Patch for unix extensions
John Newbigin
jn at it.swin.edu.au
Fri Dec 27 08:10:02 GMT 2002
If no one has any problems with this patch, can it be applied?
John.
-------- Original Message --------
Subject: Patch for unix extensions
Date: Tue, 03 Dec 2002 09:51:39 +1100
From: John Newbigin <jn at it.swin.edu.au>
To: samba-technical at samba.org
This is a small patch which added a new config option to turn the
ensure_link_is_safe check off. This check prevents a client using the
unix extensions from creating a symlink which points to a directory
outside of the share. Many GUI programs make links from ~ to /tmp which
will fail. Gnome requires this to work.
This does not strictly have to be a config option but if people want the
ensure_link_is_safe semantics then there needs to be some way to turn it
on and off.
With this patch, Samba 3 should fully support home directories mounted
via smb.
John.
--
Information Technology Innovation Group
Swinburne University. Melbourne, Australia
http://uranus.it.swin.edu.au/~jn
--
Information Technology Innovation Group
Swinburne University. Melbourne, Australia
http://uranus.it.swin.edu.au/~jn
-------------- next part --------------
Index: param/loadparm.c
===================================================================
RCS file: /cvsroot/samba/source/param/loadparm.c,v
retrieving revision 1.397.2.18
diff -u -r1.397.2.18 loadparm.c
--- param/loadparm.c 22 Nov 2002 02:53:42 -0000 1.397.2.18
+++ param/loadparm.c 30 Nov 2002 07:54:23 -0000
@@ -384,8 +384,9 @@
BOOL bNTAclSupport;
BOOL bUseSendfile;
BOOL bProfileAcls;
+ BOOL bUnsafeSymlinks;
- char dummy[3]; /* for alignment */
+ char dummy[2]; /* for alignment */
}
service;
@@ -502,6 +503,7 @@
True, /* bNTAclSupport */
False, /* bUseSendfile */
False, /* bProfileAcls */
+ False, /* bUnsafeSymlinks */
"" /* dummy */
};
@@ -827,6 +829,7 @@
{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"profile acls", P_BOOL, P_LOCAL, &sDefault.bProfileAcls, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD},
+ {"unsafe symlinks", P_BOOL, P_LOCAL, &sDefault.bUnsafeSymlinks, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD},
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_DEVELOPER},
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_DEVELOPER},
@@ -1771,6 +1774,7 @@
FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
FN_LOCAL_BOOL(lp_use_sendfile, bUseSendfile)
FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls)
+FN_LOCAL_BOOL(lp_unsafe_symlinks, bUnsafeSymlinks)
FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
Index: smbd/trans2.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/trans2.c,v
retrieving revision 1.217.2.5
diff -u -r1.217.2.5 trans2.c
--- smbd/trans2.c 12 Nov 2002 23:20:49 -0000 1.217.2.5
+++ smbd/trans2.c 30 Nov 2002 07:55:19 -0000
@@ -2680,8 +2680,11 @@
srvstr_pull(inbuf, link_dest, pdata, sizeof(link_dest), -1, STR_TERMINATE);
- if (ensure_link_is_safe(conn, link_dest, link_dest) != 0)
- return(UNIXERROR(ERRDOS,ERRnoaccess));
+ if (!lp_unsafe_symlinks(SNUM(conn)))
+ {
+ if (ensure_link_is_safe(conn, link_dest, link_dest) != 0)
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
+ }
DEBUG(10,("call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_LINK doing symlink %s -> %s\n",
fname, link_dest ));
More information about the samba-technical
mailing list