From f97bacf54db1b8d81e0f8f6372f7c6ee628d60ea Mon Sep 17 00:00:00 2001
From: L.A. Walsh <samba@tlinx.org>
Date: Sun, 12 Jun 2011 17:02:40 -0700
Subject: [PATCH 1/2] client-managed-widelinks patch+doc changes

---
 .../smbdotconf/misc/clientmanagedwidelinks.xml     |   34 ++++++++++++++++++++
 1 files changed, 34 insertions(+), 0 deletions(-)
 create mode 100644 docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml

diff --git a/docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml b/docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml
new file mode 100644
index 0000000..655a1e7
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml
@@ -0,0 +1,34 @@
+<samba:parameter name="client managed wide links"
+		 context="G"
+		 type="boolean"
+		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>
+	This parameter can allow users on client systems to manage
+	the <smbconfoption name="wide links"/> created on a server.  In
+	order to do this, <smbconfoption name="unix extensions"/> must also
+	be "on".  Normally, <smbconfoption name="wide links"/> and 
+	<smbconfoption name="unix extensions"/> may not be "on" or "true"
+	at the same time, but this parameter specifically allows it.
+
+		This parameter creates similar security issues as allowing
+	the same userid to have a local account on the server, where, they 
+	could manage/create symlinks that point to objects (files, 
+	directories, sockets, ... any unix file type) on disparate parts of
+	the system, both on shared and unshared parts of the system.  Unix
+	users have had this ability 'forever', it's controlled by normal user
+	file permissions.   A symlink to /etc/shadow still won't be readable
+	(let alone writable) by 'everyone', but only by 'root' and it's 
+	owning group.
+
+		If your users have local accounts on the server, this 
+	parameter should provide no decrease in security.  Users won't be
+	able to create links in shares that they don't already have access
+	to running as their user.   If they have server admin priviledges 
+	or 'Domain Admin' priviledges, they they may have write access to
+	any share as permitted by those priviledges.
+	</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
-- 
1.7.3.4


From af3cef511d6aaa9dc812ec09ac5b4141ad78fd07 Mon Sep 17 00:00:00 2001
From: L.A. Walsh <samba@tlinx.org>
Date: Sun, 12 Jun 2011 17:11:57 -0700
Subject: [PATCH 2/2] client-managed-widelinks patch+doc changes2

---
 docs-xml/smbdotconf/misc/widelinks.xml          |   15 ++++++++-------
 docs-xml/smbdotconf/protocol/unixextensions.xml |    4 +++-
 source3/param/loadparm.c                        |   22 +++++++++++++++++-----
 3 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml
index 1c30bb7..63a1a60 100644
--- a/docs-xml/smbdotconf/misc/widelinks.xml
+++ b/docs-xml/smbdotconf/misc/widelinks.xml
@@ -5,17 +5,18 @@
 <description>
 	<para>This parameter controls whether or not links 
 	in the UNIX file system may be followed by the server. Links 
-	that point to areas within the directory tree exported by the 
-	server are always allowed; this parameter controls access only 
-	to areas that are outside the directory tree being exported.</para>
+	that point to areas within the the same share are always allowed; 
+	this parameter controls access only 
+	to areas that are outside the specific Share.</para>
 
 	<para>Note: Turning this parameter on when UNIX extensions are enabled
 	will allow UNIX clients to create symbolic links on the share that
-	can point to files or directories outside restricted path exported
-	by the share definition. This can cause access to areas outside of
-	the share. Due to this problem, this parameter will be automatically
+	can point to files or directories outside restricted path(s) exported
+	by the share definitions. This can cause access to areas outside of
+	the share. Due to this problem, this parameter is automatically
 	disabled (with a message in the log file) if the
-	<smbconfoption name="unix extensions"/> option is on.
+	<smbconfoption name="unix extensions"/> option is on unless
+	<smbconfoption name="client managed wide links"/> is also on.
 	</para>
 </description>
 
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml
index d816648..4475c30 100644
--- a/docs-xml/smbdotconf/protocol/unixextensions.xml
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -11,7 +11,9 @@
     These extensions require a similarly enabled client, and are of
     no current use to Windows clients.</para>
     <para>
-    Note if this parameter is turned on, the <smbconfoption name="wide links"/>
+	    Note if this parameter is turned on, and the 
+    <smbconfoption name="client managed wide links"> is not explicitly
+    turned on, the <smbconfoption name="wide links"/>
     parameter will automatically be disabled.
     </para>
 </description>
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 77b67f1..5dbd3b1 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -351,6 +351,7 @@ struct global {
 	bool bHostMSDfs;
 	bool bUseMmap;
 	bool bHostnameLookups;
+	bool bClientManagedWidelinks;
 	bool bUnixExtensions;
 	bool bDisableNetbios;
 	char * szDedicatedKeytabFile;
@@ -961,6 +962,15 @@ static struct parm_struct parm_table[] = {
 		.flags		= FLAG_ADVANCED
 	},
 	{
+		.label		= "client managed wide links",
+		.type		= P_BOOL,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.bClientManagedWidelinks,
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= FLAG_ADVANCED
+	},
+	{
 		.label		= "unix charset",
 		.type		= P_STRING,
 		.p_class	= P_GLOBAL,
@@ -5338,6 +5348,7 @@ static void init_globals(bool reinit_globals)
 #else
 	Globals.bUseMmap = True;
 #endif
+	Globals.bClientManagedWidelinks = False;
 	Globals.bUnixExtensions = True;
 	Globals.bResetOnZeroVC = False;
 	Globals.bLogWriteableFilesOnExit = False;
@@ -5816,6 +5827,7 @@ FN_GLOBAL_BOOL(lp_kernel_oplocks, &Globals.bKernelOplocks)
 FN_GLOBAL_BOOL(lp_enhanced_browsing, &Globals.enhanced_browsing)
 FN_GLOBAL_BOOL(lp_use_mmap, &Globals.bUseMmap)
 FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
+FN_GLOBAL_BOOL(lp_client_managed_widelinks, &Globals.bClientManagedWidelinks)
 FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
 FN_GLOBAL_BOOL(lp_client_use_spnego, &Globals.bClientUseSpnego)
 FN_GLOBAL_BOOL(lp_client_use_spnego_principal, &Globals.client_use_spnego_principal)
@@ -10289,6 +10301,7 @@ static bool lp_widelinks_internal(int snum)
 
 void widelinks_warning(int snum)
 {
+	if (lp_client_managed_widelinks()) return;
 	if (lp_unix_extensions() && lp_widelinks_internal(snum)) {
 		DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
 			"These parameters are incompatible. "
@@ -10299,12 +10312,11 @@ void widelinks_warning(int snum)
 
 bool lp_widelinks(int snum)
 {
-	/* wide links is always incompatible with unix extensions */
-	if (lp_unix_extensions()) {
-		return false;
-	}
 
-	return lp_widelinks_internal(snum);
+	if (lp_client_managed_widelinks()
+		|| !lp_unix_extensions()) return lp_widelinks_internal(snum);
+
+	return false;
 }
 
 bool lp_writeraw(void)
-- 
1.7.3.4