SMB1: Requests to the NamedPipeStore will not be blocked at the SMB layer

2025-08-05 07:21:28 +02:00 · 2017-02-11 13:01:14 +02:00 · 2017-02-11 13:01:14 +02:00 · fbea16545f
commit fbea16545f
parent a439555eee
3 changed files with 71 additions and 87 deletions
--- a/SMBLibrary/SMBLibrary.csproj
+++ b/SMBLibrary/SMBLibrary.csproj
@ -190,7 +190,7 @@
    <Compile Include="Server\Shares\ISMBShare.cs" />
    <Compile Include="Server\Shares\NamedPipeShare.cs" />
    <Compile Include="Server\Shares\ShareCollection.cs" />
-    <Compile Include="Server\SMB1\FileSystemResponseHelper.cs" />
+    <Compile Include="Server\SMB1\FileStoreResponseHelper.cs" />
    <Compile Include="Server\SMB1\NegotiateHelper.cs" />
    <Compile Include="Server\SMB1\NTCreateHelper.cs" />
    <Compile Include="Server\SMB1\NTTransactHelper.cs" />
--- a/SMBLibrary/Server/SMB1/FileSystemResponseHelper.cs
+++ b/SMBLibrary/Server/SMB1/FileSystemResponseHelper.cs
@ -13,15 +13,18 @@ using Utilities;

 namespace SMBLibrary.Server.SMB1
 {
-    public class FileSystemResponseHelper
+    public class FileStoreResponseHelper
    {
-        internal static SMB1Command GetCreateDirectoryResponse(SMB1Header header, CreateDirectoryRequest request, FileSystemShare share, SMB1ConnectionState state)
+        internal static SMB1Command GetCreateDirectoryResponse(SMB1Header header, CreateDirectoryRequest request, ISMBShare share, SMB1ConnectionState state)
        {
            SMB1Session session = state.GetSession(header.UID);
-            if (!share.HasWriteAccess(session.UserName, request.DirectoryName, state.ClientEndPoint))
+            if (share is FileSystemShare)
            {
-                header.Status = NTStatus.STATUS_ACCESS_DENIED;
-                return new ErrorResponse(request.CommandName);
+                if (!((FileSystemShare)share).HasWriteAccess(session.UserName, request.DirectoryName, state.ClientEndPoint))
+                {
+                    header.Status = NTStatus.STATUS_ACCESS_DENIED;
+                    return new ErrorResponse(request.CommandName);
+                }
            }

            header.Status = SMB1FileStoreHelper.CreateDirectory(share.FileStore, request.DirectoryName);
@ -33,13 +36,16 @@ namespace SMBLibrary.Server.SMB1
            return new CreateDirectoryResponse();
        }

-        internal static SMB1Command GetDeleteDirectoryResponse(SMB1Header header, DeleteDirectoryRequest request, FileSystemShare share, SMB1ConnectionState state)
+        internal static SMB1Command GetDeleteDirectoryResponse(SMB1Header header, DeleteDirectoryRequest request, ISMBShare share, SMB1ConnectionState state)
        {
            SMB1Session session = state.GetSession(header.UID);
-            if (!share.HasWriteAccess(session.UserName, request.DirectoryName, state.ClientEndPoint))
+            if (share is FileSystemShare)
            {
-                header.Status = NTStatus.STATUS_ACCESS_DENIED;
-                return new ErrorResponse(request.CommandName);
+                if (!((FileSystemShare)share).HasWriteAccess(session.UserName, request.DirectoryName, state.ClientEndPoint))
+                {
+                    header.Status = NTStatus.STATUS_ACCESS_DENIED;
+                    return new ErrorResponse(request.CommandName);
+                }
            }

            header.Status = SMB1FileStoreHelper.DeleteDirectory(share.FileStore, request.DirectoryName);
@ -50,13 +56,16 @@ namespace SMBLibrary.Server.SMB1
            return new DeleteDirectoryResponse();
        }

-        internal static SMB1Command GetDeleteResponse(SMB1Header header, DeleteRequest request, FileSystemShare share, SMB1ConnectionState state)
+        internal static SMB1Command GetDeleteResponse(SMB1Header header, DeleteRequest request, ISMBShare share, SMB1ConnectionState state)
        {
            SMB1Session session = state.GetSession(header.UID);
-            if (!share.HasWriteAccess(session.UserName, request.FileName, state.ClientEndPoint))
+            if (share is FileSystemShare)
            {
-                header.Status = NTStatus.STATUS_ACCESS_DENIED;
-                return new ErrorResponse(request.CommandName);
+                if (!((FileSystemShare)share).HasWriteAccess(session.UserName, request.FileName, state.ClientEndPoint))
+                {
+                    header.Status = NTStatus.STATUS_ACCESS_DENIED;
+                    return new ErrorResponse(request.CommandName);
+                }
            }

            // [MS-CIFS] This command cannot delete directories or volumes.
@ -68,18 +77,21 @@ namespace SMBLibrary.Server.SMB1
            return new DeleteResponse();
        }

-        internal static SMB1Command GetRenameResponse(SMB1Header header, RenameRequest request, FileSystemShare share, SMB1ConnectionState state)
+        internal static SMB1Command GetRenameResponse(SMB1Header header, RenameRequest request, ISMBShare share, SMB1ConnectionState state)
        {
            SMB1Session session = state.GetSession(header.UID);
-            if (!share.HasWriteAccess(session.UserName, request.OldFileName, state.ClientEndPoint))
+            if (share is FileSystemShare)
            {
-                header.Status = NTStatus.STATUS_ACCESS_DENIED;
-                return new ErrorResponse(request.CommandName);
-            }
-            if (!share.HasWriteAccess(session.UserName, request.NewFileName, state.ClientEndPoint))
-            {
-                header.Status = NTStatus.STATUS_ACCESS_DENIED;
-                return new ErrorResponse(request.CommandName);
+                if (!((FileSystemShare)share).HasWriteAccess(session.UserName, request.OldFileName, state.ClientEndPoint))
+                {
+                    header.Status = NTStatus.STATUS_ACCESS_DENIED;
+                    return new ErrorResponse(request.CommandName);
+                }
+                if (!((FileSystemShare)share).HasWriteAccess(session.UserName, request.NewFileName, state.ClientEndPoint))
+                {
+                    header.Status = NTStatus.STATUS_ACCESS_DENIED;
+                    return new ErrorResponse(request.CommandName);
+                }
            }

            header.Status = SMB1FileStoreHelper.Rename(share.FileStore, request.OldFileName, request.NewFileName, request.SearchAttributes);
@ -90,13 +102,16 @@ namespace SMBLibrary.Server.SMB1
            return new RenameResponse();
        }

-        internal static SMB1Command GetCheckDirectoryResponse(SMB1Header header, CheckDirectoryRequest request, FileSystemShare share, SMB1ConnectionState state)
+        internal static SMB1Command GetCheckDirectoryResponse(SMB1Header header, CheckDirectoryRequest request, ISMBShare share, SMB1ConnectionState state)
        {
            SMB1Session session = state.GetSession(header.UID);
-            if (!share.HasReadAccess(session.UserName, request.DirectoryName, state.ClientEndPoint))
+            if (share is FileSystemShare)
            {
-                header.Status = NTStatus.STATUS_ACCESS_DENIED;
-                return new ErrorResponse(request.CommandName);
+                if (!((FileSystemShare)share).HasReadAccess(session.UserName, request.DirectoryName, state.ClientEndPoint))
+                {
+                    header.Status = NTStatus.STATUS_ACCESS_DENIED;
+                    return new ErrorResponse(request.CommandName);
+                }
            }

            header.Status = SMB1FileStoreHelper.CheckDirectory(share.FileStore, request.DirectoryName);
@ -108,13 +123,16 @@ namespace SMBLibrary.Server.SMB1
            return new CheckDirectoryResponse();
        }

-        internal static SMB1Command GetQueryInformationResponse(SMB1Header header, QueryInformationRequest request, FileSystemShare share, SMB1ConnectionState state)
+        internal static SMB1Command GetQueryInformationResponse(SMB1Header header, QueryInformationRequest request, ISMBShare share, SMB1ConnectionState state)
        {
            SMB1Session session = state.GetSession(header.UID);
-            if (!share.HasReadAccess(session.UserName, request.FileName, state.ClientEndPoint))
+            if (share is FileSystemShare)
            {
-                header.Status = NTStatus.STATUS_ACCESS_DENIED;
-                return new ErrorResponse(request.CommandName);
+                if (!((FileSystemShare)share).HasReadAccess(session.UserName, request.FileName, state.ClientEndPoint))
+                {
+                    header.Status = NTStatus.STATUS_ACCESS_DENIED;
+                    return new ErrorResponse(request.CommandName);
+                }
            }

            FileNetworkOpenInformation fileInfo;
@ -131,13 +149,16 @@ namespace SMBLibrary.Server.SMB1
            return response;
        }

-        internal static SMB1Command GetSetInformationResponse(SMB1Header header, SetInformationRequest request, FileSystemShare share, SMB1ConnectionState state)
+        internal static SMB1Command GetSetInformationResponse(SMB1Header header, SetInformationRequest request, ISMBShare share, SMB1ConnectionState state)
        {
            SMB1Session session = state.GetSession(header.UID);
-            if (!share.HasWriteAccess(session.UserName, request.FileName, state.ClientEndPoint))
+            if (share is FileSystemShare)
            {
-                header.Status = NTStatus.STATUS_ACCESS_DENIED;
-                return new ErrorResponse(request.CommandName);
+                if (!((FileSystemShare)share).HasWriteAccess(session.UserName, request.FileName, state.ClientEndPoint))
+                {
+                    header.Status = NTStatus.STATUS_ACCESS_DENIED;
+                    return new ErrorResponse(request.CommandName);
+                }
            }

            header.Status = SMB1FileStoreHelper.SetInformation(share.FileStore, request.FileName, request.FileAttributes, request.LastWriteTime);
@ -149,7 +170,7 @@ namespace SMBLibrary.Server.SMB1
            return new SetInformationResponse();
        }

-        internal static SMB1Command GetSetInformation2Response(SMB1Header header, SetInformation2Request request, FileSystemShare share, SMB1ConnectionState state)
+        internal static SMB1Command GetSetInformation2Response(SMB1Header header, SetInformation2Request request, ISMBShare share, SMB1ConnectionState state)
        {
            SMB1Session session = state.GetSession(header.UID);
            OpenFileObject openFile = session.GetOpenFileObject(request.FID);
@ -159,10 +180,13 @@ namespace SMBLibrary.Server.SMB1
                return new ErrorResponse(request.CommandName);
            }

-            if (!share.HasWriteAccess(session.UserName, openFile.Path, state.ClientEndPoint))
+            if (share is FileSystemShare)
            {
-                header.Status = NTStatus.STATUS_ACCESS_DENIED;
-                return new ErrorResponse(request.CommandName);
+                if (!((FileSystemShare)share).HasWriteAccess(session.UserName, openFile.Path, state.ClientEndPoint))
+                {
+                    header.Status = NTStatus.STATUS_ACCESS_DENIED;
+                    return new ErrorResponse(request.CommandName);
+                }
            }

            header.Status = SMB1FileStoreHelper.SetInformation2(share.FileStore, openFile.Handle, request.CreationDateTime, request.LastAccessDateTime, request.LastWriteDateTime);
--- a/SMBLibrary/Server/SMBServer.SMB1.cs
+++ b/SMBLibrary/Server/SMBServer.SMB1.cs
@ -144,23 +144,13 @@ namespace SMBLibrary.Server

                    if (command is CreateDirectoryRequest)
                    {
-                        if (!(share is FileSystemShare))
-                        {
-                            header.Status = NTStatus.STATUS_INVALID_PARAMETER;
-                            return new ErrorResponse(command.CommandName);
-                        }
                        CreateDirectoryRequest request = (CreateDirectoryRequest)command;
-                        return FileSystemResponseHelper.GetCreateDirectoryResponse(header, request, (FileSystemShare)share, state);
+                        return FileStoreResponseHelper.GetCreateDirectoryResponse(header, request, share, state);
                    }
                    else if (command is DeleteDirectoryRequest)
                    {
-                        if (!(share is FileSystemShare))
-                        {
-                            header.Status = NTStatus.STATUS_INVALID_PARAMETER;
-                            return new ErrorResponse(command.CommandName);
-                        }
                        DeleteDirectoryRequest request = (DeleteDirectoryRequest)command;
-                        return FileSystemResponseHelper.GetDeleteDirectoryResponse(header, request, (FileSystemShare)share, state);
+                        return FileStoreResponseHelper.GetDeleteDirectoryResponse(header, request, share, state);
                    }
                    else if (command is CloseRequest)
                    {
@ -173,43 +163,23 @@ namespace SMBLibrary.Server
                    }
                    else if (command is DeleteRequest)
                    {
-                        if (!(share is FileSystemShare))
-                        {
-                            header.Status = NTStatus.STATUS_INVALID_PARAMETER;
-                            return new ErrorResponse(command.CommandName);
-                        }
                        DeleteRequest request = (DeleteRequest)command;
-                        return FileSystemResponseHelper.GetDeleteResponse(header, request, (FileSystemShare)share, state);
+                        return FileStoreResponseHelper.GetDeleteResponse(header, request, share, state);
                    }
                    else if (command is RenameRequest)
                    {
-                        if (!(share is FileSystemShare))
-                        {
-                            header.Status = NTStatus.STATUS_INVALID_PARAMETER;
-                            return new ErrorResponse(command.CommandName);
-                        }
                        RenameRequest request = (RenameRequest)command;
-                        return FileSystemResponseHelper.GetRenameResponse(header, request, (FileSystemShare)share, state);
+                        return FileStoreResponseHelper.GetRenameResponse(header, request, share, state);
                    }
                    else if (command is QueryInformationRequest)
                    {
-                        if (!(share is FileSystemShare))
-                        {
-                            header.Status = NTStatus.STATUS_INVALID_PARAMETER;
-                            return new ErrorResponse(command.CommandName);
-                        }
                        QueryInformationRequest request = (QueryInformationRequest)command;
-                        return FileSystemResponseHelper.GetQueryInformationResponse(header, request, (FileSystemShare)share, state);
+                        return FileStoreResponseHelper.GetQueryInformationResponse(header, request, share, state);
                    }
                    else if (command is SetInformationRequest)
                    {
-                        if (!(share is FileSystemShare))
-                        {
-                            header.Status = NTStatus.STATUS_INVALID_PARAMETER;
-                            return new ErrorResponse(command.CommandName);
-                        }
                        SetInformationRequest request = (SetInformationRequest)command;
-                        return FileSystemResponseHelper.GetSetInformationResponse(header, request, (FileSystemShare)share, state);
+                        return FileStoreResponseHelper.GetSetInformationResponse(header, request, share, state);
                    }
                    else if (command is ReadRequest)
                    {
@ -223,13 +193,8 @@ namespace SMBLibrary.Server
                    }
                    else if (command is CheckDirectoryRequest)
                    {
-                        if (!(share is FileSystemShare))
-                        {
-                            header.Status = NTStatus.STATUS_INVALID_PARAMETER;
-                            return new ErrorResponse(command.CommandName);
-                        }
                        CheckDirectoryRequest request = (CheckDirectoryRequest)command;
-                        return FileSystemResponseHelper.GetCheckDirectoryResponse(header, request, (FileSystemShare)share, state);
+                        return FileStoreResponseHelper.GetCheckDirectoryResponse(header, request, share, state);
                    }
                    else if (command is WriteRawRequest)
                    {
@ -241,13 +206,8 @@ namespace SMBLibrary.Server
                    }
                    else if (command is SetInformation2Request)
                    {
-                        if (!(share is FileSystemShare))
-                        {
-                            header.Status = NTStatus.STATUS_INVALID_PARAMETER;
-                            return new ErrorResponse(command.CommandName);
-                        }
                        SetInformation2Request request = (SetInformation2Request)command;
-                        return FileSystemResponseHelper.GetSetInformation2Response(header, request, (FileSystemShare)share, state);
+                        return FileStoreResponseHelper.GetSetInformation2Response(header, request, share, state);
                    }
                    else if (command is LockingAndXRequest)
                    {