Fixes issue with preexec scripts creating a share directory, and problems if a smb.conf reload turns wide links back on after a connection is establised.

Includes git refs :
cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b
94865e4dbd3d721c9855aada8c55e02be8b3881e
5d92d969dda450cc3564dd2265d2b042d832c542
02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf
a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82

from master.

Jeremy.

Fix bug #7104 ("wide links" and "unix extensions" are incompatible.)
(cherry picked from commit 16e73d88944ce644cccfa19a99338f5903c061f0)

3 files changed, 68 insertions, 29 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index d2ae62cbd88..b241437503f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4358,6 +4358,7 @@ void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val);
 int lp_min_receive_file_size(void);
 char* lp_perfcount_module(void);
 void lp_set_passdb_backend(const char *backend);
+void widelinks_warning(int snum);
 
 /* The following definitions come from param/util.c  */
 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 6e5e0b2e069..2ba2dd3e71b 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -5561,7 +5561,6 @@ FN_LOCAL_BOOL(lp_oplocks, bOpLocks)
 FN_LOCAL_BOOL(lp_level2_oplocks, bLevel2OpLocks)
 FN_LOCAL_BOOL(lp_onlyuser, bOnlyUser)
 FN_LOCAL_PARM_BOOL(lp_manglednames, bMangledNames)
-FN_LOCAL_BOOL(lp_widelinks, bWidelinks)
 FN_LOCAL_BOOL(lp_symlinks, bSymlinks)
 FN_LOCAL_BOOL(lp_syncalways, bSyncAlways)
 FN_LOCAL_BOOL(lp_strict_allocate, bStrictAllocate)
@@ -9770,3 +9769,35 @@ void lp_set_passdb_backend(const char *backend)
 {
 	string_set(&Globals.szPassdbBackend, backend);
 }
+
+/*******************************************************************
+ Safe wide links checks.
+ This helper function always verify the validity of wide links,
+ even after a configuration file reload.
+********************************************************************/
+
+static bool lp_widelinks_internal(int snum)
+{
+	return (bool)(LP_SNUM_OK(snum)? ServicePtrs[(snum)]->bWidelinks :
+			sDefault.bWidelinks);
+}
+
+void widelinks_warning(int snum)
+{
+	if (lp_unix_extensions() && lp_widelinks_internal(snum)) {
+		DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
+			"These parameters are incompatible. "
+			"Wide links will be disabled for this share.\n",
+			lp_servicename(snum) ));
+	}
+}
+
+bool lp_widelinks(int snum)
+{
+	/* wide links is always incompatible with unix extensions */
+	if (lp_unix_extensions()) {
+		return false;
+	}
+
+	return lp_widelinks_internal(snum);
+}
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 2dd1f5ac52c..6248f5d5114 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -850,25 +850,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 		return NULL;
 	}
 
-	/*
-	 * If widelinks are disallowed we need to canonicalise the connect
-	 * path here to ensure we don't have any symlinks in the
-	 * connectpath. We will be checking all paths on this connection are
-	 * below this directory. We must do this after the VFS init as we
-	 * depend on the realpath() pointer in the vfs table. JRA.
-	 */
-	if (!lp_widelinks(snum)) {
-		if (!canonicalize_connect_path(conn)) {
-			DEBUG(0, ("canonicalize_connect_path failed "
-			"for service %s, path %s\n",
-				lp_servicename(snum),
-				conn->connectpath));
-			conn_free(conn);
-			*pstatus = NT_STATUS_BAD_NETWORK_NAME;
-			return NULL;
-		}
-	}
-
 	if ((!conn->printer) && (!conn->ipc)) {
 		conn->notify_ctx = notify_init(conn, server_id_self(),
 					       smbd_messaging_context(),
@@ -876,7 +857,11 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 					       conn);
 	}
 
-/* ROOT Activities: */	
+/* ROOT Activities: */
+	/* explicitly check widelinks here so that we can correctly warn
+	 * in the logs. */
+	widelinks_warning(snum);
+
 	/*
 	 * Enforce the max connections parameter.
 	 */
@@ -902,6 +887,18 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 		return NULL;
 	}  
 
+	/*
+	 * Fix compatibility issue pointed out by Volker.
+	 * We pass the conn->connectpath to the preexec
+	 * scripts as a parameter, so attempt to canonicalize
+	 * it here before calling the preexec scripts.
+	 * We ignore errors here, as it is possible that
+	 * the conn->connectpath doesn't exist yet and
+	 * the preexec scripts will create them.
+	 */
+
+	(void)canonicalize_connect_path(conn);
+
 	/* Preexecs are done here as they might make the dir we are to ChDir
 	 * to below */
 	/* execute any "root preexec = " line */
@@ -963,6 +960,24 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 		}
 	}
 
+	/*
+	 * If widelinks are disallowed we need to canonicalise the connect
+	 * path here to ensure we don't have any symlinks in the
+	 * connectpath. We will be checking all paths on this connection are
+	 * below this directory. We must do this after the VFS init as we
+	 * depend on the realpath() pointer in the vfs table. JRA.
+	 */
+	if (!lp_widelinks(snum)) {
+		if (!canonicalize_connect_path(conn)) {
+			DEBUG(0, ("canonicalize_connect_path failed "
+			"for service %s, path %s\n",
+				lp_servicename(snum),
+				conn->connectpath));
+			*pstatus = NT_STATUS_BAD_NETWORK_NAME;
+			goto err_root_exit;
+		}
+	}
+
 #ifdef WITH_FAKE_KASERVER
 	if (lp_afs_share(snum)) {
 		afs_login(conn);
@@ -1032,14 +1047,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 	}
 #endif
 
-	if (lp_unix_extensions() && lp_widelinks(snum)) {
-		DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
-			"These parameters are incompatible. "
-			"Disabling wide links for this share.\n",
-			lp_servicename(snum) ));
-		lp_do_parameter(snum, "wide links", "False");
-	}
-
 	/* Figure out the characteristics of the underlying filesystem. This
 	 * assumes that all the filesystem mounted withing a share path have
 	 * the same characteristics, which is likely but not guaranteed.