smbd: fix the handling of create_options to pass RAW-OPEN

Some of the bits generate INVALID_PARAMETER and some bits
are ignored when they come from a client, that's why we need
to use bits from the ignored range for our internal usage.

metze
(cherry picked from commit 7b4c8a4e39f310eb450918fa841b0ea1b4af19f7)
(cherry picked from commit a12cbcb009a02ee23ec0b24c2fca5deaa0ba6412)

diff --git a/source/include/smb.h b/source/include/smb.h
index b8ff34f8313fcbf4497dbd5cc115405dc75589a6..c8c4f8c3cc98453750b1189e914e0cf7ec433a10 100644 (file)
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -1330,12 +1330,19 @@ struct bitmap {
 #define FILE_DELETE_ON_CLOSE      0x1000
 #define FILE_OPEN_BY_FILE_ID     0x2000
 
-/* Private create options used by the ntcreatex processing code. From Samba4. */
-#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS     0x01000000
-#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB     0x02000000
+#define NTCREATEX_OPTIONS_MUST_IGNORE_MASK      (0x008F0480)
+
+#define NTCREATEX_OPTIONS_INVALID_PARAM_MASK    (0xFF100030)
+
+/*
+ * Private create options used by the ntcreatex processing code. From Samba4.
+ * We reuse some ignored flags for private use.
+ */
+#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS     0x00010000
+#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB     0x00020000
 
 /* Private options for streams support */
-#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x04000000
+#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x00040000
 
 /* Responses when opening a file. */
 #define FILE_WAS_SUPERSEDED 0

diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index 149e6ecbd9de7f6f8cee323d3ef72cf3ef8e6edb..b6951272d7b8373ebb300ab97b9b8a6bcbd6d326 100644 (file)
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -454,6 +454,12 @@ void reply_ntcreate_and_X(struct smb_request *req)
                        (unsigned int)root_dir_fid,
                        fname));
 
+       /*
+        * we need to remove ignored bits when they come directly from the client
+        * because we reuse some of them for internal stuff
+        */
+       create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+
        /*
         * If it's an IPC, use the pipe handler.
         */
@@ -858,6 +864,12 @@ static void call_nt_transact_create(connection_struct *conn,
        allocation_size |= (((SMB_BIG_UINT)IVAL(params,16)) << 32);
 #endif
 
+       /*
+        * we need to remove ignored bits when they come directly from the client
+        * because we reuse some of them for internal stuff
+        */
+       create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+
        /* Ensure the data_len is correct for the sd and ea values given. */
        if ((ea_len + sd_len > data_count)
            || (ea_len > data_count) || (sd_len > data_count)

diff --git a/source/smbd/open.c b/source/smbd/open.c
index 03efd09f06c4c35bfc100af5efda596f77749e72..8b32907a4b6e7e80362b00c60d4ff007c3a00f42 100644 (file)
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -2560,6 +2560,11 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
                goto fail;
        }
 
+       if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
+               status = NT_STATUS_INVALID_PARAMETER;
+               goto fail;
+       }
+
        if (req == NULL) {
                oplock_request |= INTERNAL_OPEN_ONLY;
        }