[SCM] Samba Shared Repository - branch v3-5-test updated
Karolin Seeger
kseeger at samba.org
Sat Jan 21 13:06:12 MST 2012
The branch, v3-5-test has been updated
via 42bcd6a Third part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
via f352486 Second part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
via 4ceba7f First part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
from 33fd999 Fix bug #8664 - Renaming a symlink fails if the symlink target is outside of the share.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit 42bcd6abe3797e0d22c8404db5edd2b96fccac47
Author: Jeremy Allison <jra at samba.org>
Date: Fri Dec 16 15:43:21 2011 -0800
Third part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
can_access_file_acl() - we can always delete a symlink.
can_delete_file_in_directory() - We don't need to do another STAT call
here, we know smb_fname->st is in a valid state.
smbd_check_open_rights() - we can always delete a symlink.
commit f352486f9649f5b2a24851d942a5f9c5f6b6e7cc
Author: Jeremy Allison <jra at samba.org>
Date: Fri Dec 16 11:56:01 2011 -0800
Second part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
Ensure we use UCF_UNIX_NAME_LOOKUP flags on filename_convert()
when doing a restricted set of infolevels in trans2setfilepathinfo().
commit 4ceba7f93f530302f3edb23be4e44e3366bcc768
Author: Jeremy Allison <jra at samba.org>
Date: Thu Dec 15 15:50:23 2011 -0800
First part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
Remove two unneeded check_name() calls. They have already been done
in order to get here.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/file_access.c | 23 +++++++++++------------
source3/smbd/open.c | 22 ++++++++++------------
source3/smbd/trans2.c | 10 +++++++++-
3 files changed, 30 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 8b669fe..69f89b8 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -40,6 +40,13 @@ bool can_access_file_acl(struct connection_struct *conn,
return true;
}
+ if (access_mask == DELETE_ACCESS &&
+ VALID_STAT(smb_fname->st) &&
+ S_ISLNK(smb_fname->st.st_ex_mode)) {
+ /* We can always delete a symlink. */
+ return true;
+ }
+
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
@@ -115,18 +122,10 @@ bool can_delete_file_in_directory(connection_struct *conn,
/* sticky bit means delete only by owner of file or by root or
* by owner of directory. */
if (smb_fname_parent->st.st_ex_mode & S_ISVTX) {
- if(SMB_VFS_STAT(conn, smb_fname) != 0) {
- if (errno == ENOENT) {
- /* If the file doesn't already exist then
- * yes we'll be able to delete it. */
- ret = true;
- goto out;
- }
- DEBUG(10,("can_delete_file_in_directory: can't "
- "stat file %s (%s)",
- smb_fname_str_dbg(smb_fname),
- strerror(errno) ));
- ret = false;
+ if (!VALID_STAT(smb_fname->st)) {
+ /* If the file doesn't already exist then
+ * yes we'll be able to delete it. */
+ ret = true;
goto out;
}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 70e6b4f..ded07a1 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -96,6 +96,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
return NT_STATUS_OK;
}
+ if (access_mask == DELETE_ACCESS &&
+ VALID_STAT(smb_fname->st) &&
+ S_ISLNK(smb_fname->st.st_ex_mode)) {
+ /* We can always delete a symlink. */
+ DEBUG(10,("smbd_check_open_rights: not checking ACL "
+ "on DELETE_ACCESS on symlink %s.\n",
+ smb_fname_str_dbg(smb_fname) ));
+ return NT_STATUS_OK;
+ }
+
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
@@ -1431,11 +1441,6 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
remove_deferred_open_smb_message(req->mid);
}
- status = check_name(conn, smb_fname->base_name);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
if (!posix_open) {
new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
if (file_existed) {
@@ -3308,13 +3313,6 @@ NTSTATUS create_file_default(connection_struct *conn,
}
}
- /* All file access must go through check_name() */
-
- status = check_name(conn, smb_fname->base_name);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
-
status = create_file_unixpath(
conn, req, smb_fname, access_mask, share_access,
create_disposition, create_options, file_attributes,
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 93fa291..794c138 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7713,6 +7713,7 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
}
} else {
char *fname = NULL;
+ uint32_t ucf_flags = 0;
/* set path info */
if (total_params < 7) {
@@ -7729,10 +7730,17 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
return;
}
+ if (info_level == SMB_SET_FILE_UNIX_BASIC ||
+ info_level == SMB_SET_FILE_UNIX_INFO2 ||
+ info_level == SMB_FILE_RENAME_INFORMATION ||
+ info_level == SMB_POSIX_PATH_UNLINK) {
+ ucf_flags |= UCF_UNIX_NAME_LOOKUP;
+ }
+
status = filename_convert(req, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ ucf_flags,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list