Server 2016 Create request bug fix + Related issue fixes (#154)

afiffon · web-flow · commit 8bdfead1af71 · 2025-11-14T16:09:40.000Z
Resolves #153 - Fix MxAc parsing + check failure on access mask with status - Remove all reserved assertions @coderabbitai ignore
diff --git a/crates/smb-dtyp/src/security/ace.rs b/crates/smb-dtyp/src/security/ace.rs
@@ -310,7 +310,6 @@ pub struct ClaimSecurityAttributeRelativeV1 {
     _name: PosMarker<u32>, // TODO: Figure out what this is.
     pub value_type: ClaimSecurityAttributeType,
     #[bw(calc = 0)]
-    #[br(assert(reserved == 0))]
     reserved: u16,
     pub flags: FciClaimSecurityAttributes,
     value_count: u32,
diff --git a/crates/smb-fscc/src/common_info.rs b/crates/smb-fscc/src/common_info.rs
@@ -32,7 +32,6 @@ pub struct FileBasicInformation {
     /// The file attributes.
     pub file_attributes: FileAttributes,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u32,
 }
 
diff --git a/crates/smb-fscc/src/filesystem_info.rs b/crates/smb-fscc/src/filesystem_info.rs
@@ -365,7 +365,6 @@ pub struct FileFsVolumeInformation {
     ///  Set to TRUE if the file system supports object-oriented file system objects; set to FALSE otherwise.
     pub supports_objects: Boolean,
     #[bw(calc = 0)]
-    #[br(assert(reserved == 0))]
     reserved: u8,
     /// The content of this field can be a null-terminated string or can be a string padded with the space character to be VolumeLabelLength bytes long.
     #[br(args { size: SizedStringSize::bytes(volume_label_length) })]
diff --git a/crates/smb-fscc/src/query_file_info.rs b/crates/smb-fscc/src/query_file_info.rs
@@ -372,7 +372,6 @@ pub struct FileStandardInformation {
     /// Set to TRUE if the file is a directory.
     pub directory: Boolean,
     #[bw(calc = 0)]
-    #[br(assert(reserved == 0))]
     reserved: u16,
 }
 
diff --git a/crates/smb-msg/src/cancel.rs b/crates/smb-msg/src/cancel.rs
@@ -8,7 +8,6 @@ pub struct CancelRequest {
     #[br(assert(_structure_size == 4))]
     #[bw(calc = 4)]
     _structure_size: u16,
-    #[br(assert(_reserved == 0))]
     #[bw(calc = 0)]
     _reserved: u16,
 }
diff --git a/crates/smb-msg/src/create.rs b/crates/smb-msg/src/create.rs
@@ -75,7 +75,6 @@ pub struct CreateRequest {
     #[br(assert(_smb_create_flags == 0))]
     _smb_create_flags: u64,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u64,
     pub desired_access: FileAccessMask,
     pub file_attributes: FileAttributes,
@@ -196,7 +195,6 @@ pub struct CreateResponse {
     pub endof_file: u64,
     pub file_attributes: FileAttributes,
     #[bw(calc = 0)]
-    #[br(assert(_reserved2 == 0))]
     _reserved2: u32,
     pub file_id: FileId,
     // assert it's 8-aligned
@@ -250,7 +248,6 @@ where
     #[bw(calc = u16::try_from(name.len()).unwrap())]
     name_length: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u16,
     #[bw(calc = PosMarker::default())]
     _data_offset: PosMarker<u16>,
@@ -527,7 +524,6 @@ pub struct RequestLeaseV2 {
     pub parent_lease_key: u128,
     pub epoch: u16,
     #[bw(calc = 0)]
-    #[br(assert(reserved == 0))]
     reserved: u16,
 }
 
@@ -551,7 +547,6 @@ pub struct DurableHandleRequestV2 {
     pub timeout: u32,
     pub flags: DurableHandleV2Flags,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u64,
     pub create_guid: Guid,
 }
@@ -583,7 +578,6 @@ pub struct AppInstanceId {
     #[br(assert(structure_size == 20))]
     structure_size: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u16,
     pub app_instance_id: Guid,
 }
@@ -595,10 +589,8 @@ pub struct AppInstanceVersion {
     #[br(assert(structure_size == 24))]
     structure_size: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved2 == 0))]
     _reserved2: u32,
     pub app_instance_version_high: u64,
     pub app_instance_version_low: u64,
@@ -618,10 +610,8 @@ pub struct SvhdxOpenDeviceContextV1 {
     pub version: u32,
     pub has_initiator_id: Boolean,
     #[bw(calc = 0)]
-    #[br(assert(reserved1 == 0))]
     reserved1: u8,
     #[bw(calc = 0)]
-    #[br(assert(reserved2 == 0))]
     reserved2: u16,
     pub initiator_id: Guid,
     pub flags: u32,
@@ -637,10 +627,8 @@ pub struct SvhdxOpenDeviceContextV2 {
     pub version: u32,
     pub has_initiator_id: Boolean,
     #[bw(calc = 0)]
-    #[br(assert(reserved1 == 0))]
     reserved1: u8,
     #[bw(calc = 0)]
-    #[br(assert(reserved2 == 0))]
     reserved2: u16,
     pub initiator_id: Guid,
     pub flags: u32,
@@ -658,17 +646,39 @@ pub struct SvhdxOpenDeviceContextV2 {
 #[binrw::binrw]
 #[derive(Debug, PartialEq, Eq)]
 pub struct QueryMaximalAccessResponse {
+    // MS-SMB2, 2.2.14.2.5: "MaximalAccess field is valid only if QueryStatus is STATUS_SUCCESS.
+    // he status code MUST be one of those defined in [MS-ERREF] section 2.3"
+    /// Use [`is_success()`][QueryMaximalAccessResponse::is_success] to check if the query was successful.
     pub query_status: Status,
+
+    /// The maximal access mask for the opened file.
+    ///
+    /// Use [`access_mask()`][QueryMaximalAccessResponse::access_mask] to get the access mask if the query was successful.
     pub maximal_access: FileAccessMask,
 }
 
+impl QueryMaximalAccessResponse {
+    /// Returns true if the query was successful.
+    pub fn is_success(&self) -> bool {
+        self.query_status == Status::Success
+    }
+
+    /// Returns the maximal access mask if the query was successful.
+    pub fn maximal_access(&self) -> Option<FileAccessMask> {
+        if self.is_success() {
+            Some(self.maximal_access)
+        } else {
+            None
+        }
+    }
+}
+
 #[binrw::binrw]
 #[derive(Debug, PartialEq, Eq)]
 pub struct QueryOnDiskIdResp {
     pub file_id: u64,
     pub volume_id: u64,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u128,
 }
 
@@ -689,7 +699,6 @@ pub struct CloseRequest {
     #[br(assert(_flags == CloseFlags::new().with_postquery_attrib(true)))]
     _flags: CloseFlags,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u32,
     pub file_id: FileId,
 }
@@ -702,7 +711,6 @@ pub struct CloseResponse {
     _structure_size: u16,
     pub flags: CloseFlags,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u32,
     pub creation_time: FileTime,
     pub last_access_time: FileTime,
@@ -793,6 +801,39 @@ mod tests {
             0000000000000000000000000000000000000000"
     }
 
+    use smb_dtyp::make_guid;
+
+    test_response_read! {
+        server2016: Create {
+            oplock_level: OplockLevel::None,
+            flags: CreateResponseFlags::new(),
+            create_action: CreateAction::Opened,
+            creation_time: FileTime::ZERO,
+            last_access_time: FileTime::ZERO,
+            last_write_time: FileTime::ZERO,
+            change_time: FileTime::ZERO,
+            allocation_size: 4096,
+            endof_file: 0,
+            file_attributes: FileAttributes::new().with_normal(true),
+            file_id: make_guid!("00000001-0001-0000-0100-000001000000").into(),
+            create_contexts: vec![
+                QueryMaximalAccessResponse {
+                    query_status: Status::NotMapped, // Server 2016 IPC$ bug
+                    maximal_access: FileAccessMask::default(),
+                }
+                .into(),
+                QueryOnDiskIdResp {
+                    file_id: 0xffff870415d75290,
+                    volume_id: 0xffffe682cb589c90,
+                }
+                .into(),
+            ].into(),
+        } => "59000000010000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000
+        000000008000000076007300010000000100000001000000010000009800000058000000200000001000040000001800080000004d7841
+        6300000000730000c0000000000000000010000400000018002000000051466964000000009052d7150487ffff909c58cb82e6ffff0000
+        0000000000000000000000000000"
+    }
+
     /*
     Tests to add for contexts:
     dhnc: b"DHNc", DurableHandleReconnect, DurableHandleReconnect,
diff --git a/crates/smb-msg/src/echo.rs b/crates/smb-msg/src/echo.rs
@@ -7,7 +7,6 @@ pub struct EchoMesasge {
     #[br(assert(_structure_size == 4))]
     #[bw(calc = 4)]
     _structure_size: u16,
-    #[br(assert(_reserved == 0))]
     #[bw(calc = 0)]
     _reserved: u16,
 }
diff --git a/crates/smb-msg/src/encrypted.rs b/crates/smb-msg/src/encrypted.rs
@@ -18,7 +18,6 @@ pub struct EncryptedHeader {
     pub nonce: EncryptionNonce,
     pub original_message_size: u32,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u16,
     #[bw(calc = 1)] // MUST be set to 1.
     #[br(assert(_flags == 1))]
diff --git a/crates/smb-msg/src/error.rs b/crates/smb-msg/src/error.rs
@@ -14,7 +14,6 @@ pub struct ErrorResponse {
     #[bw(try_calc = error_data.len().try_into())]
     _error_context_count: u8,
 
-    #[br(assert(_reserved == 0))]
     #[bw(calc = 0)]
     _reserved: u8,
 
diff --git a/crates/smb-msg/src/file.rs b/crates/smb-msg/src/file.rs
@@ -16,10 +16,8 @@ pub struct FlushRequest {
     #[br(assert(_structure_size == 24))]
     _structure_size: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved1 == 0))]
     _reserved1: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved2 == 0))]
     _reserved2: u32,
     pub file_id: FileId,
 }
@@ -31,7 +29,6 @@ pub struct FlushResponse {
     #[br(assert(_structure_size == 4))]
     _structure_size: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u16,
 }
 
@@ -82,7 +79,6 @@ pub struct ReadResponse {
     #[bw(calc = PosMarker::default())]
     _data_offset: PosMarker<u8>,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u8,
     #[bw(try_calc = buffer.len().try_into())]
     #[br(assert(_data_length > 0))] // sanity
@@ -93,7 +89,6 @@ pub struct ReadResponse {
 
     // No RDMA support -- always zero, for both reserved and flags case:
     #[bw(calc = 0)]
-    #[br(assert(_reserved2 == 0))]
     _reserved2: u32,
 
     #[br(seek_before = SeekFrom::Start(_data_offset.value as u64))]
@@ -187,7 +182,6 @@ pub struct WriteResponse {
     #[br(assert(_structure_size == 17))]
     _structure_size: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u16,
     pub count: u32,
     #[bw(calc = 0)] // reserved
diff --git a/crates/smb-msg/src/header.rs b/crates/smb-msg/src/header.rs
@@ -147,6 +147,7 @@ make_status! {
     ObjectPathNotFound = 0xC000003A: "Object Path Not Found",
     NoEasOnFile = 0xC0000044: "No EAs on File",
     LogonFailure = 0xC000006D: "Logon Failure",
+    NotMapped = 0xC0000073: "Not Mapped",
     BadImpersonationLevel = 0xC00000A5: "Bad Impersonation Level",
     IoTimeout = 0xC00000B5: "I/O Timeout",
     FileIsADirectory = 0xC00000BA: "File is a Directory",
diff --git a/crates/smb-msg/src/info/query.rs b/crates/smb-msg/src/info/query.rs
@@ -23,7 +23,6 @@ pub struct QueryInfoRequest {
     pub output_buffer_length: u32,
     #[bw(calc = PosMarker::default())]
     _input_buffer_offset: PosMarker<u16>,
-    #[br(assert(_reserved == 0))]
     #[bw(calc = 0)]
     _reserved: u16,
     #[bw(calc = PosMarker::default())]
diff --git a/crates/smb-msg/src/ioctl/msg.rs b/crates/smb-msg/src/ioctl/msg.rs
@@ -20,7 +20,6 @@ pub struct IoctlRequest {
     #[br(assert(struct_size == 57))]
     struct_size: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u16,
     pub ctl_code: u32,
     pub file_id: FileId,
@@ -38,7 +37,6 @@ pub struct IoctlRequest {
     pub max_output_response: u32,
     pub flags: IoctlRequestFlags,
     #[bw(calc = 0)]
-    #[br(assert(reserved2 == 0))]
     reserved2: u32,
 
     #[bw(write_with = PosMarker::write_aoff_size, args(&_input_offset, &_input_count))]
@@ -136,7 +134,6 @@ pub struct IoctlResponse {
     #[br(assert(struct_size == 49))]
     struct_size: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u16,
     pub ctl_code: u32,
     pub file_id: FileId,
@@ -158,7 +155,6 @@ pub struct IoctlResponse {
     #[br(assert(flags == 0))]
     flags: u32,
     #[bw(calc = 0)]
-    #[br(assert(reserved2 == 0))]
     reserved2: u32,
 
     #[br(seek_before = SeekFrom::Start(input_offset.value.into()))]
diff --git a/crates/smb-msg/src/lock.rs b/crates/smb-msg/src/lock.rs
@@ -32,7 +32,6 @@ pub struct LockElement {
     pub length: u64,
     pub flags: LockFlag,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u32,
 }
 
@@ -56,7 +55,6 @@ pub struct LockResponse {
     #[br(assert(_structure_size == 4))]
     pub _structure_size: u16,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     pub _reserved: u16,
 }
 
diff --git a/crates/smb-msg/src/negotiate.rs b/crates/smb-msg/src/negotiate.rs
@@ -14,7 +14,6 @@ pub struct NegotiateRequest {
     dialect_count: u16,
     pub security_mode: NegotiateSecurityMode,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u16,
     pub capabilities: GlobalCapabilities,
     pub client_guid: Guid,
@@ -24,7 +23,6 @@ pub struct NegotiateRequest {
     #[bw(try_calc(u16::try_from(negotiate_context_list.as_ref().map(|v| v.len()).unwrap_or(0))))]
     negotiate_context_count: u16,
     #[bw(calc = 0)]
-    #[br(assert(reserved2 == 0))]
     reserved2: u16,
     #[br(count = dialect_count)]
     pub dialects: Vec<Dialect>,
@@ -238,7 +236,6 @@ pub struct NegotiateContext {
     #[bw(calc = PosMarker::default())]
     data_length: PosMarker<u16>,
     #[bw(calc = 0)]
-    #[br(assert(_reserved == 0))]
     _reserved: u32,
     #[br(args(&context_type))]
     #[br(map_stream = |s| s.take_seek(data_length.value as u64))]
@@ -422,10 +419,8 @@ pub struct RdmaTransformCapabilities {
     transform_count: u16,
 
     #[bw(calc = 0)]
-    #[br(assert(reserved1 == 0))]
     reserved1: u16,
     #[bw(calc = 0)]
-    #[br(assert(reserved2 == 0))]
     reserved2: u32,
 
     #[br(count = transform_count)]
diff --git a/crates/smb-msg/src/oplock.rs b/crates/smb-msg/src/oplock.rs
diff --git a/crates/smb-msg/src/smb1.rs b/crates/smb-msg/src/smb1.rs
diff --git a/crates/smb-msg/src/tree_connect.rs b/crates/smb-msg/src/tree_connect.rs
diff --git a/crates/smb-rpc/src/pdu.rs b/crates/smb-rpc/src/pdu.rs
diff --git a/crates/smb/src/compression.rs b/crates/smb/src/compression.rs
diff --git a/crates/smb/src/resource.rs b/crates/smb/src/resource.rs

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,6 @@ pub struct FileBasicInformation {`
`32`	`32`	`/// The file attributes.`
`33`	`33`	`pub file_attributes: FileAttributes,`
`34`	`34`	`#[bw(calc = 0)]`
`35`		`- #[br(assert(_reserved == 0))]`
`36`	`35`	`_reserved: u32,`
`37`	`36`	`}`
`38`	`37`
Original file line number	Diff line number	Diff line change
`@@ -372,7 +372,6 @@ pub struct FileStandardInformation {`
`372`	`372`	`/// Set to TRUE if the file is a directory.`
`373`	`373`	`pub directory: Boolean,`
`374`	`374`	`#[bw(calc = 0)]`
`375`		`- #[br(assert(reserved == 0))]`
`376`	`375`	`reserved: u16,`
`377`	`376`	`}`
`378`	`377`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,6 @@ pub struct CancelRequest {`
`8`	`8`	`#[br(assert(_structure_size == 4))]`
`9`	`9`	`#[bw(calc = 4)]`
`10`	`10`	`_structure_size: u16,`
`11`		`- #[br(assert(_reserved == 0))]`
`12`	`11`	`#[bw(calc = 0)]`
`13`	`12`	`_reserved: u16,`
`14`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,6 @@ pub struct EchoMesasge {`
`7`	`7`	`#[br(assert(_structure_size == 4))]`
`8`	`8`	`#[bw(calc = 4)]`
`9`	`9`	`_structure_size: u16,`
`10`		`- #[br(assert(_reserved == 0))]`
`11`	`10`	`#[bw(calc = 0)]`
`12`	`11`	`_reserved: u16,`
`13`	`12`	`}`