smbd: Prevent creation of vetoed files

The problem is when checking for vetoed names on the last path component in
openat_pathref_fsp_case_insensitive() we return
NT_STATUS_OBJECT_NAME_NOT_FOUND. The in the caller
filename_convert_dirfsp_nosymlink() this is treated as the "file creation case"
causing filename_convert_dirfsp_nosymlink() to return NT_STATUS_OK.

In order to correctly distinguish between the cases

1) file doesn't exist, we may be creating it, return
2) a vetoed a file

we need 2) to return a more specific error to
filename_convert_dirfsp_nosymlink(). I've chosen NT_STATUS_OBJECT_NAME_INVALID
which gets mapped to the appropriate errror NT_STATUS_OBJECT_PATH_NOT_FOUND or
NT_STATUS_OBJECT_NAME_NOT_FOUND depending on which path component was vetoed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr  6 23:03:50 UTC 2023 on atb-devel-224

(cherry picked from commit 8b23a4a7eca9b8f80cc4113bb8cf9bb7bd5b4807)

diff --git a/selftest/knownfail.d/samba3.blackbox.test_veto_files.get_veto_file b/selftest/knownfail.d/samba3.blackbox.test_veto_files.get_veto_file
deleted file mode 100644 (file)
index ff8f37f..0000000
--- a/selftest/knownfail.d/samba3.blackbox.test_veto_files.get_veto_file
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.test_veto_files.create_veto_file\(fileserver\)

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 326c2812bb2c256225714bf51e7d28259003c9a7..f640d99694f2a347f0524edf510ca408f0efefa5 100644 (file)
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -840,7 +840,7 @@ static NTSTATUS openat_pathref_fsp_case_insensitive(
        if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
                DBG_DEBUG("veto files rejecting last component %s\n",
                          smb_fname_str_dbg(smb_fname_rel));
-               return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+               return NT_STATUS_NETWORK_OPEN_RESTRICTION;
        }
 
        status = openat_pathref_fsp(dirfsp, smb_fname_rel);
@@ -906,7 +906,7 @@ static NTSTATUS openat_pathref_fsp_case_insensitive(
                        DBG_DEBUG("veto files rejecting last component %s\n",
                                  smb_fname_str_dbg(smb_fname_rel));
                        TALLOC_FREE(cache_key.data);
-                       return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+                       return NT_STATUS_NETWORK_OPEN_RESTRICTION;
                }
 
                status = openat_pathref_fsp(dirfsp, smb_fname_rel);
@@ -936,7 +936,7 @@ lookup:
                if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
                        DBG_DEBUG("veto files rejecting last component %s\n",
                                smb_fname_str_dbg(smb_fname_rel));
-                       return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+                       return NT_STATUS_NETWORK_OPEN_RESTRICTION;
                }
 
                status = openat_pathref_fsp(dirfsp, smb_fname_rel);
@@ -1341,6 +1341,10 @@ static NTSTATUS filename_convert_dirfsp_nosymlink(
                goto done;
        }
 
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_OPEN_RESTRICTION)) {
+               /* A vetoed file, pretend it's not there  */
+               status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+       }
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }