windows-smb-special-share-names-20080212
authorJeffrey Altman <jaltman@secure-endpoints.com>
Wed, 13 Feb 2008 05:57:27 +0000 (05:57 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Wed, 13 Feb 2008 05:57:27 +0000 (05:57 +0000)
LICENSE MIT

Treat srvsvc, wkssvc and ipc$ as pseudo files.  Permit them to be opened
and closed without actually existing.  For now we treat them as equivalent
to ioctls but this should eventually change.

Fix RAP processing to not reject names that exist in the root.afs volume
for GetInfo queries.

src/WINNT/afsd/smb3.c

index f2caff2..b81e594 100644 (file)
@@ -1468,14 +1468,14 @@ typedef struct smb_rap_share_info_1 {
 } smb_rap_share_info_1_t;
 
 typedef struct smb_rap_share_info_2 {
-    char                               shi2_netname[13];
-    char                               shi2_pad;
+    char                       shi2_netname[13];
+    char                       shi2_pad;
     unsigned short             shi2_type;
-    DWORD                              shi2_remark; /* char *shi2_remark; data offset */
+    DWORD                      shi2_remark; /* char *shi2_remark; data offset */
     unsigned short             shi2_permissions;
     unsigned short             shi2_max_uses;
     unsigned short             shi2_current_uses;
-    DWORD                              shi2_path;  /* char *shi2_path; data offset */
+    DWORD                      shi2_path;  /* char *shi2_path; data offset */
     unsigned short             shi2_passwd[9];
     unsigned short             shi2_pad2;
 } smb_rap_share_info_2_t;
@@ -1689,6 +1689,11 @@ long smb_ReceiveRAPNetShareGetInfo(smb_vc_t *vcp, smb_tran2Packet_t *p, smb_pack
     DWORD allSubmount;
     LONG rv;
     long code = 0;
+    cm_scache_t *scp = NULL;
+    cm_user_t   *userp;
+    cm_req_t    req;
+
+    cm_InitReq(&req);
 
     tp = p->parmsp + 1; /* skip over function number (always 1) */
     (void) smb_ParseString( (char *) tp, (char **) &tp); /* skip over param descriptor */
@@ -1708,8 +1713,6 @@ long smb_ReceiveRAPNetShareGetInfo(smb_vc_t *vcp, smb_tran2Packet_t *p, smb_pack
     else
         return CM_ERROR_INVAL;
 
-    outp = smb_GetTran2ResponsePacket(vcp, p, op, totalParam, totalData);
-
     if(!stricmp(shareName,"all") || !strcmp(shareName,"*.")) {
         rv = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY, 0,
                           KEY_QUERY_VALUE, &hkParam);
@@ -1727,22 +1730,34 @@ long smb_ReceiveRAPNetShareGetInfo(smb_vc_t *vcp, smb_tran2Packet_t *p, smb_pack
             shareFound = TRUE;
 
     } else {
-        rv = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY "\\Submounts", 0,
-                          KEY_QUERY_VALUE, &hkSubmount);
-        if (rv == ERROR_SUCCESS) {
-            rv = RegQueryValueEx(hkSubmount, shareName, NULL, NULL, NULL, NULL);
+        userp = smb_GetTran2User(vcp, p);
+        if (!userp) {
+            osi_Log1(smb_logp,"ReceiveTran2GetDfsReferral unable to resolve user [%d]", p->uid);
+            return CM_ERROR_BADSMB;
+        }   
+        code = cm_NameI(cm_data.rootSCachep, shareName,
+                         CM_FLAG_FOLLOW | CM_FLAG_CASEFOLD | CM_FLAG_DFS_REFERRAL,
+                         userp, NULL, &req, &scp);
+        if (code == 0) {
+            cm_ReleaseSCache(scp);
+            shareFound = TRUE;
+        } else {
+            rv = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY "\\Submounts", 0,
+                              KEY_QUERY_VALUE, &hkSubmount);
             if (rv == ERROR_SUCCESS) {
-                shareFound = TRUE;
+                rv = RegQueryValueEx(hkSubmount, shareName, NULL, NULL, NULL, NULL);
+                if (rv == ERROR_SUCCESS) {
+                    shareFound = TRUE;
+                }
+                RegCloseKey(hkSubmount);
             }
-            RegCloseKey(hkSubmount);
         }
     }
 
-    if (!shareFound) {
-        smb_FreeTran2Packet(outp);
+    if (!shareFound)
         return CM_ERROR_BADSHARENAME;
-    }
 
+    outp = smb_GetTran2ResponsePacket(vcp, p, op, totalParam, totalData);
     memset(outp->datap, 0, totalData);
 
     outp->parmsp[0] = 0;
@@ -2133,7 +2148,11 @@ long smb_ReceiveTran2Open(smb_vc_t *vcp, smb_tran2Packet_t *p, smb_packet_t *op)
     spacep = cm_GetSpace();
     smb_StripLastComponent(spacep->data, &lastNamep, pathp);
 
-    if (lastNamep && strcmp(lastNamep, SMB_IOCTL_FILENAME) == 0) {
+    if (lastNamep && 
+         (stricmp(lastNamep, SMB_IOCTL_FILENAME) == 0 ||
+           stricmp(lastNamep, "\\srvsvc") == 0 ||
+           stricmp(lastNamep, "\\wkssvc") == 0 ||
+           stricmp(lastNamep, "ipc$") == 0)) {
         /* special case magic file name for receiving IOCTL requests
          * (since IOCTL calls themselves aren't getting through).
          */
@@ -5469,7 +5488,11 @@ long smb_ReceiveV3OpenX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp)
     spacep = inp->spacep;
     smb_StripLastComponent(spacep->data, &lastNamep, pathp);
 
-    if (lastNamep && strcmp(lastNamep, SMB_IOCTL_FILENAME) == 0) {
+    if (lastNamep && 
+         (stricmp(lastNamep, SMB_IOCTL_FILENAME) == 0 ||
+           stricmp(lastNamep, "\\srvsvc") == 0 ||
+           stricmp(lastNamep, "\\wkssvc") == 0 ||
+           stricmp(lastNamep, "ipc$") == 0)) {
         /* special case magic file name for receiving IOCTL requests
          * (since IOCTL calls themselves aren't getting through).
          */
@@ -6583,7 +6606,11 @@ long smb_ReceiveNTCreateX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp)
     osi_Log4(smb_logp,"... da=[%x] ea=[%x] cd=[%x] co=[%x]", desiredAccess, extAttributes, createDisp, createOptions);
     osi_Log3(smb_logp,"... share=[%x] flags=[%x] lastNamep=[%s]", shareAccess, flags, osi_LogSaveString(smb_logp,(lastNamep?lastNamep:"null")));
 
-    if (lastNamep && strcmp(lastNamep, SMB_IOCTL_FILENAME) == 0) {
+       if (lastNamep && 
+             (stricmp(lastNamep, SMB_IOCTL_FILENAME) == 0 ||
+               stricmp(lastNamep, "\\srvsvc") == 0 ||
+               stricmp(lastNamep, "\\wkssvc") == 0 ||
+               stricmp(lastNamep, "ipc$") == 0)) {
         /* special case magic file name for receiving IOCTL requests
          * (since IOCTL calls themselves aren't getting through).
          */