summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/smb2_create.c28
1 files changed, 22 insertions, 6 deletions
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 99a5b38ed6..140c81b309 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -515,16 +515,32 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
}
if (dh2c) {
+ uint32_t num_blobs_allowed;
+
if (dh2c->data.length != 36) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
return tevent_req_post(req, ev);
}
- if (in_context_blobs.num_blobs != 1) {
- /*
- * DH2C should be the only one.
- * TODO: This is only true for the oplock case!
- * For leases, lease request is required additionally!
- */
+
+ /*
+ * According to MS-SMB2: 3.3.5.9.12, "Handling the
+ * SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 Create Context",
+ * we should fail the request with status
+ * OBJECT_NAME_NOT_FOUND if any other create blob has been
+ * provided.
+ *
+ * (Note that the cases of an additional dhnq, dhnc or dh2q
+ * blob which require a different error code, have been
+ * treated above.)
+ *
+ * TODO:
+ * This is only true for the oplock case:
+ * For leases, lease request is required additionally!
+ */
+
+ num_blobs_allowed = 1;
+
+ if (in_context_blobs.num_blobs != num_blobs_allowed) {
tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return tevent_req_post(req, ev);
}