15082 SMB Clients see but can't access restricted named streams

Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
Reviewed by: Gordon Ross <Gordon.W.Ross@gmail.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDonald <danmcd@mnx.io>

6 files changed, 37 insertions, 17 deletions

diff --git a/usr/src/uts/common/fs/smbsrv/smb2_durable.c b/usr/src/uts/common/fs/smbsrv/smb2_durable.c
index c783cd9659..190a7ca6cc 100644
--- a/usr/src/uts/common/fs/smbsrv/smb2_durable.c
+++ b/usr/src/uts/common/fs/smbsrv/smb2_durable.c
@@ -10,7 +10,7 @@
  */
 
 /*
- * Copyright 2020 Tintri by DDN, Inc. All rights reserved.
+ * Copyright 2017-2022 Tintri by DDN, Inc. All rights reserved.
  */
 
 /*
@@ -350,8 +350,8 @@ smb2_dh_import_share(void *arg)
 	 * Open the ext. attr dir under the share root and
 	 * import CA handles for this share.
 	 */
-	if (smb_odir_openat(sr, snode, &od) != 0) {
-		cmn_err(CE_NOTE, "Share [%s] CA import, no xattr dir?",
+	if (smb_odir_openat(sr, snode, &od, B_FALSE) != 0) {
+		cmn_err(CE_NOTE, "!Share [%s] CA import, no xattr dir?",
 		    shr->shr_name);
 		goto out;
 	}
diff --git a/usr/src/uts/common/fs/smbsrv/smb_fsops.c b/usr/src/uts/common/fs/smbsrv/smb_fsops.c
index ef58f15fa8..4247c399f3 100644
--- a/usr/src/uts/common/fs/smbsrv/smb_fsops.c
+++ b/usr/src/uts/common/fs/smbsrv/smb_fsops.c
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2012-2021 Tintri by DDN, Inc. All rights reserved.
+ * Copyright 2012-2022 Tintri by DDN, Inc. All rights reserved.
  * Copyright 2022 RackTop Systems, Inc.
  */
 
@@ -886,7 +886,12 @@ smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode)
 	if (SMB_TREE_SUPPORTS_CATIA(sr))
 		flags |= SMB_CATIA;
 
-	status = smb_odir_openat(sr, fnode, &od);
+	/*
+	 * NB: There aren't currently any restricted streams that could be
+	 * removed by this function. If there ever are, be careful to exclude
+	 * any restricted streams that we DON'T want to remove.
+	 */
+	status = smb_odir_openat(sr, fnode, &od, B_FALSE);
 	switch (status) {
 	case 0:
 		break;
diff --git a/usr/src/uts/common/fs/smbsrv/smb_odir.c b/usr/src/uts/common/fs/smbsrv/smb_odir.c
index d2f56b47b0..24d9beae94 100644
--- a/usr/src/uts/common/fs/smbsrv/smb_odir.c
+++ b/usr/src/uts/common/fs/smbsrv/smb_odir.c
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2022 Tintri by DDN, Inc. All rights reserved.
  */
 
 /*
@@ -277,7 +277,7 @@ static void smb_odir_delete(void *);
  */
 uint32_t
 smb_odir_openpath(smb_request_t *sr, char *path, uint16_t sattr,
-	uint32_t flags, smb_odir_t **odp)
+    uint32_t flags, smb_odir_t **odp)
 {
 	int		rc;
 	smb_tree_t	*tree;
@@ -338,7 +338,7 @@ smb_odir_openpath(smb_request_t *sr, char *path, uint16_t sattr,
  */
 uint32_t
 smb_odir_openfh(smb_request_t *sr, const char *pattern, uint16_t sattr,
-	smb_odir_t **odp)
+    smb_odir_t **odp)
 {
 	smb_ofile_t	*of = sr->fid_ofile;
 
@@ -365,7 +365,8 @@ smb_odir_openfh(smb_request_t *sr, const char *pattern, uint16_t sattr,
  *    NT status
  */
 uint32_t
-smb_odir_openat(smb_request_t *sr, smb_node_t *unode, smb_odir_t **odp)
+smb_odir_openat(smb_request_t *sr, smb_node_t *unode, smb_odir_t **odp,
+    boolean_t restricted)
 {
 	char		pattern[SMB_STREAM_PREFIX_LEN + 2];
 	vnode_t		*xattr_dvp;
@@ -401,6 +402,10 @@ smb_odir_openat(smb_request_t *sr, smb_node_t *unode, smb_odir_t **odp)
 	*odp = smb_odir_create(sr, xattr_dnode, pattern,
 	    SMB_SEARCH_ATTRIBUTES, 0, cr);
 
+	/* Causes restricted stream names to be hidden from the caller */
+	if (restricted)
+		(*odp)->d_flags |= SMB_ODIR_FLAG_RESTRICTED;
+
 	smb_node_release(xattr_dnode);
 	return (0);
 }
@@ -724,6 +729,14 @@ smb_odir_read_streaminfo(smb_request_t *sr, smb_odir_t *od,
 			continue;
 		}
 
+		/*
+		 * Hide streams that would be restricted if the caller
+		 * is also restricted.
+		 */
+		if ((od->d_flags & SMB_ODIR_FLAG_RESTRICTED) != 0 &&
+		    smb_strname_restricted(odirent->od_name))
+			continue;
+
 		rc = smb_fsop_lookup(sr, od->d_cred, 0, od->d_tree->t_snode,
 		    od->d_dnode, odirent->od_name, &fnode);
 		if (rc == 0) {
@@ -896,7 +909,7 @@ smb_odir_resume_at(smb_odir_t *od, smb_odir_resume_t *resume)
  */
 static smb_odir_t *
 smb_odir_create(smb_request_t *sr, smb_node_t *dnode,
-	const char *pattern, uint16_t sattr, uint16_t odid, cred_t *cr)
+    const char *pattern, uint16_t sattr, uint16_t odid, cred_t *cr)
 {
 	smb_odir_t	*od;
 	smb_tree_t	*tree;
diff --git a/usr/src/uts/common/fs/smbsrv/smb_query_fileinfo.c b/usr/src/uts/common/fs/smbsrv/smb_query_fileinfo.c
index cfa3ab4aca..6baef805aa 100644
--- a/usr/src/uts/common/fs/smbsrv/smb_query_fileinfo.c
+++ b/usr/src/uts/common/fs/smbsrv/smb_query_fileinfo.c
@@ -21,7 +21,7 @@
 
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2022 Tintri by DDN, Inc. All rights reserved.
  */
 
 #include <smbsrv/smb_kproto.h>
@@ -616,7 +616,7 @@ smb_query_encode_response(smb_request_t *sr, smb_xa_t *xa,
  */
 uint32_t
 smb_query_stream_info(smb_request_t *sr, mbuf_chain_t *mbc,
-	smb_queryinfo_t *qinfo)
+    smb_queryinfo_t *qinfo)
 {
 	char *stream_name;
 	uint32_t next_offset;
@@ -646,7 +646,7 @@ smb_query_stream_info(smb_request_t *sr, mbuf_chain_t *mbc,
 	datasz = attr->sa_vattr.va_size;
 	allocsz = attr->sa_allocsz;
 
-	status = smb_odir_openat(sr, fnode, &od);
+	status = smb_odir_openat(sr, fnode, &od, B_TRUE);
 	switch (status) {
 	case 0:
 		break;
@@ -759,7 +759,7 @@ smb_query_stream_info(smb_request_t *sr, mbuf_chain_t *mbc,
  */
 static boolean_t
 smb_stream_fits(smb_request_t *sr, mbuf_chain_t *mbc,
-	char *name, uint32_t offset)
+    char *name, uint32_t offset)
 {
 	uint32_t len, pad;
 
diff --git a/usr/src/uts/common/smbsrv/smb_kproto.h b/usr/src/uts/common/smbsrv/smb_kproto.h
index f61b9aa9a2..76f88c06cb 100644
--- a/usr/src/uts/common/smbsrv/smb_kproto.h
+++ b/usr/src/uts/common/smbsrv/smb_kproto.h
@@ -22,7 +22,7 @@
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  * Copyright 2016 Syneto S.R.L.  All rights reserved.
- * Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
+ * Copyright 2011-2022 Tintri by DDN, Inc. All rights reserved.
  */
 
 /*
@@ -698,7 +698,8 @@ uint32_t smb_odir_openpath(smb_request_t *, char *, uint16_t, uint32_t,
     smb_odir_t **);
 uint32_t smb_odir_openfh(smb_request_t *, const char *, uint16_t,
     smb_odir_t **);
-uint32_t smb_odir_openat(smb_request_t *, smb_node_t *, smb_odir_t **);
+uint32_t smb_odir_openat(smb_request_t *, smb_node_t *, smb_odir_t **,
+    boolean_t);
 void smb_odir_reopen(smb_odir_t *, const char *, uint16_t);
 void smb_odir_close(smb_odir_t *);
 boolean_t smb_odir_hold(smb_odir_t *);
diff --git a/usr/src/uts/common/smbsrv/smb_ktypes.h b/usr/src/uts/common/smbsrv/smb_ktypes.h
index a220faef6b..9896a1baf2 100644
--- a/usr/src/uts/common/smbsrv/smb_ktypes.h
+++ b/usr/src/uts/common/smbsrv/smb_ktypes.h
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2011-2020 Tintri by DDN, Inc.  All rights reserved.
+ * Copyright 2011-2022 Tintri by DDN, Inc.  All rights reserved.
  * Copyright 2022 RackTop Systems, Inc.
  */
 
@@ -1227,6 +1227,7 @@ typedef struct smb_tree {
 #define	SMB_ODIR_FLAG_CATIA		0x0010
 #define	SMB_ODIR_FLAG_ABE		0x0020
 #define	SMB_ODIR_FLAG_SHORTNAMES	0x0040
+#define	SMB_ODIR_FLAG_RESTRICTED	0x0080
 
 typedef enum {
 	SMB_ODIR_STATE_OPEN = 0,