From a0618e0eda69d31d090f776a9217a6a3cf76e5da Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 16:37:27 -0700
Subject: [PATCH 1/7] s3: smbd: Add two tests showing the ability to delete a
 directory containing a dangling symlink over SMB2 depends on "delete veto
 files" setting.

Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 942123b95923f35a32df4196a072a3ed3468396a)
(cherry picked from commit 359517877d6462ff4398401748f921c8b79357a6)
---
 selftest/knownfail.d/rmdir_dangle_symlink     |   1 +
 selftest/target/Samba3.pm                     |   4 +
 .../test_delete_veto_files_only_rmdir.sh      | 183 ++++++++++++++++++
 source3/selftest/tests.py                     |   3 +
 4 files changed, 191 insertions(+)
 create mode 100644 selftest/knownfail.d/rmdir_dangle_symlink
 create mode 100755 source3/script/tests/test_delete_veto_files_only_rmdir.sh

diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink
new file mode 100644
index 00000000000..c775dc5fe15
--- /dev/null
+++ b/selftest/knownfail.d/rmdir_dangle_symlink
@@ -0,0 +1 @@
+^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index bbff9d74817..588d7779dd4 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1584,6 +1584,10 @@ sub setup_fileserver
 	veto files = /veto_name*/
 	delete veto files = yes
 
+[delete_veto_files_only]
+	path = $veto_sharedir
+	delete veto files = yes
+
 [homes]
 	comment = Home directories
 	browseable = No
diff --git a/source3/script/tests/test_delete_veto_files_only_rmdir.sh b/source3/script/tests/test_delete_veto_files_only_rmdir.sh
new file mode 100755
index 00000000000..d2c3b2198f7
--- /dev/null
+++ b/source3/script/tests/test_delete_veto_files_only_rmdir.sh
@@ -0,0 +1,183 @@
+#!/bin/sh
+#
+# Check smbclient can (or cannot) delete a directory containing dangling symlinks.
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
+#
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: $0 SERVER SERVER_IP USERNAME PASSWORD SHAREPATH SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER=${1}
+SERVER_IP=${2}
+USERNAME=${3}
+PASSWORD=${4}
+SHAREPATH=${5}
+SMBCLIENT=${6}
+shift 6
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+ADDARGS="$@"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+rmdir_path="$SHAREPATH/dir"
+
+#
+# Using the share "[delete_veto_files_only]" we CAN delete
+# a directory containing only a dangling symlink.
+#
+test_dangle_symlink_delete_veto_rmdir()
+{
+    local dangle_symlink_path="$rmdir_path/bad_link"
+    local tmpfile=$PREFIX/smbclient.in.$$
+
+    # Create rmdir directory.
+    mkdir -p "$rmdir_path"
+    # Create dangling symlink underneath.
+    ln -s "nowhere-foo" "$dangle_symlink_path"
+
+    cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+    local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/delete_veto_files_only -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval "$cmd")
+    ret=$?
+
+    # Check for smbclient error.
+    if [ $ret != 0 ] ; then
+        echo "Failed accessing share delete_veto_files_only - $ret"
+        echo "$out"
+        return 1
+    fi
+
+    # We should NOT see the dangling symlink file.
+    echo "$out" | grep bad_link
+    ret=$?
+    if [ $ret -eq 0 ] ; then
+       echo "Saw dangling symlink bad_link in share delete_veto_files_only"
+       echo "$out"
+       return 1
+    fi
+
+    # Try and remove the directory, should succeed.
+    cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+    local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/delete_veto_files_only -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval "$cmd")
+    ret=$?
+
+    # Check for smbclient error.
+    if [ $ret != 0 ] ; then
+        echo "Failed accessing share delete_veto_files_only - $ret"
+        echo "$out"
+        return 1
+    fi
+
+    # We should get no NT_STATUS_ errors.
+    echo "$out" | grep NT_STATUS_
+    ret=$?
+    if [ $ret -eq 0 ] ; then
+       echo "Got error NT_STATUS_ in share delete_veto_files_only"
+       echo "$out"
+       return 1
+    fi
+
+    return 0
+}
+
+#
+# Using the share "[veto_files_nodelete]" we CANNOT delete
+# a directory containing only a dangling symlink.
+#
+test_dangle_symlink_veto_files_nodelete()
+{
+    local dangle_symlink_path="$rmdir_path/bad_link"
+    local tmpfile=$PREFIX/smbclient.in.$$
+
+    # Create rmdir directory.
+    mkdir -p "$rmdir_path"
+    # Create dangling symlink underneath.
+    ln -s "nowhere-foo" "$dangle_symlink_path"
+
+    cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+    local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval "$cmd")
+    ret=$?
+
+    # Check for smbclient error.
+    if [ $ret != 0 ] ; then
+        echo "Failed accessing share veto_files_nodelete - $ret"
+        echo "$out"
+        return 1
+    fi
+
+    # We should NOT see the dangling symlink file.
+    echo "$out" | grep bad_link
+    ret=$?
+    if [ $ret -eq 0 ] ; then
+       echo "Saw dangling symlink bad_link in share veto_files_nodelete"
+       echo "$out"
+       return 1
+    fi
+
+    # Try and remove the directory, should fail with DIRECTORY_NOT_EMPTY.
+    cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+    local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval "$cmd")
+    ret=$?
+
+    # Check for smbclient error.
+    if [ $ret != 0 ] ; then
+        echo "Failed accessing share veto_files_nodelete - $ret"
+        echo "$out"
+        return 1
+    fi
+
+    # We should get NT_STATUS_DIRECTORY_NOT_EMPTY errors.
+    echo "$out" | grep NT_STATUS_DIRECTORY_NOT_EMPTY
+    ret=$?
+    if [ $ret -ne 0 ] ; then
+       echo "Should get NT_STATUS_DIRECTORY_NOT_EMPTY in share veto_files_nodelete"
+       echo "$out"
+       return 1
+    fi
+
+    return 0
+}
+
+
+testit "rmdir can delete directory containing dangling symlink" \
+   test_dangle_symlink_delete_veto_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+testit "rmdir cannot delete directory delete_veto_files_no containing dangling symlink" \
+   test_dangle_symlink_veto_files_nodelete || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+exit "$failed"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 82f32ec4232..330024cf77c 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -501,6 +501,9 @@ for env in ["fileserver"]:
     plantestsuite("samba3.blackbox.test_veto_rmdir", env,
                   [os.path.join(samba3srcdir, "script/tests/test_veto_rmdir.sh"),
                   '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
+    plantestsuite("samba3.blackbox.test_dangle_rmdir", env,
+                  [os.path.join(samba3srcdir, "script/tests/test_delete_veto_files_only_rmdir.sh"),
+                  '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
 
     #
     # tar command tests
-- 
2.33.1


From 47c98fe40101b60d5b5a34eb8ef02106c1da66c9 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:01:58 -0700
Subject: [PATCH 2/7] s3: VFS: streams_depot. Allow unlinkat to cope with
 dangling symlinks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 295d7d026babe3cd5123d0f53adcb16868907f05)
(backported from commit 7a4173809a87350bc3580240232978042ec2ceca)
[pfilipen@redhat.com: code in 4.15 uses different variable name]
---
 source3/modules/vfs_streams_depot.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c
index a5e02d5a069..dd6376e5fd0 100644
--- a/source3/modules/vfs_streams_depot.c
+++ b/source3/modules/vfs_streams_depot.c
@@ -739,6 +739,16 @@ static int streams_depot_unlink_internal(vfs_handle_struct *handle,
 		ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname_base);
 	} else {
 		ret = SMB_VFS_NEXT_STAT(handle, smb_fname_base);
+		if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+			if (VALID_STAT(smb_fname->st) &&
+					S_ISLNK(smb_fname->st.st_ex_mode)) {
+				/*
+				 * Original name was a link - Could be
+				 * trying to remove a dangling symlink.
+				 */
+				ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname_base);
+			}
+		}
 	}
 
 	if (ret == -1) {
-- 
2.33.1


From 474a91d03527a15f7655be3866a9e5eaa405118f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:02:43 -0700
Subject: [PATCH 3/7] s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling
 symlinks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f254be19d6501a4f573843af97963e350a9ee2ed)
(backported from commit 0dba0917fd97e975d1daab5b0828644d026c2bc5)
[pfilipen@redhat.com: code in 4.15 uses different variable name]
---
 source3/modules/vfs_xattr_tdb.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c
index d89a1dd0d7d..e06ff9639f1 100644
--- a/source3/modules/vfs_xattr_tdb.c
+++ b/source3/modules/vfs_xattr_tdb.c
@@ -639,6 +639,16 @@ static int xattr_tdb_unlinkat(vfs_handle_struct *handle,
 		ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname_tmp);
 	} else {
 		ret = SMB_VFS_NEXT_STAT(handle, smb_fname_tmp);
+		if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+			if (VALID_STAT(smb_fname->st) &&
+					S_ISLNK(smb_fname->st.st_ex_mode)) {
+				/*
+				 * Original name was a link - Could be
+				 * trying to remove a dangling symlink.
+				 */
+				ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname_tmp);
+			}
+		}
 	}
 	if (ret == -1) {
 		goto out;
-- 
2.33.1


From 298a8dac1160ebba56cd84b7e25908e160b88f85 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:21:37 -0700
Subject: [PATCH 4/7] s3: smbd: Fix rmdir_internals() to do an early return if
 lp_delete_veto_files() is not set.

Fix the comments to match what the code actually does. The
exit at the end of the scan directory loop if we find a client
visible filename is a change in behavior, but the previous
behavior (not exist on visible filename, but delete it) was
a bug and in non-tested code. Now it's testd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a37d16e7c55f85e3f2c9c8614755ea6307092d5f)
(backported from commit e00fe095e8cf7ab54bc82870b913762d2fdddbad)
[pfilipen@redhat.com: rmdir_internals() got refactored in 4.15]
---
 source3/smbd/close.c | 247 ++++++++++++++++++++++---------------------
 1 file changed, 128 insertions(+), 119 deletions(-)

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index f05619d1886..0c102b9533b 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -938,8 +938,11 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
 {
 	connection_struct *conn = fsp->conn;
 	struct smb_filename *smb_dname = fsp->fsp_name;
-	const struct loadparm_substitution *lp_sub =
-		loadparm_s3_global_substitution();
+	SMB_STRUCT_STAT st;
+	const char *dname = NULL;
+	char *talloced = NULL;
+	long dirpos = 0;
+	struct smb_Dir *dir_hnd = NULL;
 	int ret;
 
 	SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
@@ -974,143 +977,149 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
 		return NT_STATUS_OK;
 	}
 
-	if(((errno == ENOTEMPTY)||(errno == EEXIST)) && *lp_veto_files(talloc_tos(), lp_sub, SNUM(conn))) {
-		/*
-		 * Check to see if the only thing in this directory are
-		 * vetoed files/directories. If so then delete them and
-		 * retry. If we fail to delete any of them (and we *don't*
-		 * do a recursive delete) then fail the rmdir.
-		 */
-		SMB_STRUCT_STAT st;
-		const char *dname = NULL;
-		char *talloced = NULL;
-		long dirpos = 0;
-		struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
-						  smb_dname, NULL,
-						  0);
-
-		if(dir_hnd == NULL) {
+	if (!((errno == ENOTEMPTY) || (errno == EEXIST))) {
+		DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
+			 "%s\n", smb_fname_str_dbg(smb_dname),
+			 strerror(errno)));
+		return map_nt_error_from_unix(errno);
+	}
+
+	/*
+	 * Here we know the initial directory unlink failed with
+	 * ENOTEMPTY or EEXIST so we know there are objects within.
+	 * If we don't have permission to delete files non
+	 * visible to the client just fail the directory delete.
+	 */
+
+	if (!lp_delete_veto_files(SNUM(conn))) {
+		errno = ENOTEMPTY;
+		goto err;
+	}
+
+	/*
+	 * Check to see if the only thing in this directory are
+	 * files non-visible to the client. If not, fail the delete.
+	 */
+
+	dir_hnd = OpenDir(talloc_tos(), conn, smb_dname, NULL, 0);
+	if (dir_hnd == NULL) {
+		errno = ENOTEMPTY;
+		goto err;
+	}
+
+	while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
+		if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0)) {
+			TALLOC_FREE(talloced);
+			continue;
+		}
+		if (!is_visible_file(conn,
+					dir_hnd,
+					dname,
+					&st,
+					false)) {
+			TALLOC_FREE(talloced);
+			continue;
+		}
+		if(!IS_VETO_PATH(conn, dname)) {
+			/*
+			 * We found a client visible name.
+			 * We cannot delete this directory.
+			 */
+			DBG_DEBUG("got name %s - "
+				"can't delete directory %s\n",
+				dname,
+				fsp_str_dbg(fsp));
+			TALLOC_FREE(dir_hnd);
+			TALLOC_FREE(talloced);
 			errno = ENOTEMPTY;
 			goto err;
 		}
+		TALLOC_FREE(talloced);
+	}
 
-		while ((dname = ReadDirName(dir_hnd, &dirpos, &st,
-					    &talloced)) != NULL) {
-			if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0)) {
-				TALLOC_FREE(talloced);
-				continue;
-			}
-			if (!is_visible_file(conn,
-						dir_hnd,
-						dname,
-						&st,
-						false)) {
-				TALLOC_FREE(talloced);
-				continue;
-			}
-			if(!IS_VETO_PATH(conn, dname)) {
-				TALLOC_FREE(dir_hnd);
-				TALLOC_FREE(talloced);
-				errno = ENOTEMPTY;
-				goto err;
-			}
+	/* Do a recursive delete. */
+	RewindDir(dir_hnd,&dirpos);
+	while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
+		struct smb_filename *smb_dname_full = NULL;
+		char *fullname = NULL;
+		bool do_break = true;
+
+		if (ISDOT(dname) || ISDOTDOT(dname)) {
+			TALLOC_FREE(talloced);
+			continue;
+		}
+		if (!is_visible_file(conn,
+					dir_hnd,
+					dname,
+					&st,
+					false)) {
 			TALLOC_FREE(talloced);
+			continue;
 		}
 
-		/* We only have veto files/directories.
-		 * Are we allowed to delete them ? */
+		fullname = talloc_asprintf(ctx,
+				"%s/%s",
+				smb_dname->base_name,
+				dname);
 
-		if(!lp_delete_veto_files(SNUM(conn))) {
-			TALLOC_FREE(dir_hnd);
-			errno = ENOTEMPTY;
-			goto err;
+		if (fullname == NULL) {
+			errno = ENOMEM;
+			goto err_break;
 		}
 
-		/* Do a recursive delete. */
-		RewindDir(dir_hnd,&dirpos);
-		while ((dname = ReadDirName(dir_hnd, &dirpos, &st,
-					    &talloced)) != NULL) {
-			struct smb_filename *smb_dname_full = NULL;
-			char *fullname = NULL;
-			bool do_break = true;
-
-			if (ISDOT(dname) || ISDOTDOT(dname)) {
-				TALLOC_FREE(talloced);
-				continue;
-			}
-			if (!is_visible_file(conn,
-						dir_hnd,
-						dname,
-						&st,
-						false)) {
-				TALLOC_FREE(talloced);
-				continue;
-			}
-
-			fullname = talloc_asprintf(ctx,
-					"%s/%s",
-					smb_dname->base_name,
-					dname);
+		smb_dname_full = synthetic_smb_fname(talloc_tos(),
+						fullname,
+						NULL,
+						NULL,
+						smb_dname->twrp,
+						smb_dname->flags);
+		if (smb_dname_full == NULL) {
+			errno = ENOMEM;
+			goto err_break;
+		}
 
-			if(!fullname) {
-				errno = ENOMEM;
+		if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
+			goto err_break;
+		}
+		if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
+			int retval;
+			if(!recursive_rmdir(ctx, conn,
+					    smb_dname_full)) {
 				goto err_break;
 			}
-
-			smb_dname_full = synthetic_smb_fname(talloc_tos(),
-							fullname,
-							NULL,
-							NULL,
-							smb_dname->twrp,
-							smb_dname->flags);
-			if (smb_dname_full == NULL) {
-				errno = ENOMEM;
+			retval = SMB_VFS_UNLINKAT(conn,
+					conn->cwd_fsp,
+					smb_dname_full,
+					AT_REMOVEDIR);
+			if(retval != 0) {
 				goto err_break;
 			}
-
-			if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
+		} else {
+			int retval = SMB_VFS_UNLINKAT(conn,
+					conn->cwd_fsp,
+					smb_dname_full,
+					0);
+			if(retval != 0) {
 				goto err_break;
 			}
-			if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
-				int retval;
-				if(!recursive_rmdir(ctx, conn,
-						    smb_dname_full)) {
-					goto err_break;
-				}
-				retval = SMB_VFS_UNLINKAT(conn,
-						conn->cwd_fsp,
-						smb_dname_full,
-						AT_REMOVEDIR);
-				if(retval != 0) {
-					goto err_break;
-				}
-			} else {
-				int retval = SMB_VFS_UNLINKAT(conn,
-						conn->cwd_fsp,
-						smb_dname_full,
-						0);
-				if(retval != 0) {
-					goto err_break;
-				}
-			}
+		}
 
-			/* Successful iteration. */
-			do_break = false;
+		/* Successful iteration. */
+		do_break = false;
 
-		 err_break:
-			TALLOC_FREE(fullname);
-			TALLOC_FREE(smb_dname_full);
-			TALLOC_FREE(talloced);
-			if (do_break)
-				break;
-		}
-		TALLOC_FREE(dir_hnd);
-		/* Retry the rmdir */
-		ret = SMB_VFS_UNLINKAT(conn,
-				conn->cwd_fsp,
-				smb_dname,
-				AT_REMOVEDIR);
+	err_break:
+		TALLOC_FREE(fullname);
+		TALLOC_FREE(smb_dname_full);
+		TALLOC_FREE(talloced);
+		if (do_break)
+			break;
 	}
+	TALLOC_FREE(dir_hnd);
+	/* Retry the rmdir */
+	ret = SMB_VFS_UNLINKAT(conn,
+			conn->cwd_fsp,
+			smb_dname,
+			AT_REMOVEDIR);
 
   err:
 
-- 
2.33.1


From a7075aeedd078c68b57556678fa40907cd66cd08 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:32:29 -0700
Subject: [PATCH 5/7] s3: smbd: Fix logic in rmdir_internals() to cope with
 dangling symlinks.

Still need to add the same logic in can_delete_directory_fsp()
before we can delete the knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 26fecad2e66e91a3913d88ee2e0889f266e91d89)
(backported from commit 4793c4d5307472f0eb72f70f7dbf7324744e3f91)
[pfilipen@redhat.com: rmdir_internals() got refactored in 4.15]
---
 source3/smbd/close.c | 103 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 101 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 0c102b9533b..81811f703b0 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1008,10 +1008,14 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
 	}
 
 	while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced)) != NULL) {
+		struct smb_filename *smb_dname_full = NULL;
+		char *fullname = NULL;
+
 		if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0)) {
 			TALLOC_FREE(talloced);
 			continue;
 		}
+
 		if (!is_visible_file(conn,
 					dir_hnd,
 					dname,
@@ -1020,6 +1024,98 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
 			TALLOC_FREE(talloced);
 			continue;
 		}
+
+		fullname = talloc_asprintf(talloc_tos(),
+					   "%s/%s",
+					   smb_dname->base_name,
+					   dname);
+
+		if (fullname == NULL) {
+			TALLOC_FREE(talloced);
+			errno = ENOMEM;
+			goto err;
+		}
+
+		smb_dname_full = synthetic_smb_fname(talloc_tos(),
+						     fullname,
+						     NULL,
+						     NULL,
+						     smb_dname->twrp,
+						     smb_dname->flags);
+		if (smb_dname_full == NULL) {
+			TALLOC_FREE(talloced);
+			TALLOC_FREE(fullname);
+			errno = ENOMEM;
+			goto err;
+		}
+
+		ret = SMB_VFS_LSTAT(conn, smb_dname_full);
+		if (ret != 0) {
+			int saved_errno = errno;
+			TALLOC_FREE(talloced);
+			TALLOC_FREE(fullname);
+			TALLOC_FREE(smb_dname_full);
+			errno = saved_errno;
+			goto err;
+		}
+
+		if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
+			/* Could it be an msdfs link ? */
+			if (lp_host_msdfs() &&
+				lp_msdfs_root(SNUM(conn))) {
+				struct smb_filename *smb_atname;
+				smb_atname = synthetic_smb_fname(talloc_tos(),
+							dname,
+							NULL,
+							&smb_dname_full->st,
+							fsp->fsp_name->twrp,
+							fsp->fsp_name->flags);
+				if (smb_atname == NULL) {
+					TALLOC_FREE(talloced);
+					TALLOC_FREE(fullname);
+					TALLOC_FREE(smb_dname_full);
+					errno = ENOMEM;
+					goto err;
+				}
+				if (is_msdfs_link(conn, smb_atname)) {
+					TALLOC_FREE(talloced);
+					TALLOC_FREE(fullname);
+					TALLOC_FREE(smb_dname_full);
+					TALLOC_FREE(smb_atname);
+					DBG_DEBUG("got msdfs link name %s "
+						"- can't delete directory %s\n",
+						dname,
+						fsp_str_dbg(fsp));
+					errno = ENOTEMPTY;
+					goto err;
+				}
+				TALLOC_FREE(smb_atname);
+			}
+
+			/* Not a DFS link - could it be a dangling symlink ? */
+			ret = SMB_VFS_STAT(conn, smb_dname_full);
+			if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+				/*
+				 * Dangling symlink.
+				 * Allow delete as "delete veto files = yes"
+				 */
+				TALLOC_FREE(talloced);
+				TALLOC_FREE(fullname);
+				TALLOC_FREE(smb_dname_full);
+				continue;
+			}
+
+			DBG_DEBUG("got symlink name %s - "
+				"can't delete directory %s\n",
+				dname,
+				fsp_str_dbg(fsp));
+			TALLOC_FREE(talloced);
+			TALLOC_FREE(fullname);
+			TALLOC_FREE(smb_dname_full);
+			errno = ENOTEMPTY;
+			goto err;
+		}
+
 		if(!IS_VETO_PATH(conn, dname)) {
 			/*
 			 * We found a client visible name.
@@ -1029,12 +1125,15 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
 				"can't delete directory %s\n",
 				dname,
 				fsp_str_dbg(fsp));
-			TALLOC_FREE(dir_hnd);
 			TALLOC_FREE(talloced);
+			TALLOC_FREE(fullname);
+			TALLOC_FREE(smb_dname_full);
 			errno = ENOTEMPTY;
 			goto err;
 		}
 		TALLOC_FREE(talloced);
+		TALLOC_FREE(fullname);
+		TALLOC_FREE(smb_dname_full);
 	}
 
 	/* Do a recursive delete. */
@@ -1114,7 +1213,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
 		if (do_break)
 			break;
 	}
-	TALLOC_FREE(dir_hnd);
 	/* Retry the rmdir */
 	ret = SMB_VFS_UNLINKAT(conn,
 			conn->cwd_fsp,
@@ -1123,6 +1221,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
 
   err:
 
+	TALLOC_FREE(dir_hnd);
 	if (ret != 0) {
 		DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
 			 "%s\n", smb_fname_str_dbg(smb_dname),
-- 
2.33.1


From 843fc3b857cdfd6c7e902acef933d17690815e7e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:36:57 -0700
Subject: [PATCH 6/7] s3: smbd: Fix logic in can_delete_directory_fsp() to cope
 with dangling symlinks.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e9ef970eee5eca8ab3720279c54098e91d2dfda9)
(backported from commit 5023dbc04bfad7cc39e8c4de96f40c82e7a0288e)
[pfilipen@redhat.com: can_delete_directory_fsp() got refactored in 4.15]
---
 selftest/knownfail.d/rmdir_dangle_symlink |  1 -
 source3/smbd/dir.c                        | 97 +++++++++++++++++++++++
 2 files changed, 97 insertions(+), 1 deletion(-)
 delete mode 100644 selftest/knownfail.d/rmdir_dangle_symlink

diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink
deleted file mode 100644
index c775dc5fe15..00000000000
--- a/selftest/knownfail.d/rmdir_dangle_symlink
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\)
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 545c7499f28..96edc8678e5 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1876,6 +1876,8 @@ NTSTATUS can_delete_directory_fsp(files_struct *fsp)
 	char *talloced = NULL;
 	SMB_STRUCT_STAT st;
 	struct connection_struct *conn = fsp->conn;
+	struct smb_filename *smb_dname = fsp->fsp_name;
+	int ret;
 	struct smb_Dir *dir_hnd = OpenDir(talloc_tos(),
 					conn,
 					fsp->fsp_name,
@@ -1887,6 +1889,9 @@ NTSTATUS can_delete_directory_fsp(files_struct *fsp)
 	}
 
 	while ((dname = ReadDirName(dir_hnd, &dirpos, &st, &talloced))) {
+		struct smb_filename *smb_dname_full = NULL;
+		char *fullname = NULL;
+
 		if (ISDOT(dname) || (ISDOTDOT(dname))) {
 			TALLOC_FREE(talloced);
 			continue;
@@ -1901,6 +1906,98 @@ NTSTATUS can_delete_directory_fsp(files_struct *fsp)
 			continue;
 		}
 
+		fullname = talloc_asprintf(talloc_tos(),
+					   "%s/%s",
+					   smb_dname->base_name,
+					   dname);
+
+		if (fullname == NULL) {
+			TALLOC_FREE(dir_hnd);
+			TALLOC_FREE(talloced);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		smb_dname_full = synthetic_smb_fname(talloc_tos(),
+						     fullname,
+						     NULL,
+						     NULL,
+						     smb_dname->twrp,
+						     smb_dname->flags);
+		if (smb_dname_full == NULL) {
+			TALLOC_FREE(dir_hnd);
+			TALLOC_FREE(talloced);
+			TALLOC_FREE(fullname);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		ret = SMB_VFS_LSTAT(conn, smb_dname_full);
+		if (ret != 0) {
+			TALLOC_FREE(dir_hnd);
+			TALLOC_FREE(talloced);
+			TALLOC_FREE(fullname);
+			TALLOC_FREE(smb_dname_full);
+			return map_nt_error_from_unix(errno);
+		}
+
+		if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
+			/* Could it be an msdfs link ? */
+			if (lp_host_msdfs() &&
+			    lp_msdfs_root(SNUM(conn))) {
+				struct smb_filename *smb_atname;
+				smb_atname = synthetic_smb_fname(talloc_tos(),
+							dname,
+							NULL,
+							&smb_dname_full->st,
+							fsp->fsp_name->twrp,
+							fsp->fsp_name->flags);
+				if (smb_atname == NULL) {
+					TALLOC_FREE(dir_hnd);
+					TALLOC_FREE(talloced);
+					TALLOC_FREE(fullname);
+					TALLOC_FREE(smb_dname_full);
+					return NT_STATUS_NO_MEMORY;
+				}
+				if (is_msdfs_link(conn, smb_atname)) {
+					TALLOC_FREE(dir_hnd);
+					TALLOC_FREE(talloced);
+					TALLOC_FREE(fullname);
+					TALLOC_FREE(smb_dname_full);
+					TALLOC_FREE(smb_atname);
+					DBG_DEBUG("got msdfs link name %s "
+						"- can't delete directory %s\n",
+						dname,
+						fsp_str_dbg(fsp));
+					return NT_STATUS_DIRECTORY_NOT_EMPTY;
+				}
+				TALLOC_FREE(smb_atname);
+			}
+
+			/* Not a DFS link - could it be a dangling symlink ? */
+			ret = SMB_VFS_STAT(conn, smb_dname_full);
+			if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+				/*
+				 * Dangling symlink.
+				 * Allow if "delete veto files = yes"
+				 */
+				if (lp_delete_veto_files(SNUM(conn))) {
+					TALLOC_FREE(talloced);
+					TALLOC_FREE(fullname);
+					TALLOC_FREE(smb_dname_full);
+					continue;
+				}
+			}
+
+			DBG_DEBUG("got symlink name %s - "
+				"can't delete directory %s\n",
+				dname,
+				fsp_str_dbg(fsp));
+			TALLOC_FREE(dir_hnd);
+			TALLOC_FREE(talloced);
+			TALLOC_FREE(fullname);
+			TALLOC_FREE(smb_dname_full);
+			return NT_STATUS_DIRECTORY_NOT_EMPTY;
+		}
+
 		DEBUG(10,("got name %s - can't delete\n",
 			 dname ));
 		status = NT_STATUS_DIRECTORY_NOT_EMPTY;
-- 
2.33.1


From 7189ea825d8c9e4777dba737227ead602ad9b651 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:42:02 -0700
Subject: [PATCH 7/7] s3: docs-xml: Clarify the "delete veto files" paramter.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 29 14:57:14 UTC 2021 on sn-devel-184

(cherry picked from commit 0b818c6b77e972626d0b071bebcf4ce55619fb84)
(cherry picked from commit a549dc219cba5bd61969e4919ae4142f52c133ea)
---
 docs-xml/smbdotconf/filename/deletevetofiles.xml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs-xml/smbdotconf/filename/deletevetofiles.xml b/docs-xml/smbdotconf/filename/deletevetofiles.xml
index 581dc05396d..570d4ac60a0 100644
--- a/docs-xml/smbdotconf/filename/deletevetofiles.xml
+++ b/docs-xml/smbdotconf/filename/deletevetofiles.xml
@@ -4,9 +4,12 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 	<para>This option is used when Samba is attempting to 
-	delete a directory that contains one or more vetoed directories 
-	(see the <smbconfoption name="veto files"/>
-	option).  If this option is set to <constant>no</constant> (the default) then if a vetoed 
+	delete a directory that contains one or more vetoed files
+	or directories or non-visible files or directories (such
+	as dangling symlinks that point nowhere).
+	(see the <smbconfoption name="veto files"/>, <smbconfoption name="hide special files"/>,
+	<smbconfoption name="hide unreadable"/>, <smbconfoption name="hide unwriteable files"/>
+	options).  If this option is set to <constant>no</constant> (the default) then if a vetoed
 	directory contains any non-vetoed files or directories then the 
 	directory delete will fail. This is usually what you want.</para>
 
-- 
2.33.1