Creating named streams on existing files is not quite right
In MS-FSA, 'file lookup' effectively has the following branches:
If the file doesn't exist, create the file and the stream
If the file exists, and the stream exists, perform access and sharing checks
If the file exists, but the stream doesn't exist, perform access checks, then create the stream.
In our implementation, 1 and 3 are collapsed into a single branch: If the file exists, but the stream doesn't, that's treated as if the file didn't exist. Right now, the primary effect of this is that we don't check the accesses requested, and so the enhancements in #11037 can't properly audit these requests.
Updated by Gordon Ross about 4 years ago
- Description updated (diff)
- Status changed from New to In Progress
Testing is in combination with SMB file auditing #11037
Updated by Gordon Ross over 2 years ago
- Status changed from In Progress to Duplicate
Dup of #13441