diff options
| author | Jeremy Allison <jra@samba.org> | 2022-08-04 11:32:05 -0700 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2022-08-05 10:24:22 +0000 |
| commit | 5075df4575d9250fa53dcef024589084ad56062d (patch) | |
| tree | 9ddc71147481ddb4799af26c03e19b4d8308c3e1 /python/wscript | |
| parent | 5c9404f753173465900c004e444174d247f692f6 (diff) | |
| download | samba-5075df4575d9250fa53dcef024589084ad56062d.tar.gz samba-5075df4575d9250fa53dcef024589084ad56062d.tar.bz2 samba-5075df4575d9250fa53dcef024589084ad56062d.zip | |
s3: smbd: Remove ugly SMB1-specific hack to filename_convert_dirfsp()
This was added due to the error code check in test_symlink_traversal_smb1_posix.sh.
After careful consideration I've realized the error code expected here
is incorrect, and not providing any security benefit.
We already check that trying to fetch a file/traverse through a
symlink that points outside of a share returns NT_STATUS_OBJECT_PATH_NOT_FOUND,
and this is enforced in the symlink checks already inside filename_convert_dirfsp().
If a symlink points to a directory within the share for which
the user has no permissions (as is tested here), then there's no
benefit in mapping the error code from NT_STATUS_ACCESS_DENIED
to NT_STATUS_OBJECT_PATH_NOT_FOUND, as we are not providing any
extra information about the filesystem state the user cannot already
obtain by normal SMB1+POSIX calls.
Change the error code expected in this single test from NT_STATUS_OBJECT_PATH_NOT_FOUND
to NT_STATUS_ACCESS_DENIED.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 5 10:24:23 UTC 2022 on sn-devel-184
Diffstat (limited to 'python/wscript')
0 files changed, 0 insertions, 0 deletions