diff options
author | Jeremy Allison <jra@samba.org> | 2010-02-05 16:22:27 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2010-02-24 16:25:10 +0100 |
commit | a056ee7f4f1ecc4e54e3cda58df73e2ed66b41e7 (patch) | |
tree | bb98ad841d98414fa3dc7a9a85b953b840bf43b2 /source/smbd | |
parent | eadf5b5cfc0f796b381b174395d19c20de6e714f (diff) | |
download | samba-a056ee7f4f1ecc4e54e3cda58df73e2ed66b41e7.tar.gz samba-a056ee7f4f1ecc4e54e3cda58df73e2ed66b41e7.tar.xz samba-a056ee7f4f1ecc4e54e3cda58df73e2ed66b41e7.zip |
Fix bug 7104 - "wide links" and "unix extensions" are incompatible.
Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.
Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.
Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.
Jeremy.
(cherry picked from commit c1b05ae4febfba1a419eee0d04c3886de9f5fee0)
Diffstat (limited to 'source/smbd')
-rw-r--r-- | source/smbd/service.c | 8 | ||||
-rw-r--r-- | source/smbd/trans2.c | 37 | ||||
-rw-r--r-- | source/smbd/vfs.c | 2 |
3 files changed, 9 insertions, 38 deletions
diff --git a/source/smbd/service.c b/source/smbd/service.c index 2a1ef20174c..481f8470dfd 100644 --- a/source/smbd/service.c +++ b/source/smbd/service.c @@ -1103,6 +1103,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #endif + if (lp_unix_extensions() && lp_widelinks(snum)) { + DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " + "These parameters are incompatible. " + "Disabling wide links for this share.\n", + lp_servicename(snum) )); + lp_do_parameter(snum, "wide links", "False"); + } + /* Figure out the characteristics of the underlying filesystem. This * assumes that all the filesystem mounted withing a share path have * the same characteristics, which is likely but not guaranteed. diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 4d6d55c5713..96dcc2b40f7 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -5230,7 +5230,6 @@ static NTSTATUS smb_set_file_unix_link(connection_struct *conn, { char *link_target = NULL; const char *newname = fname; - NTSTATUS status = NT_STATUS_OK; TALLOC_CTX *ctx = talloc_tos(); /* Set a symbolic link. */ @@ -5251,42 +5250,6 @@ static NTSTATUS smb_set_file_unix_link(connection_struct *conn, return NT_STATUS_INVALID_PARAMETER; } - /* !widelinks forces the target path to be within the share. */ - /* This means we can interpret the target as a pathname. */ - if (!lp_widelinks(SNUM(conn))) { - char *rel_name = NULL; - char *last_dirp = NULL; - - if (*link_target == '/') { - /* No absolute paths allowed. */ - return NT_STATUS_ACCESS_DENIED; - } - rel_name = talloc_strdup(ctx,newname); - if (!rel_name) { - return NT_STATUS_NO_MEMORY; - } - last_dirp = strrchr_m(rel_name, '/'); - if (last_dirp) { - last_dirp[1] = '\0'; - } else { - rel_name = talloc_strdup(ctx,"./"); - if (!rel_name) { - return NT_STATUS_NO_MEMORY; - } - } - rel_name = talloc_asprintf_append(rel_name, - "%s", - link_target); - if (!rel_name) { - return NT_STATUS_NO_MEMORY; - } - - status = check_name(conn, rel_name); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } - DEBUG(10,("smb_set_file_unix_link: SMB_SET_FILE_UNIX_LINK doing symlink %s -> %s\n", newname, link_target )); diff --git a/source/smbd/vfs.c b/source/smbd/vfs.c index 1e137dd9089..129014bc776 100644 --- a/source/smbd/vfs.c +++ b/source/smbd/vfs.c @@ -935,7 +935,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) /* Check for widelinks allowed. */ if (!lp_widelinks(SNUM(conn)) && (strncmp(conn->connectpath, resolved_name, con_path_len) != 0)) { - DEBUG(2, ("reduce_name: Bad access attempt: %s is a symlink outside the share path", fname)); + DEBUG(2, ("reduce_name: Bad access attempt: %s is a symlink outside the share path\n", fname)); if (free_resolved_name) { SAFE_FREE(resolved_name); } |