Bug 14269 - New DFS function CREATE_DFS_PATHAT() / unlink DFS link should fail on read-only share.
Summary: New DFS function CREATE_DFS_PATHAT() / unlink DFS link should fail on read-on...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 14282
  Show dependency treegraph
 
Reported: 2020-02-06 23:50 UTC by Jeremy Allison
Modified: 2020-02-24 08:16 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for 4.12.rcNext (2.28 KB, patch)
2020-02-19 00:03 UTC, Jeremy Allison
slow: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2020-02-06 23:50:05 UTC
Have patch, need bug number. Only affects 4.12rcX.
Comment 1 Jeremy Allison 2020-02-07 00:30:14 UTC
Note this isn't a security issue, as DFS create / delete are restricted to root (unix_token->uid == sec_initial_uid()) access only.

I just think that it's better to have even root obey share restrictions under the principle of least surprises. If creating / deleting the DFS link fails, the new code gives a message telling the admin what share name was being accessed so they can decide to remove the read-only restriction if they wish.
Comment 2 Jeremy Allison 2020-02-19 00:03:32 UTC
Created attachment 15795 [details]
git-am fix for 4.12.rcNext

Cherry-pick from master.
Comment 3 Jeremy Allison 2020-02-19 17:12:47 UTC
Karolin, this one got missed for rc3 - sorry, I should have assigned it to you.

Ralph still needs to +1 it (it's a direct cherry-pick from what went into master) but I'm hoping it can get into 4.12-final.

Although it could wait until 4.12.1 as it isn't a security issue.

Thanks,

Jeremy.
Comment 4 Karolin Seeger 2020-02-20 10:26:26 UTC
Pushed to autobuild-v4-12-test.
Comment 5 Karolin Seeger 2020-02-24 08:16:21 UTC
(In reply to Karolin Seeger from comment #4)
Pushed to v4-12-test.
Closing out bug report.

Thanks!