11219 – Regression with symlinks and ntbackup

Bug 11219 - Regression with symlinks and ntbackup

Summary: Regression with symlinks and ntbackup

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.1.17
Hardware:	x64 Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-04-15 06:30 UTC by Berni CED
Modified:	2015-04-15 06:32 UTC (History)
CC List:	0 users

See Also:

Attachments
Samba configuration template (1.09 KB, text/plain) 2015-04-15 06:31 UTC, Berni CED	no flags	Details
log.smbd with messages with vfs:2 (2.91 KB, text/x-log) 2015-04-15 06:32 UTC, Berni CED	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Berni CED 2015-04-15 06:30:22 UTC

I've migrated my storage from samba 3.6.10 (Debian Wheezy 32 bit) to 4.1.17
(Debian Jessie 64 bit) and i've faced a regression regarding symlinks and
ntbackup.
I'm aware of that:
https://www.samba.org/samba/news/symlink_attack.html

So i have a global:
    unix extensions = no
    wide links = no

And a "publix" share with "wide links = yes", that contains only symlink to
directories like that:
link_1 -> ../dir1
link_2 -> ../dir2

I'm able to follow the above symlinks, both from explorer and smbclient. The
problem is only with ntbackup, that cannot enter inside them: they looks
empty (tested with Win2000 and WinServer2003).
But they worked with 3.6.10.

The configuration was mostly kept the same in the migration process, except
for switching from "security=domain" to "security=ads", and changing some
other parameters to follow this. And note that i've switched from 32 to
64 bit.
I've also set up a test PC based on Archlinux (64 bit) and samba 4.2, where
i've fully reproduced the problem.


Here are the steps to reproduce yourself.
----------------------------------------------------
First create the folder tree:
mkdir /smbshare
mkdir /smbshare/ced/
mkdir /smbshare/publix/
chown -R root:root /smbshare
chmod -R 771 /smbshare

Put some contents inside shares:
echo "ced" > /smbshare/ced/ced.txt
echo "publix" > /smbshare/publix/publix.txt
chmod 664 /smbshare/ced/ced.txt
chmod 664 /smbshare/publix/publix.txt

Create a symlink in publix:
cd /smbshare/publix
ln -s ../ced ced

Create smb.conf, using the attached "smb.berni.conf" as template and
restart smbd service.

Now from a Windows PC, first try to access the symlink folder with
explorer: it might work.

Then follow these steps with ntbackup (i'm using italian localized Windows,
so i rougly try to translate the menu entries):
- Login as domain administrator
- Open ntbackup
- Click on the "Backup" tab
- Network neighborhood -> Entire network -> Windows network
- Expand your samba server and enter inside the share with symlinks
- Click on every symlink.

Every symlinks looks empty, with no errors from ntbackup.
----------------------------------------------------

I was unable to workaround the problem and to understand the root cause of
it. To me the most suspect messages from the samba logs are reported in
the attached "smbd.log", that was obtained setting "log level = vfs:2".
Why those "Bad access attempt: ced is a symlink outside the share path"?
Like there was no "wide links = yes" for the publix share.
And why those messages don't appear if i follow symlinks with Explorer?

Cesare.

Comment 1 Berni CED 2015-04-15 06:31:08 UTC

Created attachment 10956 [details]
Samba configuration template

Comment 2 Berni CED 2015-04-15 06:32:46 UTC

Created attachment 10957 [details]
log.smbd with messages with vfs:2