From a56981cbc7aec1b39e45749cdbf58c2a383e4e78 Mon Sep 17 00:00:00 2001
From: Paulo Vitor Magacho <pvmagacho@gmail.com>
Date: Wed, 29 Dec 2021 15:31:06 -0300
Subject: [PATCH 1/2] Added DFS check for rename

Signed-off-by: Paulo Vitor Magacho <pvmagacho@gmail.com>
---
 source3/libsmb/cli_smb2_fnum.c | 14 ++++++++++++-
 source3/libsmb/clidfs.c        | 38 ++++++++++++++++++++++++++++++++++
 source3/libsmb/proto.h         |  5 +++++
 3 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index f70639e41bd..1088581b3c1 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -3296,12 +3296,24 @@ struct tevent_req *cli_smb2_rename_send(
 {
 	struct tevent_req *req = NULL, *subreq = NULL;
 	struct cli_smb2_rename_state *state = NULL;
+	NTSTATUS status;
 
 	req = tevent_req_create(
 		mem_ctx, &state, struct cli_smb2_rename_state);
 	if (req == NULL) {
 		return NULL;
 	}
+
+	status = cli_dfs_rename_check(req,
+                                    cli,
+                                    fname_src,
+                                    fname_dst,
+                                    &fname_dst);
+	if (!NT_STATUS_IS_OK(status)) {
+		tevent_req_nterror(req, status);
+		return tevent_req_post(req, ev);
+	}
+
 	state->ev = ev;
 	state->cli = cli;
 	state->fname_dst = fname_dst;
@@ -3329,7 +3341,7 @@ static void cli_smb2_rename_opened(struct tevent_req *subreq)
 	if (tevent_req_nterror(req, status)) {
 		return;
 	}
-
+	
 	subreq = cli_smb2_rename_fnum_send(
 		state,
 		state->ev,
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 5b64858ca33..14dfc07267e 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -1274,3 +1274,41 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
 
 	return true;
 }
+
+NTSTATUS cli_dfs_rename_check(TALLOC_CTX *mem_ctx,
+                               struct cli_state *cli,
+                               const char *fname_src,
+                               const char *fname_dst,
+                               const char **fname_dst_out)
+{
+       char *src_dfs_prefix = NULL;
+       size_t prefix_len = 0;
+       struct smbXcli_tcon *tcon = NULL;
+
+       *fname_dst_out = fname_dst;
+
+       if (!smbXcli_conn_dfs_supported(cli->conn)) {
+               return NT_STATUS_OK;
+       }
+       if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+               tcon = cli->smb2.tcon;
+       } else {
+               tcon = cli->smb1.tcon;
+       }
+       if (!smbXcli_tcon_is_dfs_share(tcon)) {
+               return NT_STATUS_OK;
+       }
+       src_dfs_prefix = cli_dfs_make_full_path(mem_ctx, cli, "");
+       if (src_dfs_prefix == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       prefix_len = strlen(src_dfs_prefix);
+       if (strncmp(fname_dst, src_dfs_prefix, prefix_len) != 0) {
+               TALLOC_FREE(src_dfs_prefix);
+               return NT_STATUS_OBJECT_NAME_INVALID;
+       }
+       *fname_dst_out = &fname_dst[prefix_len];
+
+       TALLOC_FREE(src_dfs_prefix);
+       return NT_STATUS_OK;
+}
\ No newline at end of file
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index bd67e56b60f..2f68c31c469 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -198,6 +198,11 @@ NTSTATUS cli_smb(TALLOC_CTX *mem_ctx, struct cli_state *cli,
 		 struct tevent_req **result_parent,
 		 uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
 		 uint32_t *pnum_bytes, uint8_t **pbytes);
+NTSTATUS cli_dfs_rename_check(TALLOC_CTX *mem_ctx,
+                       struct cli_state *cli,
+                       const char *fname_src,
+                       const char *fname_dst,
+                       const char **fname_dst_out);
 
 /* The following definitions come from libsmb/clierror.c  */
 
-- 
2.27.0.windows.1