some of those bits are actually valid in some situations?

    Cheers, Tridge

    Tuesday, May 27, 2008 3:37 AM

Answers

  • Hi Tridge,

    I concluded my investigation and future releases of the [MS-SMB] and [MS-SMB2] documents will include something in the lines of:

    "If any of the bits in the mask 0x0CE0FE00 is set, the server SHOULD fail the create with STATUS_ACCESS_DENIED"

    As a SHOULD, having a PARAMETER_INVALID or ACCESS_DENIED is opened for implementation decisions.

    Please let me know if this satisfies your request.

    Thanks for helping us improve our documentation.

    Regards,

    SEBASTIAN CANEVARI - MSFT


    SEE Protocol Documentation Team
    Thursday, July 10, 2008 9:28 PM

All replies

  •  

    Hi Andrew, thanks for your post regarding the [MS-SMB2] protocol specification. We will review your question and update the forum once our investigation is complete. Thanks!

     

    Sebastian Canevari - MSFT

     

    Thursday, May 29, 2008 3:38 PM
  •  

    Hi Andrew,

     

    I’ve been reviewing the info on the document and I would need a little clarification from you.

     

    The mask that you are using 0D F0 FE 00, includes one bit that’s described on the document (ACCESS_SYSTEM_SECURITY
    0x01000000).

     

     

     It’s not clear to us that you need this mask. Can you clarify what you’re doing that you need it or I’d suggest dropping the bit from the mask as I state next…

     

    If not, I would suggest to run your test with the following mask:  0C F0 FE 00

     

    Thanks!

    Monday, June 2, 2008 3:07 PM
  • Hi Tridge,

    I concluded my investigation and future releases of the [MS-SMB] and [MS-SMB2] documents will include something in the lines of:

    "If any of the bits in the mask 0x0CE0FE00 is set, the server SHOULD fail the create with STATUS_ACCESS_DENIED"

    As a SHOULD, having a PARAMETER_INVALID or ACCESS_DENIED is opened for implementation decisions.

    Please let me know if this satisfies your request.

    Thanks for helping us improve our documentation.

    Regards,

    SEBASTIAN CANEVARI - MSFT


    SEE Protocol Documentation Team
    Thursday, July 10, 2008 9:28 PM