Bug 8541 - readlink() on Linux clients fails if the symlink target is outside of the share
readlink() on Linux clients fails if the symlink target is outside of the share
Status: RESOLVED FIXED
Product: Samba 3.6
Classification: Unclassified
Component: File services
3.6.1
All Linux
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-21 18:00 UTC by Eelco Dolstra
Modified: 2011-10-26 17:27 UTC (History)
1 user (show)

See Also:


Attachments
Raw patch for 3.6.1 (5.27 KB, patch)
2011-10-21 21:16 UTC, Jeremy Allison
no flags Details
Raw patch for 3.6.1 (version 2). (7.38 KB, patch)
2011-10-22 00:48 UTC, Jeremy Allison
no flags Details
Raw patch for 3.6.2 (version #3) (7.75 KB, patch)
2011-10-22 01:39 UTC, Jeremy Allison
no flags Details
git-am format patch for 3.6.2 (10.94 KB, patch)
2011-10-24 19:48 UTC, Jeremy Allison
metze: review+
Details
git-am format patch for 3.5.next (10.92 KB, patch)
2011-10-24 22:36 UTC, Jeremy Allison
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Eelco Dolstra 2011-10-21 18:00:45 UTC
I'm using Samba to allow a Linux virtual machine to mount the file system of the host using CIFS, with the Unix extensions enabled.  However, I ran into a problem with symlinks.  The client sees symlinks on the server correctly, *except* if the target exists and is outside of the share.

Example:

(on the server)
$ mkdir dir
$ touch dir/foo
$ ln -s foo dir/bar
$ ln -s /var dir/bla
$ ln -s /missing dir/bla2
$ ls -l dir
lrwxrwxrwx 1 ... bar -> foo
lrwxrwxrwx 1 ... bla -> /var
lrwxrwxrwx 1 ... bla2 -> /missing
-rw-r--r-- 1 ... foo

(on the client)
$ ls -l /mnt/dir
ls: cannot read symbolic link /mnt/dir/bla: Permission denied
total 0
lrwxrwxrwx 1 30001 30000 3 Oct 21 17:47 bar -> foo
lrwxrwxrwx 1 30001 30000 4 Oct 21 17:47 bla
lrwxrwxrwx 1 30001 30000 8 Oct 21 17:47 bla2 -> /missing
-rw-r--r-- 1 30001 30000 0 Oct 21 17:47 foo

Expected results: the client should be able to do readlink() to get the target of the "bla" symlink, i.e., "/var".

The above is with "follow symlinks = yes".  I also tried "follow symlinks = no" and "wide links = yes".  This gives:

$ ls -l /mnt/dir
ls: cannot read symbolic link /mnt/dir/bar: Permission denied
ls: cannot read symbolic link /mnt/dir/bla: Permission denied
total 0
lrwxrwxrwx 1 30001 30000 3 Oct 21 17:50 bar
lrwxrwxrwx 1 30001 30000 4 Oct 21 17:50 bla
lrwxrwxrwx 1 30001 30000 8 Oct 21 17:50 bla2 -> /missing
-rw-r--r-- 1 30001 30000 0 Oct 21 17:50 foo

which is fairly weird (why can "bla2" be read but not "bar"?).

The server is Samba 3.6.1 on NixOS / Linux 2.6.35.14 (older versions have the same problem).  The client is running Linux 2.6.35.14.  The mount options on the client are:

//10.0.2.4/share /mnt cifs rw,relatime,unc=\\10.0.2.4\share,username=,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.2.4,posixpaths,serverino,acl,rsize=130048,wsize=57344 0 0
Comment 1 Jeremy Allison 2011-10-21 18:42:30 UTC
Reproduced. Will work on this.

Jeremy.
Comment 2 Jeremy Allison 2011-10-21 21:16:25 UTC
Created attachment 7018 [details]
Raw patch for 3.6.1

This is equivalent to what I committed to master. It fixes the problem here. Can you test this and let me know it if fixes the problem for you please ?

Thanks,

Jeremy.
Comment 3 Eelco Dolstra 2011-10-21 23:33:03 UTC
The patch works perfectly for me.  Thank you very much!
Comment 4 Jeremy Allison 2011-10-22 00:37:25 UTC
Thanks for the update - but the fix isn't quite complete. The lookup on the symlink to /var works the first time, but not subsequent times due to the stat cache doing stat() instead of lstat() on cached name returned.

I'll fix this and post a second raw patch for you to test.

Jeremy.
Comment 5 Jeremy Allison 2011-10-22 00:48:57 UTC
Created attachment 7019 [details]
Raw patch for 3.6.1 (version 2).

This contains the stat cache fix also. Please re-test and let me know that this still fixes the problem.

Thanks,

Jeremy.
Comment 6 Jeremy Allison 2011-10-22 01:39:20 UTC
Created attachment 7021 [details]
Raw patch for 3.6.2 (version #3)

Arg. Missed passing the ucf_flags in the findfirst code.

This matches what has gone into master. Please test.

Jeremy.
Comment 7 Eelco Dolstra 2011-10-24 01:56:30 UTC
Attachments.samba.org seems to be down at the moment.  I'll test the patch when it comes back up.
Comment 8 Jeremy Allison 2011-10-24 19:48:30 UTC
Created attachment 7027 [details]
git-am format patch for 3.6.2

This is the fix that has gone into master (cherry-picked for 3.6.2) that fixes the problem for me.

Metze please review for 3.6.2.

Jeremy.
Comment 9 Jeremy Allison 2011-10-24 22:36:43 UTC
Created attachment 7029 [details]
git-am format patch for 3.5.next
Comment 10 Stefan Metzmacher 2011-10-26 12:58:49 UTC
Comment on attachment 7029 [details]
git-am format patch for 3.5.next

Looks ok
Comment 11 Stefan Metzmacher 2011-10-26 13:00:14 UTC
Comment on attachment 7027 [details]
git-am format patch for 3.6.2

Looks ok
Comment 12 Stefan Metzmacher 2011-10-26 13:06:07 UTC
Karolin, please pick for the next releases
Comment 13 Eelco Dolstra 2011-10-26 13:49:26 UTC
I can confirm that the latest 3.6.2 patch still works for me.
Comment 14 Karolin Seeger 2011-10-26 17:27:43 UTC
Pushed to both branches.
Closing out bug report.

Thanks!