From be44bed0d828ba0ea6c8f7461f1413bde1d76b82 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 11 Feb 2010 16:00:51 -0800 Subject: [PATCH] Fixes issue with preexec scripts creating a share directory, and problems is a smb.conf reload turns wide links back on after a connection is establised. Includes git refs : cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b 94865e4dbd3d721c9855aada8c55e02be8b3881e 5d92d969dda450cc3564dd2265d2b042d832c542 02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82 from master. Jeremy. --- source3/include/proto.h | 1 + source3/param/loadparm.c | 33 +++++++++++++++++++++++- source3/smbd/service.c | 63 +++++++++++++++++++++++++-------------------- 3 files changed, 68 insertions(+), 29 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 6d16dc2..26fbb44 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4377,6 +4377,7 @@ void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val); int lp_min_receive_file_size(void); char* lp_perfcount_module(void); void lp_set_passdb_backend(const char *backend); +void widelinks_warning(int snum); /* The following definitions come from param/util.c */ diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 31e5ce4..f362c9b 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -5676,7 +5676,6 @@ FN_LOCAL_BOOL(lp_oplocks, bOpLocks) FN_LOCAL_BOOL(lp_level2_oplocks, bLevel2OpLocks) FN_LOCAL_BOOL(lp_onlyuser, bOnlyUser) FN_LOCAL_PARM_BOOL(lp_manglednames, bMangledNames) -FN_LOCAL_BOOL(lp_widelinks, bWidelinks) FN_LOCAL_BOOL(lp_symlinks, bSymlinks) FN_LOCAL_BOOL(lp_syncalways, bSyncAlways) FN_LOCAL_BOOL(lp_strict_allocate, bStrictAllocate) @@ -9890,3 +9889,35 @@ void lp_set_passdb_backend(const char *backend) { string_set(&Globals.szPassdbBackend, backend); } + +/******************************************************************* + Safe wide links checks. + This helper function always verify the validity of wide links, + even after a configuration file reload. +********************************************************************/ + +static bool lp_widelinks_internal(int snum) +{ + return (bool)(LP_SNUM_OK(snum)? ServicePtrs[(snum)]->bWidelinks : + sDefault.bWidelinks); +} + +void widelinks_warning(int snum) +{ + if (lp_unix_extensions() && lp_widelinks_internal(snum)) { + DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " + "These parameters are incompatible. " + "Wide links will be disabled for this share.\n", + lp_servicename(snum) )); + } +} + +bool lp_widelinks(int snum) +{ + /* wide links is always incompatible with unix extensions */ + if (lp_unix_extensions()) { + return false; + } + + return lp_widelinks_internal(snum); +} diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8039d16..d8ba4fe 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -850,25 +850,6 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, return NULL; } - /* - * If widelinks are disallowed we need to canonicalise the connect - * path here to ensure we don't have any symlinks in the - * connectpath. We will be checking all paths on this connection are - * below this directory. We must do this after the VFS init as we - * depend on the realpath() pointer in the vfs table. JRA. - */ - if (!lp_widelinks(snum)) { - if (!canonicalize_connect_path(conn)) { - DEBUG(0, ("canonicalize_connect_path failed " - "for service %s, path %s\n", - lp_servicename(snum), - conn->connectpath)); - conn_free(conn); - *pstatus = NT_STATUS_BAD_NETWORK_NAME; - return NULL; - } - } - if ((!conn->printer) && (!conn->ipc)) { conn->notify_ctx = notify_init(conn, server_id_self(), smbd_messaging_context(), @@ -876,7 +857,11 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, conn); } -/* ROOT Activities: */ +/* ROOT Activities: */ + /* explicitly check widelinks here so that we can correctly warn + * in the logs. */ + widelinks_warning(snum); + /* * Enforce the max connections parameter. */ @@ -902,6 +887,18 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, return NULL; } + /* + * Fix compatibility issue pointed out by Volker. + * We pass the conn->connectpath to the preexec + * scripts as a parameter, so attempt to canonicalize + * it here before calling the preexec scripts. + * We ignore errors here, as it is possible that + * the conn->connectpath doesn't exist yet and + * the preexec scripts will create them. + */ + + (void)canonicalize_connect_path(conn); + /* Preexecs are done here as they might make the dir we are to ChDir * to below */ /* execute any "root preexec = " line */ @@ -963,6 +960,24 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, } } + /* + * If widelinks are disallowed we need to canonicalise the connect + * path here to ensure we don't have any symlinks in the + * connectpath. We will be checking all paths on this connection are + * below this directory. We must do this after the VFS init as we + * depend on the realpath() pointer in the vfs table. JRA. + */ + if (!lp_widelinks(snum)) { + if (!canonicalize_connect_path(conn)) { + DEBUG(0, ("canonicalize_connect_path failed " + "for service %s, path %s\n", + lp_servicename(snum), + conn->connectpath)); + *pstatus = NT_STATUS_BAD_NETWORK_NAME; + goto err_root_exit; + } + } + #ifdef WITH_FAKE_KASERVER if (lp_afs_share(snum)) { afs_login(conn); @@ -1039,14 +1054,6 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, } #endif - if (lp_unix_extensions() && lp_widelinks(snum)) { - DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " - "These parameters are incompatible. " - "Disabling wide links for this share.\n", - lp_servicename(snum) )); - lp_do_parameter(snum, "wide links", "False"); - } - /* Figure out the characteristics of the underlying filesystem. This * assumes that all the filesystem mounted withing a share path have * the same characteristics, which is likely but not guaranteed. -- 1.6.6