Bug 15143 - New filename parser doesn't check veto files smb.conf parameter.
Summary: New filename parser doesn't check veto files smb.conf parameter.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.17.0rc1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 15146
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-11 16:20 UTC by Jeremy Allison
Modified: 2023-05-11 07:09 UTC (History)
1 user (show)

See Also:

Attachments
git-am fix for master. (7.34 KB, patch)
2022-08-11 17:11 UTC, Jeremy Allison 		no flags Details
git-am fix for master. (7.52 KB, patch)
2022-08-11 17:22 UTC, Jeremy Allison 		jra: ci-passed+
Details
git-am fix for 4.18.next, 4.17.next. (6.53 KB, patch)
2023-04-06 23:19 UTC, Jeremy Allison 		slow: review+
Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2022-08-11 16:20:20 UTC 
filename_convert_dirfsp() doesn't check the smb.conf veto files parameter and so getting files that match, or getting files from a directory that matches is allowed where we should return an error.

Such files are never seen by the client, as smbd_dirptr_get_entry() calls IS_VETO_PATH().

Working on test + patch.
Comment 1 Jeremy Allison 2022-08-11 17:11:43 UTC 
Created attachment 17469 [details]
git-am fix for master.

Tests then adds the missing veto files checks in filename_convert_dirfsp_nosymlink().

I'll run through ci, but it's currently pending https://gitlab.com/samba-team/samba/-/merge_requests/2662 as it's based on top of that.
Comment 2 Jeremy Allison 2022-08-11 17:22:42 UTC 
Created attachment 17470 [details]
git-am fix for master.

Better version with DBG_DEBUG statements so an admin can see if we rejected a filename. Running ci on it now.
Comment 3 Jeremy Allison 2022-08-11 18:38:18 UTC 
Ci passes here:

https://gitlab.com/samba-team/devel/samba/-/pipelines/610650088

Now all I need is for:

https://gitlab.com/samba-team/samba/-/merge_requests/2662

to go in first and I'm good to go :-).
Comment 4 Jeremy Allison 2022-08-16 01:02:13 UTC 
Comment on attachment 17470 [details]
git-am fix for master.

New version in ci.
Comment 5 Samba QA Contact 2022-08-16 08:27:04 UTC 
This bug was referenced in samba master:

c6933673222ea9ae2eb74d5586c9495269f51ea0
1c293060204d96bf94427f91eb20eb9decc29a41
1654eae11b9c13308b2b78f70309eb3a56960619
Comment 6 Samba QA Contact 2022-08-16 19:38:28 UTC 
This bug was referenced in samba v4-17-test:

80c090c87b2898af7f793e1289efd66b279a0e5c
9e32b03e1eec07485582c6c0ea67f2f3a7ea89fd
ff46ee6ad51be64264f706cf7965ad178033ddd2
Comment 7 Samba QA Contact 2022-08-16 20:19:08 UTC 
This bug was referenced in samba v4-17-stable (Release samba-4.17.0rc2):

80c090c87b2898af7f793e1289efd66b279a0e5c
9e32b03e1eec07485582c6c0ea67f2f3a7ea89fd
ff46ee6ad51be64264f706cf7965ad178033ddd2
Comment 8 Ralph Böhme 2023-04-05 09:06:09 UTC 
It's still possible to create vetoed files. Afterwards the created file is inaccessible though. Working on a fix.
Comment 9 Samba QA Contact 2023-04-06 23:04:03 UTC 
This bug was referenced in samba master:

2e8954d5be3336f1c4c2cf033209f632ad84e712
8b23a4a7eca9b8f80cc4113bb8cf9bb7bd5b4807
Comment 10 Jeremy Allison 2023-04-06 23:19:01 UTC 
Created attachment 17855 [details]
git-am fix for 4.18.next, 4.17.next.

Cherry-picked from master.
Comment 11 Ralph Böhme 2023-04-11 13:37:43 UTC 
Reassigning to Jule for inclusion in 4.17 and 4.18.
Comment 12 Jule Anger 2023-04-11 15:06:52 UTC 
Pushed to autobuild-v4-{18,17}-test.
Comment 13 Samba QA Contact 2023-04-11 16:29:03 UTC 
This bug was referenced in samba v4-17-test:

ad60260323c799a053729ed06dbdd85555d5c5c6
72d3c4f6799ff8f300711a306c46439eb5acf674
Comment 14 Samba QA Contact 2023-04-11 16:31:02 UTC 
This bug was referenced in samba v4-18-test:

c3582deb5a01b686ecad7254cb087effbaf062d3
d477f6fa70a7db5a13655cb6aab1df4b251a4832
Comment 15 Jule Anger 2023-04-14 12:13:18 UTC 
Closing out bug report.

Thanks!
Comment 16 Samba QA Contact 2023-04-19 10:22:44 UTC 
This bug was referenced in samba v4-18-stable (Release samba-4.18.2):

c3582deb5a01b686ecad7254cb087effbaf062d3
d477f6fa70a7db5a13655cb6aab1df4b251a4832
Comment 17 Samba QA Contact 2023-05-11 07:09:50 UTC 
This bug was referenced in samba v4-17-stable (Release samba-4.17.8):

ad60260323c799a053729ed06dbdd85555d5c5c6
72d3c4f6799ff8f300711a306c46439eb5acf674