The branch, v3-5-test has been updated via 73aee20 Third part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share. via 84ce5f1 Second part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share. via 9685fb3 Fix bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share. via 6ae5426 Use existing ISDOT and ISDOTDOT macros. from 9378a90 s3-netapi: remove pointless use_memory_krb5_ccache.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log ----------------------------------------------------------------- commit 73aee207497028b524f2f4d011ab28d954a598c7 Author: Jeremy Allison <j...@samba.org> Date: Fri Oct 21 18:35:15 2011 -0700 Third part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share. Missed passing ucf_flags instead of hard coded flags in findfirst call. Autobuild-User: Jeremy Allison <j...@samba.org> Autobuild-Date: Sat Oct 22 06:30:16 CEST 2011 on sn-devel-104 (cherry picked from commit f4593181876f7a9ef55ceee8d1a20369197a63ba) commit 84ce5f1b96be650ad80fa1dc030539113a27c50d Author: Jeremy Allison <j...@samba.org> Date: Mon Oct 24 15:34:27 2011 -0700 Second part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share. The statcache has to do lstat instead of stat when returning cached posix pathnames. commit 9685fb343de057598752d8f43d43523cab5c4356 Author: Jeremy Allison <j...@samba.org> Date: Mon Oct 24 15:24:04 2011 -0700 Fix bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share. The key is to only allow the lookup to succeed if it's a UNIX level lookup or readlink, but disallow all other operations. commit 6ae54263b77f7663df0c390c496a139bed443b27 Author: Jeremy Allison <j...@samba.org> Date: Mon Jul 25 16:12:45 2011 -0700 Use existing ISDOT and ISDOTDOT macros. Autobuild-User: Jeremy Allison <j...@samba.org> Autobuild-Date: Thu Jul 28 02:09:20 CEST 2011 on sn-devel-104 (cherry picked from commit d82256ca119eb8315cc69ba725ba71c386caa901) ----------------------------------------------------------------------- Summary of changes: source3/include/proto.h | 2 ++ source3/include/smb.h | 1 + source3/smbd/filename.c | 39 +++++++++++++++++++++++++++++---------- source3/smbd/statcache.c | 11 ++++++++++- source3/smbd/trans2.c | 21 +++++++++++++++------ 5 files changed, 57 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 2b20cc4..2e04ca1 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6354,6 +6354,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, const char *orig_path, struct smb_filename **smb_fname, uint32_t ucf_flags); +NTSTATUS check_veto_path(connection_struct *conn, const char *name); NTSTATUS check_name(connection_struct *conn, const char *name); int get_real_filename(connection_struct *conn, const char *path, const char *name, TALLOC_CTX *mem_ctx, @@ -7054,6 +7055,7 @@ void stat_cache_add( const char *full_orig_name, char *translated_path, bool case_sensitive); bool stat_cache_lookup(connection_struct *conn, + bool posix_paths, char **pp_name, char **pp_dirpath, char **pp_start, diff --git a/source3/include/smb.h b/source3/include/smb.h index 202f9d7..4b5c49b 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1957,6 +1957,7 @@ struct smb_file_time { #define UCF_ALWAYS_ALLOW_WCARD_LCOMP 0x00000002 #define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004 #define UCF_POSIX_PATHNAMES 0x00000008 +#define UCF_UNIX_NAME_LOOKUP 0x00000010 /* * smb_filename diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index c92921e..0c34aa8 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -295,7 +295,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, if((!conn->case_sensitive || !(conn->fs_capabilities & FILE_CASE_SENSITIVE_SEARCH)) && - stat_cache_lookup(conn, &smb_fname->base_name, &dirpath, &start, + stat_cache_lookup(conn, posix_pathnames, &smb_fname->base_name, &dirpath, &start, &smb_fname->st)) { goto done; } @@ -839,26 +839,39 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, } /**************************************************************************** - Check a filename - possibly calling check_reduced_name. - This is called by every routine before it allows an operation on a filename. - It does any final confirmation necessary to ensure that the filename is - a valid one for the user to access. + Ensure a path is not vetod. ****************************************************************************/ -NTSTATUS check_name(connection_struct *conn, const char *name) +NTSTATUS check_veto_path(connection_struct *conn, const char *name) { if (IS_VETO_PATH(conn, name)) { /* Is it not dot or dot dot. */ - if (!((name[0] == '.') && (!name[1] || - (name[1] == '.' && !name[2])))) { - DEBUG(5,("check_name: file path name %s vetoed\n", + if (!(ISDOT(name) || ISDOTDOT(name))) { + DEBUG(5,("check_veto_path: file path name %s vetoed\n", name)); return map_nt_error_from_unix(ENOENT); } } + return NT_STATUS_OK; +} + +/**************************************************************************** + Check a filename - possibly calling check_reduced_name. + This is called by every routine before it allows an operation on a filename. + It does any final confirmation necessary to ensure that the filename is + a valid one for the user to access. +****************************************************************************/ + +NTSTATUS check_name(connection_struct *conn, const char *name) +{ + NTSTATUS status = check_veto_path(conn, name); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } if (!lp_widelinks(SNUM(conn)) || !lp_symlinks(SNUM(conn))) { - NTSTATUS status = check_reduced_name(conn,name); + status = check_reduced_name(conn,name); if (!NT_STATUS_IS_OK(status)) { DEBUG(5,("check_name: name %s failed with %s\n",name, nt_errstr(status))); @@ -1176,6 +1189,12 @@ NTSTATUS filename_convert(TALLOC_CTX *ctx, return status; } + if ((ucf_flags & UCF_UNIX_NAME_LOOKUP) && + VALID_STAT((*pp_smb_fname)->st) && + S_ISLNK((*pp_smb_fname)->st.st_ex_mode)) { + return check_veto_path(conn, (*pp_smb_fname)->base_name); + } + status = check_name(conn, (*pp_smb_fname)->base_name); if (!NT_STATUS_IS_OK(status)) { DEBUG(3,("filename_convert: check_name failed " diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c index db347b5..5f58d5e 100644 --- a/source3/smbd/statcache.c +++ b/source3/smbd/statcache.c @@ -145,6 +145,7 @@ void stat_cache_add( const char *full_orig_name, * Look through the stat cache for an entry * * @param conn A connection struct to do the stat() with. + * @param posix_paths Whether to lookup using stat() or lstat() * @param name The path we are attempting to cache, modified by this routine * to be correct as far as the cache can tell us. We assume that * it is a talloc'ed string from top of stack, we free it if @@ -161,6 +162,7 @@ void stat_cache_add( const char *full_orig_name, */ bool stat_cache_lookup(connection_struct *conn, + bool posix_paths, char **pp_name, char **pp_dirpath, char **pp_start, @@ -176,6 +178,7 @@ bool stat_cache_lookup(connection_struct *conn, char *name; TALLOC_CTX *ctx = talloc_tos(); struct smb_filename smb_fname; + int ret; *pp_dirpath = NULL; *pp_start = *pp_name; @@ -278,7 +281,13 @@ bool stat_cache_lookup(connection_struct *conn, ZERO_STRUCT(smb_fname); smb_fname.base_name = translated_path; - if (SMB_VFS_STAT(conn, &smb_fname) != 0) { + if (posix_paths) { + ret = SMB_VFS_LSTAT(conn, &smb_fname); + } else { + ret = SMB_VFS_STAT(conn, &smb_fname); + } + + if (ret != 0) { /* Discard this entry - it doesn't exist in the filesystem. */ memcache_delete(smbd_memcache(), STAT_CACHE, data_blob_const(chk_name, strlen(chk_name))); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 88ac17d..93fa291 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2233,6 +2233,7 @@ static void call_trans2findfirst(connection_struct *conn, TALLOC_CTX *ctx = talloc_tos(); struct dptr_struct *dirptr = NULL; struct smbd_server_connection *sconn = smbd_server_conn; + uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP); if (total_params < 13) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); @@ -2276,6 +2277,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n", reply_nterror(req, NT_STATUS_INVALID_LEVEL); goto out; } + ucf_flags |= UCF_UNIX_NAME_LOOKUP; break; default: reply_nterror(req, NT_STATUS_INVALID_LEVEL); @@ -2293,8 +2295,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n", ntstatus = filename_convert(ctx, conn, req->flags2 & FLAGS2_DFS_PATHNAMES, directory, - (UCF_SAVE_LCOMP | - UCF_ALWAYS_ALLOW_WCARD_LCOMP), + ucf_flags, &mask_contains_wcard, &smb_dname); if (!NT_STATUS_IS_OK(ntstatus)) { @@ -5089,6 +5090,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn, } else { char *fname = NULL; + uint32_t ucf_flags = 0; /* qpathinfo */ if (total_params < 7) { @@ -5100,9 +5102,16 @@ static void call_trans2qfilepathinfo(connection_struct *conn, DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = %d\n", info_level)); - if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) { - reply_nterror(req, NT_STATUS_INVALID_LEVEL); - return; + if (INFO_LEVEL_IS_UNIX(info_level)) { + if (!lp_unix_extensions()) { + reply_nterror(req, NT_STATUS_INVALID_LEVEL); + return; + } + if (info_level == SMB_QUERY_FILE_UNIX_BASIC || + info_level == SMB_QUERY_FILE_UNIX_INFO2 || + info_level == SMB_QUERY_FILE_UNIX_LINK) { + ucf_flags |= UCF_UNIX_NAME_LOOKUP; + } } srvstr_get_path(req, params, req->flags2, &fname, ¶ms[6], @@ -5117,7 +5126,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn, conn, req->flags2 & FLAGS2_DFS_PATHNAMES, fname, - 0, + ucf_flags, NULL, &smb_fname); if (!NT_STATUS_IS_OK(status)) { -- Samba Shared Repository