SMB2: Check share permissions before Read / Write

2025-04-30 02:37:49 +02:00 · 2017-03-13 17:20:58 +02:00 · 2017-03-13 17:20:58 +02:00 · 68b2835273
commit 68b2835273
parent 04d2bc63c4
1 changed files with 18 additions and 0 deletions
--- a/SMBLibrary/Server/SMB2/ReadWriteResponseHelper.cs
+++ b/SMBLibrary/Server/SMB2/ReadWriteResponseHelper.cs
@ -23,6 +23,15 @@ namespace SMBLibrary.Server.SMB2
                return new ErrorResponse(request.CommandName, NTStatus.STATUS_FILE_CLOSED);
            }
            if (share is FileSystemShare)
            {
                if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, openFile.Path))
                {
                    state.LogToServer(Severity.Verbose, "Read from '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
                    return new ErrorResponse(request.CommandName, NTStatus.STATUS_ACCESS_DENIED);
                }
            }
            byte[] data;
            NTStatus readStatus = share.FileStore.ReadFile(out data, openFile.Handle, (long)request.Offset, (int)request.ReadLength);
            if (readStatus != NTStatus.STATUS_SUCCESS)
@ -43,6 +52,15 @@ namespace SMBLibrary.Server.SMB2
                return new ErrorResponse(request.CommandName, NTStatus.STATUS_FILE_CLOSED);
            }
            if (share is FileSystemShare)
            {
                if (!((FileSystemShare)share).HasWriteAccess(session.SecurityContext, openFile.Path))
                {
                    state.LogToServer(Severity.Verbose, "Write to '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
                    return new ErrorResponse(request.CommandName, NTStatus.STATUS_ACCESS_DENIED);
                }
            }
            int numberOfBytesWritten;
            NTStatus writeStatus = share.FileStore.WriteFile(out numberOfBytesWritten, openFile.Handle, (long)request.Offset, request.Data);
            if (writeStatus != NTStatus.STATUS_SUCCESS)