Patch for unix extensions

John Newbigin jn at it.swin.edu.au
Fri Dec 27 08:10:02 GMT 2002


If no one has any problems with this patch, can it be applied?

John.

-------- Original Message --------
Subject: Patch for unix extensions
Date: Tue, 03 Dec 2002 09:51:39 +1100
From: John Newbigin <jn at it.swin.edu.au>
To: samba-technical at samba.org

This is a small patch which added a new config option to turn the
ensure_link_is_safe check off.  This check prevents a client using the
unix extensions from creating a symlink which points to a directory
outside of the share.  Many GUI programs make links from ~ to /tmp which
   will fail.  Gnome requires this to work.

This does not strictly have to be a config option but if people want the
ensure_link_is_safe semantics then there needs to be some way to turn it
on and off.

With this patch, Samba 3 should fully support home directories mounted
via smb.

John.

-- 
Information Technology Innovation Group
Swinburne University. Melbourne, Australia
http://uranus.it.swin.edu.au/~jn


-- 
Information Technology Innovation Group
Swinburne University. Melbourne, Australia
http://uranus.it.swin.edu.au/~jn
-------------- next part --------------
Index: param/loadparm.c
===================================================================
RCS file: /cvsroot/samba/source/param/loadparm.c,v
retrieving revision 1.397.2.18
diff -u -r1.397.2.18 loadparm.c
--- param/loadparm.c	22 Nov 2002 02:53:42 -0000	1.397.2.18
+++ param/loadparm.c	30 Nov 2002 07:54:23 -0000
@@ -384,8 +384,9 @@
 	BOOL bNTAclSupport;
 	BOOL bUseSendfile;
 	BOOL bProfileAcls;
+	BOOL bUnsafeSymlinks;
 
-	char dummy[3];		/* for alignment */
+	char dummy[2];		/* for alignment */
 }
 service;
 
@@ -502,6 +503,7 @@
 	True,			/* bNTAclSupport */
 	False,			/* bUseSendfile */
 	False,			/* bProfileAcls */
+	False,			/* bUnsafeSymlinks */
 
 	""			/* dummy */
 };
@@ -827,6 +829,7 @@
 	{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"profile acls", P_BOOL,  P_LOCAL, &sDefault.bProfileAcls, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE  | FLAG_ADVANCED | FLAG_WIZARD},
+	{"unsafe symlinks", P_BOOL,  P_LOCAL, &sDefault.bUnsafeSymlinks, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE  | FLAG_ADVANCED | FLAG_WIZARD},
 	
 	{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_DEVELOPER},
 	{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_DEVELOPER},
@@ -1771,6 +1774,7 @@
 FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
 FN_LOCAL_BOOL(lp_use_sendfile, bUseSendfile)
 FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls)
+FN_LOCAL_BOOL(lp_unsafe_symlinks, bUnsafeSymlinks)
 FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
 FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
 FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
Index: smbd/trans2.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/trans2.c,v
retrieving revision 1.217.2.5
diff -u -r1.217.2.5 trans2.c
--- smbd/trans2.c	12 Nov 2002 23:20:49 -0000	1.217.2.5
+++ smbd/trans2.c	30 Nov 2002 07:55:19 -0000
@@ -2680,8 +2680,11 @@
 
 			srvstr_pull(inbuf, link_dest, pdata, sizeof(link_dest), -1, STR_TERMINATE);
 
-			if (ensure_link_is_safe(conn, link_dest, link_dest) != 0)
-				return(UNIXERROR(ERRDOS,ERRnoaccess));
+			if (!lp_unsafe_symlinks(SNUM(conn)))
+			{
+				if (ensure_link_is_safe(conn, link_dest, link_dest) != 0)
+					return(UNIXERROR(ERRDOS,ERRnoaccess));
+			}
 
 			DEBUG(10,("call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_LINK doing symlink %s -> %s\n",
 				fname, link_dest ));



More information about the samba-technical mailing list