1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
https://gitlab.com/samba-team/samba is the Official GitLab mirror of https://git.samba.org/samba.git -- Merge requests should be made on GitLab (not on GitHub)
Go to file
Ralph Boehme 94fcbec8af CVE-2023-34968: mdscli: return share relative paths
The next commit will change the Samba Spotlight server to return absolute paths
that start with the sharename as "/SHARENAME/..." followed by the share path
relative appended.

So given a share

  [spotlight]
    path = /foo/bar
    spotlight = yes

and a file inside this share with a full path of

  /foo/bar/dir/file

previously a search that matched this file would returns the absolute
server-side pato of the file, ie

  /foo/bar/dir/file

This will be change to

  /spotlight/dir/file

As currently the mdscli library and hence the mdsearch tool print out these
paths returned from the server, we have to change the output to accomodate these
fake paths. The only way to do this sensibly is by makeing the paths relative to
the containing share, so just

  dir/file

in the example above.

The client learns about the share root path prefix – real server-side of fake in
the future – in an initial handshake in the "share_path" out argument of the
mdssvc_open() RPC call, so the client can use this path to convert the absolute
path to relative.

There is however an additional twist: the macOS Spotlight server prefixes this
absolute path with another prefix, typically "/System/Volumes/Data", so in the
example above the full path for the same search would be

  /System/Volumes/Data/foo/bar/dir/file

So macOS does return the full server-side path too, just prefixed with an
additional path. This path prefixed can be queried by the client in the
mdssvc_cmd() RPC call with an Spotlight command of "fetchPropertiesForContext:"
and the path is returned in a dictionary with key "kMDSStorePathScopes". Samba
just returns "/" for this.

Currently the mdscli library doesn't issue this Spotlight RPC
request (fetchPropertiesForContext), so this is added in this commit. In the
end, all search result paths are stripped of the combined prefix

  kMDSStorePathScopes + share_path (from mdssvc_open).

eg

  kMDSStorePathScopes = /System/Volumes/Data
  share_path = /foo/bar
  search result = /System/Volumes/Data/foo/bar/dir/file
  relative path returned by mdscli = dir/file

Makes sense? :)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-21 12:05:35 +00:00
.github Added redirect from GitHub to GitLab 2018-12-05 16:35:33 +01:00
auth Remove rudundent check and fallback for AES CFB8 as we now require GnuTLS 3.6.13 2023-06-30 14:00:38 +00:00
bootstrap .gitlab-ci:bootstrap: remove ubuntu1804*, add debian12, upgrade opensuse 15.5 2023-06-30 08:51:17 +00:00
buildtools third_party: Update socket_wrapper to version 1.4.2 2023-06-29 16:06:11 +00:00
coverity
ctdb ctdb-tests: Log to stderr in statd-callout tests 2023-07-19 09:57:37 +00:00
dfs_server dfs_server: Fix debug statement if searched_site is NULL 2023-04-27 07:21:33 +00:00
docs-xml s3:script: Replace --merge by --merge-by-timestamp in samba-log-parser 2023-07-20 19:14:05 +00:00
dynconfig dynconfig: Fix code spelling 2023-04-11 09:06:35 +00:00
examples examples: Remove outdated validchars 2023-07-17 11:46:29 +00:00
file_server s3: Remove --log-stdout from daemons 2021-04-29 03:58:37 +00:00
include
lib lib/cmdline: Also redact --newpassword in samba_cmdline_burn() 2023-07-21 06:16:30 +00:00
libcli librpc/nbt: Avoid reading invalid member of union 2023-07-07 01:14:06 +00:00
libds/common libds: Add Managed Service Accounts well-known GUID 2023-05-05 02:54:31 +00:00
libgpo libgpo:admx: Fix code spelling 2023-06-23 13:44:31 +00:00
librpc claims.idl: Fix AD claims encoding 2023-07-21 02:19:48 +00:00
nsswitch nsswitch: Fix code spelling 2023-06-23 13:44:31 +00:00
packaging packaging:systemd: Fix code spelling 2023-06-23 13:44:31 +00:00
pidl pidl: Fix code spelling 2023-06-23 13:44:31 +00:00
python CVE-2023-34968: mdscli: return share relative paths 2023-07-21 12:05:35 +00:00
release-scripts release-script: Fix shellcheck errors 2022-08-17 11:03:54 +00:00
script script: Fix code spelling 2023-07-05 06:34:32 +00:00
selftest third_party/heimdal: Import lorikeet-heimdal-202307050413 (commit e0597fe1d01b109e64d9c2a5bcada664ac199498) 2023-07-19 02:41:25 +00:00
source3 CVE-2023-34968: mdscli: return share relative paths 2023-07-21 12:05:35 +00:00
source4 CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack() 2023-07-21 12:05:35 +00:00
testdata lib/compression: add test data for lzxpress plain compression 2022-12-01 22:56:40 +00:00
testprogs testprogs/blackbox: add --recursive tests to test_samba-tool_ntacl.sh 2023-06-22 00:22:47 +00:00
tests tests: Fix old-style function definitions 2023-03-03 01:07:36 +00:00
testsuite testsuite: Reformat shell scripts 2022-08-10 13:17:31 +00:00
third_party third_party/heimdal: Import lorikeet-heimdal-202307050413 (commit e0597fe1d01b109e64d9c2a5bcada664ac199498) 2023-07-19 02:41:25 +00:00
wintest wintest: Remove unreachable return statement 2022-05-10 05:19:34 +00:00
.bzrignore
.clang-format Add a .clang-format file 2022-07-20 18:23:49 +00:00
.clangd Add .clangd configuration file 2023-03-29 16:57:34 +00:00
.editorconfig editorconfig: We always inserted a new line so keep doing that 2022-02-28 10:22:34 +00:00
.git-blame-ignore-revs Add a git-blame-ignore-revs file 2023-03-03 02:02:51 +00:00
.gitattributes gitattributes: Ignore .SAMBABACKUP files 2018-08-16 23:42:22 +02:00
.gitignore gitignore: Add .ropeproject for pylsp-rope plugin 2022-05-11 00:04:55 +00:00
.gitlab-ci-coverage-runners.yml add .gitlab-ci-coverage.yml for a scheduled build 2021-04-13 09:33:14 +00:00
.gitlab-ci-coverage.yml add .gitlab-ci-coverage.yml for a scheduled build 2021-04-13 09:33:14 +00:00
.gitlab-ci-default-runners.yml .gitlab-ci*.yml: only use gitlab.org shared runners if possible 2021-04-13 08:23:35 +00:00
.gitlab-ci-default.yml .gitlab-ci.yml: Honour AUTOBUILD_SKIP_SAMBA_O3 in GitLab CI 2021-10-13 11:10:44 +00:00
.gitlab-ci-main.yml .gitlab-ci:bootstrap: remove ubuntu1804*, add debian12, upgrade opensuse 15.5 2023-06-30 08:51:17 +00:00
.gitlab-ci-private.yml .gitlab-ci.yml: move the content to .gitlab-ci-main.yml 2021-04-13 08:23:35 +00:00
.gitlab-ci.yml .gitlab-ci.yml: move the content to .gitlab-ci-main.yml 2021-04-13 08:23:35 +00:00
.gitleaks.toml Add gitleaks configuration file to avoid false positives 2023-02-13 18:45:21 +00:00
.testr.conf
.ycm_extra_conf.py PEP8: fix E302: expected 2 blank lines, found 1 2018-08-24 07:49:29 +02:00
callcatcher-exceptions.grep
configure configure/Makefile: export PYTHONHASHSEED=1 in all 'configure/Makefile' scripts 2022-03-29 22:32:32 +00:00
configure.developer
COPYING
GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt ReleaseKey: add GnuPG key transition statement for the Samba release key 2021-01-21 13:57:45 +01:00
Makefile Makefile: Fix spelling 2023-04-11 09:06:35 +00:00
PFIF.txt docs: protocolfreedom.org is no longer 2020-06-12 22:11:43 +00:00
README.cifs-utils
README.Coding.md Fix spelling in README.Coding.md 2023-04-04 07:31:36 +00:00
README.contributing Rename Samba's DCO to Samba Developer's Declaration 2020-10-20 22:54:01 +00:00
README.md Update README.md with more up to date information 2020-06-12 22:11:43 +00:00
SECURITY.md Update SECURITY.md to point to security releases 2020-06-03 15:55:10 +00:00
setup.cfg pep8 tidy up config 2020-12-17 00:54:51 +00:00
VERSION Fix a typo 2023-03-09 18:10:33 +00:00
VFS-License-clarification.txt VFS-License-clarification: minor improvements aligning w/ GPLv3 text 2020-11-04 21:29:40 +00:00
WHATSNEW.txt WHATSNEW: Mention new unicodePwd only over encrypted LDAP restriction 2023-07-21 01:25:37 +00:00
wscript build: Remove unused check for SHA1_Update and SHA1_RENAME_NEEDED 2023-06-30 14:59:46 +00:00
wscript_build s4: remove unused lib/com/* 2023-03-03 01:07:37 +00:00
wscript_build_embedded_heimdal wafsamba: Remove clangdb code which doesn't work 2022-01-21 23:33:36 +00:00
wscript_build_system_heimdal wscript: Correctly determine dependencies for system Heimdal build 2022-11-08 02:39:37 +00:00
wscript_build_system_mitkrb5 wafsamba: Remove clangdb code which doesn't work 2022-01-21 23:33:36 +00:00
wscript_configure_embedded_heimdal HEIMDAL: move code from source4/heimdal* to third_party/heimdal* 2022-01-19 21:41:59 +00:00
wscript_configure_system_gnutls libcli/smb: Remove unused fallback case for ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM 2023-07-04 07:42:35 +00:00
wscript_configure_system_heimdal wscript: Correctly determine dependencies for system Heimdal build 2022-11-08 02:39:37 +00:00
wscript_configure_system_mitkrb5 wscript: Fix code spelling 2023-07-17 11:46:29 +00:00

About Samba

Samba is the standard Windows interoperability suite of programs for Linux and Unix. Samba is Free Software licensed under the GNU General Public License and the Samba project is a member of the Software Freedom Conservancy. Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others. Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

For the AD DC implementation a full HOWTO is provided at: https://wiki.samba.org/index.php/Samba4/HOWTO

Community guidelines can be read at: https://wiki.samba.org/index.php/How_to_do_Samba:_Nicely

This software is freely distributable under the GNU public license, a copy of which you should have received with this software (in a file called COPYING).

CONTRIBUTIONS

Please see https://wiki.samba.org/index.php/Contribute for detailed set-by-step instructions on how to submit a patch for Samba via GitLab.

Samba's GitLab mirror is at https://gitlab.com/samba-team/samba

OUR CONTRIBUTORS

See https://www.samba.org/samba/team/ for details of the Samba Team, as well as details of all those currently active in Samba development.

If you like a particular feature then look through the git change-log (on the web at https://gitweb.samba.org/?p=samba.git;a=summary) and see who added it, then send them an email.

Remember that free software of this kind lives or dies by the response we get. If no one tells us they like it then we'll probably move onto something else.

MORE INFO

DOCUMENTATION

There is quite a bit of documentation included with the package, including man pages and the wiki at https://wiki.samba.org

If you would like to help with our documentation, please contribute that improved content to the wiki, we are moving as much content there as possible.

MAILING LIST

Please do NOT send subscription/unsubscription requests to the lists!

There is a mailing list for discussion of Samba. For details go to https://lists.samba.org/ or send mail to samba-subscribe@lists.samba.org

There is also an announcement mailing list where new versions are announced. To subscribe go to https://lists.samba.org/ or send mail to samba-announce-subscribe@lists.samba.org. All announcements also go to the samba list, so you only need to be on one.

For details of other Samba mailing lists and for access to archives, see https://lists.samba.org/

MAILING LIST ETIQUETTE

A few tips when submitting to this or any mailing list.

  1. Make your subject short and descriptive. Avoid the words "help" or "Samba" in the subject. The readers of this list already know that a) you need help, and b) you are writing about samba (of course, you may need to distinguish between Samba PDC and other file sharing software). Avoid phrases such as "what is" and "how do i". Some good subject lines might look like "Slow response with Excel files" or "Migrating from Samba PDC to NT PDC".

  2. If you include the original message in your reply, trim it so that only the relevant lines, enough to establish context, are included. Chances are (since this is a mailing list) we've already read the original message.

  3. Trim irrelevant headers from the original message in your reply. All we need to see is a) From, b) Date, and c) Subject. We don't even really need the Subject, if you haven't changed it. Better yet is to just preface the original message with "On [date] [someone] wrote:".

  4. Please don't reply to or argue about spam, spam filters or viruses on any Samba lists. We do have a spam filtering system that is working quite well thank you very much but occasionally unwanted messages slip through. Deal with it.

  5. Never say "Me too." It doesn't help anyone solve the problem. Instead, if you ARE having the same problem, give more information. Have you seen something that the other writer hasn't mentioned, which may be helpful?

  6. If you ask about a problem, then come up with the solution on your own or through another source, by all means post it. Someone else may have the same problem and is waiting for an answer, but never hears of it.

  7. Give as much relevant information as possible such as Samba release number, OS, kernel version, etc...

  8. RTFM. Google.

WEBSITE

A Samba website has been setup with lots of useful info. Connect to:

https://www.samba.org/

As well as general information and documentation, this also has searchable archives of the mailing list and links to other useful resources such as the wiki.