filename_convert_dirfsp() doesn't check the smb.conf veto files parameter and so getting files that match, or getting files from a directory that matches is allowed where we should return an error. Such files are never seen by the client, as smbd_dirptr_get_entry() calls IS_VETO_PATH(). Working on test + patch.
Created attachment 17469 [details] git-am fix for master. Tests then adds the missing veto files checks in filename_convert_dirfsp_nosymlink(). I'll run through ci, but it's currently pending https://gitlab.com/samba-team/samba/-/merge_requests/2662 as it's based on top of that.
Created attachment 17470 [details] git-am fix for master. Better version with DBG_DEBUG statements so an admin can see if we rejected a filename. Running ci on it now.
Ci passes here: https://gitlab.com/samba-team/devel/samba/-/pipelines/610650088 Now all I need is for: https://gitlab.com/samba-team/samba/-/merge_requests/2662 to go in first and I'm good to go :-).
Comment on attachment 17470 [details] git-am fix for master. New version in ci.
This bug was referenced in samba master: c6933673222ea9ae2eb74d5586c9495269f51ea0 1c293060204d96bf94427f91eb20eb9decc29a41 1654eae11b9c13308b2b78f70309eb3a56960619
This bug was referenced in samba v4-17-test: 80c090c87b2898af7f793e1289efd66b279a0e5c 9e32b03e1eec07485582c6c0ea67f2f3a7ea89fd ff46ee6ad51be64264f706cf7965ad178033ddd2
This bug was referenced in samba v4-17-stable (Release samba-4.17.0rc2): 80c090c87b2898af7f793e1289efd66b279a0e5c 9e32b03e1eec07485582c6c0ea67f2f3a7ea89fd ff46ee6ad51be64264f706cf7965ad178033ddd2
It's still possible to create vetoed files. Afterwards the created file is inaccessible though. Working on a fix.
This bug was referenced in samba master: 2e8954d5be3336f1c4c2cf033209f632ad84e712 8b23a4a7eca9b8f80cc4113bb8cf9bb7bd5b4807
Created attachment 17855 [details] git-am fix for 4.18.next, 4.17.next. Cherry-picked from master.
Reassigning to Jule for inclusion in 4.17 and 4.18.
Pushed to autobuild-v4-{18,17}-test.
This bug was referenced in samba v4-17-test: ad60260323c799a053729ed06dbdd85555d5c5c6 72d3c4f6799ff8f300711a306c46439eb5acf674
This bug was referenced in samba v4-18-test: c3582deb5a01b686ecad7254cb087effbaf062d3 d477f6fa70a7db5a13655cb6aab1df4b251a4832
Closing out bug report. Thanks!
This bug was referenced in samba v4-18-stable (Release samba-4.18.2): c3582deb5a01b686ecad7254cb087effbaf062d3 d477f6fa70a7db5a13655cb6aab1df4b251a4832
This bug was referenced in samba v4-17-stable (Release samba-4.17.8): ad60260323c799a053729ed06dbdd85555d5c5c6 72d3c4f6799ff8f300711a306c46439eb5acf674