CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, always return NT_STATUS_OBJECT_NAME_NOT_FOUND.

Matches the error return from openat_pathref_fsp().

NT_STATUS_OBJECT_PATH_NOT_FOUND is for a bad component in a path, not
a bad terminal symlink.

Remove knownfail.d/simple_posix_open, we now pass.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

2 files changed, 6 insertions, 8 deletions

diff --git a/selftest/knownfail.d/simple_posix_open b/selftest/knownfail.d/simple_posix_open
deleted file mode 100644
index 5fcbdbdc2c6..00000000000
--- a/selftest/knownfail.d/simple_posix_open
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smbtorture_s3.plain.POSIX.smbtorture\(.*\)
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 5ed2c035318..5d2e2a1abf2 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1447,12 +1447,10 @@ static NTSTATUS open_file(files_struct *fsp,
 			 * POSIX client that hit a symlink. We don't want to
 			 * return NT_STATUS_STOPPED_ON_SYMLINK to avoid handling
 			 * this special error code in all callers, so we map
-			 * this to NT_STATUS_OBJECT_PATH_NOT_FOUND. Historically
-			 * the lower level functions returned status code mapped
-			 * from errno by map_nt_error_from_unix() where ELOOP is
-			 * mapped to NT_STATUS_OBJECT_PATH_NOT_FOUND.
+			 * this to NT_STATUS_OBJECT_NAME_NOT_FOUND to match
+			 * openat_pathref_fsp().
 			 */
-			status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
+			status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
 		}
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
@@ -1535,9 +1533,10 @@ static NTSTATUS open_file(files_struct *fsp,
 		{
 			/*
 			 * Don't allow stat opens on symlinks directly unless
-			 * it's a POSIX open.
+			 * it's a POSIX open. Match the return code from
+			 * openat_pathref_fsp().
 			 */
-			return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 		}
 
 		if (!fsp->fsp_flags.is_pathref) {