From: Jeremy Allison Date: Thu, 26 Sep 2019 19:37:15 +0000 (-0700) Subject: s3: smbd: Fix the SMB2 server to pass SMB2-PATH-SLASH. X-Git-Tag: talloc-2.3.1~509 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=398cb8a56d83a7978836ee0b65b4747d190ab630;p=thirdparty%2Fsamba.git s3: smbd: Fix the SMB2 server to pass SMB2-PATH-SLASH. [MS-FSA] 2.1.5.1 Server Requests an Open of a File Windows pathname specific processing. Always disallow trailing /, and also \\ on FILE_NON_DIRECTORY_FILE. We need to check this before the generic pathname parser as the generic pathname parser removes any trailing '/' and '\\'. Currently this is SMB2 only, but we could also add this check to the SMB1 NTCreateX calls if ultimately neded. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Oct 2 09:31:40 UTC 2019 on sn-devel-184 --- diff --git a/selftest/knownfail b/selftest/knownfail index cd2323de3b3..82259dcfe90 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -10,7 +10,6 @@ ^samba3.smbtorture_s3.crypt_server\(nt4_dc\).SMB2-SESSION-RECONNECT # expected to give CONNECTION_DISCONNECTED, we need to fix the test ^samba3.smbtorture_s3.plain.*SMB2-DIR-FSYNC.*\(ad_dc_ntvfs\) ^samba3.smbtorture_s3.plain.*SMB2-PATH-SLASH.*\(ad_dc_ntvfs\) -^samba3.smbtorture_s3.plain.*SMB2-PATH-SLASH.*\(fileserver\) ^samba3.smbtorture_s3.plain.LOCK11.*\(ad_dc_ntvfs\) ^samba3.smb2.session enc.reconnect # expected to give CONNECTION_DISCONNECTED, we need to fix the test ^samba3.raw.session enc # expected to give ACCESS_DENIED as SMB1 encryption isn't used diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 66f4aad8c9e..6cf3499c411 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -68,6 +68,44 @@ static uint8_t map_samba_oplock_levels_to_smb2(int oplock_type) } } +/* + MS-FSA 2.1.5.1 Server Requests an Open of a File + Trailing '/' or '\\' checker. + Must be done before the filename parser removes any + trailing characters. If we decide to add this to SMB1 + NTCreate processing we can make this public. + + Note this is Windows pathname processing only. When + POSIX pathnames are added to SMB2 this will not apply. +*/ + +static NTSTATUS windows_name_trailing_check(const char *name, + uint32_t create_options) +{ + size_t name_len = strlen(name); + char trail_c; + + if (name_len <= 1) { + return NT_STATUS_OK; + } + + trail_c = name[name_len-1]; + + /* + * Trailing '/' is always invalid. + */ + if (trail_c == '/') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + + if (create_options & FILE_NON_DIRECTORY_FILE) { + if (trail_c == '\\') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + } + return NT_STATUS_OK; +} + static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, @@ -758,6 +796,13 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, return req; } + /* Check for trailing slash specific directory handling. */ + status = windows_name_trailing_check(state->fname, in_create_options); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return tevent_req_post(req, state->ev); + } + smbd_smb2_create_before_exec(req); if (!tevent_req_is_in_progress(req)) { return tevent_req_post(req, state->ev);