The SMBD server uses the following code snippet to create a NT_CREATE_ANDX response: ("smbd/nttrans.c" line 617 of 2926, in void reply_ntcreate_and_X()) put_long_date_timespec(p, c_timespec); /* create time. */ p += 8; put_long_date_timespec(p, a_timespec); /* access time */ p += 8; put_long_date_timespec(p, m_timespec); /* write time */ p += 8; put_long_date_timespec(p, m_timespec); /* change time */ p += 8; SIVAL(p,0,fattr); /* File Attributes. */ p += 4; SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf)); p += 8; SOFF_T(p,0,file_len); p += 8; if (flags & EXTENDED_RESPONSE_REQUIRED) { SSVAL(p,2,0x7); } In the last 4 lines, it always sets FileStatus to 0x7. 0x7 means NoEAs and NoSubstreams. The server should set FileStatus flags to correct values if the file opened has extended attributes or substreams. This bug was found using Microsoft internal common file system test tools.
Very interesting - thanks ! Can you point me at the protocol documentation that includes the bits NoEAs and NoSubstreams. It doesn't seem to be in the new CIFS doc that was published recently. Once I know what these bits mean I'll be able to set them appropriately. Thanks, Jeremy.
The documentation for the FileStatus flags is in section 2.2.9 of [MS-SMB] http://msdn.microsoft.com/en-us/library/cc246334(PROT.13).aspx Please refer to DeviceState_or_FileStatusFlags (2 bytes) Thanks, Long
Thanks - I was looking in the recently released CIFS guide on MSDN and it isn't there. I don't think this will make 3.4.0, but should be in the release after. Cheers, Jeremy.
Created attachment 4691 [details] Patch for 3.5.0. Fix that will be in 3.5.0 (not planning to backport to 3.4.2). Volker please review. Jeremy.
Comment on attachment 4691 [details] Patch for 3.5.0. If it is survives make test then please put it in. Yet another one that will make us slower and slower and slower for the sake of 100% protocol correctness.
Jeremy, Volker: What shall we do with this patch?
I'll update this and put it in master, not for 3.5.2. Let's target it for 3.6.0. Jeremy.
Oh, never mind - it's already in master. Jeremy.
(In reply to comment #8) > Oh, never mind - it's already in master. > Jeremy. > Okay, so the bug report can be closed.