diff options
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/uts/common/fs/smbsrv/smb2_create.c | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/usr/src/uts/common/fs/smbsrv/smb2_create.c b/usr/src/uts/common/fs/smbsrv/smb2_create.c index 582efbae28..5aa643d7ab 100644 --- a/usr/src/uts/common/fs/smbsrv/smb2_create.c +++ b/usr/src/uts/common/fs/smbsrv/smb2_create.c @@ -11,6 +11,7 @@ /* * Copyright 2018 Nexenta Systems, Inc. All rights reserved. + * Copyright 2019 RackTop Systems. */ /* @@ -77,6 +78,7 @@ typedef struct smb2_create_ctx { smb2_create_ctx_elem_t cc_in_aapl; smb2_create_ctx_elem_t cc_in_dh_request_v2; smb2_create_ctx_elem_t cc_in_dh_reconnect_v2; + smb2_create_ctx_elem_t cc_in_max_access; /* Elements we my place in the response */ smb2_create_ctx_elem_t cc_out_max_access; smb2_create_ctx_elem_t cc_out_file_id; @@ -184,7 +186,7 @@ smb2_create(smb_request_t *sr) goto errout; } if (NameLength == 0) { - op->fqi.fq_path.pn_path = "\\"; + op->fqi.fq_path.pn_path = ""; } else { rc = smb_mbc_decodef(&sr->smb_data, "%#U", sr, NameLength, &op->fqi.fq_path.pn_path); @@ -192,6 +194,10 @@ smb2_create(smb_request_t *sr) status = NT_STATUS_OBJECT_PATH_INVALID; goto errout; } + if (op->fqi.fq_path.pn_path[0] == '\\') { + status = NT_STATUS_INVALID_PARAMETER; + goto errout; + } } op->fqi.fq_dnode = sr->tid_tree->t_snode; @@ -405,6 +411,19 @@ smb2_create(smb_request_t *sr) /* * ImpersonationLevel (spec. says validate + ignore) + */ + switch (ImpersonationLevel) { + case SMB2_IMPERSONATION_ANONYMOUS: + case SMB2_IMPERSONATION_IDENTIFICATION: + case SMB2_IMPERSONATION_IMPERSONATION: + case SMB2_IMPERSONATION_DELEGATE: + break; + default: + status = NT_STATUS_BAD_IMPERSONATION_LEVEL; + goto cmd_done; + } + + /* * SmbCreateFlags (spec. says ignore) */ @@ -782,7 +801,8 @@ smb2_decode_create_ctx(smb_request_t *sr, smb2_create_ctx_t *cc) break; case SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQ: /* ("MxAc") */ cc->cc_in_flags |= CCTX_QUERY_MAX_ACCESS; - /* no input data for this */ + /* Optional input data for this CC. See below. */ + cce = &cc->cc_in_max_access; break; case SMB2_CREATE_TIMEWARP_TOKEN: /* ("TWrp") */ cc->cc_in_flags |= CCTX_TIMEWARP_TOKEN; @@ -858,6 +878,21 @@ smb2_decode_create_ctx(smb_request_t *sr, smb2_create_ctx_t *cc) goto errout; break; + case SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQ: /* ("MxAc") */ + /* + * The SMB spec says this can be either 0 bytes + * (handled above) or an 8 byte timestamp value + * but does not say what its purpose is. + * + * Note: The WPTS expects us to validate that it + * is at least 8 bytes so we read it and discard + * it. If it was too short the decode will fail. + */ + rc = smb_mbc_decodef(&cce->cce_mbc, "q", &nttime); + if (rc != 0) + goto errout; + break; + case SMB2_CREATE_TIMEWARP_TOKEN: /* ("TWrp") */ /* * Support for opening "Previous Versions". |