From c9a6e242d15ee707a2e30f973fd37e80b3225aca Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 3 Jan 2023 18:28:54 -0800
Subject: [PATCH] s3: smbd: Strip any leading '\\' characters if the SMB2 DFS
 flag is set.

MacOS clients send SMB2 DFS pathnames as \server\share\file\name.

Ensure smbd can cope with this by stipping any leading '\\'
characters from an SMB2 packet with the DFS flag set.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15277

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan  4 07:46:06 UTC 2023 on sn-devel-184
---
 selftest/knownfail.d/dfs_paths |  1 -
 source3/smbd/smb2_create.c     | 13 +++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/selftest/knownfail.d/dfs_paths b/selftest/knownfail.d/dfs_paths
index 51d9d6e5a43..127c0492f51 100644
--- a/selftest/knownfail.d/dfs_paths
+++ b/selftest/knownfail.d/dfs_paths
@@ -1,7 +1,6 @@
 ^samba3.smbtorture_s3.smb2.SMB2-DFS-PATHS.smbtorture\(fileserver\)
 ^samba3.smbtorture_s3.smb2.SMB2-NON-DFS-SHARE.smbtorture\(fileserver\)
 ^samba3.smbtorture_s3.smb2.SMB2-DFS-SHARE-NON-DFS-PATH.smbtorture\(fileserver\)
-^samba3.smbtorture_s3.smb2.SMB2-DFS-FILENAME-LEADING-BACKSLASH.smbtorture\(fileserver\)
 ^samba3.smbtorture_s3.smb1.SMB1-DFS-PATHS.smbtorture\(fileserver\)
 ^samba3.smbtorture_s3.smb1.SMB1-DFS-SEARCH-PATHS.smbtorture\(fileserver\)
 ^samba3.smbtorture_s3.smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver\)
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index aba339014bb..0f18d5594a4 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -776,6 +776,17 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
 
 	in_file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
 
+	is_dfs = (smb1req->flags2 & FLAGS2_DFS_PATHNAMES);
+	if (is_dfs) {
+		/*
+		 * With a DFS flag set, remove any leading '\\'
+		 * characters from in_name before further processing.
+		 */
+		while (in_name[0] == '\\') {
+			in_name++;
+		}
+	}
+
 	state->fname = talloc_strdup(state, in_name);
 	if (tevent_req_nomem(state->fname, req)) {
 		return tevent_req_post(req, state->ev);
@@ -960,8 +971,6 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
 		state->lease_ptr = NULL;
 	}
 
-	is_dfs = (smb1req->flags2 & FLAGS2_DFS_PATHNAMES);
-
 	/* convert '\\' into '/' */
 	status = check_path_syntax_smb2(state->fname, is_dfs);
 	if (tevent_req_nterror(req, status)) {
-- 
2.11.4.GIT