diff options
| author | Jeremy Allison <jra@samba.org> | 2019-09-26 12:37:15 -0700 |
|---|---|---|
| committer | Ralph Boehme <slow@samba.org> | 2019-10-02 09:31:40 +0000 |
| commit | 398cb8a56d83a7978836ee0b65b4747d190ab630 (patch) | |
| tree | 77ecf43046a51f53bd31808676347c920915d080 /source3/smbd | |
| parent | 5642f288c895467e32a39430af709cc48198e7c1 (diff) | |
| download | samba-398cb8a56d83a7978836ee0b65b4747d190ab630.tar.gz | |
s3: smbd: Fix the SMB2 server to pass SMB2-PATH-SLASH.
[MS-FSA] 2.1.5.1 Server Requests an Open of a File
Windows pathname specific processing.
Always disallow trailing /, and also \\ on FILE_NON_DIRECTORY_FILE.
We need to check this before the generic pathname parser
as the generic pathname parser removes any trailing '/' and '\\'.
Currently this is SMB2 only, but we could also add this
check to the SMB1 NTCreateX calls if ultimately neded.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 2 09:31:40 UTC 2019 on sn-devel-184
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/smb2_create.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 66f4aad8c9e..6cf3499c411 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -68,6 +68,44 @@ static uint8_t map_samba_oplock_levels_to_smb2(int oplock_type) } } +/* + MS-FSA 2.1.5.1 Server Requests an Open of a File + Trailing '/' or '\\' checker. + Must be done before the filename parser removes any + trailing characters. If we decide to add this to SMB1 + NTCreate processing we can make this public. + + Note this is Windows pathname processing only. When + POSIX pathnames are added to SMB2 this will not apply. +*/ + +static NTSTATUS windows_name_trailing_check(const char *name, + uint32_t create_options) +{ + size_t name_len = strlen(name); + char trail_c; + + if (name_len <= 1) { + return NT_STATUS_OK; + } + + trail_c = name[name_len-1]; + + /* + * Trailing '/' is always invalid. + */ + if (trail_c == '/') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + + if (create_options & FILE_NON_DIRECTORY_FILE) { + if (trail_c == '\\') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + } + return NT_STATUS_OK; +} + static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, @@ -758,6 +796,13 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, return req; } + /* Check for trailing slash specific directory handling. */ + status = windows_name_trailing_check(state->fname, in_create_options); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return tevent_req_post(req, state->ev); + } + smbd_smb2_create_before_exec(req); if (!tevent_req_is_in_progress(req)) { return tevent_req_post(req, state->ev); |