1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
samba-mirror/source3/rpc_client/cli_mdssvc_private.h
Ralph Boehme 94fcbec8af CVE-2023-34968: mdscli: return share relative paths
The next commit will change the Samba Spotlight server to return absolute paths
that start with the sharename as "/SHARENAME/..." followed by the share path
relative appended.

So given a share

  [spotlight]
    path = /foo/bar
    spotlight = yes

and a file inside this share with a full path of

  /foo/bar/dir/file

previously a search that matched this file would returns the absolute
server-side pato of the file, ie

  /foo/bar/dir/file

This will be change to

  /spotlight/dir/file

As currently the mdscli library and hence the mdsearch tool print out these
paths returned from the server, we have to change the output to accomodate these
fake paths. The only way to do this sensibly is by makeing the paths relative to
the containing share, so just

  dir/file

in the example above.

The client learns about the share root path prefix – real server-side of fake in
the future – in an initial handshake in the "share_path" out argument of the
mdssvc_open() RPC call, so the client can use this path to convert the absolute
path to relative.

There is however an additional twist: the macOS Spotlight server prefixes this
absolute path with another prefix, typically "/System/Volumes/Data", so in the
example above the full path for the same search would be

  /System/Volumes/Data/foo/bar/dir/file

So macOS does return the full server-side path too, just prefixed with an
additional path. This path prefixed can be queried by the client in the
mdssvc_cmd() RPC call with an Spotlight command of "fetchPropertiesForContext:"
and the path is returned in a dictionary with key "kMDSStorePathScopes". Samba
just returns "/" for this.

Currently the mdscli library doesn't issue this Spotlight RPC
request (fetchPropertiesForContext), so this is added in this commit. In the
end, all search result paths are stripped of the combined prefix

  kMDSStorePathScopes + share_path (from mdssvc_open).

eg

  kMDSStorePathScopes = /System/Volumes/Data
  share_path = /foo/bar
  search result = /System/Volumes/Data/foo/bar/dir/file
  relative path returned by mdscli = dir/file

Makes sense? :)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-21 12:05:35 +00:00

75 lines
1.6 KiB
C

/*
Unix SMB/CIFS implementation.
mdssvc client functions
Copyright (C) Ralph Boehme 2019
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _MDSCLI_PRIVATE_H_
#define _MDSCLI_PRIVATE_H_
struct mdsctx_id {
uint64_t id;
uint64_t connection;
};
struct mdscli_ctx {
uint64_t async_pending;
struct dcerpc_binding_handle *bh;
struct policy_handle ph;
struct mdsctx_id ctx_id;
size_t max_fragment_size;
/* Known fields used across multiple commands */
uint32_t dev;
uint32_t flags;
/* cmd specific or unknown fields */
struct {
char share_path[1025];
size_t share_path_len;
uint32_t unkn2;
uint32_t unkn3;
} mdscmd_open;
struct {
uint32_t status;
uint32_t unkn7;
} mdscmd_unknown1;
struct {
uint32_t fragment;
uint32_t unkn9;
} mdscmd_cmd;
struct {
uint32_t status;
} mdscmd_close;
char *path_scope;
size_t path_scope_len;
};
struct mdscli_search_ctx {
struct mdscli_ctx *mdscli_ctx;
struct mdsctx_id ctx_id;
uint64_t unique_id;
bool live;
char *path_scope;
char *mds_query;
};
#endif /* _MDSCLI_PRIVATE_H_ */