From 8c87e39ca081a910f5833e1111a6e46f3239c4a4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 13 Sep 2011 17:03:46 -0700 Subject: [PATCH] Fix bug #8229 - git patch attached against 3.6.0-rc2 to fix 'widelinks' regression intro'd in 3.2 Add "allow insecure widelinks" to re-enable the ability (requested by some sites) to have "widelinks = yes" and "unix extensions = yes". Based on an original patch by Linda Walsh --- .../smbdotconf/misc/allowinsecurewidelinks.xml | 37 ++++++++++++++++++++ docs-xml/smbdotconf/misc/widelinks.xml | 4 ++ docs-xml/smbdotconf/protocol/unixextensions.xml | 4 ++ source3/include/proto.h | 1 + source3/param/loadparm.c | 23 ++++++++++++- 5 files changed, 68 insertions(+), 1 deletions(-) create mode 100644 docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml diff --git a/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml b/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml new file mode 100644 index 0000000..a8a0991 --- /dev/null +++ b/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml @@ -0,0 +1,37 @@ + + + + In normal operation the option + which allows the server to follow symlinks outside of a share path + is automatically disabled when + are enabled on a Samba server. This is done for security purposes + to prevent UNIX clients creating symlinks to areas of the server + file system that the administrator does not wish to export. + + + Setting to + true disables the link between these two parameters, removing + this protection and allowing a site to configure + the server to follow symlinks (by setting + to "true") even when + is turned on. + + + If is not recommended to enable this option unless you + fully understand the implications of allowing the server to + follow symbolic links created by UNIX clients. For most + normal Samba configurations this would be considered a security + hole and setting this parameter is not recommended. + + + This option was added at the request of sites who had + deliberately set Samba up in this way and needed to continue + supporting this functionality without having to patch the + Samba code. + + +no + diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml index 1c30bb7..da1374a 100644 --- a/docs-xml/smbdotconf/misc/widelinks.xml +++ b/docs-xml/smbdotconf/misc/widelinks.xml @@ -17,6 +17,10 @@ disabled (with a message in the log file) if the option is on. + + See the parameter + if you wish to change this coupling between the two parameters. + no diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml index d816648..61a39cb 100644 --- a/docs-xml/smbdotconf/protocol/unixextensions.xml +++ b/docs-xml/smbdotconf/protocol/unixextensions.xml @@ -14,6 +14,10 @@ Note if this parameter is turned on, the parameter will automatically be disabled. + + See the parameter + if you wish to change this coupling between the two parameters. + yes diff --git a/source3/include/proto.h b/source3/include/proto.h index 8fdd77d..28b58b2 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1636,6 +1636,7 @@ bool lp_oplocks(int ); bool lp_level2_oplocks(int ); bool lp_onlyuser(int ); bool lp_manglednames(const struct share_params *p ); +bool lp_allow_insecure_widelinks(void); bool lp_widelinks(int ); bool lp_symlinks(int ); bool lp_syncalways(int ); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index bec525e..6ad2452 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -379,6 +379,7 @@ struct global { bool bMapUntrustedToDomain; bool bAsyncSMBEchoHandler; bool bMulticastDnsRegister; + bool bAllowInsecureWidelinks; int ismb2_max_read; int ismb2_max_write; int ismb2_max_trans; @@ -4356,6 +4357,15 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED | FLAG_SHARE, }, { + .label = "allow insecure wide links", + .type = P_BOOL, + .p_class = P_GLOBAL, + .ptr = &Globals.bAllowInsecureWidelinks, + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { .label = "wide links", .type = P_BOOL, .p_class = P_LOCAL, @@ -5996,6 +6006,7 @@ FN_LOCAL_BOOL(lp_dos_filetime_resolution, bDosFiletimeResolution) FN_LOCAL_BOOL(lp_fake_dir_create_times, bFakeDirCreateTimes) FN_GLOBAL_BOOL(lp_async_smb_echo_handler, &Globals.bAsyncSMBEchoHandler) FN_GLOBAL_BOOL(lp_multicast_dns_register, &Globals.bMulticastDnsRegister) +FN_GLOBAL_BOOL(lp_allow_insecure_widelinks, &Globals.bAllowInsecureWidelinks) FN_LOCAL_BOOL(lp_blocking_locks, bBlockingLocks) FN_LOCAL_BOOL(lp_inherit_perms, bInheritPerms) FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS) @@ -10322,6 +10333,10 @@ static bool lp_widelinks_internal(int snum) void widelinks_warning(int snum) { + if (lp_allow_insecure_widelinks()) { + return; + } + if (lp_unix_extensions() && lp_widelinks_internal(snum)) { DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " "These parameters are incompatible. " @@ -10334,7 +10349,13 @@ bool lp_widelinks(int snum) { /* wide links is always incompatible with unix extensions */ if (lp_unix_extensions()) { - return false; + /* + * Unless we have "allow insecure widelinks" + * turned on. + */ + if (!lp_allow_insecure_widelinks()) { + return false; + } } return lp_widelinks_internal(snum); -- 1.7.3.1