From bd269443e311d96ef495a9db47d1b95eb83bb8f4 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 5 Feb 2010 15:20:18 -0800
Subject: [PATCH] Fix bug 7104 - "wide links" and "unix extensions" are incompatible.

Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.

Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.

Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.

Jeremy.
---
 docs-xml/smbdotconf/misc/widelinks.xml          |   13 ++++++--
 docs-xml/smbdotconf/protocol/unixextensions.xml |    3 ++
 source3/param/loadparm.c                        |    2 +-
 source3/smbd/service.c                          |    8 +++++
 source3/smbd/trans2.c                           |   36 -----------------------
 source3/smbd/vfs.c                              |    2 +-
 6 files changed, 22 insertions(+), 42 deletions(-)

diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml
index fb707c1..1c30bb7 100644
--- a/docs-xml/smbdotconf/misc/widelinks.xml
+++ b/docs-xml/smbdotconf/misc/widelinks.xml
@@ -9,10 +9,15 @@
 	server are always allowed; this parameter controls access only 
 	to areas that are outside the directory tree being exported.</para>
 
-	<para>Note that setting this parameter can have a negative 
-	effect on your server performance due to the extra system calls 
-	that Samba has to  do in order to perform the link checks.</para>
+	<para>Note: Turning this parameter on when UNIX extensions are enabled
+	will allow UNIX clients to create symbolic links on the share that
+	can point to files or directories outside restricted path exported
+	by the share definition. This can cause access to areas outside of
+	the share. Due to this problem, this parameter will be automatically
+	disabled (with a message in the log file) if the
+	<smbconfoption name="unix extensions"/> option is on.
+	</para>
 </description>
 
-<value type="default">yes</value>
+<value type="default">no</value>
 </samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml
index da9ad10..36e72d2 100644
--- a/docs-xml/smbdotconf/protocol/unixextensions.xml
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -10,6 +10,9 @@
     by supporting features such as symbolic links, hard links, etc...
     These extensions require a similarly enabled client, and are of
     no current use to Windows clients.</para>
+    <para>
+    Note if this parameter is turned on, the <smbconfoption name="wide links"/>
+    parameter will automatically be disabled.
 </description>
 
 <value type="default">yes</value>
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index bd70ee1..5bac25c 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -606,7 +606,7 @@ static struct service sDefault = {
 	True,			/* bLevel2OpLocks */
 	False,			/* bOnlyUser */
 	True,			/* bMangledNames */
-	True,			/* bWidelinks */
+	false,			/* bWidelinks */
 	True,			/* bSymlinks */
 	False,			/* bSyncAlways */
 	False,			/* bStrictAllocate */
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index e8775ff..8039d16 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -1039,6 +1039,14 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 	}
 #endif
 
+	if (lp_unix_extensions() && lp_widelinks(snum)) {
+		DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
+			"These parameters are incompatible. "
+			"Disabling wide links for this share.\n",
+			lp_servicename(snum) ));
+		lp_do_parameter(snum, "wide links", "False");
+	}
+
 	/* Figure out the characteristics of the underlying filesystem. This
 	 * assumes that all the filesystem mounted withing a share path have
 	 * the same characteristics, which is likely but not guaranteed.
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index df61167..28862d1 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5836,42 +5836,6 @@ static NTSTATUS smb_set_file_unix_link(connection_struct *conn,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	/* !widelinks forces the target path to be within the share. */
-	/* This means we can interpret the target as a pathname. */
-	if (!lp_widelinks(SNUM(conn))) {
-		char *rel_name = NULL;
-		char *last_dirp = NULL;
-
-		if (*link_target == '/') {
-			/* No absolute paths allowed. */
-			return NT_STATUS_ACCESS_DENIED;
-		}
-		rel_name = talloc_strdup(ctx,newname);
-		if (!rel_name) {
-			return NT_STATUS_NO_MEMORY;
-		}
-		last_dirp = strrchr_m(rel_name, '/');
-		if (last_dirp) {
-			last_dirp[1] = '\0';
-		} else {
-			rel_name = talloc_strdup(ctx,"./");
-			if (!rel_name) {
-				return NT_STATUS_NO_MEMORY;
-			}
-		}
-		rel_name = talloc_asprintf_append(rel_name,
-				"%s",
-				link_target);
-		if (!rel_name) {
-			return NT_STATUS_NO_MEMORY;
-		}
-
-		status = check_name(conn, rel_name);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
-	}
-
 	DEBUG(10,("smb_set_file_unix_link: SMB_SET_FILE_UNIX_LINK doing symlink %s -> %s\n",
 			newname, link_target ));
 
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 5acec70..94bdb1f 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -945,7 +945,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
 				strlen(conn_rootdir)) != 0) {
 			    DEBUG(2, ("check_reduced_name: Bad access "
 				      "attempt: %s is a symlink outside the "
-				      "share path", fname));
+				      "share path\n", fname));
 			    if (free_resolved_name) {
 				    SAFE_FREE(resolved_name);
 			    }
-- 
1.6.6