1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00
samba-mirror/python/samba
Ralph Boehme cecd415a0a CVE-2023-34968: mdscli: return share relative paths
The next commit will change the Samba Spotlight server to return absolute paths
that start with the sharename as "/SHARENAME/..." followed by the share path
relative appended.

So given a share

  [spotlight]
    path = /foo/bar
    spotlight = yes

and a file inside this share with a full path of

  /foo/bar/dir/file

previously a search that matched this file would returns the absolute
server-side pato of the file, ie

  /foo/bar/dir/file

This will be change to

  /spotlight/dir/file

As currently the mdscli library and hence the mdsearch tool print out these
paths returned from the server, we have to change the output to accomodate these
fake paths. The only way to do this sensibly is by makeing the paths relative to
the containing share, so just

  dir/file

in the example above.

The client learns about the share root path prefix – real server-side of fake in
the future – in an initial handshake in the "share_path" out argument of the
mdssvc_open() RPC call, so the client can use this path to convert the absolute
path to relative.

There is however an additional twist: the macOS Spotlight server prefixes this
absolute path with another prefix, typically "/System/Volumes/Data", so in the
example above the full path for the same search would be

  /System/Volumes/Data/foo/bar/dir/file

So macOS does return the full server-side path too, just prefixed with an
additional path. This path prefixed can be queried by the client in the
mdssvc_cmd() RPC call with an Spotlight command of "fetchPropertiesForContext:"
and the path is returned in a dictionary with key "kMDSStorePathScopes". Samba
just returns "/" for this.

Currently the mdscli library doesn't issue this Spotlight RPC
request (fetchPropertiesForContext), so this is added in this commit. In the
end, all search result paths are stripped of the combined prefix

  kMDSStorePathScopes + share_path (from mdssvc_open).

eg

  kMDSStorePathScopes = /System/Volumes/Data
  share_path = /foo/bar
  search result = /System/Volumes/Data/foo/bar/dir/file
  relative path returned by mdscli = dir/file

Makes sense? :)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-14 15:16:30 +02:00
..
emulate python: remove all 'from __future__ import division' 2021-04-28 03:43:34 +00:00
gp_parse python2 reduction: Merge remaining compat code into common 2020-10-02 14:49:36 +00:00
kcc python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
netcmd CVE-2022-37966 samba-tool: add 'domain trust modify' command 2022-12-14 10:28:17 +00:00
provision s4/dlz: add support for bind 9.18 2022-06-18 08:47:17 +00:00
samba3 libsmb_samba_internal: calculate the access_mask for {g,s}et_acl() based on the secinfo flags 2020-12-17 13:59:38 +00:00
subunit python:subunit: Avoid misleading "Test was never started" error message 2021-06-11 08:38:34 +00:00
tests CVE-2023-34968: mdscli: return share relative paths 2023-07-14 15:16:30 +02:00
__init__.py python: Don't leak file handles 2021-09-21 23:05:41 +00:00
auth_util.py python: fix slow's mail address 2020-06-05 10:32:30 +00:00
colour.py
common.py python2 reduction: Merge remaining compat code into common 2020-10-02 14:49:36 +00:00
dbchecker.py samba-tool: dbcheck search DnsAdmins from wellknown container 2021-06-22 01:14:37 +00:00
descriptor.py
dnsresolver.py DNS Resolver: support both dnspython before and after 2.0.0 2020-10-26 18:33:40 +00:00
dnsserver.py py/dnsserver: add a missing exception variable 2021-11-22 10:28:34 +00:00
domain_update.py
drs_utils.py CVE-2022-37966 selftest: Allow krb5 tests to run against an IP by using the target_hostname binding string 2022-12-14 10:28:16 +00:00
forest_update.py
getopt.py python: Streamline option parser of python tools 2021-06-20 23:26:32 +00:00
gp_cert_auto_enroll_ext.py gpo: Print getcert message to debug 2021-08-13 20:06:31 +00:00
gp_chromium_ext.py gpo: Add Chromium Group Policy 2021-09-09 20:42:35 +00:00
gp_ext_loader.py
gp_firefox_ext.py gpo: Add Group Policy Firefox Extension 2021-08-30 21:57:09 +00:00
gp_firewalld_ext.py gp: Apply Firewalld Policy 2021-11-01 21:16:43 +00:00
gp_gnome_settings_ext.py gpo: Apply Group Policy GNOME Settings 2021-06-09 17:44:25 +00:00
gp_msgs_ext.py GPO: Add rsop output for Messages policy 2020-08-27 17:19:48 +00:00
gp_scripts_ext.py gpo: Apply Group Policy User Scripts 2021-08-13 19:14:30 +00:00
gp_sec_ext.py gpo: Ensure that samba-gpupdate doesn't require ad-dc 2021-03-08 17:58:37 +00:00
gp_smb_conf_ext.py GPO: Add rsop output for smb.conf policy 2020-08-27 15:59:34 +00:00
gp_sudoers_ext.py gpo: Sudoers ext should not crash if policy missing 2020-08-27 15:59:33 +00:00
gpclass.py gpo: Enable user policy application 2021-08-13 19:14:30 +00:00
graph.py python: remove all 'from __future__ import division' 2021-04-28 03:43:34 +00:00
hostconfig.py python/hostconfig: remove 'from __future__ import absolute_import' 2021-04-28 03:43:34 +00:00
idmap.py
join.py python-drs: Add client-side debug and fallback for GET_ANC 2022-10-07 09:56:12 +00:00
logger.py
mdb_util.py
ms_display_specifiers.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
ms_forest_updates_markdown.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
ms_schema_markdown.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
ms_schema.py python: Don't leak file handles 2021-09-21 23:05:41 +00:00
ndr.py
ntacls.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
remove_dc.py
samdb.py samdb: Create computer in wellknown user container 2021-06-22 01:14:37 +00:00
schema.py python: Don't leak file handles 2021-09-21 23:05:41 +00:00
sd_utils.py
sites.py
subnets.py
tdb_util.py
trust_utils.py Add CreateTrustedDomainRelax wrapper for fips mode 2020-11-06 10:02:35 +00:00
upgrade.py classicupgrade: treat old never expires value right 2021-02-10 15:06:49 +00:00
upgradehelpers.py upgradehelpers.py: add a comment to update_krbtgt_account_password() 2022-03-07 10:54:17 +00:00
uptodateness.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
vgp_access_ext.py gpo: Apply Group Policy Host Access configuration from VGP 2021-03-18 18:50:28 +00:00
vgp_files_ext.py gpo: Correct name of files gpo 2021-04-29 22:27:20 +00:00
vgp_issue_ext.py gpo: Apply Group Policy Issue setting from VGP 2021-03-08 19:45:30 +00:00
vgp_motd_ext.py gpo: Apply Group Policy MOTD setting from VGP 2021-03-08 19:45:30 +00:00
vgp_openssh_ext.py gpo: Open ssh config to write bytes 2021-04-20 07:39:37 +00:00
vgp_startup_scripts_ext.py gpo: Apply Group Policy Startup Scripts from VGP 2021-02-24 20:51:30 +00:00
vgp_sudoers_ext.py gpo: vgp_sudoers_ext handle missing and dispersed principal names 2021-03-08 17:58:37 +00:00
vgp_symlink_ext.py gpo: Apply Group Policy Symlink Policy from VGP 2021-01-27 06:30:31 +00:00
xattr.py