s3: smbd: Add IS_VETO_PATH checks to openat_pathref_fsp_case_insensitive().

author Jeremy Allison <jra@samba.org>

Thu, 11 Aug 2022 17:03:58 +0000 (10:03 -0700)

committer Stefan Metzmacher <metze@samba.org>

Tue, 16 Aug 2022 08:26:54 +0000 (08:26 +0000)
author Jeremy Allison <jra@samba.org>
Thu, 11 Aug 2022 17:03:58 +0000 (10:03 -0700)
committer Stefan Metzmacher <metze@samba.org>
Tue, 16 Aug 2022 08:26:54 +0000 (08:26 +0000)
diff --git a/selftest/knownfail.d/veto_files b/selftest/knownfail.d/veto_files

deleted file mode 100644 (file)

index ad7d841..0000000
--- a/selftest/knownfail.d/veto_files
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.test_veto_files.get_veto_file\(fileserver\)
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c

index f362aee94525274addd1e950dd7f4e8ce015c66f..ca94b7ec7f96e64f13719fb0fe5a4a5b3616e5c2 100644 (file)
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -836,6 +836,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive(
  
         SET_STAT_INVALID(smb_fname_rel->st);
  
+       /* Check veto files - only looks at last component. */
+       if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
+               DBG_DEBUG("veto files rejecting last component %s\n",
+                         smb_fname_str_dbg(smb_fname_rel));
+               return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+       }
+
         status = openat_pathref_fsp(dirfsp, smb_fname_rel);
  
         if (NT_STATUS_IS_OK(status)) {
@@ -895,6 +902,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive(
                         return NT_STATUS_NO_MEMORY;
                 }
  
+               if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
+                       DBG_DEBUG("veto files rejecting last component %s\n",
+                                 smb_fname_str_dbg(smb_fname_rel));
+                       TALLOC_FREE(cache_key.data);
+                       return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+               }
+
                 status = openat_pathref_fsp(dirfsp, smb_fname_rel);
                 if (NT_STATUS_IS_OK(status)) {
                         TALLOC_FREE(cache_key.data);
@@ -919,6 +933,12 @@ lookup:
                 TALLOC_FREE(smb_fname_rel->base_name);
                 smb_fname_rel->base_name = found_name;
  
+               if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
+                       DBG_DEBUG("veto files rejecting last component %s\n",
+                               smb_fname_str_dbg(smb_fname_rel));
+                       return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+               }
+
                 status = openat_pathref_fsp(dirfsp, smb_fname_rel);
         }
author	Jeremy Allison <jra@samba.org>
	Thu, 11 Aug 2022 17:03:58 +0000 (10:03 -0700)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 16 Aug 2022 08:26:54 +0000 (08:26 +0000)
selftest/knownfail.d/veto_files	[deleted file]	patch \| blob \| blame \| history
source3/smbd/filename.c		patch \| blob \| blame \| history