10973 SMB server declines EA support incorrectly

Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
Approved by: Dan McDonald <danmcd@joyent.com>

3 files changed, 38 insertions, 3 deletions

diff --git a/usr/src/uts/common/fs/smbsrv/smb_open_andx.c b/usr/src/uts/common/fs/smbsrv/smb_open_andx.c
index e370f74747..c936366a9c 100644
--- a/usr/src/uts/common/fs/smbsrv/smb_open_andx.c
+++ b/usr/src/uts/common/fs/smbsrv/smb_open_andx.c
@@ -480,6 +480,7 @@ smb_com_trans2_open2(smb_request_t *sr, smb_xa_t *xa)
 	struct open_param *op = &sr->arg.open;
 	uint32_t	creation_time;
 	uint32_t	alloc_size;
+	uint32_t	ea_list_size;
 	uint16_t	flags;
 	uint16_t	file_attr;
 	uint32_t	status;
@@ -493,6 +494,24 @@ smb_com_trans2_open2(smb_request_t *sr, smb_xa_t *xa)
 	if (rc != 0)
 		return (SDRC_ERROR);
 
+	/*
+	 * The data part of this transaction may contain an EA list.
+	 * See: SMB_FEA_LIST ExtendedAttributeList
+	 *
+	 * If we find a non-empty EA list payload, return the special
+	 * error that tells the caller this FS does not suport EAs.
+	 *
+	 * Note: the first word is the size of the whole data segment,
+	 * INCLUDING the size of that length word.  That means if
+	 * the length word specifies a size less than four, it's
+	 * invalid (and probably a client trying something fishy).
+	 */
+	rc = smb_mbc_decodef(&xa->req_data_mb, "l", &ea_list_size);
+	if (rc == 0 && ea_list_size > 4) {
+		smbsr_status(sr, NT_STATUS_EAS_NOT_SUPPORTED, 0, 0);
+		return (SDRC_ERROR);
+	}
+
 	if ((creation_time != 0) && (creation_time != UINT_MAX))
 		op->crtime.tv_sec = smb_time_local_to_gmt(sr, creation_time);
 	op->crtime.tv_nsec = 0;
diff --git a/usr/src/uts/common/fs/smbsrv/smb_set_fileinfo.c b/usr/src/uts/common/fs/smbsrv/smb_set_fileinfo.c
index 8f24e1e053..4405230319 100644
--- a/usr/src/uts/common/fs/smbsrv/smb_set_fileinfo.c
+++ b/usr/src/uts/common/fs/smbsrv/smb_set_fileinfo.c
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  */
 
 /*
@@ -341,8 +341,7 @@ smb_set_fileinfo(smb_request_t *sr, smb_setinfo_t *sinfo, int infolev)
 		break;
 
 	case SMB_INFO_SET_EAS:
-		/* EAs not supported */
-		status = 0;
+		status = NT_STATUS_EAS_NOT_SUPPORTED;
 		break;
 
 	case SMB_SET_FILE_BASIC_INFO:
diff --git a/usr/src/uts/common/fs/smbsrv/smb_trans2_find.c b/usr/src/uts/common/fs/smbsrv/smb_trans2_find.c
index 6efcbf7385..cdfaf0c8ee 100644
--- a/usr/src/uts/common/fs/smbsrv/smb_trans2_find.c
+++ b/usr/src/uts/common/fs/smbsrv/smb_trans2_find.c
@@ -538,6 +538,21 @@ smb_trans2_find_entries(smb_request_t *sr, smb_xa_t *xa, smb_odir_t *od,
 	int		rc = -1;
 	boolean_t	need_rewind = B_FALSE;
 
+	/*
+	 * EAs are not current supported, so a search for level
+	 * SMB_INFO_QUERY_EAS_FROM_LIST should always return an
+	 * empty list.  Returning zero for this case gives the
+	 * client an empty response, which is better than an
+	 * NT_STATUS_INVALID_LEVEL return (and test failures).
+	 *
+	 * If and when we do support EAs, this level will modify
+	 * the search here, and then return results just like
+	 * SMB_INFO_QUERY_EA_SIZE, but only including files
+	 * that have an EA in the provided list.
+	 */
+	if (args->fa_infolev == SMB_INFO_QUERY_EAS_FROM_LIST)
+		return (0);
+
 	if ((maxcount = args->fa_maxcount) == 0)
 		maxcount = 1;
 
@@ -629,6 +644,7 @@ smb_trans2_find_get_maxdata(smb_request_t *sr, uint16_t infolev, uint16_t fflag)
 		break;
 
 	case SMB_INFO_QUERY_EA_SIZE:
+	case SMB_INFO_QUERY_EAS_FROM_LIST:
 		if (fflag & SMB_FIND_RETURN_RESUME_KEYS)
 			maxdata += sizeof (int32_t);
 		maxdata += 2 + 2 + 2 + 4 + 4 + 2 + 4 + 1;
@@ -774,6 +790,7 @@ smb_trans2_find_mbc_encode(smb_request_t *sr, smb_xa_t *xa,
 		break;
 
 	case SMB_INFO_QUERY_EA_SIZE:
+	case SMB_INFO_QUERY_EAS_FROM_LIST:
 		if (args->fa_fflag & SMB_FIND_RETURN_RESUME_KEYS)
 			(void) smb_mbc_encodef(&xa->rep_data_mb, "l",
 			    resume_key);