From 1654eae11b9c13308b2b78f70309eb3a56960619 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 11 Aug 2022 10:03:58 -0700 Subject: [PATCH] s3: smbd: Add IS_VETO_PATH checks to openat_pathref_fsp_case_insensitive(). Returns NT_STATUS_OBJECT_NAME_NOT_FOUND for final component. Note we have to call the check before each call to openat_pathref_fsp(), as each call may be using a different filesystem name. The first name is the one passed into openat_pathref_fsp_case_insensitive() by the caller, the second one is a name retrieved from get_real_filename_cache_key(), and the third one is the name retrieved from get_real_filename_at(). The last two calls may have demangled the client given name into a veto'ed path on the filesystem. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143 Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Aug 16 08:26:54 UTC 2022 on sn-devel-184 --- selftest/knownfail.d/veto_files | 1 - source3/smbd/filename.c | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) delete mode 100644 selftest/knownfail.d/veto_files diff --git a/selftest/knownfail.d/veto_files b/selftest/knownfail.d/veto_files deleted file mode 100644 index ad7d841a033..00000000000 --- a/selftest/knownfail.d/veto_files +++ /dev/null @@ -1 +0,0 @@ -^samba3.blackbox.test_veto_files.get_veto_file\(fileserver\) diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index f362aee9452..ca94b7ec7f9 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -836,6 +836,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive( SET_STAT_INVALID(smb_fname_rel->st); + /* Check veto files - only looks at last component. */ + if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) { + DBG_DEBUG("veto files rejecting last component %s\n", + smb_fname_str_dbg(smb_fname_rel)); + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + status = openat_pathref_fsp(dirfsp, smb_fname_rel); if (NT_STATUS_IS_OK(status)) { @@ -895,6 +902,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive( return NT_STATUS_NO_MEMORY; } + if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) { + DBG_DEBUG("veto files rejecting last component %s\n", + smb_fname_str_dbg(smb_fname_rel)); + TALLOC_FREE(cache_key.data); + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + status = openat_pathref_fsp(dirfsp, smb_fname_rel); if (NT_STATUS_IS_OK(status)) { TALLOC_FREE(cache_key.data); @@ -919,6 +933,12 @@ lookup: TALLOC_FREE(smb_fname_rel->base_name); smb_fname_rel->base_name = found_name; + if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) { + DBG_DEBUG("veto files rejecting last component %s\n", + smb_fname_str_dbg(smb_fname_rel)); + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + status = openat_pathref_fsp(dirfsp, smb_fname_rel); }