Cannot rename/move files on DFS through libsmbclient

Hello, Dimitri.

Thanks for filing this bug.

As per the upstream reports, it seems this issue is already fixed in kinetic, which ships 4.16.2 ATM.

While there is enough evidence in the upstream reports and comments showing that bionic/focal/jammy are affected, it would be nice to have a minimal, automated reproducer for them. Would you happen to have a simple one?

Moreover, I went ahead and changed the title of the bug to make it clear that the issue affects DFS shares.

Finally, this is the patch set that was originally used to fix the issue https://attachments.samba.org/attachment.cgi?id=17149

I can reproduce the bug with a NetApp filer (not sure which model or version of OnTap). I could also reproduce it with a Dell filer (again not sure which model or version of OneFS) but the sysadmins have found a way to work around the bug by using specific sets of ACLs on the share itself and its subdirectories. In any case I'm not certain how to reproduce the bug without making an SMB server available to you.

Any way, here is what I see on the client side on Ubuntu 18.04, Ubuntu 20.04 or Ubuntu 22.04 workstations (obfuscated):

$ sudo nmap -p445 --script smb-protocols xxxxx.xxxxx.xxx.xx
Starting Nmap 7.80 ( https://nmap.org ) at 2022-07-13 20:59 CEST
Nmap scan report for xxxxx.xxxxx.xxx.xx (xxx.xxx.xx.xxx)
Host is up (0.0036s latency).

PORT STATE SERVICE
445/tcp open microsoft-ds

Host script results:
| smb-protocols:
| dialects:
| 2.02
| 2.10
| 3.00
|_ 3.11

Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds
$
$
$ smbclient //xxxxx.xxxxx.xxx.xx/SHARE/PARTAGES/NEUROSPIN -U username -W DOMAIN -k -c 'rename foo.bar bar.txt'
WARNING: The "syslog" option is deprecated
NT_STATUS_OBJECT_NAME_NOT_FOUND renaming files \xxxxx.xxxxx.xxx.xx\SHARE\PARTAGES\NEUROSPIN\foo.bar -> \xxxxx.xxxxx.xxx.xx\SHARE\PARTAGES\NEUROSPIN\bar.txt
$

Hi Dimitri, I had a look at what we have on the supported releases and I'm going to update the tasks accordingly.

The patch is not trivial and, as the upstream bug also notes, the bug requires NetApp to be reproduced (which makes testing/verification difficult), so we don't have the best premises for SRUing the fix to Bionic and Focal. Some more information on the actual impact of the bug will help evaluating this. See:

  https://wiki.ubuntu.com/StableReleaseUpdates#When

## Kinetic

Ships 4.16.2, so Fix Released per https://github.com/samba-team/samba/blob/b18294264136eae3634c03bb141d2db18c3fef00/WHATSNEW.txt#L490

## Jammy

Ships 4.15.5, so Fix Released per https://github.com/samba-team/samba/blob/7a04f5e4ffc68859c4efd7168cfe6c222f406ea7/WHATSNEW.txt#L173=

## Focal

Ships 4.13.17 (focal-security), not fixed, no upstream fix planned AFAICT.

## Bionic

Ships 4.7.6 (bionic-security), not fixed, no upstream fix planned AFAICT.

Thank you for looking into this.

Note that the fix hasn't made it yet to Jammy. Jammy ships 4.15.5, but the fix is in 4.15.6.

Hello Dimitri,
I looked into the source history to make sure and found that the bug has not yet been fixed in Jammy. Thanks for the note, I will mark it as confirmed.

Fixed by the security update 4.15.5 → 4.15.9 on Ubuntu 22.04 (jammy):

samba (2:4.15.9+dfsg-0ubuntu0.2) jammy-security; urgency=medium

  * Updated to 2.15.9 to fix multiple security issues.
    - debian/control: require ldb 2.4.4.
    - debian/*install: install libsmbconf.so*.
    - debian/libwbclient0.symbols: updated symbols for new version.
    - CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745,
      CVE-2022-32746
  * Removed patches included in new version:
    - lp-1951490-fix-printing-KB5006743.patch
    - add-support-for-bind-918.patch
    - add-support-for-bind-918-2.patch
    - lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch
    - lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch

 -- Marc Deslauriers <email address hidden> Thu, 28 Jul 2022 08:07:32 -0400

In this case, this was also fixed in focal.

Ubuntu Bionic has reached end of standard support, and therefore I'm marking this bug as Won't Fix for that release.