From a834c71565cfb31f918de8c7f9a4b5b67b45fa04 Mon Sep 17 00:00:00 2001 From: Priyanka Soni Date: Thu, 4 Jun 2026 19:18:41 +0530 Subject: [PATCH] mdssvc: fix Spotlight queries restricted to subdirectories with NFD paths MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Ensure directory scopes match by aligning Unicode normalization forms. This fixes the case when the macOS client restricts the search to a subdirectory. macOS clients transmit paths using NFD, which can cause lookups to fail against NFC systems used by Samba and Elasticsearch. This commit also includes a bug fix by Ralph Boehme to resolve a null-termination issue of the NFD converted path in add_filemeta(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15379 Signed-off-by: Priyanka Soni Reviewed-by: Ralph Boehme Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Jul 14 14:22:46 UTC 2026 on atb-devel-224 --- source3/rpc_server/mdssvc/mdssvc.c | 5 +++-- source3/rpc_server/mdssvc/mdssvc_es.c | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c index fd7c7495248..760465f542c 100644 --- a/source3/rpc_server/mdssvc/mdssvc.c +++ b/source3/rpc_server/mdssvc/mdssvc.c @@ -131,13 +131,13 @@ static bool add_filemeta(struct mds_ctx *mds_ctx, * Simple heuristic, strlen by two should give enough room for NFC to * NFD conversion. */ - nfd_buf_size = nfc_len * 2; + nfd_buf_size = nfc_len * 2 + 1; nfd_path = talloc_array(meta, char, nfd_buf_size); if (nfd_path == NULL) { return false; } dest = nfd_path; - dest_remaining = talloc_array_length(dest); + dest_remaining = talloc_array_length(dest) - 1; nconv = smb_iconv(mds_ctx->ic_nfc_to_nfd, &nfc_path, @@ -147,6 +147,7 @@ static bool add_filemeta(struct mds_ctx *mds_ctx, if (nconv == (size_t)-1) { return false; } + *dest = '\0'; for (i = 0; i < metacount; i++) { attribute = dalloc_get_object(reqinfo, i); diff --git a/source3/rpc_server/mdssvc/mdssvc_es.c b/source3/rpc_server/mdssvc/mdssvc_es.c index 59f91271e59..52afc34335f 100644 --- a/source3/rpc_server/mdssvc/mdssvc_es.c +++ b/source3/rpc_server/mdssvc/mdssvc_es.c @@ -603,6 +603,11 @@ static struct tevent_req *mds_es_search_send(TALLOC_CTX *mem_ctx, char *elastic_query_len_str = NULL; char *hostname = NULL; bool pretty = false; + const char *nfd_path = NULL; + char nfc_buf[PATH_MAX] = {}; + char *nfc_path = nfc_buf; + size_t nfd_len, nfc_remaining; + size_t nconv; req = tevent_req_create(mem_ctx, &state, struct mds_es_search_state); if (req == NULL) { @@ -637,6 +642,27 @@ static struct tevent_req *mds_es_search_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + nfd_path = s->slq->path_scope; + nfc_remaining = sizeof(nfc_buf); + nfd_len = strlen(nfd_path); + nconv = smb_iconv(s->mds_es_ctx->mds_ctx->ic_nfd_to_nfc, + &nfd_path, + &nfd_len, + &nfc_path, + &nfc_remaining); + if (nconv == (size_t)-1) { + DBG_ERR("smb_iconv NFD to NFC failed for: %s\n", + s->slq->path_scope); + tevent_req_error(req, EIO); + return tevent_req_post(req, ev); + } + *nfc_path = '\0'; + s->slq->path_scope = talloc_strdup(s->slq, nfc_buf); + if (tevent_req_nomem(s->slq->path_scope, req)) { + return tevent_req_post(req, ev); + } + DBG_DEBUG("Converted path_scope to NFC: %s\n", s->slq->path_scope); + elastic_query = talloc_asprintf( state, MDSSVC_ELASTIC_QUERY_TEMPLATE, -- 2.47.3