git.samba.org - samba.git/commit

author	Ralph Boehme <slow@samba.org>
	Wed, 5 Apr 2023 09:03:52 +0000 (11:03 +0200)
committer	Jeremy Allison <jra@samba.org>
	Thu, 6 Apr 2023 23:03:50 +0000 (23:03 +0000)
commit	8b23a4a7eca9b8f80cc4113bb8cf9bb7bd5b4807
tree	f8440197b86b6cb7863c7bb5317675764c564908	tree
parent	2e8954d5be3336f1c4c2cf033209f632ad84e712	commit \| diff

smbd: Prevent creation of vetoed files

The problem is when checking for vetoed names on the last path component in
openat_pathref_fsp_case_insensitive() we return
NT_STATUS_OBJECT_NAME_NOT_FOUND. The in the caller
filename_convert_dirfsp_nosymlink() this is treated as the "file creation case"
causing filename_convert_dirfsp_nosymlink() to return NT_STATUS_OK.

In order to correctly distinguish between the cases

1) file doesn't exist, we may be creating it, return
2) a vetoed a file

we need 2) to return a more specific error to
filename_convert_dirfsp_nosymlink(). I've chosen NT_STATUS_OBJECT_NAME_INVALID
which gets mapped to the appropriate errror NT_STATUS_OBJECT_PATH_NOT_FOUND or
NT_STATUS_OBJECT_NAME_NOT_FOUND depending on which path component was vetoed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 6 23:03:50 UTC 2023 on atb-devel-224

selftest/knownfail.d/samba3.blackbox.test_veto_files.get_veto_file	[deleted file]	blob \| history
source3/smbd/filename.c		diff \| blob \| history