summaryrefslogtreecommitdiff
path: root/usr/src
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src')
-rw-r--r--usr/src/uts/common/fs/smbsrv/smb2_create.c39
1 files changed, 37 insertions, 2 deletions
diff --git a/usr/src/uts/common/fs/smbsrv/smb2_create.c b/usr/src/uts/common/fs/smbsrv/smb2_create.c
index 582efbae28..5aa643d7ab 100644
--- a/usr/src/uts/common/fs/smbsrv/smb2_create.c
+++ b/usr/src/uts/common/fs/smbsrv/smb2_create.c
@@ -11,6 +11,7 @@
/*
* Copyright 2018 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2019 RackTop Systems.
*/
/*
@@ -77,6 +78,7 @@ typedef struct smb2_create_ctx {
smb2_create_ctx_elem_t cc_in_aapl;
smb2_create_ctx_elem_t cc_in_dh_request_v2;
smb2_create_ctx_elem_t cc_in_dh_reconnect_v2;
+ smb2_create_ctx_elem_t cc_in_max_access;
/* Elements we my place in the response */
smb2_create_ctx_elem_t cc_out_max_access;
smb2_create_ctx_elem_t cc_out_file_id;
@@ -184,7 +186,7 @@ smb2_create(smb_request_t *sr)
goto errout;
}
if (NameLength == 0) {
- op->fqi.fq_path.pn_path = "\\";
+ op->fqi.fq_path.pn_path = "";
} else {
rc = smb_mbc_decodef(&sr->smb_data, "%#U", sr,
NameLength, &op->fqi.fq_path.pn_path);
@@ -192,6 +194,10 @@ smb2_create(smb_request_t *sr)
status = NT_STATUS_OBJECT_PATH_INVALID;
goto errout;
}
+ if (op->fqi.fq_path.pn_path[0] == '\\') {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto errout;
+ }
}
op->fqi.fq_dnode = sr->tid_tree->t_snode;
@@ -405,6 +411,19 @@ smb2_create(smb_request_t *sr)
/*
* ImpersonationLevel (spec. says validate + ignore)
+ */
+ switch (ImpersonationLevel) {
+ case SMB2_IMPERSONATION_ANONYMOUS:
+ case SMB2_IMPERSONATION_IDENTIFICATION:
+ case SMB2_IMPERSONATION_IMPERSONATION:
+ case SMB2_IMPERSONATION_DELEGATE:
+ break;
+ default:
+ status = NT_STATUS_BAD_IMPERSONATION_LEVEL;
+ goto cmd_done;
+ }
+
+ /*
* SmbCreateFlags (spec. says ignore)
*/
@@ -782,7 +801,8 @@ smb2_decode_create_ctx(smb_request_t *sr, smb2_create_ctx_t *cc)
break;
case SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQ: /* ("MxAc") */
cc->cc_in_flags |= CCTX_QUERY_MAX_ACCESS;
- /* no input data for this */
+ /* Optional input data for this CC. See below. */
+ cce = &cc->cc_in_max_access;
break;
case SMB2_CREATE_TIMEWARP_TOKEN: /* ("TWrp") */
cc->cc_in_flags |= CCTX_TIMEWARP_TOKEN;
@@ -858,6 +878,21 @@ smb2_decode_create_ctx(smb_request_t *sr, smb2_create_ctx_t *cc)
goto errout;
break;
+ case SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQ: /* ("MxAc") */
+ /*
+ * The SMB spec says this can be either 0 bytes
+ * (handled above) or an 8 byte timestamp value
+ * but does not say what its purpose is.
+ *
+ * Note: The WPTS expects us to validate that it
+ * is at least 8 bytes so we read it and discard
+ * it. If it was too short the decode will fail.
+ */
+ rc = smb_mbc_decodef(&cce->cce_mbc, "q", &nttime);
+ if (rc != 0)
+ goto errout;
+ break;
+
case SMB2_CREATE_TIMEWARP_TOKEN: /* ("TWrp") */
/*
* Support for opening "Previous Versions".