From b9dfd1e6017c4288317091cfdd7fa5a79cf55318 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 11 Feb 2010 16:03:02 -0800 Subject: [PATCH] Fixes issue with preexec scripts creating a share directory, and problems if a smb.conf reload turns wide links back on after a connection is establised. Includes git refs : cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b 94865e4dbd3d721c9855aada8c55e02be8b3881e 5d92d969dda450cc3564dd2265d2b042d832c542 02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82 from master. Jeremy. --- source3/include/proto.h | 1 + source3/param/loadparm.c | 33 +++++++++++++++++++++++- source3/smbd/service.c | 63 +++++++++++++++++++++++++-------------------- 3 files changed, 68 insertions(+), 29 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index d2ae62c..b241437 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4358,6 +4358,7 @@ void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val); int lp_min_receive_file_size(void); char* lp_perfcount_module(void); void lp_set_passdb_backend(const char *backend); +void widelinks_warning(int snum); /* The following definitions come from param/util.c */ diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 6e5e0b2..2ba2dd3 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -5561,7 +5561,6 @@ FN_LOCAL_BOOL(lp_oplocks, bOpLocks) FN_LOCAL_BOOL(lp_level2_oplocks, bLevel2OpLocks) FN_LOCAL_BOOL(lp_onlyuser, bOnlyUser) FN_LOCAL_PARM_BOOL(lp_manglednames, bMangledNames) -FN_LOCAL_BOOL(lp_widelinks, bWidelinks) FN_LOCAL_BOOL(lp_symlinks, bSymlinks) FN_LOCAL_BOOL(lp_syncalways, bSyncAlways) FN_LOCAL_BOOL(lp_strict_allocate, bStrictAllocate) @@ -9770,3 +9769,35 @@ void lp_set_passdb_backend(const char *backend) { string_set(&Globals.szPassdbBackend, backend); } + +/******************************************************************* + Safe wide links checks. + This helper function always verify the validity of wide links, + even after a configuration file reload. +********************************************************************/ + +static bool lp_widelinks_internal(int snum) +{ + return (bool)(LP_SNUM_OK(snum)? ServicePtrs[(snum)]->bWidelinks : + sDefault.bWidelinks); +} + +void widelinks_warning(int snum) +{ + if (lp_unix_extensions() && lp_widelinks_internal(snum)) { + DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " + "These parameters are incompatible. " + "Wide links will be disabled for this share.\n", + lp_servicename(snum) )); + } +} + +bool lp_widelinks(int snum) +{ + /* wide links is always incompatible with unix extensions */ + if (lp_unix_extensions()) { + return false; + } + + return lp_widelinks_internal(snum); +} diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 2dd1f5a..6248f5d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -850,25 +850,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } - /* - * If widelinks are disallowed we need to canonicalise the connect - * path here to ensure we don't have any symlinks in the - * connectpath. We will be checking all paths on this connection are - * below this directory. We must do this after the VFS init as we - * depend on the realpath() pointer in the vfs table. JRA. - */ - if (!lp_widelinks(snum)) { - if (!canonicalize_connect_path(conn)) { - DEBUG(0, ("canonicalize_connect_path failed " - "for service %s, path %s\n", - lp_servicename(snum), - conn->connectpath)); - conn_free(conn); - *pstatus = NT_STATUS_BAD_NETWORK_NAME; - return NULL; - } - } - if ((!conn->printer) && (!conn->ipc)) { conn->notify_ctx = notify_init(conn, server_id_self(), smbd_messaging_context(), @@ -876,7 +857,11 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn); } -/* ROOT Activities: */ +/* ROOT Activities: */ + /* explicitly check widelinks here so that we can correctly warn + * in the logs. */ + widelinks_warning(snum); + /* * Enforce the max connections parameter. */ @@ -902,6 +887,18 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } + /* + * Fix compatibility issue pointed out by Volker. + * We pass the conn->connectpath to the preexec + * scripts as a parameter, so attempt to canonicalize + * it here before calling the preexec scripts. + * We ignore errors here, as it is possible that + * the conn->connectpath doesn't exist yet and + * the preexec scripts will create them. + */ + + (void)canonicalize_connect_path(conn); + /* Preexecs are done here as they might make the dir we are to ChDir * to below */ /* execute any "root preexec = " line */ @@ -963,6 +960,24 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } } + /* + * If widelinks are disallowed we need to canonicalise the connect + * path here to ensure we don't have any symlinks in the + * connectpath. We will be checking all paths on this connection are + * below this directory. We must do this after the VFS init as we + * depend on the realpath() pointer in the vfs table. JRA. + */ + if (!lp_widelinks(snum)) { + if (!canonicalize_connect_path(conn)) { + DEBUG(0, ("canonicalize_connect_path failed " + "for service %s, path %s\n", + lp_servicename(snum), + conn->connectpath)); + *pstatus = NT_STATUS_BAD_NETWORK_NAME; + goto err_root_exit; + } + } + #ifdef WITH_FAKE_KASERVER if (lp_afs_share(snum)) { afs_login(conn); @@ -1032,14 +1047,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #endif - if (lp_unix_extensions() && lp_widelinks(snum)) { - DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " - "These parameters are incompatible. " - "Disabling wide links for this share.\n", - lp_servicename(snum) )); - lp_do_parameter(snum, "wide links", "False"); - } - /* Figure out the characteristics of the underlying filesystem. This * assumes that all the filesystem mounted withing a share path have * the same characteristics, which is likely but not guaranteed. -- 1.6.6