The branch, v3-5-test has been updated
via 73aee20 Third part of fix for bug #8541 - readlink() on Linux
clients fails if the symlink target is outside of the share.
via 84ce5f1 Second part of fix for bug #8541 - readlink() on Linux
clients fails if the symlink target is outside of the share.
via 9685fb3 Fix bug #8541 - readlink() on Linux clients fails if the
symlink target is outside of the share.
via 6ae5426 Use existing ISDOT and ISDOTDOT macros.
from 9378a90 s3-netapi: remove pointless use_memory_krb5_ccache.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit 73aee207497028b524f2f4d011ab28d954a598c7
Author: Jeremy Allison <j...@samba.org>
Date: Fri Oct 21 18:35:15 2011 -0700
Third part of fix for bug #8541 - readlink() on Linux clients fails if the
symlink target is outside of the share.
Missed passing ucf_flags instead of hard coded flags in findfirst call.
Autobuild-User: Jeremy Allison <j...@samba.org>
Autobuild-Date: Sat Oct 22 06:30:16 CEST 2011 on sn-devel-104
(cherry picked from commit f4593181876f7a9ef55ceee8d1a20369197a63ba)
commit 84ce5f1b96be650ad80fa1dc030539113a27c50d
Author: Jeremy Allison <j...@samba.org>
Date: Mon Oct 24 15:34:27 2011 -0700
Second part of fix for bug #8541 - readlink() on Linux clients fails if the
symlink target is outside of the share.
The statcache has to do lstat instead of stat when returning cached
posix pathnames.
commit 9685fb343de057598752d8f43d43523cab5c4356
Author: Jeremy Allison <j...@samba.org>
Date: Mon Oct 24 15:24:04 2011 -0700
Fix bug #8541 - readlink() on Linux clients fails if the symlink target is
outside of the share.
The key is to only allow the lookup to succeed if it's a UNIX level lookup
or readlink,
but disallow all other operations.
commit 6ae54263b77f7663df0c390c496a139bed443b27
Author: Jeremy Allison <j...@samba.org>
Date: Mon Jul 25 16:12:45 2011 -0700
Use existing ISDOT and ISDOTDOT macros.
Autobuild-User: Jeremy Allison <j...@samba.org>
Autobuild-Date: Thu Jul 28 02:09:20 CEST 2011 on sn-devel-104
(cherry picked from commit d82256ca119eb8315cc69ba725ba71c386caa901)
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 2 ++
source3/include/smb.h | 1 +
source3/smbd/filename.c | 39 +++++++++++++++++++++++++++++----------
source3/smbd/statcache.c | 11 ++++++++++-
source3/smbd/trans2.c | 21 +++++++++++++++------
5 files changed, 57 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 2b20cc4..2e04ca1 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6354,6 +6354,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
const char *orig_path,
struct smb_filename **smb_fname,
uint32_t ucf_flags);
+NTSTATUS check_veto_path(connection_struct *conn, const char *name);
NTSTATUS check_name(connection_struct *conn, const char *name);
int get_real_filename(connection_struct *conn, const char *path,
const char *name, TALLOC_CTX *mem_ctx,
@@ -7054,6 +7055,7 @@ void stat_cache_add( const char *full_orig_name,
char *translated_path,
bool case_sensitive);
bool stat_cache_lookup(connection_struct *conn,
+ bool posix_paths,
char **pp_name,
char **pp_dirpath,
char **pp_start,
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 202f9d7..4b5c49b 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1957,6 +1957,7 @@ struct smb_file_time {
#define UCF_ALWAYS_ALLOW_WCARD_LCOMP 0x00000002
#define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004
#define UCF_POSIX_PATHNAMES 0x00000008
+#define UCF_UNIX_NAME_LOOKUP 0x00000010
/*
* smb_filename
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index c92921e..0c34aa8 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -295,7 +295,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
if((!conn->case_sensitive || !(conn->fs_capabilities &
FILE_CASE_SENSITIVE_SEARCH)) &&
- stat_cache_lookup(conn, &smb_fname->base_name, &dirpath, &start,
+ stat_cache_lookup(conn, posix_pathnames, &smb_fname->base_name,
&dirpath, &start,
&smb_fname->st)) {
goto done;
}
@@ -839,26 +839,39 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
}
/****************************************************************************
- Check a filename - possibly calling check_reduced_name.
- This is called by every routine before it allows an operation on a filename.
- It does any final confirmation necessary to ensure that the filename is
- a valid one for the user to access.
+ Ensure a path is not vetod.
****************************************************************************/
-NTSTATUS check_name(connection_struct *conn, const char *name)
+NTSTATUS check_veto_path(connection_struct *conn, const char *name)
{
if (IS_VETO_PATH(conn, name)) {
/* Is it not dot or dot dot. */
- if (!((name[0] == '.') && (!name[1] ||
- (name[1] == '.' && !name[2])))) {
- DEBUG(5,("check_name: file path name %s vetoed\n",
+ if (!(ISDOT(name) || ISDOTDOT(name))) {
+ DEBUG(5,("check_veto_path: file path name %s vetoed\n",
name));
return map_nt_error_from_unix(ENOENT);
}
}
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Check a filename - possibly calling check_reduced_name.
+ This is called by every routine before it allows an operation on a filename.
+ It does any final confirmation necessary to ensure that the filename is
+ a valid one for the user to access.
+****************************************************************************/
+
+NTSTATUS check_name(connection_struct *conn, const char *name)
+{
+ NTSTATUS status = check_veto_path(conn, name);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
if (!lp_widelinks(SNUM(conn)) || !lp_symlinks(SNUM(conn))) {
- NTSTATUS status = check_reduced_name(conn,name);
+ status = check_reduced_name(conn,name);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5,("check_name: name %s failed with %s\n",name,
nt_errstr(status)));
@@ -1176,6 +1189,12 @@ NTSTATUS filename_convert(TALLOC_CTX *ctx,
return status;
}
+ if ((ucf_flags & UCF_UNIX_NAME_LOOKUP) &&
+ VALID_STAT((*pp_smb_fname)->st) &&
+ S_ISLNK((*pp_smb_fname)->st.st_ex_mode)) {
+ return check_veto_path(conn, (*pp_smb_fname)->base_name);
+ }
+
status = check_name(conn, (*pp_smb_fname)->base_name);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3,("filename_convert: check_name failed "
diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index db347b5..5f58d5e 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -145,6 +145,7 @@ void stat_cache_add( const char *full_orig_name,
* Look through the stat cache for an entry
*
* @param conn A connection struct to do the stat() with.
+ * @param posix_paths Whether to lookup using stat() or lstat()
* @param name The path we are attempting to cache, modified by this routine
* to be correct as far as the cache can tell us. We assume that
* it is a talloc'ed string from top of stack, we free it if
@@ -161,6 +162,7 @@ void stat_cache_add( const char *full_orig_name,
*/
bool stat_cache_lookup(connection_struct *conn,
+ bool posix_paths,
char **pp_name,
char **pp_dirpath,
char **pp_start,
@@ -176,6 +178,7 @@ bool stat_cache_lookup(connection_struct *conn,
char *name;
TALLOC_CTX *ctx = talloc_tos();
struct smb_filename smb_fname;
+ int ret;
*pp_dirpath = NULL;
*pp_start = *pp_name;
@@ -278,7 +281,13 @@ bool stat_cache_lookup(connection_struct *conn,
ZERO_STRUCT(smb_fname);
smb_fname.base_name = translated_path;
- if (SMB_VFS_STAT(conn, &smb_fname) != 0) {
+ if (posix_paths) {
+ ret = SMB_VFS_LSTAT(conn, &smb_fname);
+ } else {
+ ret = SMB_VFS_STAT(conn, &smb_fname);
+ }
+
+ if (ret != 0) {
/* Discard this entry - it doesn't exist in the filesystem. */
memcache_delete(smbd_memcache(), STAT_CACHE,
data_blob_const(chk_name, strlen(chk_name)));
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 88ac17d..93fa291 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2233,6 +2233,7 @@ static void call_trans2findfirst(connection_struct *conn,
TALLOC_CTX *ctx = talloc_tos();
struct dptr_struct *dirptr = NULL;
struct smbd_server_connection *sconn = smbd_server_conn;
+ uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP);
if (total_params < 13) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -2276,6 +2277,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x,
max_data_bytes = %d\n",
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
goto out;
}
+ ucf_flags |= UCF_UNIX_NAME_LOOKUP;
break;
default:
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
@@ -2293,8 +2295,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x,
max_data_bytes = %d\n",
ntstatus = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
directory,
- (UCF_SAVE_LCOMP |
- UCF_ALWAYS_ALLOW_WCARD_LCOMP),
+ ucf_flags,
&mask_contains_wcard,
&smb_dname);
if (!NT_STATUS_IS_OK(ntstatus)) {
@@ -5089,6 +5090,7 @@ static void call_trans2qfilepathinfo(connection_struct
*conn,
} else {
char *fname = NULL;
+ uint32_t ucf_flags = 0;
/* qpathinfo */
if (total_params < 7) {
@@ -5100,9 +5102,16 @@ static void call_trans2qfilepathinfo(connection_struct
*conn,
DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level
= %d\n", info_level));
- if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) {
- reply_nterror(req, NT_STATUS_INVALID_LEVEL);
- return;
+ if (INFO_LEVEL_IS_UNIX(info_level)) {
+ if (!lp_unix_extensions()) {
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
+ return;
+ }
+ if (info_level == SMB_QUERY_FILE_UNIX_BASIC ||
+ info_level == SMB_QUERY_FILE_UNIX_INFO2
||
+ info_level == SMB_QUERY_FILE_UNIX_LINK)
{
+ ucf_flags |= UCF_UNIX_NAME_LOOKUP;
+ }
}
srvstr_get_path(req, params, req->flags2, &fname, ¶ms[6],
@@ -5117,7 +5126,7 @@ static void call_trans2qfilepathinfo(connection_struct
*conn,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ ucf_flags,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
--
Samba Shared Repository
