Everhart, Glenn (FUSA)
From:	Giorgio Matera [matera@INNOCENT.COM]
Sent:	Wednesday, May 12, 1999 4:36 PM
To:	NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject:	Re: NT share connection bug?
Let's say it's an 'unwanted feature'

The problem is that a 'net use' dont make a 'real' access to the share.
Here is what happens with a 'net use'

- Tcp/Ip connection setup
- NBT session setup
- SMB Dialect negotiation
- SMB Command 'Tree connenct and X'  to 'connect' to the share and to create
a TID in the server     session table for future access



so, as far as here, no file access, no permission checked, no refused
connection
by design  :-(

look what happens during any access on the share

- SMB Create file & X    to make access to file (read or write the command
is always 'create file')
- Access allowed or denied according to SHARE/NTFS permissions 

only in this phase the system check permissions,
so if a user is already connected, the new user cant connect

Can I ask you why you want to limit share access?


bye
gio

> -----Original Message-----
> From: Windows NT BugTraq Mailing List
> [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM]On Behalf Of Brian Steele
> Sent: mercoledì 12 maggio 1999 15.34
> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Subject: NT share connection bug?
> 
> 
> I don't know if this a bug or a feature:
> 
> Scenario:
> =========
> NT4.0/SP4 Server, used as file server with personal shares 
> for users. Each
> personal share is configured so that only one connection is 
> allowed at a
> time, and share permissions are set so that only the user of 
> the share can
> access the files in the share.
> 
> Problem:
> ========
> User A tries to map user B's share to a drive letter on his 
> PC.  While he
> can't access the files on the share, THE MAPPING IS STILL 
> MADE, and thus
> bars User B from being able to access his own share!
> 
> Bug, or feature?
> 
> Brian Steele
>